SlideShare a Scribd company logo

Continuous Lifecycle London 2018 Event Keynote

Weaveworks
Weaveworks

Today it’s all about delivering velocity without compromising on quality, yet it’s becoming increasingly difficult for organisations to keep up with the challenges of current release management and traditional operations. The demand for developers to own the end-to-end delivery, including operational ownership, is increasing. A “you build it, you own it” development process requires tools that developers know and understand. So I’d like to introduce “GitOps”- an agile software lifecycle for modern applications. In this session, I will discuss these industry challenges, including current CICD trends and how they’re converging with operations and monitoring. I’ll also illustrate the GitOps model, identify best practices and tools to use, and explain how you can benefit from adopting this methodology inherited from best practices going back 10-15 years.

Technology
1 of 122
GitOps Git push all the things Alexis Richardson CEO, Weaveworks TOC Chair, CNCF @monadic May 2018
Hello 2
Hello ● WTF is GitOps ● Why is Cloud Native relevant ● How does GitOps work and in what ways is it different from $MY_DEVOPS ● Tools ● Recap 3
Meet Qordoba ● SF based team use machine learning to create ”local” marketing UX for big brands ● Rapid iteration while obeying SOC2 compliance ● Google Cloud – Kubernetes & CI ● Weave Cloud – single cont. delivery & observability pipeline
Over 30 releases per day per team, up from 1-2 per week across all teams 1) Estimated time needed to fix prod software bugs ~60% less time 2) Estimated time to respond to customer requests ~43% less time 3) Uptime 99% à 100% (so far…!) Impact
Kubernetes: declarative infrastructure & orchestration
Image credit: Helen Beal, Ranger4 At least a decade of DevOps best practices
GitOps is Automation for Cloud Native Describe the system & build to that plan
New ways of working cloud led us to devops cloud native leads us to gitops “push code, not containers” “operations by pull request”
• Config is code • Code must be version controlled • Config must be version controlled too GitOps follows the Logic of DevOps
GitOps follows the Logic of DevOps • Config is code • Code must be version controlled • Config must be version controlled too • What can be described can be automated • Describe everything: code, config, monitoring & policy; and then keep it in version control
GitOps • Git as a source of truth for desired state of whole system yes really the whole system • Control loop compares desired with actual state to pull changes, enforce convergent atomic updates and writeback to log in Git • Diff alerts, eg.:
Atomic updates for declarative stack Developer experience is just Git push Best practice for Continuous Delivery with Kubernetes Kubernetes Current State via Observability Tools Control & Operations Desired State in Git Diff Observe Orient Decide Act Release
What this gets us • Any developer can use GitHub • Anyone can join team and ship a new app or make changes easily • All changes can be triggered, stored, audited and validated in Git And we didn’t have to do anything very new or clever
“The world is envisioned as a repo and not as a kubernetes installation" - Kelsey Hightower Kubernetes ❤ GitOps
Kubernetes is complex, ideally you’d like to… Make a pull request & just go to a URL to see app change Avoid kubectl Have “Bonus points for Metrics… If you give people visibility, they will stop asking for tools like kubectl to do their job, because now they can actually observe what’s happening in the cluster”
Who is talking about or doing GitOps? Weaveworks Cloudbees Bitnami OpenFaaS Hasura Ocado Financial Times & more!
19 About Weaveworks ● Founded in 2014, backed by Google Ventures & Accel Partners ● Mission: help software teams go faster by providing technologies that support cloud native development
20 ● 40 people ● Berlin ● London ● San Francisco Team
21 Team Some of us are known for...
● Building cloud-native OSS since 2014 (Weave Net, Moby, Kubernetes, Prometheus) ● Founding member of CNCF ● Alexis Richardson (Weaveworks CEO) is chair of the CNCF Technical Oversight Committee ● Weave Cloud runs on Kubernetes since 2015 22 About Weaveworks
• We use declarative infrastructure ie. Kubernetes, Docker, Terraform, … and we “diff all the things” • Our entire system including code, config, monitoring rules, dashboards, is described in GitHub with full audit trail • We roll out major or minor changes as pull requests for any updates, outages and D/R GitOps at Weaveworks
Cloud Native
Cloud Native
Cloud Native
Copenhagen: Home of Lego
Home of Lego
CNCF in 2016
CNCF in 2018
CNCF is building a cloud platform ● Goal of a Cloud Platform for era of ubiquitous services à a bigger deal than the Web à open like Linux à everyone is on board this time ● Business Peeps TLDR Cloud Native is Cloud ● Outcome: Innovation and new Business Models for make profit
Velocity
Hadoop Typical Hadoop Project 2013
2018: Kubeflow
Componentisation
Componentisation
No platform? Who wants to build a toaster?
Platforms enable Velocity ● Higher speed ● Lower barriers to entry ● Explosion of higher order systems
Velocity is a key metric in Continuous Delivery High-performing teams deploy more frequently and have much faster lead times They make changes with fewer failures, and recover faster from failures 200x more frequent deployments 2,555x shorter lead times 3x lower change failure rate 24x faster recovery from failures 200x 2,555x 3x 24x Source: 2016 State of DevOps Report (Puppet Labs)
Make me a Velocity Developers write code that powers Applications and integrates Services deployed to a Cloud Platform that is easy, stable & operable using best practices for Continuous Delivery at high velocity
New Cloud Platform “Just run my code” Kubernetes Infra - Cloud & DCs & Edge Other CNCF Projects Local Services & Data Code >> Containers >>
1000s of ways to “Just Run My Code” ● Serverless: Openfaas, Kubeless, OpenEvents, AWS Lambda…. ● PaaS (Openshift, Cloud Foundry..), MBaaS, KMaaS, .. ● Kubeflow, Istio, Pachyderm and other k8s native app f/works ● Declarative app def eg compose, ksonnet, ballerina ● Native general frameworks: metaparticle ● Ports: Laravel (PHP!) and other app frameworks to Kube ● Tools: Cert-manager, ChaosIQ, .. ● Explosion of higher order systems is caused by platform
Serverless & Kubernetes will converge ● Ubiquity of Kubernetes will pull serverless into the story - from “run my containers” to “run my code” ● Consumption and packaging of services is where serverless and functions add value today, and will be part of the Platform. AWS Lambda is a “clue” not the “answer”. ● Commonly used programming tools will unify Kubernetes, containers, “serverless”, managed services / APIs ● These models will be cloud agnostic ● The “pay per call” serverless business model will just be a feature of the cloud platform management layer (eg: AWS Fargate)
Getting to a Cloud Platform 2017 2018-20 2020+ Core Platform - Kubernetes & containers Observability / Operability - monitoring (prom.) - logging (fluentd) - tracing (jaeger, OT) Routing - mesh (envoy, linkerd) - messaging (nats) Security: Spiffe, OPA, SAFE Storage: - orchestration - CSI - other Interfaces: - OpenMetrics - OpenEvents Developer On Ramp: CICD, Helm packaging, &c Marketplace of Services and other Add-ons “Just run my code” user experiences for 1000s of different use cases >> Towards Ubiquity
Cloud native – just run my code
Practice Tribes gotta tribe
New ways of working cloud led us to devops cloud native leads to gitops “push code not containers” “operations by pull request”
Summary ● Cloud Platform powered by CNCF tools, Kubernetes at the core ● Multi Cloud support: Amazon, Azure, OSS ● Explosion of higher order tools and services ● GitOps for high velocity delivery pipeline
So about GitOps
● Why Git ● Examples of what’s in Git (and image repo) ● CICD pipeline ● Security, Compliance & Audit ● Observability & Control ● Tools Overview GitOps in depth 55
GitOps builds on DevOps with Git as a single source of truth for the desired state of the system ● The entire system state is under version control and described in Git (trunk best) ● Operational changes on production clusters are made by pull request ● Rollback and audit logs are provided via Git ● When disaster strikes, the whole infrastructure can be quickly restored from Git
57
58 Canonical source of truth
59 Canonical source of truth People
60 Canonical source of truth People Software Agents
61 Canonical source of truth People Software Agents Software Agents
62 Canonical source of truth People Software Agents Software Agents
63 Canonical source of truth Clear model with strong separations of concerns (safety) Easy rollbacks and reverts (velocity) Tapping into existing code review tools and processes Great compliance tool Collaboration point between software and humans
64 ?
Dashboards Alerts Playbook Kubernetes Manifests Application configuration Provisioning scripts 65 Application checklists Recording Rules Sealed Secrets
66
67 Grafanalib dashboard library https://github.com/weaveworks/grafanalib
68 YAML Service Checklist
Destination config apiVersion: config.istio.io/v1beta1 kind: DestinationPolicy metadata: name: ratings-lb-policy namespace: default spec: destination: name: reviews labels: version: v1 loadBalancing: name: ROUND_ROBIN circuitBreaker: simpleCb: maxConnections: 100 httpMaxRequests: 1000 httpMaxRequestsPerConnection: 10 httpConsecutiveErrors: 7 sleepWindow: 15m httpDetectionInterval: 5m RANDOM, LEAST_CONN Limits outgoing connections to “v1” of the reviews service ● 100 connections ● 1000 concurrent requests ● 10 rps Load-balances in round-robin fashion across all reviews “v1” endpoints Configures host ejection ● 7 consecutive 5xx errors ● Period of 15 minutes ● Scanned every 5 minutes
Egress config apiVersion: config.istio.io/v1beta1 kind: EgressRule metadata: name: foo-egress-rule spec: destination: service: *.foo.com ports: - port: 80 protocol: http - port: 443 protocol: https Provides access to a set of services under the foo.com domain. Sidecar will handle automatically upgrading connection to TLS, if desired. ● Must access as HTTP ● Example: http://mail.foo.com:443
Routing config apiVersion: config.istio.io/v1beta1 kind: RouteRule metadata: name: reviews-rating-jason-rule namespace: default spec: destination: name: ratings route: - labels: version: v1 weight: 100 match: source: name: reviews labels: version: v2 request: headers: cookie: regex: "^(.*?;)?(user=jason)(;.*)?" uri: For traffic going to the ratings service send all of it to “v1” if: ● It is coming from “v2” the reviews services ● And the URL path starts with /ratings/v2 ● And the request contains a cookie with the value “user=jason”
Redirect Config Fault Injection # HTTP Redirect snippet spec: destination: name: ratings match: request: headers: uri: /v1/getProductRatings redirect: uri: /v1/bookRatings authority: bookratings.default.svc.cluster.local --- # Fault injection snippet spec: destination: name: reviews route: - labels: version: v1 httpFault: abort: percent: 10 httpStatus: 400 HTTP Redirection ● For all requests to /v1/getProductRatings, return a 302 with a location of /v1/bookRatings and overwrite the host/authority header. HTTP Fault injection ● For 10% of requests to v1 of the reviews service, fail with a status code of 400 Timeouts, retries, request rewrites, delays configured similarly
Pipelines & Security 73
Pipelines & Control Loops Deployment App Dev Build (CI) Containers Execution (CD + Release Automation) Observe & Control
CI Image RepoCode Repo Typical CICD pipeline ClusterDev RW RW RWRW RO RW RO
There should be a firewall between CI and CD CI CD
GitOps separation of concerns CI tooling Scope: test, build, publish artifacts ● Runs outside the production cluster ● Read access to code repo ● Read/Write access to image repo ● Read/Write access to integration env ● “Push” based CD tooling Scope: reconciliation between git and the cluster ● Runs inside the production cluster ● Read/Write access to config repo ● Read access to image repo ● Read/Write access to production cluster ● “Pull” based
CICode Repo Kubernetes API GitOps CICD pipeline Dev RO RO CD OperatorRO RW RW RW RW Image Repo Config Repo
GitOps enables security ● The CI tooling can be push based but has no production system access ● The CD tooling is pull based and retains the production credentials inside the cluster ● Developers can’t push directly to image registry ● Cluster API & credentials are never exposed/cross boundary ● Encrypted API keys and data storage credentials can be stored in Git and decrypted at deploy time inside the cluster
CI ops 80
Kubernetes: operator pattern Git Config Kubernetes Cluster Deployment Service Deploy Operator
Write back from Kubernetes to maintain TX audit log ○ Config is code & everything is config (‘declarative infra’) ○ Code (& config!) must be version controlled ○ Anything that does not record changes in version control is harmful – Git as Audit Log
Atomic Updates ○ Groups of changes are hard ○ Partial success / failure à redeploy cluster? ○ Want atomic update-in-place ○ Operators can do this. It’s really hard with CI scripts. ○ Git as Transaction Log
Example pipeline Git Code Git Config Container Registry Build Container (CI) Update image in staging config 1/ Code change 2/ Merge Staging to Prod Config Updater Kubernetes Cluster Deployment Service Deploy Operator
Typical (not mandatory) Structure of a GitOps repository ● At least 1 repository per application/service ● Config & code in separate repos. Images named via labels. ● Use a separate branch per environment (maps to a Kubernetes namespace, or cluster) ● Push changes such as the image name, health checks, etc to staging (or feature) branches first. ● Rolling out to production involves a merge. (use `git merge -s ours branchname` to skip a set of staging-only changes). ● Use protected branches to enforce code review requirements.
Staging
Use declarative configuration to define your application and services. All changes need to go through your git review process – noone should be using kubectl directly. (also: don’t push from CI to prod) Use an operator in the cluster to drive the observed cluster state to the desired state, as declared by your configuration in git Summary: Three core principles of GitOps
Cluster updates are a sequence of atomic transactions which succeed or fail cleanly, and are so easy to do that your team velocity will rocket up Git provides a transaction log for rollback, audit, and team work Config and image repos act as a “firewall” between dev and prod, e.g. so that CI cannot “own production” if hacked. Summary: Three technical benefits of GitOps
❯ GitOps operational mindset, all k8s applications stored in Git. ❯ Securely automate & share secrets publicly ❯ Asymmetric (public key) cryptography ❯ Encrypt data up to (and inside) K8s cluster Bitnami: Encrypt Kubernetes SecretsSealed Secrets
Observability & Control 91
Validating what happened is PART OF THE DEPLOYMENT
94 Declare
95 Declare Implement
96 Declare Implement Automated by software agents
97 Declare Implement Monitor / Observe Automated by software agents
98 Declare Implement Monitor / Observe Default dashboards Automated by software agents
99 Declare Implement Monitor / Observe Plan Automated by software agents Default dashboards
10 0 Declare Implement Monitor / Observe Plan Automated by software agents Default dashboards
10 1 Declare Implement Monitor / Observe Plan Automated by software agents Default dashboards
10 2 Declare Implement Monitor Plan Continuous Deployment Default dashboards Automated by software agents
Improving UX is PART OF DEPLOYMENT • End user happiness is all • Integrate GitOps CD pipeline with tools to observe results of PRs • Developers have to correlate UX to operational concepts like monitoring, tracing, logs • Like doctors, we must be able to validate health as well as diagnose problems
Every service should have a unified interactive dash (eg. metrics + events + actions; image is from Lyft)
Fundamental Theorem ONLY what can be described and observed can be automated and controlled
Three GitOps Takeaways • Git push is a great DX – “push code not containers" - best practice for Kubernetes, Cloud Native & Serverless… • GitOps is about more than triggering cluster deployment via a PR, it is a full transactional operating model for the whole stack. It is “scale invariant” and it uses a control loop to implement a “joined up” pipeline for delivery and observability • GitOps is different from CI ops. It is based on ‘firewall’ between Dev and Ops, it guarantees deployments are correct or fail cleanly, it integrates with Observability & Control tools
FASTER, BETTER & SAFER 10 7
Tools? 10 8
● DIY ● CI ops ● PaaS (Heroku, Cloud Foundry …) ● Dedicated modern CD tools Choices 10 9
Not EITHER / OR ● Spinnaker ● Helm ● Weave Flux / Weave Cloud ● JenkinsX ● Skaffold ● Gitkube ● Harness Dedicated tools for app dev and/or cicd 11 0
● Created by Netflix for Netflix ● Jenkins++ CICD tool, with Pipeline Management and Release Management ● Pipelines GUI, nested pipelines, canary as pipeline… ● Designed for VMs – doesn’t “speak Kubernetes” (also: Terraform?) ● Good if your Release model is “Deploy my VMs and start my cluster” ● “CI Ops”, so Not Good if your Release model is atomic updates pulled by operator ● Does not use Git, uses external DB. ● Audit log & desired state not complete ● Generally complicated with lots of moving parts. Operationally burdensome even if run in Kubernetes Spinnaker 11 1
● V2 of Kubernetes templating system ● Writes a group of changes as a “chart” – so can be a packaging tool for Kubernetes ● De facto “app API” for Kubernetes – great for getting started ● *** IS NOT A CD TOOL *** ● CI + Helm is a dangerous pattern ● Non-atomic ● Non-deterministic ● Non-compositional ● Tiller Helm 11 2
● Created for Kubernetes by Weaveworks, will go to CNCF ● Only does Release Management: pull based CD, policy, staging, audit trail ● Works with any CI but *** does not connect to CI *** ● Watches repos. Updates on label & config change, no need for a “full rebuild” ● Kubernetes native – all Kube objects, also Helm, CRDs – make Helm do GitOps ● Secure (if cluster is) ● Orchestrator forces convergent atomic updates on cluster even for group of changes – succeeds or fails cleanly, no need for full cluster reboot ● COMPLETE record in Git kept in sync. Rollback & roll forward ● Diffs – continually monitors cluster & repo to spot drift Weave Flux 11 3
● Simple Gitops model for DEV with Kubernetes ● Push to gitkube remote server that lives in your cluster (ie. runs custom git server inside Kubernetes cluster) ● Runs build for you, instead of CI. Couples continuous build of Docker images & continuous deployment to the cluster. These should be decoupled. ● Pushes container into Kubernetes, but not Kube objects, not Helm, not CRDs ● Not atomic or idempotent ● No built in monitoring, so deployments may not converge ● Does not track changes in Git Gitkube 11 4
● Skaffold ● Weave Flux ● Jenkins X ● Minikube ● Docker Gitops developer toolkit? 11 5
Weave Cloud 11 6
Commercial 11 7
11 8
11 9
12 0
12 1
Anything missing?
Anything missing? Developers (That means YOU)
Thank you! 12 4 Alexis Richardson alexis@weave.works @monadic facebook.com/WeaveworksInc/ twitter.com/weaveworks slack.weave.works/ youtube.com/c/WeaveWorksInc linkedin.com/company/weaveworks @weaveworks https://weave.works

Recommended

GitOps - Modern best practices for high velocity app dev using cloud native t...
GitOps - Modern best practices for high velocity app dev using cloud native t...GitOps - Modern best practices for high velocity app dev using cloud native t...
GitOps - Modern best practices for high velocity app dev using cloud native t...Weaveworks
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes waysparkfabrik
 
GitOps w/argocd
GitOps w/argocdGitOps w/argocd
GitOps w/argocdJean-Philippe Bélanger
 
GitOps - Operation By Pull Request
GitOps - Operation By Pull RequestGitOps - Operation By Pull Request
GitOps - Operation By Pull RequestKasper Nissen
 
Gitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsGitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsMariano Cunietti
 
Gitops Hands On
Gitops Hands OnGitops Hands On
Gitops Hands OnBrice Fernandes
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Weaveworks
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 

Recommended

GitOps - Modern best practices for high velocity app dev using cloud native t...
GitOps - Modern best practices for high velocity app dev using cloud native t...GitOps - Modern best practices for high velocity app dev using cloud native t...
GitOps - Modern best practices for high velocity app dev using cloud native t...Weaveworks
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes waysparkfabrik
 
GitOps w/argocd
GitOps w/argocdGitOps w/argocd
GitOps w/argocdJean-Philippe Bélanger
 
GitOps - Operation By Pull Request
GitOps - Operation By Pull RequestGitOps - Operation By Pull Request
GitOps - Operation By Pull RequestKasper Nissen
 
Gitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsGitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsMariano Cunietti
 
Gitops Hands On
Gitops Hands OnGitops Hands On
Gitops Hands OnBrice Fernandes
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Weaveworks
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 
GitOps with ArgoCD
GitOps with ArgoCDGitOps with ArgoCD
GitOps with ArgoCDCloudOps2005
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfKnoldus Inc.
 
CI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdCI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdBilly Yuen
 
GitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesGitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesVolodymyr Shynkar
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCDOmar Fathy
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsVietnam Open Infrastructure User Group
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDJulian Mazzitelli
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitWeaveworks
 
ArgoCD Meetup PPT final.pdf
ArgoCD Meetup PPT final.pdfArgoCD Meetup PPT final.pdf
ArgoCD Meetup PPT final.pdfamanmakwana3
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...LibbySchulze
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on CodefreshCodefresh
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptxssuser0cc9131
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ... Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...Weaveworks
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps WorkshopWeaveworks
 

More Related Content

What's hot

GitOps with ArgoCD
GitOps with ArgoCDGitOps with ArgoCD
GitOps with ArgoCDCloudOps2005
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfKnoldus Inc.
 
CI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdCI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdBilly Yuen
 
GitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesGitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesVolodymyr Shynkar
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCDOmar Fathy
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDJulian Mazzitelli
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitWeaveworks
 
ArgoCD Meetup PPT final.pdf
ArgoCD Meetup PPT final.pdfArgoCD Meetup PPT final.pdf
ArgoCD Meetup PPT final.pdfamanmakwana3
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...LibbySchulze
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on CodefreshCodefresh
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 

What's hot (20)

GitOps with ArgoCD
GitOps with ArgoCDGitOps with ArgoCD
GitOps with ArgoCD
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdf
 
CI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdCI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cd
 
GitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesGitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with Kubernetes
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCD
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOps
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOps
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
 
ArgoCD Meetup PPT final.pdf
ArgoCD Meetup PPT final.pdfArgoCD Meetup PPT final.pdf
ArgoCD Meetup PPT final.pdf
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...
 
Terraform GitOps on Codefresh
Terraform GitOps on CodefreshTerraform GitOps on Codefresh
Terraform GitOps on Codefresh
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptx
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 

Similar to Continuous Lifecycle London 2018 Event Keynote

Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ... Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...Weaveworks
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps WorkshopWeaveworks
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)Weaveworks
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architecturesnine
 
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsHybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsSonja Schweigert
 
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsHybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsWeaveworks
 
Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...
Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...
Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...Gibran Badrulzaman
 
gitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdfgitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdfsaraichiba2
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdWeaveworks
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021William Caban
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Weaveworks
 
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastrutturaGitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastrutturasparkfabrik
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpMitchell Pronschinske
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetessparkfabrik
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformDevOps Indonesia
 
Ultimate Guide to Microservice Architecture on Kubernetes
Ultimate Guide to Microservice Architecture on KubernetesUltimate Guide to Microservice Architecture on Kubernetes
Ultimate Guide to Microservice Architecture on Kuberneteskloia
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWeaveworks
 
Integration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob DaviesIntegration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob DaviesJudy Breedlove
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and fluxLibbySchulze1
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Vietnam Open Infrastructure User Group
 

Similar to Continuous Lifecycle London 2018 Event Keynote (20)

Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ... Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps Workshop
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architectures
 
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsHybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
 
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsHybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
 
Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...
Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...
Understanding the GitOps Workflow and CICD Pipeline - What It Is, Why It Matt...
 
gitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdfgitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdf
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
 
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastrutturaGitOps: Git come unica fonte di verità per applicazioni e infrastruttura
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorp
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetes
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud Platform
 
Ultimate Guide to Microservice Architecture on Kubernetes
Ultimate Guide to Microservice Architecture on KubernetesUltimate Guide to Microservice Architecture on Kubernetes
Ultimate Guide to Microservice Architecture on Kubernetes
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
 
Integration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob DaviesIntegration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob Davies
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and flux
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
 

More from Weaveworks

Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)Weaveworks
 
Six Signs You Need Platform Engineering
Six Signs You Need Platform EngineeringSix Signs You Need Platform Engineering
Six Signs You Need Platform EngineeringWeaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdfSRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdfWeaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWeaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCIFlux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCIWeaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes ClustersAutomated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes ClustersWeaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesHow to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesWeaveworks
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsWeaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfWeaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyImplementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyWeaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSAccelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSWeaveworks
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFWeaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdfFlux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdfWeaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsDeploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsWeaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumWeaveworks
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfWeaveworks
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdfSimplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdfWeaveworks
 

More from Weaveworks (20)

Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)
 
Six Signs You Need Platform Engineering
Six Signs You Need Platform EngineeringSix Signs You Need Platform Engineering
Six Signs You Need Platform Engineering
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdfSRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
 
Flux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCIFlux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCI
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes ClustersAutomated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesHow to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy Catastrophes
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
 
Implementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyImplementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancy
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSAccelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCF
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdfFlux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdf
 
Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsDeploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdfSimplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
 

Recently uploaded

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Continuous Lifecycle London 2018 Event Keynote

  • 1. GitOps Git push all the things Alexis Richardson CEO, Weaveworks TOC Chair, CNCF @monadic May 2018
  • 3. Hello ● WTF is GitOps ● Why is Cloud Native relevant ● How does GitOps work and in what ways is it different from $MY_DEVOPS ● Tools ● Recap 3
  • 4. Meet Qordoba ● SF based team use machine learning to create ”local” marketing UX for big brands ● Rapid iteration while obeying SOC2 compliance ● Google Cloud – Kubernetes & CI ● Weave Cloud – single cont. delivery & observability pipeline
  • 5.
  • 6. Over 30 releases per day per team, up from 1-2 per week across all teams 1) Estimated time needed to fix prod software bugs ~60% less time 2) Estimated time to respond to customer requests ~43% less time 3) Uptime 99% à 100% (so far…!) Impact
  • 8. Image credit: Helen Beal, Ranger4 At least a decade of DevOps best practices
  • 9. GitOps is Automation for Cloud Native Describe the system & build to that plan
  • 10. New ways of working cloud led us to devops cloud native leads us to gitops “push code, not containers” “operations by pull request”
  • 11. • Config is code • Code must be version controlled • Config must be version controlled too GitOps follows the Logic of DevOps
  • 12. GitOps follows the Logic of DevOps • Config is code • Code must be version controlled • Config must be version controlled too • What can be described can be automated • Describe everything: code, config, monitoring & policy; and then keep it in version control
  • 13. GitOps • Git as a source of truth for desired state of whole system yes really the whole system • Control loop compares desired with actual state to pull changes, enforce convergent atomic updates and writeback to log in Git • Diff alerts, eg.:
  • 14. Atomic updates for declarative stack Developer experience is just Git push Best practice for Continuous Delivery with Kubernetes Kubernetes Current State via Observability Tools Control & Operations Desired State in Git Diff Observe Orient Decide Act Release
  • 15. What this gets us • Any developer can use GitHub • Anyone can join team and ship a new app or make changes easily • All changes can be triggered, stored, audited and validated in Git And we didn’t have to do anything very new or clever
  • 16. “The world is envisioned as a repo and not as a kubernetes installation" - Kelsey Hightower Kubernetes ❤ GitOps
  • 17. Kubernetes is complex, ideally you’d like to… Make a pull request & just go to a URL to see app change Avoid kubectl Have “Bonus points for Metrics… If you give people visibility, they will stop asking for tools like kubectl to do their job, because now they can actually observe what’s happening in the cluster”
  • 18. Who is talking about or doing GitOps? Weaveworks Cloudbees Bitnami OpenFaaS Hasura Ocado Financial Times & more!
  • 19. 19 About Weaveworks ● Founded in 2014, backed by Google Ventures & Accel Partners ● Mission: help software teams go faster by providing technologies that support cloud native development
  • 20. 20 ● 40 people ● Berlin ● London ● San Francisco Team
  • 21. 21 Team Some of us are known for...
  • 22. ● Building cloud-native OSS since 2014 (Weave Net, Moby, Kubernetes, Prometheus) ● Founding member of CNCF ● Alexis Richardson (Weaveworks CEO) is chair of the CNCF Technical Oversight Committee ● Weave Cloud runs on Kubernetes since 2015 22 About Weaveworks
  • 23. • We use declarative infrastructure ie. Kubernetes, Docker, Terraform, … and we “diff all the things” • Our entire system including code, config, monitoring rules, dashboards, is described in GitHub with full audit trail • We roll out major or minor changes as pull requests for any updates, outages and D/R GitOps at Weaveworks
  • 29.
  • 30.
  • 31.
  • 34. CNCF is building a cloud platform ● Goal of a Cloud Platform for era of ubiquitous services à a bigger deal than the Web à open like Linux à everyone is on board this time ● Business Peeps TLDR Cloud Native is Cloud ● Outcome: Innovation and new Business Models for make profit
  • 41. Platforms enable Velocity ● Higher speed ● Lower barriers to entry ● Explosion of higher order systems
  • 42. Velocity is a key metric in Continuous Delivery High-performing teams deploy more frequently and have much faster lead times They make changes with fewer failures, and recover faster from failures 200x more frequent deployments 2,555x shorter lead times 3x lower change failure rate 24x faster recovery from failures 200x 2,555x 3x 24x Source: 2016 State of DevOps Report (Puppet Labs)
  • 43.
  • 44. Make me a Velocity Developers write code that powers Applications and integrates Services deployed to a Cloud Platform that is easy, stable & operable using best practices for Continuous Delivery at high velocity
  • 45. New Cloud Platform “Just run my code” Kubernetes Infra - Cloud & DCs & Edge Other CNCF Projects Local Services & Data Code >> Containers >>
  • 46. 1000s of ways to “Just Run My Code” ● Serverless: Openfaas, Kubeless, OpenEvents, AWS Lambda…. ● PaaS (Openshift, Cloud Foundry..), MBaaS, KMaaS, .. ● Kubeflow, Istio, Pachyderm and other k8s native app f/works ● Declarative app def eg compose, ksonnet, ballerina ● Native general frameworks: metaparticle ● Ports: Laravel (PHP!) and other app frameworks to Kube ● Tools: Cert-manager, ChaosIQ, .. ● Explosion of higher order systems is caused by platform
  • 47. Serverless & Kubernetes will converge ● Ubiquity of Kubernetes will pull serverless into the story - from “run my containers” to “run my code” ● Consumption and packaging of services is where serverless and functions add value today, and will be part of the Platform. AWS Lambda is a “clue” not the “answer”. ● Commonly used programming tools will unify Kubernetes, containers, “serverless”, managed services / APIs ● These models will be cloud agnostic ● The “pay per call” serverless business model will just be a feature of the cloud platform management layer (eg: AWS Fargate)
  • 48. Getting to a Cloud Platform 2017 2018-20 2020+ Core Platform - Kubernetes & containers Observability / Operability - monitoring (prom.) - logging (fluentd) - tracing (jaeger, OT) Routing - mesh (envoy, linkerd) - messaging (nats) Security: Spiffe, OPA, SAFE Storage: - orchestration - CSI - other Interfaces: - OpenMetrics - OpenEvents Developer On Ramp: CICD, Helm packaging, &c Marketplace of Services and other Add-ons “Just run my code” user experiences for 1000s of different use cases >> Towards Ubiquity
  • 49. Cloud native – just run my code
  • 51. New ways of working cloud led us to devops cloud native leads to gitops “push code not containers” “operations by pull request”
  • 52. Summary ● Cloud Platform powered by CNCF tools, Kubernetes at the core ● Multi Cloud support: Amazon, Azure, OSS ● Explosion of higher order tools and services ● GitOps for high velocity delivery pipeline
  • 54. ● Why Git ● Examples of what’s in Git (and image repo) ● CICD pipeline ● Security, Compliance & Audit ● Observability & Control ● Tools Overview GitOps in depth 55
  • 55. GitOps builds on DevOps with Git as a single source of truth for the desired state of the system ● The entire system state is under version control and described in Git (trunk best) ● Operational changes on production clusters are made by pull request ● Rollback and audit logs are provided via Git ● When disaster strikes, the whole infrastructure can be quickly restored from Git
  • 56. 57
  • 62. 63 Canonical source of truth Clear model with strong separations of concerns (safety) Easy rollbacks and reverts (velocity) Tapping into existing code review tools and processes Great compliance tool Collaboration point between software and humans
  • 63. 64 ?
  • 64. Dashboards Alerts Playbook Kubernetes Manifests Application configuration Provisioning scripts 65 Application checklists Recording Rules Sealed Secrets
  • 65. 66
  • 68. Destination config apiVersion: config.istio.io/v1beta1 kind: DestinationPolicy metadata: name: ratings-lb-policy namespace: default spec: destination: name: reviews labels: version: v1 loadBalancing: name: ROUND_ROBIN circuitBreaker: simpleCb: maxConnections: 100 httpMaxRequests: 1000 httpMaxRequestsPerConnection: 10 httpConsecutiveErrors: 7 sleepWindow: 15m httpDetectionInterval: 5m RANDOM, LEAST_CONN Limits outgoing connections to “v1” of the reviews service ● 100 connections ● 1000 concurrent requests ● 10 rps Load-balances in round-robin fashion across all reviews “v1” endpoints Configures host ejection ● 7 consecutive 5xx errors ● Period of 15 minutes ● Scanned every 5 minutes
  • 69. Egress config apiVersion: config.istio.io/v1beta1 kind: EgressRule metadata: name: foo-egress-rule spec: destination: service: *.foo.com ports: - port: 80 protocol: http - port: 443 protocol: https Provides access to a set of services under the foo.com domain. Sidecar will handle automatically upgrading connection to TLS, if desired. ● Must access as HTTP ● Example: http://mail.foo.com:443
  • 70. Routing config apiVersion: config.istio.io/v1beta1 kind: RouteRule metadata: name: reviews-rating-jason-rule namespace: default spec: destination: name: ratings route: - labels: version: v1 weight: 100 match: source: name: reviews labels: version: v2 request: headers: cookie: regex: "^(.*?;)?(user=jason)(;.*)?" uri: For traffic going to the ratings service send all of it to “v1” if: ● It is coming from “v2” the reviews services ● And the URL path starts with /ratings/v2 ● And the request contains a cookie with the value “user=jason”
  • 71. Redirect Config Fault Injection # HTTP Redirect snippet spec: destination: name: ratings match: request: headers: uri: /v1/getProductRatings redirect: uri: /v1/bookRatings authority: bookratings.default.svc.cluster.local --- # Fault injection snippet spec: destination: name: reviews route: - labels: version: v1 httpFault: abort: percent: 10 httpStatus: 400 HTTP Redirection ● For all requests to /v1/getProductRatings, return a 302 with a location of /v1/bookRatings and overwrite the host/authority header. HTTP Fault injection ● For 10% of requests to v1 of the reviews service, fail with a status code of 400 Timeouts, retries, request rewrites, delays configured similarly
  • 73. Pipelines & Control Loops Deployment App Dev Build (CI) Containers Execution (CD + Release Automation) Observe & Control
  • 74. CI Image RepoCode Repo Typical CICD pipeline ClusterDev RW RW RWRW RO RW RO
  • 75. There should be a firewall between CI and CD CI CD
  • 76. GitOps separation of concerns CI tooling Scope: test, build, publish artifacts ● Runs outside the production cluster ● Read access to code repo ● Read/Write access to image repo ● Read/Write access to integration env ● “Push” based CD tooling Scope: reconciliation between git and the cluster ● Runs inside the production cluster ● Read/Write access to config repo ● Read access to image repo ● Read/Write access to production cluster ● “Pull” based
  • 77. CICode Repo Kubernetes API GitOps CICD pipeline Dev RO RO CD OperatorRO RW RW RW RW Image Repo Config Repo
  • 78. GitOps enables security ● The CI tooling can be push based but has no production system access ● The CD tooling is pull based and retains the production credentials inside the cluster ● Developers can’t push directly to image registry ● Cluster API & credentials are never exposed/cross boundary ● Encrypted API keys and data storage credentials can be stored in Git and decrypted at deploy time inside the cluster
  • 80. Kubernetes: operator pattern Git Config Kubernetes Cluster Deployment Service Deploy Operator
  • 81. Write back from Kubernetes to maintain TX audit log ○ Config is code & everything is config (‘declarative infra’) ○ Code (& config!) must be version controlled ○ Anything that does not record changes in version control is harmful – Git as Audit Log
  • 82. Atomic Updates ○ Groups of changes are hard ○ Partial success / failure à redeploy cluster? ○ Want atomic update-in-place ○ Operators can do this. It’s really hard with CI scripts. ○ Git as Transaction Log
  • 83. Example pipeline Git Code Git Config Container Registry Build Container (CI) Update image in staging config 1/ Code change 2/ Merge Staging to Prod Config Updater Kubernetes Cluster Deployment Service Deploy Operator
  • 84. Typical (not mandatory) Structure of a GitOps repository ● At least 1 repository per application/service ● Config & code in separate repos. Images named via labels. ● Use a separate branch per environment (maps to a Kubernetes namespace, or cluster) ● Push changes such as the image name, health checks, etc to staging (or feature) branches first. ● Rolling out to production involves a merge. (use `git merge -s ours branchname` to skip a set of staging-only changes). ● Use protected branches to enforce code review requirements.
  • 86. Use declarative configuration to define your application and services. All changes need to go through your git review process – noone should be using kubectl directly. (also: don’t push from CI to prod) Use an operator in the cluster to drive the observed cluster state to the desired state, as declared by your configuration in git Summary: Three core principles of GitOps
  • 87. Cluster updates are a sequence of atomic transactions which succeed or fail cleanly, and are so easy to do that your team velocity will rocket up Git provides a transaction log for rollback, audit, and team work Config and image repos act as a “firewall” between dev and prod, e.g. so that CI cannot “own production” if hacked. Summary: Three technical benefits of GitOps
  • 88. ❯ GitOps operational mindset, all k8s applications stored in Git. ❯ Securely automate & share secrets publicly ❯ Asymmetric (public key) cryptography ❯ Encrypt data up to (and inside) K8s cluster Bitnami: Encrypt Kubernetes SecretsSealed Secrets
  • 90. Validating what happened is PART OF THE DEPLOYMENT
  • 91.
  • 101. Improving UX is PART OF DEPLOYMENT • End user happiness is all • Integrate GitOps CD pipeline with tools to observe results of PRs • Developers have to correlate UX to operational concepts like monitoring, tracing, logs • Like doctors, we must be able to validate health as well as diagnose problems
  • 102. Every service should have a unified interactive dash (eg. metrics + events + actions; image is from Lyft)
  • 103. Fundamental Theorem ONLY what can be described and observed can be automated and controlled
  • 104. Three GitOps Takeaways • Git push is a great DX – “push code not containers" - best practice for Kubernetes, Cloud Native & Serverless… • GitOps is about more than triggering cluster deployment via a PR, it is a full transactional operating model for the whole stack. It is “scale invariant” and it uses a control loop to implement a “joined up” pipeline for delivery and observability • GitOps is different from CI ops. It is based on ‘firewall’ between Dev and Ops, it guarantees deployments are correct or fail cleanly, it integrates with Observability & Control tools
  • 107. ● DIY ● CI ops ● PaaS (Heroku, Cloud Foundry …) ● Dedicated modern CD tools Choices 10 9
  • 108. Not EITHER / OR ● Spinnaker ● Helm ● Weave Flux / Weave Cloud ● JenkinsX ● Skaffold ● Gitkube ● Harness Dedicated tools for app dev and/or cicd 11 0
  • 109. ● Created by Netflix for Netflix ● Jenkins++ CICD tool, with Pipeline Management and Release Management ● Pipelines GUI, nested pipelines, canary as pipeline… ● Designed for VMs – doesn’t “speak Kubernetes” (also: Terraform?) ● Good if your Release model is “Deploy my VMs and start my cluster” ● “CI Ops”, so Not Good if your Release model is atomic updates pulled by operator ● Does not use Git, uses external DB. ● Audit log & desired state not complete ● Generally complicated with lots of moving parts. Operationally burdensome even if run in Kubernetes Spinnaker 11 1
  • 110. ● V2 of Kubernetes templating system ● Writes a group of changes as a “chart” – so can be a packaging tool for Kubernetes ● De facto “app API” for Kubernetes – great for getting started ● *** IS NOT A CD TOOL *** ● CI + Helm is a dangerous pattern ● Non-atomic ● Non-deterministic ● Non-compositional ● Tiller Helm 11 2
  • 111. ● Created for Kubernetes by Weaveworks, will go to CNCF ● Only does Release Management: pull based CD, policy, staging, audit trail ● Works with any CI but *** does not connect to CI *** ● Watches repos. Updates on label & config change, no need for a “full rebuild” ● Kubernetes native – all Kube objects, also Helm, CRDs – make Helm do GitOps ● Secure (if cluster is) ● Orchestrator forces convergent atomic updates on cluster even for group of changes – succeeds or fails cleanly, no need for full cluster reboot ● COMPLETE record in Git kept in sync. Rollback & roll forward ● Diffs – continually monitors cluster & repo to spot drift Weave Flux 11 3
  • 112. ● Simple Gitops model for DEV with Kubernetes ● Push to gitkube remote server that lives in your cluster (ie. runs custom git server inside Kubernetes cluster) ● Runs build for you, instead of CI. Couples continuous build of Docker images & continuous deployment to the cluster. These should be decoupled. ● Pushes container into Kubernetes, but not Kube objects, not Helm, not CRDs ● Not atomic or idempotent ● No built in monitoring, so deployments may not converge ● Does not track changes in Git Gitkube 11 4
  • 113. ● Skaffold ● Weave Flux ● Jenkins X ● Minikube ● Docker Gitops developer toolkit? 11 5
  • 116. 11 8
  • 117. 11 9
  • 118. 12 0
  • 119. 12 1