SlideShare a Scribd company logo

CI/CD Patterns for Kubernetes Environments

Andrew Phillips
Andrew Phillips

This document discusses CI/CD patterns for Kubernetes. It begins with an agenda and speaker bios. It then discusses the challenges of CI/CD for Kubernetes, including that it is a new space with unclear standard practices. It introduces concepts like environment and application repositories, manifests, and applied manifest sets. It also debunks some myths. The main part describes four related CI/CD processes: application code/config updates, environment config updates, environment restore, and detecting environment config drift. It uses diagrams to illustrate how a tool could implement these patterns.

Technology
1 of 70
CI/CD Patterns for Kubernetes Kubernetes NYC, May 29th 2018 Andrew Phillips & Lars Wander
Agenda ● What’s the challenge? ● CI/CD for Kubernetes: concepts, mental models & mythbusting ● An example implementation using Spinnaker ● Other implementation options & trade-offs ● 3 Takeaways ● Q&A
The bio slide ● Been on most sides of this space: developer, infra builder, product owner, evangelist and more ● Long-standing open-source contributor ● Author and regular conference and meetup presenter ● Co-organizer of ContainerDays Boston & NYC ● Leading OSS Spinnaker team (5 engineers) ● Been on Spinnaker team about 2.5 years ● Wrote initial Kubernetes-Spinnaker integration, as well as the newest one (v2) ● Author and semi-regular conference and meetup presenter
What’s the challenge?
Why is this hard? 1. New space, new technology, new conventions 2. Unclear with “standard” practices to carry over vs. which to revise 3. Early stage: lots of different and sometimes conflicting approaches out there 4. Tooling often still very early in the maturity cycle 5. One size does not fit all
Pattern vs. implementation ● In an early stage space, tooling choices and thus tooling recommendations are difficult ● Patterns are better! ○ Simpler to describe ○ Easier to reason about ○ Higher signal-to-noise ratio ● a.k.a. “let’s talk about the interface”
3 takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios 2. There is a mental model for thinking about code and config in a Kubernetes environment that enables four important CI/CD patterns: app code/config rollout, env config rollout, env restore and env drift detection 3. This model is compatible with various choices of implementation tools (one of which is a GitOps-style implementation), each with different trade-offs suitable to different environments
Concepts, mental models & (some) mythbusting
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod
Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config
Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config 2. Application config a. Meaningful only in the context of an application b. Linked to application version: if app is rolled back, setting should be rolled back c. Could be the same across all environments, or different per environment d. E.g. “login.message”, “background.color”, “session.timeout”
Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config 2. Application config a. Meaningful only in the context of an application b. Linked to application version: if app is rolled back, setting should be rolled back c. Could be the same across all environments, or different per environment d. E.g. “login.message”, “background.color”, “session.timeout” 3. Environment repository/repositories a. Contains environment config and record/”audit trail” of applied manifest sets b. Ownership depends on org culture, regulatory requirements etc. - could differ per env
Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config 2. Application config a. Meaningful only in the context of an application b. Linked to application version: if app is rolled back, setting should be rolled back c. Could be the same across all environments, or different per environment d. E.g. “login.message”, “background.color”, “session.timeout” 3. Environment repository/repositories a. Contains environment config and record/”audit trail” of applied manifest sets b. Ownership depends on org culture, regulatory requirements etc. - could differ per env 4. Environment config a. Meaningful only in the context of an environment b. Not linked to application version: if app(s) is/are rolled back, setting should be unchanged c. E.g. “ldap.url”
Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl
Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl
Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl 3. Manifest set = multiple manifests
Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl 3. Manifest set = multiple manifests 4. Candidate = before submitting to kubectl a. = can’t be sure it’s even valid
Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl 3. Manifest set = multiple manifests 4. Candidate = before submitting to kubectl a. = can’t be sure it’s even valid 5. Applied = after submitting to kubectl a. = can be sure that it was accepted by Kubernetes at some point in time
Some myths 1. “The manifests in my app repository are my source of truth” a. Manifests == templates b. Applied manifests are closer, but are only an attempt to make something happen c. Record of intent != record of achieved state 2. “Every state of my cluster should be represented in my repository” a. Kubernetes cluster will auto-manage and modify resources! 3. “Kubernetes already handles deployments” a. might handle some proportion, but deployment is an 80/20 problem b. multi cluster, exponential rollout, explicit traffic shaping 4. “Helm is a deployment tool” a. Helm is a package manager b. Distribution != deployment
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod To be thought of as templates! “Known good” (i.e. successfully submitted at some point in time) states of the environments
4 related processes 1. Application code/config update 2. Environment config update 3. Environment restore 4. Environment config drift
Application code or settings change
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Trigger on change
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2. Hydrate candidate for dev Candidate hydrated manifest set dev
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2a. If review and approval needed, two- and optionally three-way diff Candidate hydrated manifest set dev
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set dev 3. Attempt to apply candidate hydrated set to K8s cluster/namespace/etc. for dev
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set dev 4. If successful, combine with previous applied manifest set for dev and add to environment repository as current applied manifest set
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 5. Hydrate candidate for test Candidate hydrated manifest set dev Candidate hydrated manifest set test
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool etc. for prod Candidate hydrated manifest set dev Candidate hydrated manifest set test
Environment settings change
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Trigger on change
Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod 2. Hydrate candidate for dev Candidate hydrated manifest set dev
Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev 2a. If review and approval needed, two- and optionally three-way diff
Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev 3. Attempt to apply candidate hydrated set to K8s cluster/namespace/etc. for dev
Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev 4. If successful, combine with previous applied manifest set for dev and add to environment repository as current applied manifest set
Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev Done
Environment rollback
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Trigger manually with unique ID of prior applied manifest set
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2. Retrieve using unique ID Candidate hydrated manifest set test
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test 2a. If review and approval needed, two- and optionally three-way diff
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test 3. Attempt to apply candidate hydrated set to K8s cluster/namespace/etc. for test
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test 4. If successful, add to environment repository as new applied manifest set for test
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test Done
Environment drift detection
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Compare and alert on meaningful diffs
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2. Optionally (to be considered with care), update K8s to match applied manifest set
Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 3. Optionally (to be considered with even more care), create new applied manifest set on diff detection
An example implementation
App code/config change 1. Code change -> build 2. Triggers “deploy to staging” pipeline a. Hydrates manifests relevant to staging environment b. Apply to staging cluster c. Store results in blobstore 3. Optionally trigger “deploy to production” pipeline a. Bake manifests relevant to production environment b. Diff options: production vs. intent vs. repo c. Apply to 3 production clusters
Env config change 1. Versioned vs. unversioned config maps a. Impact on rollback 2. Example rollout pipeline
Env rollback 1. Parameterized 2. Different rollback options a. app(s) vs. controller vs. everything 3. Env config a. unversioned configmaps
Other implementations & trade-offs
1. Application repository = SCM repository 2. Environment repositories = one per app per environment 3. Automation = pull request, tag & merge SCM triggers + polling/watching Env repositories contain hydrated manifest set before application. Need some separate process (labels?) to indicate which commits were actually successfully applied. GitOps
1. Application repository = SCM repository 2. Environment repositories for applied manifest sets = Helm repository 3. Automation = pull request, tag & merge SCM triggers + GPO calling Helm Applied manifest sets are not stored in hydrated form - depending on behaviour of templatizer in recovery path General-purpose orchestrator + Helm
“Manual” ● Useful for understanding the pattern ● Application repository: folder on file system ● Environment repository: folder on file system with one manifest template file per env ● Subfolder “applied” with hydrated env config and file per app ● “Automation” = cat … | kubectl apply
“The delete problem” ● If you remove some configuration in your source code repository, what does that mean? ○ “I don’t care about this anymore”? ○ “I want this to be removed”? ● Turning line removals into delete actions is hard ○ Dangling resources that are not actually dangling can cause nasty recovery issues ● “Not present == should not exist” is tricky if there are multiple sources of input for a Kubernetes cluster (e.g. different app repos)
Polling/watching vs. direct invocation ● Direct invocation: orchestrator calls Kubernetes API explicitly before storing applied manifest set ○ Makes more advanced orchestration possible (canary, gradual exponential rollouts) ○ Delete problem ambiguous ● Polling/watching: an external process monitors a repository and applies the state it finds there to a target asynchronously ○ Potential solution to the delete problem if only one source of truth ○ Hydrated manifest set needs to be stored before it’s clear whether it can even happen
Wrapping up
3 Main Takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios
3 Main Takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios 2. There is a mental model for thinking about code and config in a Kubernetes environment that enables four important CI/CD patterns: app code/config rollout, env config rollout, env restore and env drift detection
3 Main Takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios 2. There is a mental model for thinking about code and config in a Kubernetes environment that enables four important CI/CD patterns: app code/config rollout, env config rollout, env restore and env drift detection 3. This model is compatible with various choices of implementation tools (one of which is a GitOps-style implementation), each with different trade-offs suitable to different environments
Get in touch! Slack Forum Diagram* More detailed notes* *Please request access!
Questions?

Recommended

The path to cdi 2.0
The path to cdi 2.0The path to cdi 2.0
The path to cdi 2.0Antoine Sabot-Durand
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Antoine Sabot-Durand
 
CDI 2.0 is coming
CDI 2.0 is comingCDI 2.0 is coming
CDI 2.0 is comingAntoine Sabot-Durand
 
Advanced CDI in live coding
Advanced CDI in live codingAdvanced CDI in live coding
Advanced CDI in live codingAntoine Sabot-Durand
 
CDI 2.0 is upon us Devoxx
CDI 2.0 is upon us DevoxxCDI 2.0 is upon us Devoxx
CDI 2.0 is upon us DevoxxAntoine Sabot-Durand
 
CDI 2.0 is coming
CDI 2.0 is comingCDI 2.0 is coming
CDI 2.0 is comingAntoine Sabot-Durand
 
Adopt a JSR: CDI 2.0 at Devoxx UK
Adopt a JSR: CDI 2.0 at Devoxx UKAdopt a JSR: CDI 2.0 at Devoxx UK
Adopt a JSR: CDI 2.0 at Devoxx UKAntoine Sabot-Durand
 
Docker Enables DevOps - Boston
Docker Enables DevOps - BostonDocker Enables DevOps - Boston
Docker Enables DevOps - BostonBoyd Hemphill
 

Recommended

The path to cdi 2.0
The path to cdi 2.0The path to cdi 2.0
The path to cdi 2.0Antoine Sabot-Durand
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Antoine Sabot-Durand
 
CDI 2.0 is coming
CDI 2.0 is comingCDI 2.0 is coming
CDI 2.0 is comingAntoine Sabot-Durand
 
Advanced CDI in live coding
Advanced CDI in live codingAdvanced CDI in live coding
Advanced CDI in live codingAntoine Sabot-Durand
 
CDI 2.0 is upon us Devoxx
CDI 2.0 is upon us DevoxxCDI 2.0 is upon us Devoxx
CDI 2.0 is upon us DevoxxAntoine Sabot-Durand
 
CDI 2.0 is coming
CDI 2.0 is comingCDI 2.0 is coming
CDI 2.0 is comingAntoine Sabot-Durand
 
Adopt a JSR: CDI 2.0 at Devoxx UK
Adopt a JSR: CDI 2.0 at Devoxx UKAdopt a JSR: CDI 2.0 at Devoxx UK
Adopt a JSR: CDI 2.0 at Devoxx UKAntoine Sabot-Durand
 
Docker Enables DevOps - Boston
Docker Enables DevOps - BostonDocker Enables DevOps - Boston
Docker Enables DevOps - BostonBoyd Hemphill
 
CDI 1.1 university
CDI 1.1 universityCDI 1.1 university
CDI 1.1 universityAntoine Sabot-Durand
 
CDI In Real Life
CDI In Real LifeCDI In Real Life
CDI In Real LifeAntoine Sabot-Durand
 
Binary Authorization in Kubernetes
Binary Authorization in KubernetesBinary Authorization in Kubernetes
Binary Authorization in KubernetesAysylu Greenberg
 
Keep calms and Docker On ... Innotech
Keep calms and Docker On ... InnotechKeep calms and Docker On ... Innotech
Keep calms and Docker On ... InnotechBoyd Hemphill
 
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operators
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operatorsJS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operators
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operatorsDevOps_Fest
 
Software Supply Chain Management with Grafeas and Kritis
Software Supply Chain Management with Grafeas and KritisSoftware Supply Chain Management with Grafeas and Kritis
Software Supply Chain Management with Grafeas and KritisAysylu Greenberg
 
App server4rpg - English
App server4rpg - EnglishApp server4rpg - English
App server4rpg - EnglishCOMMON Europe
 
Ard gate - English
Ard gate - EnglishArd gate - English
Ard gate - EnglishCOMMON Europe
 
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T Puppet
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in KubernetesQAware GmbH
 
Operations Support Workflow - Rundeck
Operations Support Workflow - RundeckOperations Support Workflow - Rundeck
Operations Support Workflow - RundeckNeil McCaughley
 
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...Work-Bench
 
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...Boyd Hemphill
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdfMinhTrnNht7
 
Jenkins and Chef: Infrastructure CI and Automated Deployment
Jenkins and Chef: Infrastructure CI and Automated DeploymentJenkins and Chef: Infrastructure CI and Automated Deployment
Jenkins and Chef: Infrastructure CI and Automated DeploymentDan Stine
 
Everything-as-code. A polyglot adventure. #DevoxxPL
Everything-as-code. A polyglot adventure. #DevoxxPLEverything-as-code. A polyglot adventure. #DevoxxPL
Everything-as-code. A polyglot adventure. #DevoxxPLMario-Leander Reimer
 
Using standards for GOOD in DevOps
Using standards for GOOD in DevOpsUsing standards for GOOD in DevOps
Using standards for GOOD in DevOpsNeil McCaughley
 
Chris Swan at QCon 2014: Using Docker in Cloud Networks
Chris Swan at QCon 2014: Using Docker in Cloud NetworksChris Swan at QCon 2014: Using Docker in Cloud Networks
Chris Swan at QCon 2014: Using Docker in Cloud NetworksCohesive Networks
 
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power ToolsJavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power ToolsJorge Hidalgo
 
WSO2Con EU 2015: Keynote - The Containerization of the Developer Workspace
WSO2Con EU 2015: Keynote - The Containerization of the Developer WorkspaceWSO2Con EU 2015: Keynote - The Containerization of the Developer Workspace
WSO2Con EU 2015: Keynote - The Containerization of the Developer WorkspaceWSO2
 
Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...
Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...
Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...Andrew Phillips
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerAndrew Phillips
 

More Related Content

What's hot

Binary Authorization in Kubernetes
Binary Authorization in KubernetesBinary Authorization in Kubernetes
Binary Authorization in KubernetesAysylu Greenberg
 
Keep calms and Docker On ... Innotech
Keep calms and Docker On ... InnotechKeep calms and Docker On ... Innotech
Keep calms and Docker On ... InnotechBoyd Hemphill
 
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operators
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operatorsJS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operators
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operatorsDevOps_Fest
 
Software Supply Chain Management with Grafeas and Kritis
Software Supply Chain Management with Grafeas and KritisSoftware Supply Chain Management with Grafeas and Kritis
Software Supply Chain Management with Grafeas and KritisAysylu Greenberg
 
App server4rpg - English
App server4rpg - EnglishApp server4rpg - English
App server4rpg - EnglishCOMMON Europe
 
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T Puppet
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in KubernetesQAware GmbH
 
Operations Support Workflow - Rundeck
Operations Support Workflow - RundeckOperations Support Workflow - Rundeck
Operations Support Workflow - RundeckNeil McCaughley
 
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...Work-Bench
 
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...Boyd Hemphill
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdfMinhTrnNht7
 
Jenkins and Chef: Infrastructure CI and Automated Deployment
Jenkins and Chef: Infrastructure CI and Automated DeploymentJenkins and Chef: Infrastructure CI and Automated Deployment
Jenkins and Chef: Infrastructure CI and Automated DeploymentDan Stine
 
Everything-as-code. A polyglot adventure. #DevoxxPL
Everything-as-code. A polyglot adventure. #DevoxxPLEverything-as-code. A polyglot adventure. #DevoxxPL
Everything-as-code. A polyglot adventure. #DevoxxPLMario-Leander Reimer
 
Using standards for GOOD in DevOps
Using standards for GOOD in DevOpsUsing standards for GOOD in DevOps
Using standards for GOOD in DevOpsNeil McCaughley
 
Chris Swan at QCon 2014: Using Docker in Cloud Networks
Chris Swan at QCon 2014: Using Docker in Cloud NetworksChris Swan at QCon 2014: Using Docker in Cloud Networks
Chris Swan at QCon 2014: Using Docker in Cloud NetworksCohesive Networks
 
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power ToolsJavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power ToolsJorge Hidalgo
 
WSO2Con EU 2015: Keynote - The Containerization of the Developer Workspace
WSO2Con EU 2015: Keynote - The Containerization of the Developer WorkspaceWSO2Con EU 2015: Keynote - The Containerization of the Developer Workspace
WSO2Con EU 2015: Keynote - The Containerization of the Developer WorkspaceWSO2
 

What's hot (20)

CDI 1.1 university
CDI 1.1 universityCDI 1.1 university
CDI 1.1 university
 
CDI In Real Life
CDI In Real LifeCDI In Real Life
CDI In Real Life
 
Binary Authorization in Kubernetes
Binary Authorization in KubernetesBinary Authorization in Kubernetes
Binary Authorization in Kubernetes
 
Keep calms and Docker On ... Innotech
Keep calms and Docker On ... InnotechKeep calms and Docker On ... Innotech
Keep calms and Docker On ... Innotech
 
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operators
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operatorsJS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operators
JS Fest 2019. Peter Braun. DevOps in the Cluster: A deep dive into operators
 
Software Supply Chain Management with Grafeas and Kritis
Software Supply Chain Management with Grafeas and KritisSoftware Supply Chain Management with Grafeas and Kritis
Software Supply Chain Management with Grafeas and Kritis
 
App server4rpg - English
App server4rpg - EnglishApp server4rpg - English
App server4rpg - English
 
Ard gate - English
Ard gate - EnglishArd gate - English
Ard gate - English
 
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in Kubernetes
 
Operations Support Workflow - Rundeck
Operations Support Workflow - RundeckOperations Support Workflow - Rundeck
Operations Support Workflow - Rundeck
 
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...
Nobody Knows What It’s Like To Be the Bad Man: The Development Process for th...
 
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...
Docker Enables DevOps - Keep C.A.L.M.S. and Docker on ...
 
DevOps - Interview Question.pdf
DevOps - Interview Question.pdfDevOps - Interview Question.pdf
DevOps - Interview Question.pdf
 
Jenkins and Chef: Infrastructure CI and Automated Deployment
Jenkins and Chef: Infrastructure CI and Automated DeploymentJenkins and Chef: Infrastructure CI and Automated Deployment
Jenkins and Chef: Infrastructure CI and Automated Deployment
 
Everything-as-code. A polyglot adventure. #DevoxxPL
Everything-as-code. A polyglot adventure. #DevoxxPLEverything-as-code. A polyglot adventure. #DevoxxPL
Everything-as-code. A polyglot adventure. #DevoxxPL
 
Using standards for GOOD in DevOps
Using standards for GOOD in DevOpsUsing standards for GOOD in DevOps
Using standards for GOOD in DevOps
 
Chris Swan at QCon 2014: Using Docker in Cloud Networks
Chris Swan at QCon 2014: Using Docker in Cloud NetworksChris Swan at QCon 2014: Using Docker in Cloud Networks
Chris Swan at QCon 2014: Using Docker in Cloud Networks
 
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power ToolsJavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
 
WSO2Con EU 2015: Keynote - The Containerization of the Developer Workspace
WSO2Con EU 2015: Keynote - The Containerization of the Developer WorkspaceWSO2Con EU 2015: Keynote - The Containerization of the Developer Workspace
WSO2Con EU 2015: Keynote - The Containerization of the Developer Workspace
 

Similar to CI/CD Patterns for Kubernetes Environments

Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...
Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...
Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...Andrew Phillips
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerAndrew Phillips
 
給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗William Yeh
 
Docker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Docker New York City: From GitOps to a scalable CI/CD Pattern for KubernetesDocker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Docker New York City: From GitOps to a scalable CI/CD Pattern for KubernetesAndrew Phillips
 
給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)
給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)
給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)William Yeh
 
給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version)
給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version) 給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version)
給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version) William Yeh
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteBoyd Hemphill
 
Persist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystemPersist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystemLibbySchulze
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space DemoBoyd Hemphill
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
MongoDB Ops Manager and Kubernetes - James Broadhead
MongoDB Ops Manager and Kubernetes - James BroadheadMongoDB Ops Manager and Kubernetes - James Broadhead
MongoDB Ops Manager and Kubernetes - James BroadheadMongoDB
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Edureka!
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...MayaData Inc
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019Kumton Suttiraksiri
 
Kubecon 2019 - Promoting Kubernetes CI/CD to the Next Level
Kubecon 2019 - Promoting Kubernetes CI/CD to the Next LevelKubecon 2019 - Promoting Kubernetes CI/CD to the Next Level
Kubecon 2019 - Promoting Kubernetes CI/CD to the Next LevelTim Pouyer
 
How to implement continuous delivery with enterprise java middleware?
How to implement continuous delivery with enterprise java middleware?How to implement continuous delivery with enterprise java middleware?
How to implement continuous delivery with enterprise java middleware?Thoughtworks
 
Migrating to Microservices – It's Easier Than You Think
Migrating to Microservices – It's Easier Than You ThinkMigrating to Microservices – It's Easier Than You Think
Migrating to Microservices – It's Easier Than You ThinkDevOps.com
 
Ansible top 10 - 2018
Ansible top 10 - 2018Ansible top 10 - 2018
Ansible top 10 - 2018Viresh Doshi
 

Similar to CI/CD Patterns for Kubernetes Environments (20)

Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...
Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...
Continuous Delivery NYC: From GitOps to an adaptable CI/CD Pattern for Kubern...
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
 
給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗
 
Docker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Docker New York City: From GitOps to a scalable CI/CD Pattern for KubernetesDocker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Docker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
 
給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)
給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)
給 RD 的 Kubernetes 初體驗 (gcpug 2019-06 version)
 
給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version)
給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version) 給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version)
給 RD 的 Kubernetes 初體驗 (GDG Cloud KH 2019-08 version)
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day Keynote
 
Persist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystemPersist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystem
 
StackEngine Problem Space Demo
StackEngine Problem Space DemoStackEngine Problem Space Demo
StackEngine Problem Space Demo
 
Devops
DevopsDevops
Devops
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
 
MongoDB Ops Manager and Kubernetes - James Broadhead
MongoDB Ops Manager and Kubernetes - James BroadheadMongoDB Ops Manager and Kubernetes - James Broadhead
MongoDB Ops Manager and Kubernetes - James Broadhead
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native Security
 
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
 
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ... Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
 
Kubecon 2019 - Promoting Kubernetes CI/CD to the Next Level
Kubecon 2019 - Promoting Kubernetes CI/CD to the Next LevelKubecon 2019 - Promoting Kubernetes CI/CD to the Next Level
Kubecon 2019 - Promoting Kubernetes CI/CD to the Next Level
 
How to implement continuous delivery with enterprise java middleware?
How to implement continuous delivery with enterprise java middleware?How to implement continuous delivery with enterprise java middleware?
How to implement continuous delivery with enterprise java middleware?
 
Migrating to Microservices – It's Easier Than You Think
Migrating to Microservices – It's Easier Than You ThinkMigrating to Microservices – It's Easier Than You Think
Migrating to Microservices – It's Easier Than You Think
 
Ansible top 10 - 2018
Ansible top 10 - 2018Ansible top 10 - 2018
Ansible top 10 - 2018
 

More from Andrew Phillips

Spinnaker Summit 2019: Where are we heading? The Future of Continuous Delivery
Spinnaker Summit 2019: Where are we heading? The Future of Continuous DeliverySpinnaker Summit 2019: Where are we heading? The Future of Continuous Delivery
Spinnaker Summit 2019: Where are we heading? The Future of Continuous DeliveryAndrew Phillips
 
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...Andrew Phillips
 
nycdevops: "Breaking Down the Prod/Dev Wall"
nycdevops: "Breaking Down the Prod/Dev Wall"nycdevops: "Breaking Down the Prod/Dev Wall"
nycdevops: "Breaking Down the Prod/Dev Wall"Andrew Phillips
 
Metrics-driven Continuous Delivery
Metrics-driven Continuous DeliveryMetrics-driven Continuous Delivery
Metrics-driven Continuous DeliveryAndrew Phillips
 
BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...
BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...
BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...Andrew Phillips
 
Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...
Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...
Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...Andrew Phillips
 
The Multiple Dimensions of Cross-Cloud Computing
The Multiple Dimensions of Cross-Cloud ComputingThe Multiple Dimensions of Cross-Cloud Computing
The Multiple Dimensions of Cross-Cloud ComputingAndrew Phillips
 
Implementing Continuous Deployment
Implementing Continuous DeploymentImplementing Continuous Deployment
Implementing Continuous DeploymentAndrew Phillips
 
Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)Andrew Phillips
 
Know your cirrus from your cumulus
Know your cirrus from your cumulusKnow your cirrus from your cumulus
Know your cirrus from your cumulusAndrew Phillips
 
Deployment is the new build
Deployment is the new buildDeployment is the new build
Deployment is the new buildAndrew Phillips
 

More from Andrew Phillips (11)

Spinnaker Summit 2019: Where are we heading? The Future of Continuous Delivery
Spinnaker Summit 2019: Where are we heading? The Future of Continuous DeliverySpinnaker Summit 2019: Where are we heading? The Future of Continuous Delivery
Spinnaker Summit 2019: Where are we heading? The Future of Continuous Delivery
 
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
OpenDev 2018: "Open CD for Open Infrastructure - Hybrid and Multi-Cloud Deplo...
 
nycdevops: "Breaking Down the Prod/Dev Wall"
nycdevops: "Breaking Down the Prod/Dev Wall"nycdevops: "Breaking Down the Prod/Dev Wall"
nycdevops: "Breaking Down the Prod/Dev Wall"
 
Metrics-driven Continuous Delivery
Metrics-driven Continuous DeliveryMetrics-driven Continuous Delivery
Metrics-driven Continuous Delivery
 
BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...
BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...
BASE Meetup: "Analysing Scala Puzzlers: Essential and Accidental Complexity i...
 
Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...
Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...
Scala Up North: "Analysing Scala Puzzlers: Essential and Accidental Complexit...
 
The Multiple Dimensions of Cross-Cloud Computing
The Multiple Dimensions of Cross-Cloud ComputingThe Multiple Dimensions of Cross-Cloud Computing
The Multiple Dimensions of Cross-Cloud Computing
 
Implementing Continuous Deployment
Implementing Continuous DeploymentImplementing Continuous Deployment
Implementing Continuous Deployment
 
Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)Know your cirrus from your cumulus (with notes)
Know your cirrus from your cumulus (with notes)
 
Know your cirrus from your cumulus
Know your cirrus from your cumulusKnow your cirrus from your cumulus
Know your cirrus from your cumulus
 
Deployment is the new build
Deployment is the new buildDeployment is the new build
Deployment is the new build
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesSanjay Willie
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 

CI/CD Patterns for Kubernetes Environments

  • 1. CI/CD Patterns for Kubernetes Kubernetes NYC, May 29th 2018 Andrew Phillips & Lars Wander
  • 2. Agenda ● What’s the challenge? ● CI/CD for Kubernetes: concepts, mental models & mythbusting ● An example implementation using Spinnaker ● Other implementation options & trade-offs ● 3 Takeaways ● Q&A
  • 3. The bio slide ● Been on most sides of this space: developer, infra builder, product owner, evangelist and more ● Long-standing open-source contributor ● Author and regular conference and meetup presenter ● Co-organizer of ContainerDays Boston & NYC ● Leading OSS Spinnaker team (5 engineers) ● Been on Spinnaker team about 2.5 years ● Wrote initial Kubernetes-Spinnaker integration, as well as the newest one (v2) ● Author and semi-regular conference and meetup presenter
  • 5. Why is this hard? 1. New space, new technology, new conventions 2. Unclear with “standard” practices to carry over vs. which to revise 3. Early stage: lots of different and sometimes conflicting approaches out there 4. Tooling often still very early in the maturity cycle 5. One size does not fit all
  • 6. Pattern vs. implementation ● In an early stage space, tooling choices and thus tooling recommendations are difficult ● Patterns are better! ○ Simpler to describe ○ Easier to reason about ○ Higher signal-to-noise ratio ● a.k.a. “let’s talk about the interface”
  • 7. 3 takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios 2. There is a mental model for thinking about code and config in a Kubernetes environment that enables four important CI/CD patterns: app code/config rollout, env config rollout, env restore and env drift detection 3. This model is compatible with various choices of implementation tools (one of which is a GitOps-style implementation), each with different trade-offs suitable to different environments
  • 8. Concepts, mental models & (some) mythbusting
  • 9. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod
  • 10. Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config
  • 11. Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config 2. Application config a. Meaningful only in the context of an application b. Linked to application version: if app is rolled back, setting should be rolled back c. Could be the same across all environments, or different per environment d. E.g. “login.message”, “background.color”, “session.timeout”
  • 12. Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config 2. Application config a. Meaningful only in the context of an application b. Linked to application version: if app is rolled back, setting should be rolled back c. Could be the same across all environments, or different per environment d. E.g. “login.message”, “background.color”, “session.timeout” 3. Environment repository/repositories a. Contains environment config and record/”audit trail” of applied manifest sets b. Ownership depends on org culture, regulatory requirements etc. - could differ per env
  • 13. Some concepts 1. Application repository/repositories a. “Owned” by development team b. Contains code and application config 2. Application config a. Meaningful only in the context of an application b. Linked to application version: if app is rolled back, setting should be rolled back c. Could be the same across all environments, or different per environment d. E.g. “login.message”, “background.color”, “session.timeout” 3. Environment repository/repositories a. Contains environment config and record/”audit trail” of applied manifest sets b. Ownership depends on org culture, regulatory requirements etc. - could differ per env 4. Environment config a. Meaningful only in the context of an environment b. Not linked to application version: if app(s) is/are rolled back, setting should be unchanged c. E.g. “ldap.url”
  • 14. Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl
  • 15. Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl
  • 16. Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl 3. Manifest set = multiple manifests
  • 17. Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl 3. Manifest set = multiple manifests 4. Candidate = before submitting to kubectl a. = can’t be sure it’s even valid
  • 18. Some concepts (2) 1. Manifests are templates a. = need to be modified before they can be submitted to kubectl 2. Hydrated manifests are completed a. = ready to be submitted to kubectl 3. Manifest set = multiple manifests 4. Candidate = before submitting to kubectl a. = can’t be sure it’s even valid 5. Applied = after submitting to kubectl a. = can be sure that it was accepted by Kubernetes at some point in time
  • 19. Some myths 1. “The manifests in my app repository are my source of truth” a. Manifests == templates b. Applied manifests are closer, but are only an attempt to make something happen c. Record of intent != record of achieved state 2. “Every state of my cluster should be represented in my repository” a. Kubernetes cluster will auto-manage and modify resources! 3. “Kubernetes already handles deployments” a. might handle some proportion, but deployment is an 80/20 problem b. multi cluster, exponential rollout, explicit traffic shaping 4. “Helm is a deployment tool” a. Helm is a package manager b. Distribution != deployment
  • 20. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod To be thought of as templates! “Known good” (i.e. successfully submitted at some point in time) states of the environments
  • 21. 4 related processes 1. Application code/config update 2. Environment config update 3. Environment restore 4. Environment config drift
  • 22. Application code or settings change
  • 23. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Trigger on change
  • 24. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2. Hydrate candidate for dev Candidate hydrated manifest set dev
  • 25. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2a. If review and approval needed, two- and optionally three-way diff Candidate hydrated manifest set dev
  • 26. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set dev 3. Attempt to apply candidate hydrated set to K8s cluster/namespace/etc. for dev
  • 27. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set dev 4. If successful, combine with previous applied manifest set for dev and add to environment repository as current applied manifest set
  • 28. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 5. Hydrate candidate for test Candidate hydrated manifest set dev Candidate hydrated manifest set test
  • 29. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool etc. for prod Candidate hydrated manifest set dev Candidate hydrated manifest set test
  • 31. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Trigger on change
  • 32. Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod 2. Hydrate candidate for dev Candidate hydrated manifest set dev
  • 33. Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev 2a. If review and approval needed, two- and optionally three-way diff
  • 34. Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev 3. Attempt to apply candidate hydrated set to K8s cluster/namespace/etc. for dev
  • 35. Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev 4. If successful, combine with previous applied manifest set for dev and add to environment repository as current applied manifest set
  • 36. Process tool Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Candidate hydrated manifest set dev Done
  • 38. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Trigger manually with unique ID of prior applied manifest set
  • 39. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2. Retrieve using unique ID Candidate hydrated manifest set test
  • 40. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test 2a. If review and approval needed, two- and optionally three-way diff
  • 41. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test 3. Attempt to apply candidate hydrated set to K8s cluster/namespace/etc. for test
  • 42. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test 4. If successful, add to environment repository as new applied manifest set for test
  • 43. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool Candidate hydrated manifest set test Done
  • 45. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 1. Compare and alert on meaningful diffs
  • 46. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 2. Optionally (to be considered with care), update K8s to match applied manifest set
  • 47. Environment repository Application repository Code App settings App settings for dev App settings for test App settings for prod Env settings for dev Env settings for test Env settings for prod K8s dev K8s test K8s prod Applied manifest set dev Applied manifest set test Applied manifest set prod Process tool 3. Optionally (to be considered with even more care), create new applied manifest set on diff detection
  • 49. App code/config change 1. Code change -> build 2. Triggers “deploy to staging” pipeline a. Hydrates manifests relevant to staging environment b. Apply to staging cluster c. Store results in blobstore 3. Optionally trigger “deploy to production” pipeline a. Bake manifests relevant to production environment b. Diff options: production vs. intent vs. repo c. Apply to 3 production clusters
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. Env config change 1. Versioned vs. unversioned config maps a. Impact on rollback 2. Example rollout pipeline
  • 56.
  • 57. Env rollback 1. Parameterized 2. Different rollback options a. app(s) vs. controller vs. everything 3. Env config a. unversioned configmaps
  • 58.
  • 60. 1. Application repository = SCM repository 2. Environment repositories = one per app per environment 3. Automation = pull request, tag & merge SCM triggers + polling/watching Env repositories contain hydrated manifest set before application. Need some separate process (labels?) to indicate which commits were actually successfully applied. GitOps
  • 61. 1. Application repository = SCM repository 2. Environment repositories for applied manifest sets = Helm repository 3. Automation = pull request, tag & merge SCM triggers + GPO calling Helm Applied manifest sets are not stored in hydrated form - depending on behaviour of templatizer in recovery path General-purpose orchestrator + Helm
  • 62. “Manual” ● Useful for understanding the pattern ● Application repository: folder on file system ● Environment repository: folder on file system with one manifest template file per env ● Subfolder “applied” with hydrated env config and file per app ● “Automation” = cat … | kubectl apply
  • 63. “The delete problem” ● If you remove some configuration in your source code repository, what does that mean? ○ “I don’t care about this anymore”? ○ “I want this to be removed”? ● Turning line removals into delete actions is hard ○ Dangling resources that are not actually dangling can cause nasty recovery issues ● “Not present == should not exist” is tricky if there are multiple sources of input for a Kubernetes cluster (e.g. different app repos)
  • 64. Polling/watching vs. direct invocation ● Direct invocation: orchestrator calls Kubernetes API explicitly before storing applied manifest set ○ Makes more advanced orchestration possible (canary, gradual exponential rollouts) ○ Delete problem ambiguous ● Polling/watching: an external process monitors a repository and applies the state it finds there to a target asynchronously ○ Potential solution to the delete problem if only one source of truth ○ Hydrated manifest set needs to be stored before it’s clear whether it can even happen
  • 66. 3 Main Takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios
  • 67. 3 Main Takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios 2. There is a mental model for thinking about code and config in a Kubernetes environment that enables four important CI/CD patterns: app code/config rollout, env config rollout, env restore and env drift detection
  • 68. 3 Main Takeaways 1. Code and config deployments in a Kubernetes environment are not fundamentally different from other “as code” scenarios 2. There is a mental model for thinking about code and config in a Kubernetes environment that enables four important CI/CD patterns: app code/config rollout, env config rollout, env restore and env drift detection 3. This model is compatible with various choices of implementation tools (one of which is a GitOps-style implementation), each with different trade-offs suitable to different environments
  • 69. Get in touch! Slack Forum Diagram* More detailed notes* *Please request access!