Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GitOps: Git based application deployment patterns on Kubernetes

GitOps: Git based application deployment patterns on Kubernetes

A take on analyzing what GitOps is, in the current context. Presented at ContainerDays 2018 at Hamburg.

Shahidh K Muhammed

June 20, 2018

More Decks by Shahidh K Muhammed

Other Decks in Technology


  1. Git

  2. Git: source of truth • Application Source Code • Application

    Configuration as Code ◦ Kubernetes ◦ Docker • System Configuration as Code ◦ Ansible ◦ Chef ◦ Puppet • Infrastructure as Code ◦ Terraform ◦ CloudFormation
  3. • Write code • git push heroku master Changed the

    world for developers Suddenly they’re all ninjas Developers are doing DevOps! Git push workflow
  4. Build & Deploy $ docker build -t registry.com/my-image:my-tag . $

    docker push registry.com/my-image:my-tag $ kubectl set image deployment/my-deployment container=registry.com/my-image:my-tag
  5. Gitkube architecture git-remote k8s :: deployment,svc Exposed externally SSH-key based

    auth deployment $ git push dev master CRD configuration k8s :: CRD Deployments to update authorised-keys Dockerfile path controller k8s :: operator Apply changes $ kubectl ... remote.yaml </> your computer Kubernetes cluster
  6. Extend to more DevOps tasks? git push to: • Build

    and run unit-tests • Deploy code • Deploy configuration • Apply stateful migrations • Run integration tests
  7. CRD + Operator </> yaml Operator (does stateful things) Jobs,

    pods, volumes You do this This just happens
  8. Eventual consistency - no pipelines </> yaml containers, iptables, resource

    allocation, volumes K8s controllers You do this This just happens. Eventually. Custom operators </> yaml </> yaml </> yaml </> yaml Run jobs, reconfigure deployments
  9. Typical DevOps pipeline Build + run unit-tests Dockerfile Production build

    (artifacts) Multi-stage dockerfile Deploy configuration Update Kubernetes manifests Run stateful tasks (database migrations) Update CRs Run integration tests Run jobs with init-containers to check if microservices are ready
  10. GitOps • Code, config, monitoring, policy etc. declarative & version

    controlled • What can be described and observed can be automated and controlled and accelerated • Git as a source of truth for the desired state of whole system • Compare desired state to actual state and act • Make ops changes by pull requests to this repo • All changes need to go through git review process, no kubectl • Use a k8s operator on the cluster to drive the observed cluster state to desired state • Pipelines, observability, control Source: Weaveworks
  11. GitOps 1. Way of doing DevOps -- not a replacement

    2. Commit desired state in a git repo -- not the steps to achieve the state 3. Declarative vs Imperative DevOps 4. Pipelines by default are imperative devops 5. GitOps by definition is declarative devops 6. Yaml file with a set of steps does not make it declarative
  12. GitOps Advantages • Declarative: desired state is clear • Git:

    recreate/rollback, audit trail • Observability: diff with actual state • Git as a dev-operator boundary Disadvantages • Cannot have everything in git (secrets, dynamic variables etc.) • New tools (k8s operators) required to achieve state instead of simple scripts
  13. Git: stable developer - ops boundary • Consistent tooling for

    devs • Freedom for operators to change the plumbing underneath • Git hooks on client/server side, webhook integrations offered by GitHub, GitLab, BitBucket etc. • CRD + Operator on K8s
  14. Constraints • git-hooks and webhooks can only make use of

    information inside the git repository • or the environment that the git-hook/webhook runs in • K8s Operators need manifests • Key constraint: Everything must become declarative
  15. What did we achieve? Reduced toolset Developers only need to

    use git for all DevOps tasks Complete extensibility Git-hooks, k8s operators allow for infinite customisation and tooling to be implemented by operators without affecting the developer workflow in the slightest
  16. On pipelines • Pipelines executing a sequence of tasks -

    imperative • CI/CD tools - GitLab Auto DevOps, Jenkins X • As more parts of it becomes declarative, we can start applying these configuration • The CRD+Operator pattern works well • No more pipelines?
  17. References • GitOps - Operations by Pull Request • Can

    GitOps solve the developer / ops boundary once and for all? • GitOps - Modern best practices for high velocity app dev using cloud native tools