Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Paved Path to Production on Kubernetes

Thomas Vitale
March 23, 2023
Technology
1
150

A Paved Path to Production on Kubernetes

Customers are looking forward to getting a new feature in our application. Developers implemented it and pushed the changes to Git. How can we go from code commit to feature available in production on Kubernetes? How can we do that in a productive and secure way?

Following the continuous delivery principles, I’ll show how to design a paved path to production with a superior experience for developers while giving operators enough flexibility and control. Using Cartographer, we’ll choreograph our way from code commit to deployment on Kubernetes and build a complete CI/CD pipeline.

We’ll then monitor Git repositories with Flux, containerize applications with Cloud Native Buildpacks, run automated tests with Tekton, scan images with Trivy, configure workloads with Carvel, and deploy them with Knative.

The presentation focuses on open source technologies and includes a hands-on demo you can run in your Kubernetes environments and use as a foundation for your real-world supply chains.

Thomas Vitale

March 23, 2023
Tweet

More Decks by Thomas Vitale

See All by Thomas Vitale
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
110
Supercharge your Kubernetes Platform with Carvel
thomasvitale
0
12
Multitenant Mystery: Every Bean Has a Secret
thomasvitale
1
180
Securing the Supply Chain for Your Java Applications
thomasvitale
0
200
Supercharge Your Kubernetes Platform With Carvel (KCD Munich 2023)
thomasvitale
0
85
Serverless Java with Spring Boot (DevBcn 2023)
thomasvitale
1
240
Next-Generation Cloud Native Apps with Spring Boot 3
thomasvitale
0
210
Developer Experience with Spring Boot on Kubernetes
thomasvitale
0
430
Multitenant Mystery - Only Rockers in the Building
thomasvitale
1
870

Other Decks in Technology

See All in Technology
Janus
bkuhlmann
1
490
Aurora MySQL v3(MySQL8.0互換)の オンラインDDLの罠挙動を全バージョンで検証した
yutakikai
1
150
プロデザ! BY リクルート vol.18_リクルートのリサーチ実践組織「リサーチブーストコミュニティ」
recruitengineers
PRO
3
240
反実仮想機械学習とは何か
usaito
PRO
6
2.1k
The CloudCompare project by Dr. Daniel Girardeau-Montaut
kentaitakura
0
510
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
2
2.9k
LLM とプロンプトエンジニアリング/チューターをビルドする / LLM and Prompt Engineering and Building Tutors
ks91
PRO
0
220
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.5k
〜小さく始めて大きく育てる〜データ分析基盤の開発から活用まで
kniino
0
2k
**強い**エンジニアのなり方 - フィードバックサイクルを勝ち取る / grow one day each day
soudai
61
18k
Databricksを活用してDELISH KITCHENのレシピレコメンドを開発した話
furu8
0
250
Databricks におけるデータエンジニアリング
databricksjapan
0
380

Featured

See All Featured
A better future with KSS
kneath
231
16k
Building Flexible Design Systems
yeseniaperezcruz
318
37k
What the flash - Photography Introduction
edds
64
11k
Done Done
chrislema
178
15k
Building an army of robots
kneath
300
41k
Clear Off the Table
cherdarchuk
83
310k
Infographics Made Easy
chrislema
237
18k
Faster Mobile Websites
deanohume
297
30k
Designing for humans not robots
tammielis
247
25k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
76
41k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
38k
How to Ace a Technical Interview
jacobian
272
22k

Transcript

  1. Thomas Vitale The Golden Path to SpringOne Mar 23rd, 2023

    A Paved Path to Production on Kubernetes @vitalethomas

  2. Systematic • Software Engineer and Cloud Architect. • Author of

    “Cloud Native Spring in Action” (Manning). • OSS contributor (Java, Spring, Cloud Native Technologies) Thomas Vitale thomasvitale.com @vitalethomas

  3. Problem @vitalethomas

  4. Value @vitalethomas

  5. Delivering Value From idea to production Developer Production Idea @vitalethomas

    ?

  6. Goals 2 Reduced cognitive load 3 Clear and safe path

    to production 1 Rapid and continuous feedback loop @vitalethomas

  7. Development Workflow @vitalethomas

  8. Cloud Native @vitalethomas

  9. From Traditional to Cloud Native Application Server, Embedded Server Runtime

    (JVM) Middleware (Application Server) Application (WAR/EAR) Runtime (JVM) Application (JAR) @vitalethomas

  10. Containers @vitalethomas

  11. Moving to Containers Application Server, Embedded Server, Container Runtime (OCI)

    Application (Container) Runtime (JVM) Middleware (Application Server) Application (WAR/EAR) Runtime (JVM) Application (JAR) @vitalethomas

  12. Cloud Native Buildpacks @vitalethomas

  13. Image pack build Cloud Native Buildpacks From source code to

    container image @vitalethomas

  14. Kubernetes @vitalethomas

  15. Moving to Kubernetes Application Server, Embedded Server, Container, Kubernetes Runtime

    (OCI) Middleware (Kubernetes) Application (Container) Runtime (JVM) Middleware (Application Server) Application (WAR/EAR) Runtime (JVM) Application (JAR) Runtime (OCI) Application (Container) @vitalethomas

  16. Tilt @vitalethomas

  17. Tilt Continuous development on Kubernetes @vitalethomas CODE BUILD RUN TEST

  18. Goals 2 Reduced cognitive load 3 Clear and safe path

    to production 1 Rapid and continuous feedback loop @vitalethomas

  19. CI/CD Pipeline(s) @vitalethomas

  20. CI/CD Pipeline (Imperative) Check out source code Build container image

    Con fi gure workload Deploy workload Orchestrator Tightly coupled Rigid system No clear separation of concerns Hard to maintain @vitalethomas

  21. Delivering Value From code to production Developer Production Application Operator

    Security Expert Platform Engineer @vitalethomas

  22. Check out source code Build container image Con fi gure

    workload Deploy workload @vitalethomas

  23. Check out source code Build container image Con fi gure

    workload Deploy workload Kubernetes Manifests GitOps @vitalethomas

  24. Check out source code Build container image Con fi gure

    workload Deploy workload Kubernetes Manifests Container Image

  25. Check out source code Build container image Con fi gure

    workload Deploy workload Kubernetes Manifests Container Image Source Code CI/CD Pipeline (Reactive) Loosely coupled Separation of concerns Flexible Consistent path to production

  26. Check out source code Build container image Con fi gure

    workload Deploy workload Kubernetes Manifests Container Image Source Code CI/CD Pipeline (Reactive) Loosely coupled Separation of concerns Flexible Consistent path to production

  27. Cartographer @vitalethomas

  28. Kubernetes Native Choreographer Framework to build paved paths to production

    @vitalethomas

  29. Workload API Developer-friendly interface @vitalethomas apiVersion: carto.run/v1alpha1 kind: Workload metadata:

    name: band-service labels: apps.kadras.io/workload-type: web spec: source: git: url: https://github.com/ThomasVitale/band-service ref: branch: main

  30. Watch Source Code Testing Build Con fi guration Deployment

  31. https://landscape.cncf.io

  32. SupplyChain API Describes the path to production @vitalethomas apiVersion: carto.run/v1alpha1

    kind: ClusterSupplyChain metadata: name: supply-chain spec: selector: apps.kadras.io/workload-type: web resources: - name: source-provider templateRef: kind: ClusterSourceTemplate name: source - name: image-builder templateRef: kind: ClusterImageTemplate name: image sources: - resource: source-provider name: source - name: deployer templateRef: kind: ClusterTemplate name: app-deploy images: - resource: image-builder name: image

  33. cartographer.sh

  34. Watch Source Code Testing Build Con fi guration Deployment

  35. @vitalethomas apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: band-service spec: interval:

    1m0s url: https://github.com/ThomasVitale/band-service ref: branch: main

  36. @vitalethomas apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: $(workload.metadata.name)$ spec: interval:

    1m0s url: $(workload.spec.source.git.url)$ ref: $(workload.spec.source.git.ref)$

  37. @vitalethomas apiVersion: carto.run/v1alpha1 kind: ClusterSourceTemplate metadata: name: source spec: urlPath:

    .status.artifact.url revisionPath: .status.artifact.revision template: apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: $(workload.metadata.name)$ spec: interval: 1m0s url: $(workload.spec.source.git.url)$ ref: $(workload.spec.source.git.ref)$

  38. @vitalethomas apiVersion: carto.run/v1alpha1 kind: ClusterSourceTemplate metadata: name: source spec: urlPath:

    .status.artifact.url revisionPath: .status.artifact.revision template: apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: $(workload.metadata.name)$ spec: interval: 1m0s url: $(workload.spec.source.git.url)$ ref: $(workload.spec.source.git.ref)$ Template API Supply chain activities

  39. Capabilities over responsibilities @vitalethomas

  40. Developer @vitalethomas

  41. Developer Platform @vitalethomas

  42. Developer Platform @vitalethomas

  43. Goals 2 Reduced cognitive load 3 Clear and safe path

    to production 1 Rapid and continuous feedback loop @vitalethomas

  44. Resources @vitalethomas

  45. Resources Source code • Presentation source code • Kadras: Cloud

    Native Platforms Toolkit • Cloud Native Buildpacks for ARM64 • Software Supply Chain Choreography • Cartographer • Cartographer CLI • Tanzu Application Platform @vitalethomas

  46. Thomas Vitale The Golden Path to SpringOne Mar 23rd, 2023

    A Paved Path to Production on Kubernetes thomasvitale.com @vitalethomas @[email protected]