Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes GitOps

Kubernetes GitOps

A quick talk on how we use GitOps to manage deployments to Kubernetes.

Terin Stock

January 16, 2020
Tweet

More Decks by Terin Stock

Other Decks in Technology

Transcript

  1. “How do we do releases?” • Had three goals in

    mind when picking a workflow: ◦ Continuous ◦ Automatic ◦ Reviewable
  2. Status Quo of Releases • Build server manages releases of

    the master branch • Release artifacts and manifests built at the same time • Releases are automatically promoted
  3. Status Quo of Releases • Our workflow goals: ◦ Automated

    ✔ ◦ Continuous ❌ ◦ Reviewable ❌
  4. Non-Continuous Releases • Modifications made with kubectl are not reverted

    until the next time the build server ran ◦ In practice, the next time code was merged to master ◦ Development cadence of software differs • System state can easily diverge, often being fatal to future releases.
  5. Non-Reviewable Releases • Manifests are generated by the build server

    behind the scenes. ◦ Difficult to review what will be released ◦ Difficult to stagger promotions • Build server enforced templating system ◦ Had to hack around templating if tasks weren't simple
  6. GitOps Workflow • Consider a git repository has the source

    of truth for Kubernetes manifests. • Any changes that reach master are deployed to Kubernetes ◦ In fact, they're continuously deployed to Kubernetes • Can restore a previous release with git revert.
  7. Reviewable Releases • Git has a powerful tool for reviews:

    a pull request! • The manifests are directly deployed; no need to parse and understand a template.
  8. Automating Releases • A task on the build server generates

    the release manifests. ◦ Output is captured and opened as a pull requests on the manifests repository. ◦ Capturing output allows teams to select best tools for their project.
  9. Automating Releases • For releases to multiple environments, multiple pull

    requests can be made. ◦ Gives flexibility to stagger releases where required ◦ Cancel releases by declining the pull request
  10. Continuous Releases • Tools running in Kubernetes monitor the git

    repository ◦ Patches are applied to Kubernetes resources to bring them in sync. • Currently using kube-applier and git-sync
  11. Continuous Releases • Starting migration to Pusher's Faros controller ◦

    CRDs track changes and removals ◦ Maintains synchronized status fields
  12. Colophon The main body text, including headers, were set in

    Cambo by Argentinian foundry Huerta Tipográfica based on the style of traditional Khmer type. Monospace text was set in Anonymous Pro by Minnesota font designer Mark Simonson. It was inspired by mid-90s freeware Macintosh font Anonymous 9.