Yann Albou & Sébastien Féré - GitOps as a way to manage enterprise K8s and virtual machines: feedback !
•
0 likes•102 views
The journey to Kubernetes tends be long and tedious as it involves many changes including the CI/CD tool chain. Far from the HelloWorld demo, we will present a real feedback with a solution relying on the GitOps approach without forgetting the legacy world of traditional infrastructures ! The declarative approach — brought by the DevOps movement and enforced by Kubernetes/GitOps — brings a lot of power using Git as the Source of Truth and integrate easily in the enterprise with dozens of applications and IT environments. All these changes shake up more than ever the established assumptions, the existing tooling, the organizational structure and people. This talk is about challenges and solutions identified during our journey in which security and automation are at the heart
Report
Share
Yann Albou & Sébastien Féré - GitOps as a way to manage enterprise K8s and virtual machines: feedback !
- 3. DevOpsDays Geneva 2020 GitOps as a way to manage Enterprise Kubernetes and Virtual Machines: feedback !
- 4. DevOpsDays Geneva 2020 Sébastien FéréYann Albou CTO & Co-Founder SoKube DevOps Lead Mountain & Trail addict
- 9. DevOpsDays Geneva 2020 #1. Declarative The entire system is described declaratively #3. Kubernetes Operator Approved changes to the desired state are automatically applied to the system #4. Continuous Observability Software agents ensure correctness and alert on divergence Sync & Alert #2. Git as Single Source of Truth Declarative changes let you think of changes as transactions
- 10. DevOpsDays Geneva 2020 GitOps is the best thing since configuration as code. Git changed how we collaborate, but declarative configuration is the key to dealing with infrastructure at scale, and sets the stage for the next generation of management tools. Kelsey Hightower From pets, to cattle… to herds
- 11. DevOpsDays Geneva 2020 Continuous Delivery pipelineContinuous Integration pipeline Source: https://www.gitops.tech Pull-based deployments
- 12. DevOpsDays Geneva 2020 Continuous Delivery pipeline Source: https://www.gitops.tech Push-based deployments
- 13. DevOpsDays Geneva 2020 #1. Declarative The entire system is described declaratively #2. Single Source of Truth Declarative changes let you think of changes as transactions #3. Kubernetes Operator Approved changes to the desired state are automatically applied to the system #4. Continuous Observability Software agents ensure correctness and alert on divergence Sync & Alert
- 14. DevOpsDays Geneva 2020 CI pipeline for Payment CI pipeline for Inventory Multi-Applications / Multi-Components
- 15. DevOpsDays Geneva 2020 CD pipeline for Test CD pipeline for Prod Multi-Environments
- 17. DevOpsDays Geneva 2020 Deploy our application 10 min We Are DevOps. Ummm… No, not really
- 18. DevOpsDays Geneva 2020 Provision a DNS 30 min Deploy our application 10 min Virtual Machine 1 hour Database 1 day SSL certificate 1-2 days Firewall rule 1-3 days Tickets queues Manual actions Self-Service portals Approvals
- 21. DevOpsDays Geneva 2020 Infrastructure Database … Security Monitoring Silos… to Products Product "B" Product "A"
- 22. DevOpsDays Geneva 2020 GitOps & Delivery pipeline ProductionSource CodeDevelopment BinariesBuild Deployment AcceptanceIntegration Docker images Base & Application SIT UAT PRDCharts +
- 23. DevOpsDays Geneva 2020 k8s_info k8s - name: deploy app k8s: state: present definition: "{{ lookup('template’, item) }}” loop: “{{ k8s_templates }}” - name: check status of pods ...
- 24. DevOpsDays Geneva 2020 GitOps in the Enterprise… ProductionSource CodeDevelopment BinariesBuild Deployment AcceptanceIntegration Docker images Base & Application SIT UAT PRDApp ManifestK8S Templates
- 25. DevOpsDays Geneva 2020 Enterprise templates ProductionSource CodeDevelopment BinariesBuild Deployment AcceptanceIntegration K8S Templates Standardize for the Enterprise Re-use Conventions Labels Security Limits / Quotas Network segregation Default config
- 26. DevOpsDays Geneva 2020 GitOps in the Enterprise… ProductionSource CodeDevelopment BinariesBuild Deployment AcceptanceIntegration Docker images Base & Application SIT UAT PRDApp ManifestK8S Templates
- 27. DevOpsDays Geneva 2020 Application Manifest ProductionSource CodeDevelopment BinariesBuild Deployment AcceptanceIntegration application: components: front: container: registry: “{{ env.registry }}” image: my-angular-app tag: 1.0.12-9eabf5b replicas: 3 limits: … probes: … netpol: … back: database: … App Manifest
- 28. DevOpsDays Geneva 2020 GitOps in the Enterprise… ProductionSource CodeDevelopment BinariesBuild Deployment AcceptanceIntegration Docker images Base & Application SIT UAT PRDApp ManifestK8S Templates
- 29. DevOpsDays Geneva 2020 GitOps everything ! DEV SIT UAT PRDLAB Promotion towards Production Bunch of commits on the “dev” branch - any cluster upgrade - any structural change in the configurationContinuous Integration - Test new capabilities - Rebuilt every night
- 30. DevOpsDays Geneva 2020 GitOps everything ! DEV SIT UAT PRDLAB Promotion towards Production Continuous Integration - Test new capabilities - Rebuilt every night Merged onto an intermediate branch - resolve possible conflicts - set target environment config
- 31. DevOpsDays Geneva 2020 GitOps everything ! DEV SIT UAT PRDLAB Promotion towards Production Continuous Integration - Test new capabilities - Rebuilt every night Pull-Request to the target “sit” branch - can’t bring more transparency - built-in approvals
- 33. DevOpsDays Geneva 2020 Takeaways Journey to Kubernetes Docker registries Cloud Native Applications CI pipeline & Shift-Left GitOps Cloud-Native practice Works in the Enterprise Some limitations (ex. push) Adapt tooling to address Legacy Infrastructure Single Source of Truth as a “DevOps enforcer”
- 34. DevOpsDays Geneva 2020 Enterprise project DevBizSecNetSysDbaOps … Minimal Viable Product Human adventure !