GitOps: Git based application deployment patterns on Kubernetes

Transcript

1. GitOps - when Git ❤ K8s Git based application deployment

   patterns on Kubernetes

2. Hello! I’m Shahidh @shahidh_k GraphQL on Postgres

3. Git

4. Declarative tools

5. Declarative tools ❤ Git as source of truth

6. Git: source of truth • Application Source Code • Application

   Configuration as Code ◦ Kubernetes ◦ Docker • System Configuration as Code ◦ Ansible ◦ Chef ◦ Puppet • Infrastructure as Code ◦ Terraform ◦ CloudFormation

7. Git push

8. • Write code • git push heroku master Changed the

   world for developers Suddenly they’re all ninjas Developers are doing DevOps! Git push workflow

9. The simplest DevOps task: Build & Deploy on Kubernetes

10. Build & Deploy $ docker build -t registry.com/my-image:my-tag . $

    docker push registry.com/my-image:my-tag $ kubectl set image deployment/my-deployment container=registry.com/my-image:my-tag

11. $ git push dev master

12. Demo 1 : Git push to update webpage

13. Gitkube architecture git-remote k8s :: deployment,svc Exposed externally SSH-key based

    auth deployment $ git push dev master CRD configuration k8s :: CRD Deployments to update authorised-keys Dockerfile path controller k8s :: operator Apply changes $ kubectl ... remote.yaml </> your computer Kubernetes cluster

14. Extend to more DevOps tasks? git push to: • Build

    and run unit-tests • Deploy code • Deploy configuration • Apply stateful migrations • Run integration tests

15. Demo 2: Sending a slack notification on deploy

16. git push to apply Kubernetes objects (git hooks are amazing)

17. K8s controller </> yaml Control -loops containers, iptables, resource allocation,

    volumes You do this This just happens

18. CRD + Operator </> yaml Operator (does stateful things) Jobs,

    pods, volumes You do this This just happens

19. Eventual consistency - no pipelines </> yaml containers, iptables, resource

    allocation, volumes K8s controllers You do this This just happens. Eventually. Custom operators </> yaml </> yaml </> yaml </> yaml Run jobs, reconfigure deployments

20. Typical DevOps pipeline Build + run unit-tests Dockerfile Production build

    (artifacts) Multi-stage dockerfile Deploy configuration Update Kubernetes manifests Run stateful tasks (database migrations) Update CRs Run integration tests Run jobs with init-containers to check if microservices are ready

21. GitOps

22. GitOps • Code, config, monitoring, policy etc. declarative & version

    controlled • What can be described and observed can be automated and controlled and accelerated • Git as a source of truth for the desired state of whole system • Compare desired state to actual state and act • Make ops changes by pull requests to this repo • All changes need to go through git review process, no kubectl • Use a k8s operator on the cluster to drive the observed cluster state to desired state • Pipelines, observability, control Source: Weaveworks

23. GitOps 1. Way of doing DevOps -- not a replacement

    2. Commit desired state in a git repo -- not the steps to achieve the state 3. Declarative vs Imperative DevOps 4. Pipelines by default are imperative devops 5. GitOps by definition is declarative devops 6. Yaml file with a set of steps does not make it declarative

24. GitOps Advantages • Declarative: desired state is clear • Git:

    recreate/rollback, audit trail • Observability: diff with actual state • Git as a dev-operator boundary Disadvantages • Cannot have everything in git (secrets, dynamic variables etc.) • New tools (k8s operators) required to achieve state instead of simple scripts

25. Git as the developer - operator boundary

26. Git: stable developer - ops boundary • Consistent tooling for

    devs • Freedom for operators to change the plumbing underneath • Git hooks on client/server side, webhook integrations offered by GitHub, GitLab, BitBucket etc. • CRD + Operator on K8s

27. Constraints • git-hooks and webhooks can only make use of

    information inside the git repository • or the environment that the git-hook/webhook runs in • K8s Operators need manifests • Key constraint: Everything must become declarative

28. Everything as Code

29. What did we achieve? Reduced toolset Developers only need to

    use git for all DevOps tasks Complete extensibility Git-hooks, k8s operators allow for infinite customisation and tooling to be implemented by operators without affecting the developer workflow in the slightest

30. On pipelines • Pipelines executing a sequence of tasks -

    imperative • CI/CD tools - GitLab Auto DevOps, Jenkins X • As more parts of it becomes declarative, we can start applying these configuration • The CRD+Operator pattern works well • No more pipelines?

31. Git based tools on K8s

32. Some more demos?

33. Thank you for listening! Questions? @shahidh_k

34. References • GitOps - Operations by Pull Request • Can

    GitOps solve the developer / ops boundary once and for all? • GitOps - Modern best practices for high velocity app dev using cloud native tools