$30 off During Our Annual Pro Sale. View Details »

GitOps: Git based application deployment patterns on Kubernetes

GitOps: Git based application deployment patterns on Kubernetes

A take on analyzing what GitOps is, in the current context. Presented at ContainerDays 2018 at Hamburg.

Shahidh K Muhammed

June 20, 2018
Tweet

More Decks by Shahidh K Muhammed

Other Decks in Technology

Transcript

  1. GitOps - when Git ❤ K8s
    Git based application deployment patterns on
    Kubernetes

    View Slide

  2. Hello!
    I’m Shahidh
    @shahidh_k GraphQL on Postgres

    View Slide

  3. Git

    View Slide

  4. Declarative tools

    View Slide

  5. Declarative
    tools

    Git as source
    of truth

    View Slide

  6. Git: source of truth
    ● Application Source Code
    ● Application Configuration as Code
    ○ Kubernetes
    ○ Docker
    ● System Configuration as Code
    ○ Ansible
    ○ Chef
    ○ Puppet
    ● Infrastructure as Code
    ○ Terraform
    ○ CloudFormation

    View Slide

  7. Git push

    View Slide

  8. ● Write code
    ● git push heroku master
    Changed the world for developers
    Suddenly they’re all ninjas
    Developers are doing DevOps!
    Git push workflow

    View Slide

  9. The simplest DevOps task:
    Build & Deploy on Kubernetes

    View Slide

  10. Build & Deploy
    $ docker build -t registry.com/my-image:my-tag .
    $ docker push registry.com/my-image:my-tag
    $ kubectl set image deployment/my-deployment
    container=registry.com/my-image:my-tag

    View Slide

  11. $ git push dev master

    View Slide

  12. Demo 1 : Git push to update webpage

    View Slide

  13. Gitkube architecture
    git-remote
    k8s :: deployment,svc
    Exposed externally
    SSH-key based auth
    deployment
    $ git push dev master
    CRD configuration
    k8s :: CRD
    Deployments to update
    authorised-keys
    Dockerfile path
    controller
    k8s :: operator
    Apply changes
    $ kubectl ... remote.yaml
    > your computer
    Kubernetes cluster

    View Slide

  14. Extend to more DevOps tasks?
    git push to:
    ● Build and run unit-tests
    ● Deploy code
    ● Deploy configuration
    ● Apply stateful migrations
    ● Run integration tests

    View Slide

  15. Demo 2: Sending a slack notification on deploy

    View Slide

  16. git push
    to
    apply Kubernetes objects
    (git hooks are amazing)

    View Slide

  17. K8s controller
    >
    yaml
    Control
    -loops
    containers, iptables,
    resource allocation,
    volumes
    You do this
    This just
    happens

    View Slide

  18. CRD + Operator
    >
    yaml
    Operator
    (does stateful
    things)
    Jobs, pods, volumes
    You do this
    This just
    happens

    View Slide

  19. Eventual consistency - no pipelines
    >
    yaml
    containers, iptables,
    resource allocation,
    volumes
    K8s
    controllers
    You do this
    This just happens.
    Eventually.
    Custom
    operators
    >
    yaml
    >
    yaml
    >
    yaml
    >
    yaml
    Run jobs, reconfigure
    deployments

    View Slide

  20. Typical DevOps pipeline
    Build + run unit-tests Dockerfile
    Production build (artifacts) Multi-stage dockerfile
    Deploy configuration Update Kubernetes manifests
    Run stateful tasks (database migrations) Update CRs
    Run integration tests
    Run jobs with init-containers
    to check if microservices are
    ready

    View Slide

  21. GitOps

    View Slide

  22. GitOps
    ● Code, config, monitoring, policy etc. declarative & version controlled
    ● What can be described and observed can be automated and controlled
    and accelerated
    ● Git as a source of truth for the desired state of whole system
    ● Compare desired state to actual state and act
    ● Make ops changes by pull requests to this repo
    ● All changes need to go through git review process, no kubectl
    ● Use a k8s operator on the cluster to drive the observed cluster state to
    desired state
    ● Pipelines, observability, control
    Source: Weaveworks

    View Slide

  23. GitOps 1. Way of doing DevOps -- not a
    replacement
    2. Commit desired state in a git repo --
    not the steps to achieve the state
    3. Declarative vs Imperative DevOps
    4. Pipelines by default are imperative
    devops
    5. GitOps by definition is declarative
    devops
    6. Yaml file with a set of steps does not
    make it declarative

    View Slide

  24. GitOps Advantages
    ● Declarative: desired
    state is clear
    ● Git: recreate/rollback,
    audit trail
    ● Observability: diff with
    actual state
    ● Git as a dev-operator
    boundary
    Disadvantages
    ● Cannot have
    everything in git
    (secrets, dynamic
    variables etc.)
    ● New tools (k8s
    operators) required
    to achieve state
    instead of simple
    scripts

    View Slide

  25. Git as the
    developer -
    operator
    boundary

    View Slide

  26. Git: stable developer - ops boundary
    ● Consistent tooling for devs
    ● Freedom for operators to
    change the plumbing
    underneath
    ● Git hooks on client/server
    side, webhook integrations
    offered by GitHub, GitLab,
    BitBucket etc.
    ● CRD + Operator on K8s

    View Slide

  27. Constraints
    ● git-hooks and webhooks can only
    make use of information inside the
    git repository
    ● or the environment that the
    git-hook/webhook runs in
    ● K8s Operators need manifests
    ● Key constraint: Everything must
    become declarative

    View Slide

  28. Everything as
    Code

    View Slide

  29. What did we achieve?
    Reduced toolset
    Developers only need to use git for all
    DevOps tasks
    Complete extensibility
    Git-hooks, k8s operators allow for infinite
    customisation and tooling to be
    implemented by operators without
    affecting the developer workflow in the
    slightest

    View Slide

  30. On pipelines
    ● Pipelines executing a sequence
    of tasks - imperative
    ● CI/CD tools - GitLab Auto
    DevOps, Jenkins X
    ● As more parts of it becomes
    declarative, we can start
    applying these configuration
    ● The CRD+Operator pattern works
    well
    ● No more pipelines?

    View Slide

  31. Git based tools on K8s

    View Slide

  32. Some more demos?

    View Slide

  33. Thank you for listening!
    Questions?
    @shahidh_k

    View Slide

  34. References
    ● GitOps - Operations by Pull Request
    ● Can GitOps solve the developer / ops boundary once and for all?
    ● GitOps - Modern best practices for high velocity app dev using cloud
    native tools

    View Slide