Confitura 2019 - 29.06.2019
DevOps Engineer @
Java Developer Before
Confitura 2014 Volunteer 🎉
kubectl create ...
kubectl apply ...
kubectl delete ...
Manual
Operator as a source of truth
Possible two parallel deploys at same time for same object - needed communication
No diff and changelog
Automated
Notifications on failure(e.g. Slack, Email)
Often problem with reproducing the build process(e.g. build variables)
Kubernetes objects are stored in database
Not everyone remembers to delete the objects if no longer needed
What with objects: RBAC, Namespaces, Secrets?
Hard to compare changes before apply
Hard to implement Gitflow pipeline
Race condition
Often we forget to push the code after manual apply
The practical guide to GitOps from Weaveworks
Configuration is guaranteed by a set of facts instead of by a set of instructions
Cluster can be easily reproduced(e.g. business recovery tests; site clone)
Reduced meantime to recovery (MTTR)
Changelog and rollbacks are easy
git log
git revert
Access to the repository can be restriced
Operator is a service
Increased Consistency and standardization of your pipelines
Alerting
Metrics
CI Tool | GitOps Tool | |
---|---|---|
Cluster | Outside | Inside |
Code Repository | Read/Write | Read |
Container Repository | Read/Write | Read |
GitOps allow to separate priviledges
To avoid learning from this...
$ kubectl get pods,svc
NAME READY STATUS RESTARTS AGE
pod/echo-server 1/1 Running 0 2s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/echo-server NodePort 10.100.52.115 none 8080:31480/TCP 2s
spec:
source:
repoURL: https://gitlab.com/mjasion/gitops-presentation.git
path: gitops_example/demo_1/
targetRevision: master
directory:
recurse: true
destination:
namespace: default
server: https://kubernetes.default.svc
project: default
syncPolicy:
automated: {}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: demo1
namespace: argocd
spec:
source:
repoURL: https://gitlab.com/mjasion/gitops-presentation.git
path: gitops_example/demo_1/
targetRevision: master
directory:
recurse: true
destination:
namespace: default
server: https://kubernetes.default.svc
project: default
syncPolicy:
automated: {}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: demo1
namespace: argocd
kind: Deployment
metadata:
name: echo-server-deployment
spec:
replicas: 3
selector:
matchLabels:
app: echo-server-deployment
template:
metadata:
labels:
app: echo-server-deployment
spec:
containers:
- name: echoserver
image: googlecontainer/echoserver:1.10
ports:
- containerPort: 8080
apiVersion: apps/v1
It is not possible to configure dependencies between applications
$ kubectl create namespace argocd
$ kubectl apply -n argocd \
-f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yml
$ kubectl patch svc argocd-server -n argocd \
-p '{"spec": {"type": "LoadBalancer"}}'
Webhook integration (GitHub, BitBucket, GitLab)
SSO integration
Auditing
Reverting changes (without git revert too)
Works with git push --force💩
Extends classic Deployment object with Blue/Green and Canary deployment
Integrated with Argo CD UI
apiVersion: argoproj.io/v1alpha1 # Changed from apps/v1
kind: Rollout # Changed from Deployment
... # Same as is in Deployment Object
strategy:
blueGreen: # A new field for the Blue Green strategy options
previewService: my-service-preview # Reference to a service
activeService: my-service-active # Reference to a service
apiVersion: argoproj.io/v1alpha1 # Changed from apps/v1
kind: Rollout # Changed from Deployment
... # Same as is in Deployment Object
strategy:
canary: # A new field for configurable Canary options
maxSurge: "10%"
maxUnavailable: 0
steps:
- setWeight: 10
- pause:
duration: 30 #seconds
- setWeight: 50
- pause: {}
GitOps precursor - tool developed Weaveworks
Automatically updates container tags
Requires write access to git repository
Poor support for branching model
Support plain objects and Helm
Object pruning in alpha stage
No UI😢
See you on your failure story @ Confitura 2020😂
Intuit - Argo CD developers
Weaveworks - Flux Operator
Uber
Tesla
Mirantis
(and do not tell anyone...)
And we are looking for task creators💰!