Kubernetes GitOps

Transcript

1. Kubernetes GitOps at Cloudflare Terin Stock Cloud-Native and Kubernetes Silicon

   Valley Meetup January 16 2020

2. Terin Stock @terinjokes Software Engineer

3. None

4. “How do we do releases?” • Had three goals in

   mind when picking a workflow: ◦ Continuous ◦ Automatic ◦ Reviewable

5. The Status Quo

6. Status Quo of Releases • Build server manages releases of

   the master branch • Release artifacts and manifests built at the same time • Releases are automatically promoted

7. Status Quo of Releases • Our workflow goals: ◦ Automated

   ✔ ◦ Continuous ❌ ◦ Reviewable ❌

8. Non-Continuous Releases • Modifications made with kubectl are not reverted

   until the next time the build server ran ◦ In practice, the next time code was merged to master ◦ Development cadence of software differs • System state can easily diverge, often being fatal to future releases.
9. None

10. Non-Reviewable Releases • Manifests are generated by the build server

    behind the scenes. ◦ Difficult to review what will be released ◦ Difficult to stagger promotions • Build server enforced templating system ◦ Had to hack around templating if tasks weren't simple

11. GitOps Workflow

12. GitOps Workflow • Consider a git repository has the source

    of truth for Kubernetes manifests. • Any changes that reach master are deployed to Kubernetes ◦ In fact, they're continuously deployed to Kubernetes • Can restore a previous release with git revert.

13. Reviewable Releases • Git has a powerful tool for reviews:

    a pull request! • The manifests are directly deployed; no need to parse and understand a template.
14. None

15. Automating Releases • A task on the build server generates

    the release manifests. ◦ Output is captured and opened as a pull requests on the manifests repository. ◦ Capturing output allows teams to select best tools for their project.

16. Automating Releases • For releases to multiple environments, multiple pull

    requests can be made. ◦ Gives flexibility to stagger releases where required ◦ Cancel releases by declining the pull request

17. Continuous Releases • Tools running in Kubernetes monitor the git

    repository ◦ Patches are applied to Kubernetes resources to bring them in sync. • Currently using kube-applier and git-sync

18. Continuous Releases • Starting migration to Pusher's Faros controller ◦

    CRDs track changes and removals ◦ Maintains synchronized status fields

19. GitOps Workflow • Our workflow goals: ◦ Automated ✔ ◦

    Continuous ✔ ◦ Reviewable ✔

20. GitOps all the things!

21. Thanks • Fill free to ask me questions afterwards. ◦

    @terinjokes

22. Back Matter

23. Colophon The main body text, including headers, were set in

    Cambo by Argentinian foundry Huerta Tipográfica based on the style of traditional Khmer type. Monospace text was set in Anonymous Pro by Minnesota font designer Mark Simonson. It was inspired by mid-90s freeware Macintosh font Anonymous 9.