Deploy 22 microservices from scratch in 30 mins with GitOps
•
1 like•302 views
- What do you need to deploy microservices? - What is Docker, Kubernetes, Infrastructure, and GitOps? - Why can GitOps help us to improve the DevOps process? - Demo GitOps Jirayut Nimsaeng Founder & CEO Opsta (Thailand) Co., Ltd. Google DevFest 2022
Report
Share
Deploy 22 microservices from scratch in 30 mins with GitOps
- 1. Bangkok Jirayut Nimsaeng CEO & Founder, Opsta (Thailand) Deploy 22 microservices from scratch in 30 mins with GitOps
- 2. Jirayut Nimsaeng (Dear) ● He is Founder and CEO of Opsta (Thailand) Co.,Ltd. ● He has been involved in DevSecOps, Container, Cloud Technology and Open Source for over 10 years. ● He is the first Certified Kubernetes Security Specialist (CKS) and Certified Kubernetes Administrator (CKA) in Thailand ● He is first Thai Google Cloud Developer Expert (GDE) in Thailand
- 3. How long does it take to build and deploy all of these? https://github.com/dotnet-architecture/eShopOnContainers
- 5. How we build? hook plan & apply ingress-nginx argocd.bangkok.opsta.in.th eshop.dev.bangkok.opsta.in.th eshop.uat.bangkok.opsta.in.th eshop.bangkok.opsta.in.th cert-manager EShop ApplicationSets cloud load balancer EShop Dockerfile 1 2 3 4 5
- 7. Evolution of Application Deployment
- 8. Dockerfile Docker Image Build Push Run Pull Docker Life Cycle Run Run Docker Container
- 11. Multiple servers Node1 Node2 Node3 Container ???
- 12. What is Kubernetes? ● Kubernetes, in Greek, means the Helmsman, or pilot of the ship, pilot of a ship of containers ● Kubernetes is a software written in Go for automating deployment, scaling, and management of containerized applications ● Focus on manage applications, not machines ● Open source, open API container orchestrator ● Supports multiple cloud and bare-metal environments ● Inspired and informed by 15 years of Google’s experiences and internal systems
- 14. Docker & Kubernetes Life Cycle Dockerfile Docker Image Kubernetes Cluster Build Push Run Pull
- 15. What is Google Kubernetes Engine? (GKE) Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure with these benefits ● Single-click clusters ● A high-availability control plane including multi-zonal and regional clusters ● Auto-repair, auto-upgrade, and release channels ● Vulnerability scanning of container images and data encryption ● Integrated cloud monitoring with infrastructure, application, and Kubernetes-specific views
- 16. What is Infrastructure as Code (IaC)?
- 17. Infrastructure as Code ● Define Infrastructure as Code instead of creating it manually ● Infrastructure can be easily reproduced
- 18. Everything as Code Configuration as Code Network as Code Security as Code Policy as Code Infrastructure as Code
- 19. Declarative Describe the Outcome Imperative vs Explicit Instructions The system is smart, you don’t care The system is stupid, you are smart
- 20. Declarative resource "google_kms_key_ring" "vault" { name = "vault-helm-unseal-kr" location = "asia-southeast1" } Imperative vs gcloud kms keyrings create vault-helm-unseal-kr --location asia-southeast1
- 21. IaC Tools
- 22. Infrastructure as Code Tools
- 23. Dockerfile FROM node:16.14.2-alpine3.15 COPY . /nodejs/. WORKDIR /nodejs RUN npm install ENV VERSION 1.0 EXPOSE 8081 CMD ["node", "/nodejs/main.js"] OS + System Packages Source Code Library Dependencies Configuration
- 24. Kubernetes Manifest apiVersion: v1 kind: Pod metadata: name: busybox namespace: default spec: containers: - name: busybox image: busybox command: - sleep - "3600" apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-foo spec: rules: - host: "foo.com" http: paths: - pathType: Prefix path: "/" backend: service: name: app-a port: number: 8080
- 25. Problem with Kubernetes Manifest ● 1 Microservice consist of: ○ Deployment ○ Service ○ Ingress ○ Configmap ○ Secret ● More effort for operate and difficult control environment values. ● Hard to manage release (Rollback, Rollout, history). ● Hard to reuse configuration template cause specification environment.
- 26. Helm Kubernetes Cluster Helm Value UAT Microservice DB Microservice UI DB Production Microservice DB Microservice UI DB + app: image: app-a tag: dev replicas: 2 healthCheck: "/health" ingress: host: app-a.example.com env: DB_URL: db-dev:5432 Helm Chart
- 27. Terraform Provision and manage any cloud, infrastructure, or service
- 28. Terraform Syntax resource "google_container_cluster" "gke_eshop" { name = "gke-eshop" location = var.zone release_channel { channel = "RAPID" } min_master_version = "1.25.0-gke.1100" remove_default_node_pool = true initial_node_count = 1 }
- 29. Terraform Cloud
- 30. What is GitOps?
- 31. What is GitOps? GitOps is a set of best practices where the entire code delivery process is controlled via Git, including infrastructure and application definition as code and automation to complete updates and rollbacks. gitops
- 32. GitOps Principles v1.0.0 A system managed by GitOps must have its desired state expressed declaratively Desired state is stored in a way that enforces immutability, versioning and retains a complete version history Software agents automatically pull the desired state declarations from the source Software agents continuously observe actual system state and attempt to apply the desired state https://opengitops.dev
- 33. Overview Git GitOps Tool pull request for change continuous pulling DEV UAT PRD sync stage
- 34. Benefits ● Better traceability ● Easier rollbacks ● The state of the cluster is always described in Git ● Safer deployments, there is no external deployment system with full access to the cluster ● Transparent, Straightforward Auditing ● Detecting/Avoiding configuration drift ● Multi-cluster deployments ● Build Code Reviews and Collaboration Culture gitops
- 35. Challenges ● Many teams will have to adjust their culture and way of working to support using Git as the single source of truth ● There may be times when that is necessary and will require suspending GitOps in some way ● Good testing and CI already in place ● A strategy for dealing with promotions between environments ● Secrets strategy gitops
- 37. Before commit Git CI Container Registry CI CD DEV UAT PRD build push kubectl apply helm upgrade
- 38. After Git Container Registry CI CD commit build push Git GitOps Tool pull request for change continuous pulling DEV UAT PRD sync stage [optional] update infrastructure as code
- 40. ArgoCD Application apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: guestbook namespace: argocd spec: project: default source: repoURL: https://github.com/argoproj/argocd-example-apps.git targetRevision : HEAD path: guestbook destination : server: https://kubernetes.default.svc namespace: guestbook
- 42. Infrastructure Layer service account machine_type: e2-custom-4-8192 node_count: 5 hook plan & apply
- 43. Kubernetes Layer hook plan & apply ingress-nginx argocd.bangkok.opsta.in.th cert-manager cloud load balancer
- 44. ArgoCD Layer hook plan & apply ingress-nginx argocd.bangkok.opsta.in.th eshop.dev.bangkok.opsta.in.th eshop.uat.bangkok.opsta.in.th eshop.bangkok.opsta.in.th cert-manager EShop ApplicationSets cloud load balancer EShop Dockerfile
- 46. Contact Us Jirayut Nimsaeng (Dear) Facebook: Email: Website: fb.me/DearJirayut jirayut@opsta.co.th www.opsta.co.th Founder & CEO