gitops 101 2019 11 05 michael hausenblas who am i
play

GitOps 101 2019-11-05, Michael Hausenblas Who am I? Developer - PowerPoint PPT Presentation

Feb 12, 2023 •173 likes •811 views

GitOps 101 2019-11-05, Michael Hausenblas Who am I? Developer Advocate in the AWS container service team Previous roles at Red Hat, Mesosphere, MapR, applied research Find me via Slack: AWS dev, Kubernetes, CNCF,

  1. GitOps 101 2019-11-05, Michael Hausenblas

  2. Who am I? • Developer Advocate in the AWS container service team • Previous roles at Red Hat, Mesosphere, MapR, applied research • Find me via … • Slack: AWS dev, Kubernetes, CNCF, Weaveworks • Twitter: @mhausenblas • Mail: hausenbl@amazon.com

  3. Books programming-kubernetes.info kubernetes-security.info Note: book signing Thu 7 Nov from 10:30 to 11:30

  4. Who are you?

  5. Agenda v Kubernetes and Git 101 v GitOps motivation & model v BREAK 10:30am to 11am v GitOps in action v Progressive delivery v Challenges

  6. Learning goals • Being able to explain what GitOps is • Know about the benefit of GitOps • Having some hands-on experience with an example GitOps set up • Being able to decide if GitOps is the right choice for team/project

  7. Kubernetes 101

  8. Architecture Overview

  9. Architecture API Server kubectl get deploys

  10. Kubernetes resources • Core and custom resources • spec: kubectl/HTTP API (via params and/or YAML/JSON) • status: kubectl/HTTP API (YAML/JSON) • Namespaces • Labels and selectors, annotations • Pods • Deployments • Services

  11. Kubernetes resources

  12. Boundaries

  13. Running on Kubernetes?

  14. Operators operator = custom resource + custom controller

  15. A short deployment history • Shell scripts, Make files • Ansible, Chef, Puppet, etc. • Helm, ksonnet, kustomize, etc. • GitOps

  16. Git 101

  17. git clone/pull remote working local index repo directory repo git commit git add git push

  18. What is GitOps?

  19. What is GitOps? GitOps is a standardized workflow for how to deploy, configure, monitor, update and manage infrastructure-as-code Core idea is having a Git repository that contains declarative descriptions of the infrastructure desired in the production environment and an automated process to make production environment match the described state in the repository

  20. What is GitOps? • An operation model • Derived from operation knowledge • Technology agnostic • A set of principles • A way to speed up your team

  21. GitOps: an operation model Providing … • A single source of truth for the desired system’s state • Separation of concerns between development and deployment process • Transparency and auditability • Risk reduction (rollbacks)

  22. Why should we care? • Auditing and attribution • Separation of concerns • No crossing security boundary • Process & constraints enforcement • Great software ↔ human collaboration point • Easy to validate for correctness (policies) • System can self heal

  23. The GitOps Model

  24. Kubernetes cluster

  25. kubectl (direct access)

  27. configuration repository

  29. deployment agent

  30. image repository

  31. state continuously monitored

  32. control loop

  33. GitOps Principles

  34. 1 The entire system is described declaratively 2 The canonical desired system state is versioned (Git) Approved changes to the desired state are 3 automatically applied to the system Software agents ensure correctness 4 and alert on divergence

  35. 1 The entire system is described declaratively Beyond code, data ⇒ Implementation independent Easy to abstract in simple ways Easy to validate for correctness Easy to generate & manipulate from code

  36. 1 image The entire system is described declaratively repository

  37. 2 The canonical desired system state is versioned (Git) Canonical Source of Truth (DRY) With declarative definition, trivialises rollbacks Excellent security guarantees for auditing Sophisticated approval processes Great software ↔ human collaboration point

  38. 2 image The desired system state is versioned repository

  39. 3 Approved changes to the desired state are automatically applied to the system Significant velocity gains Privileged operators don’t cross security boundaries Separates the What and the How

  40. 3 Approved changes to the desired state are image repository automatically applied to the system

  41. 4 Software agents ensure correctness and alert on divergence Continuously checking that desired state is met System can self-heal Recovers from errors without intervention (layer 8 issues) It’s the control loop for your operations

  42. 4 Software agents ensure correctness image and alert on divergence repository

  43. Typical CI/CD pipeline Shares credentials cross several logical security boundaries. container registry (CR) Git creds CI creds CR creds creds container dev code repo CI RW RO RW RO registry RW RW cluster API CR creds API creds Continuous Integration Boundary Continuous Delivery/Deployment

  44. GitOps pipeline Credentials are never shared across a logical security boundary. Git creds CI creds CR creds CR creds cluster API cluster API container dev code repo CI RW RO RW creds RW registry RO deploy RO RW CR creds config repo creds config repo canonical desired state store

  45. GitOps pipeline Credentials are never shared across a logical security boundary. Git creds CI creds CR creds CR creds cluster API cluster API container dev code repo CI RW RO RW creds RW registry RO deploy RO RW CR creds config repo creds operator config repo RW process & constraints enforcement

  46. Example workflow • One Git branch for development: • All developers can push changes there for testing purposes • One Git branch for staging: • Project lead or devops manager has ability to push/merge here for testing the complete staged application • One Git branch for production: • The system operations manager is the only person to have push/merge authorization here

  47. Example workflow

  48. GitOps in Action!

  49. Tooling • CNCF Flux • ArgoCD • Gitkube • Tekton • JenkinsX

  50. Flux github.com/fluxcd/flux

  51. Trainings environment: 301.sh/velocity-gitops-101 Trainings repo: github.com/mhausenblas/gitops101

  52. So what actually happened? 1. We installed the Flux agent in our cluster 2. We added the agent key to our repository, so that it can read and write the configuration 3. We configured the agent to watch to our repository 4. The agent noticed some manifests in the repository, and automatically applied them 5. Kubernetes deployed the manifests

  53. Progressive delivery

  54. What is progressive delivery? Progressive Delivery is Continuous Delivery with fine-grained control over the blast radius, requiring: • CI pipeline that produces immutable build artifacts • CD pipeline designed for desired state reconciliation • Smart routing for user facing apps and service to service communication • Observability (performance stats + business metrics) • Fail fast mentality

  55. Flagger Flagger is a Kubernetes operator that automates the promotion of canary deployments using App Mesh, Istio, Gloo or NGINX routing for traffic shifting and Prometheus metrics for canary analysis. Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators. Based on the KPIs analysis a canary is promoted or aborted.

  56. Flagger

  57. Challenges

  58. Technical challenges • All your artifacts in VCS such as Git? • Tooling selection • app-focused vs infra-focused • pace of ecosystem

  59. Organizational challenges • Is there a devops mentality in your organization? • Is your organization ready for “cloud native”?

  60. Recap and Resources

  61. Recap: GitOps CI/CD • Git is our single source of truth • Deployments and rollback are all done via Git • Auditing built-in • Having separate pipelines for CI and CD enables better security • Automated the deployment • It’s easier to deal with if a deployment goes wrong

  62. Resources • https://www.gitops.tech • https://github.com/weaveworks/awesome-gitops • https://thenewstack.io/what-is-gitops-and-why-it-might-be-the-next- big-thing-for-devops/ • https://www.reddit.com/r/kubernetes/comments/c2wgdz/gitops_in_ production_share_your_experiences/ • https://deploy.live/blog/a-year-with-gitops-in-production/

  63. Rate the session Session page on conference website O’Reilly Events App

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding GitOps IBM Cloud and Cognitive Software GitOps What is the difference between

Understanding GitOps IBM Cloud and Cognitive Software GitOps What is the difference between

Understanding GitOps IBM Cloud and Cognitive Software GitOps What is the difference between GitOps and CiCd / DevOps / . ?? - It is Ci/Cd Process used my devs BUT for App Config and Infra Config Declarative description of the system is

457 views • 9 slides
How to Publish Linked Data on the Web Tom Heath, Michael Hausenblas, Chris Bizer, Richard

How to Publish Linked Data on the Web Tom Heath, Michael Hausenblas, Chris Bizer, Richard

How to Publish Linked Data on the Web Tom Heath, Michael Hausenblas, Chris Bizer, Richard Cyganiak, Olaf Hartig Half-day Tutorial at ISWC2008 27th October 2008, Karlsruhe, Germany Objectives Introduce the concept of Linked Data

1.68k views • 142 slides
Autoscaling All Things Kubernetes with Prometheus Michael Hausenblas & Frederic Branczyk,

Autoscaling All Things Kubernetes with Prometheus Michael Hausenblas & Frederic Branczyk,

Autoscaling All Things Kubernetes with Prometheus Michael Hausenblas & Frederic Branczyk, Red Hat @mhausenblas @fredbrancz Autoscaling? On an abstract level: Calculate resources to cover demand Demand measured by metrics

1.27k views • 24 slides
Apache Drill Implementation Deep Dive T ed Dunning & Michael Hausenblas Berlin Buzzwords

Apache Drill Implementation Deep Dive T ed Dunning & Michael Hausenblas Berlin Buzzwords

Apache Drill Implementation Deep Dive T ed Dunning & Michael Hausenblas Berlin Buzzwords 2013-06-03 h t t p : / / w w w . f l i c k r . c o m / p h o t o s / k e v i n o m a r a / 2 8 6 6 6 4 8

1.13k views • 50 slides
Automium, GitOps on Openstack. The first (2013) European, multi-region, open source cloud IaaS.

Automium, GitOps on Openstack. The first (2013) European, multi-region, open source cloud IaaS.

Automium, GitOps on Openstack. The first (2013) European, multi-region, open source cloud IaaS. automation + distribution = cloud Automium Our solution for building declarative infrastructures and deploy your software, at any scale. You

441 views • 28 slides
GitOps, Jenkins & Jenkins X Tracy Miranda, Director of Open Source Community | CloudBees

GitOps, Jenkins & Jenkins X Tracy Miranda, Director of Open Source Community | CloudBees

GitOps, Jenkins & Jenkins X Tracy Miranda, Director of Open Source Community | CloudBees tmiranda@cloudbees.com | @tracymiranda @tracymiranda What is DevOps? @tracymiranda DevOps is the new legacy @tracymiranda Cloud Native

435 views • 31 slides
SPDES driven by Poisson Random Measures Erika Hausenblas University of Salzburg, Austria SPDES

SPDES driven by Poisson Random Measures Erika Hausenblas University of Salzburg, Austria SPDES

SPDES driven by Poisson Random Measures Erika Hausenblas University of Salzburg, Austria SPDES driven by Poisson Random Measures p.1 Motivations of SPDEs Finance Mathematics: The forward interest rate of a zero bound in the Heath Jarrow

828 views • 54 slides
Change of Measure formula and the Hellinger Distance of two Lvy Processes Erika Hausenblas

Change of Measure formula and the Hellinger Distance of two Lvy Processes Erika Hausenblas

Change of Measure formula and the Hellinger Distance of two Lvy Processes Erika Hausenblas University of Salzburg, Austria Change of Measure formula and the Hellinger Distance of two L evy Processes p.1 Outline Hellinger distances

881 views • 40 slides
Institute of Information Systems & Information Management UAd Building Linked Data For Both

Institute of Information Systems & Information Management UAd Building Linked Data For Both

Institute of Information Systems & Information Management UAd Building Linked Data For Both Humans and Machines Wolfgang Halb, Yves Raimond and Michael Hausenblas LDOW2008, 2008-04-22, Beijing, China Agenda riese R DFizing and I

453 views • 16 slides
4 th Linked Data on the W eb W orkshop ( LDOW 2 0 1 1 ) Christian Bizer, Freie Universitt

4 th Linked Data on the W eb W orkshop ( LDOW 2 0 1 1 ) Christian Bizer, Freie Universitt

W W W 2 0 1 1 29th March 2011, Hyderabad, India 4 th Linked Data on the W eb W orkshop ( LDOW 2 0 1 1 ) Christian Bizer, Freie Universitt Berlin, Germany Tom Heath, Talis, UK Tim Berners-Lee, W3C/MIT, USA Michael Hausenblas, Richard

378 views • 26 slides
No-three-in-line-problem on a torus Michael Skotnica October 2019 Michael Skotnica

No-three-in-line-problem on a torus Michael Skotnica October 2019 Michael Skotnica

No-three-in-line-problem on a torus Michael Skotnica October 2019 Michael Skotnica No-three-in-line-problem on a torus History - Amusements in Mathematics Henry E. Dudeney Puzzle 317 Place two pawns in the middle of the chessboard, one at Q4

300 views • 12 slides
AUTOMATIC MIXED PRECISION IN PYTORCH Michael Carilli and Michael Ruberry, 3/20/2019 THIS TALK

AUTOMATIC MIXED PRECISION IN PYTORCH Michael Carilli and Michael Ruberry, 3/20/2019 THIS TALK

AUTOMATIC MIXED PRECISION IN PYTORCH Michael Carilli and Michael Ruberry, 3/20/2019 THIS TALK Using mixed precision and Volta/Turing your networks can be: 1. 2-4x faster 2. more memory-efficient 3. just as powerful with no architecture change.

1.14k views • 50 slides
Energy Frontier LHC & HL-LHC Michael Begel April 16, 2019 Michael Begel LHC at CERN LHC

Energy Frontier LHC & HL-LHC Michael Begel April 16, 2019 Michael Begel LHC at CERN LHC

Energy Frontier LHC & HL-LHC Michael Begel April 16, 2019 Michael Begel LHC at CERN LHC is worlds highest energy hadron collider pp, PbPb, pPb, XeXe s up to 14 TeV Four major experiments and three smaller experiments

326 views • 31 slides
Is Retirement Planning Possible for Low-Income Families? J. Michael Collins May 22, 2019

Is Retirement Planning Possible for Low-Income Families? J. Michael Collins May 22, 2019

Is Retirement Planning Possible for Low-Income Families? J. Michael Collins May 22, 2019 Webinar begins at 2pm EDT/1pm CDT/12pm MDT/11am PDT J. Michael Collins Faculty Director, Center for Financial Security University of Wisconsin-Madison

666 views • 33 slides
Dr. Michael G. Kozak Superintendent of Schools Mr. Michael C. Gorski, CPA Business

Dr. Michael G. Kozak Superintendent of Schools Mr. Michael C. Gorski, CPA Business

MONROE TOWNSHIP SCHOOL DISTRICT 2018-2019 BUDGET PRESENTATION Presented by Dr. Michael G. Kozak Superintendent of Schools Mr. Michael C. Gorski, CPA Business Administrator/ Board Secretary Dr. Dori L. Alvich Assistant Superintendent of

613 views • 36 slides
An alternative OpenMP Backend for Polly Michael Halkenhuser 2019 European LLVM Developers

An alternative OpenMP Backend for Polly Michael Halkenhuser 2019 European LLVM Developers

An alternative OpenMP Backend for Polly Michael Halkenhuser 2019 European LLVM Developers Meeting 2019-04-08 | Embedded Systems and Applications Group | Michael Halkenhuser | 1 / 19 Polly Polyhedral framework on LLVM-IR 2019-04-08 |

748 views • 38 slides
How we built a global search engine for genetic data Miro Cupak VP Engineering, DNAstack

How we built a global search engine for genetic data Miro Cupak VP Engineering, DNAstack

How we built a global search engine for genetic data Miro Cupak VP Engineering, DNAstack 13/06/2018 @mirocupak What and why? Beacon Network https://beacon-network.org/ largest search and discovery engine of human genetic mutations

686 views • 42 slides
2016 AGM UPDATE 26 October 2016 Key outcomes delivered by FWPA 8-storey timber buildings

2016 AGM UPDATE 26 October 2016 Key outcomes delivered by FWPA 8-storey timber buildings

2016 AGM UPDATE 26 October 2016 Key outcomes delivered by FWPA 8-storey timber buildings code change Improved social license for wood Partnership with Planet Ark World leading WoodSolutions program Impactful research

581 views • 30 slides
O CTOBER 27 TH , 2016 A GENDA Welcome May/October, 2016 Minutes Approval Sharing

O CTOBER 27 TH , 2016 A GENDA Welcome May/October, 2016 Minutes Approval Sharing

SUSTAINABLE PETERBORUGH BUSINESS INITIATIVE E DUCATE | M OTIVATE | E MPOWER O CTOBER 27 TH , 2016 A GENDA Welcome May/October, 2016 Minutes Approval Sharing Tools/Tool Box Feedback/Update Featuring Sustainability Stories SPBI

316 views • 17 slides
READ Act (Reading to Ensure Academic Development) Review and Approval of Diagnostic and Summative

READ Act (Reading to Ensure Academic Development) Review and Approval of Diagnostic and Summative

HB 12-1238: The Colorado READ Act (Reading to Ensure Academic Development) Review and Approval of Diagnostic and Summative Assessments State Board of Education February 13, 2013 Statutory Requirements Related to Assessments Section

339 views • 9 slides
ALTMETRICS AND OPEN PEER REVIEW MODULE AT DIGITAL.CSIC ALTMETRICS AT DIGITAL.CSIC DIVERSIFYING

ALTMETRICS AND OPEN PEER REVIEW MODULE AT DIGITAL.CSIC ALTMETRICS AT DIGITAL.CSIC DIVERSIFYING

Isabel Bernal DIGITAL.CSIC, http://digital.csic.es/ June 23, 2016 ALTMETRICS AND OPEN PEER REVIEW MODULE AT DIGITAL.CSIC ALTMETRICS AT DIGITAL.CSIC DIVERSIFYING VALUE ADDED SERVICES FOR CSIC RESEARCHERS Impact indicators and other metrics

334 views • 22 slides
February 8, 2018 Transportation Proposition The proposed proposition requests to change the

February 8, 2018 Transportation Proposition The proposed proposition requests to change the

North Bellmore UFSD Board of Education Meeting February 8, 2018 Transportation Proposition The proposed proposition requests to change the transportation mileage limit for students in grades 4-6 from one-mile to one-half mile at a cost of

81 views • 6 slides
4Q18 AND FULL YEAR 2018 EARNINGS PRESENTATION February 6, 2019 DISCLOSURE STATEMENT This

4Q18 AND FULL YEAR 2018 EARNINGS PRESENTATION February 6, 2019 DISCLOSURE STATEMENT This

4Q18 AND FULL YEAR 2018 EARNINGS PRESENTATION February 6, 2019 DISCLOSURE STATEMENT This presentation may contain forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the

462 views • 25 slides
Eden Central School District 2017-2018 Community Forum Presenta6on March 1, 2017 Budget

Eden Central School District 2017-2018 Community Forum Presenta6on March 1, 2017 Budget

Eden Central School District 2017-2018 Community Forum Presenta6on March 1, 2017 Budget Considera6ons Founda6on Aid GAP Elimina6on Adjustment Governors Budget Implica6ons for Eden Budget Timeline Calcula6ng the Budget Tax

202 views • 17 slides

More recommend