SlideShare a Scribd company logo
1 of 38
Download to read offline
GitOps done Right
Kris Buytaert
@krisbuytaert
Continuous Infrastructure
First
Kris Buytaert
@krisbuytaert
@krisbuytaert
Kris Buytaert
●
I used to be a Dev,
●
Then Became an Op
●
CTO and Open Source Consultant @inuits.eu
●
Everything is a freaking DNS Problem
●
Evangelizing devops
●
Organiser of #devopsdays, #cfgmgmtcamp, #loadays,
@krisbuytaert
devops (<)> continuous delivery
@krisbuytaert
CI
In software engineering, continuous integration (CI) is
the practice of merging all developers' working copies to
a shared mainline several times a day.[1] Grady Booch
first proposed the term CI in his 1991 method,[2]
although he did not advocate integrating several times a
day. Extreme programming (XP) adopted the concept of
CI and did advocate integrating more than once per day
@krisbuytaert
@krisbuytaert
Continuous DISIntegration
@krisbuytaert
Why Ops First ?
@krisbuytaert
For years we've tolerated humans to make structural manual
changes to the infrastructure our critical applications are running on.
Whilst at the same time demanding those critical applications to go
through rigid test scenarios.
Who let this happen ?
@krisbuytaert
history of devops
●
Europe :
– Starting from Operations,
– Improved Artifact Quality,
– Less pain / stability
●
US :
– Push from development
– Faster Platforms
– Faster change
@krisbuytaert
NoOps & YOLO Ops
●
Startup
●
VC
●
Exit Strategy
●
6-9 months
●
Actual Business
●
Real Customers
●
Survival
●
6-9 years
@krisbuytaert
3 Different Transition Cases:
Startups & Multinationals
@krisbuytaert
Case 1: Chaotic Ops
●
Complete Chaos
●
10% reproducibility
●
CI infra hides under a dev’s desk
●
Ops in Debug Mode
●
No standardization
●
Apollo Moment
@krisbuytaert
Case 1: T0+3months
●
Build a Reproducible Jenkins + Slaves
●
CI for Puppet by OPS
●
Test your code
●
Promotion Stage for Infrastructure Code
●
Split config out of code
●
Keep delivering updates
@krisbuytaert
Case 1: T0+6 months
●
Stack Alignment
– 1 jdk, 1 jboss , ...
●
Project Dolly :
– Puppet for everything
●
90% reproducibility
●
Standardized Builds
●
Increased Test Coverage
●
Java Developers contribute to Infra Tests
@krisbuytaert
Case 1: Conclusion
●
Started with preparing ops folks to automate
●
Learned the same tools developers use
●
Developers help the ops folks to improve
●
Collaboration + Progress ++
@krisbuytaert
Case 2: CI by Devs
●
Some devs have tests
●
Some dev teams have “CI”
●
Deployments are Chaos
●
Ops nags about Artifact Quality
@krisbuytaert
Case 2: T0+18 months
●
Found the first ops skills in the org
●
Mostly overworked Brent’s
●
Move them out of their offices
●
Focus team
●
Teach Agile
●
Adopt IAC (puppet)
●
First Successes
●
Move people back to teams
@krisbuytaert
Case 2: T0+24 months
●
Grey Beard Ops person has converted to Agile
Evangelist
●
Preaches Kanban (for ops) and Scrum
●
Writes Test for his Code
●
Coaches developers to achieve CI/CD
@krisbuytaert
Case 2: Conclusions
●
Starting with dev delayed the collaboration for
1+ year
●
Ops were fire fighting and not involved
●
Once ops resources were dedicated
collaboration and quality improvement started
to happen
@krisbuytaert
Case 3:Ops NOT involved
●
Large Transformation
●
“devops” team dictates tools they have never used them
selves
●
Tools they as a team don’t need themselves
●
Developers complain about unusable tools
●
Developers complain about broken tools
●
Tools enforce a manual process
@krisbuytaert
Case 3: 2 years later
●
Average “devops” role stays for 2 months , then leaves
●
Senior IT management has left (2x)
●
Only In house analysts remain
●
Mostly contract based developers
●
Failing Cloud Strategy
●
Legacy Container Ecosystem
@krisbuytaert
Case Conclusions
Earlier involvement of the Ops Skills creates
much higher success rates , and smoother
Continuous Delivery adoption
@krisbuytaert
Why ops first ?
●
You can’t support / understand what you don’t
do yourself
●
Code = Code
●
Unblock delivery
●
Unblock provisioning
●
Metrics & Monitoring Build in
@krisbuytaert
Culture vs Tools
@krisbuytaert
Culture Hack
Set up CI/CD for your CI/CD infrastructure
first, If the people running your infra don't
know how CI/CD works , how do you
expect them to support / teach your
application teams ?
@krisbuytaert
Not Continuous Deployment
●
@stahnma @#devopsdays Ohio
@krisbuytaert
A CI Ecosystem
●
Version Control
●
Deployment
●
Build Tooling
●
Artifact Repository
●
Code Coverage Tooling
●
Testing Tools
How many of those tools is your average ops person used to
use ?
@krisbuytaert
Arguments against CI
●
Setting up the stack costs time
●
U don’t have tests anyhow
●
Operations and development are
different budgets
●
One shot projects , fire and forget
●
...
@krisbuytaert
Infrastructure as Code
●
Treat configuration automation as code
●
Development best practices
●
Model your infrastructure
●
Version your cookbooks / manifests
●
Test your cookbooks/ manifests
●
Dev/ test /uat / prod for your infra
●
Model your infrastructure
●
A working service = automated ( Application Code + Infrastructure Code + Security +
Monitoring + ... )
PS. Converting Bash to Yaml != IAC
@krisbuytaert
Continuous Integration
Continuous integration (CI) is the practice, in software engineering, of merging all
developer working copies with a shared mainline several times a day. It was first
named and proposed as part of extreme programming (XP). Its main aim is to
prevent integration problems, referred to as "integration hell"
(WikiPedia)
Does the app you are deploying still work ?
Did you break your puppet / chef code ?
@krisbuytaert
Pipeline As Code
●
Generate Pipelines / Jobs based on config files
●
Build libraries
– CheckoutJob
– DeployJob
– PackageJob
●
Use Groovy / JobDSL to generate PipelineDSL
@krisbuytaert
On Prem vs Cloudnative
●
Puppet, Chef, Ansible,
Terraform
●
Kvm/OpenStack/..
●
VPN, Firewalls
●
Pipelines & Pipelines
●
Standardisation
●
Security
●
Monitoring
●
Puppet, Chef, Ansible,
Terraform
●
EC2 etc ..
●
VPC, SG
●
Pipelines & Pipelines
●
Standardisation
●
Security
●
Monitoring
Todays IAC Requirements
●
3 types of tools needed
– Provisioning :
●
Create me an instance of application X
– Container instance
– VM instance
– K8s Cluster
– Service X configuration via API
– Desired state
●
Ensure that this file present / service is always running
●
With these permissions
●
User Removed
●
Always / Verified
– Orchestration
●
Non frequent
●
Trigger action X on resource Y based on characteristics A,B and or C
●
First do X here then do Y there
●
One off actions
@krisbuytaert
Large Challenge
●
How do you automatically spin up a K8s setup in an
existing Ecosystem
●
No vendor Lock-in, Open Source only ?
●
How do you deploy applications on K8s , reproducible,
not using 30 bash scripts
●
Container Ecosystem is no where close to the level of
automation / reproducibility which we are used in VM’s
@krisbuytaert
Continuous Delivery of your Automated
Infrastructure
vs
GitOps
@krisbuytaert
Contact
Inuits
Inuits
Essensteenweg 31
Essensteenweg 31
Brasschaat
Brasschaat
Belgium
Belgium
891.514.231
891.514.231
+32 475 961221
+32 475 961221
Kris Buytaert Kris.Buytaert@inuits.eu
Kris Buytaert Kris.Buytaert@inuits.eu
Further Reading
Further Reading
@krisbuytaert
@krisbuytaert
http://www.krisbuytaert.be/blog/
http://www.krisbuytaert.be/blog/
https://inuits.eu/
https://inuits.eu/

More Related Content

What's hot

Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure FirstKris Buytaert
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as CodeKris Buytaert
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?Kris Buytaert
 
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodeKris Buytaert
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019:    Looking back at over 10 years of DevopsADDO 2019:    Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of DevopsKris Buytaert
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as CodeKris Buytaert
 
Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?Kris Buytaert
 
Is there a Future for devops ?
Is there a Future for devops   ? Is there a Future for devops   ?
Is there a Future for devops ? Kris Buytaert
 
From MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 EditionFrom MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 EditionKris Buytaert
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?Kris Buytaert
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops effortsKris Buytaert
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker streetKris Buytaert
 
Devops is dead, Long Live Devops
Devops is dead, Long Live DevopsDevops is dead, Long Live Devops
Devops is dead, Long Live DevopsKris Buytaert
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security RequirementKris Buytaert
 
Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.Kris Buytaert
 
Automating MySQL operations with Puppet
Automating MySQL operations with PuppetAutomating MySQL operations with Puppet
Automating MySQL operations with PuppetKris Buytaert
 
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMSDevopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMSKris Buytaert
 
From devoops to devops
From devoops to devopsFrom devoops to devops
From devoops to devopsKris Buytaert
 
The Return of the Dull Stack Engineer
The Return of the Dull Stack EngineerThe Return of the Dull Stack Engineer
The Return of the Dull Stack EngineerKris Buytaert
 

What's hot (20)

Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as Code
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?
 
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
 
Pipeline as Code
Pipeline as CodePipeline as Code
Pipeline as Code
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019:    Looking back at over 10 years of DevopsADDO 2019:    Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of Devops
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as Code
 
Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?Dev secops opsec, devsec, devops ?
Dev secops opsec, devsec, devops ?
 
Is there a Future for devops ?
Is there a Future for devops   ? Is there a Future for devops   ?
Is there a Future for devops ?
 
From MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 EditionFrom MonitoringSucks to Monitoring Love , 2016 Edition
From MonitoringSucks to Monitoring Love , 2016 Edition
 
Is there a future for devops ?
Is there a future for devops ?Is there a future for devops ?
Is there a future for devops ?
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker street
 
Devops is dead, Long Live Devops
Devops is dead, Long Live DevopsDevops is dead, Long Live Devops
Devops is dead, Long Live Devops
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
 
Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.Continuous Delivery of (y)our infrastructure.
Continuous Delivery of (y)our infrastructure.
 
Automating MySQL operations with Puppet
Automating MySQL operations with PuppetAutomating MySQL operations with Puppet
Automating MySQL operations with Puppet
 
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMSDevopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
Devopsdays Amsterdam 2017 Keynote, looking back at 5 years of AMS
 
From devoops to devops
From devoops to devopsFrom devoops to devops
From devoops to devops
 
The Return of the Dull Stack Engineer
The Return of the Dull Stack EngineerThe Return of the Dull Stack Engineer
The Return of the Dull Stack Engineer
 

Similar to GitOps , done Right

Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous IntegrationCloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous IntegrationVMware Tanzu
 
Building and Deploying MediaSalsa, an Open Source DAM as Saas platform
Building and Deploying MediaSalsa, an Open Source DAM as Saas platformBuilding and Deploying MediaSalsa, an Open Source DAM as Saas platform
Building and Deploying MediaSalsa, an Open Source DAM as Saas platformKris Buytaert
 
OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris Buytaert
OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris BuytaertOSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris Buytaert
OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris BuytaertNETWAYS
 
OSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris Buytaert
OSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris BuytaertOSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris Buytaert
OSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris BuytaertNETWAYS
 
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLoveOSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLoveNETWAYS
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source:  Building a Distributed and Automated Open Source ProgramNetflix Open Source:  Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First  Ignite EditionContinuous Infrastructure First  Ignite Edition
Continuous Infrastructure First Ignite EditionKris Buytaert
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Devops Devops Devops, at Froscon
Devops Devops Devops, at FrosconDevops Devops Devops, at Froscon
Devops Devops Devops, at FrosconKris Buytaert
 
Infrastructure as Code Patterns
Infrastructure as Code PatternsInfrastructure as Code Patterns
Infrastructure as Code PatternsKris Buytaert
 
stackconf 2022: Infrastructure Automation (anti) patterns
stackconf 2022: Infrastructure Automation (anti) patternsstackconf 2022: Infrastructure Automation (anti) patterns
stackconf 2022: Infrastructure Automation (anti) patternsNETWAYS
 
Continuous Delivery at Snyk
Continuous Delivery at SnykContinuous Delivery at Snyk
Continuous Delivery at SnykAnton Drukh
 
Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...
Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...
Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...StormForge .io
 
Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?Kris Buytaert
 
Continuous Delivery of Puppet Manifests
Continuous Delivery of Puppet ManifestsContinuous Delivery of Puppet Manifests
Continuous Delivery of Puppet ManifestsKris Buytaert
 
The Clash Between Devops and Quality Assurance
The Clash Between Devops and Quality AssuranceThe Clash Between Devops and Quality Assurance
The Clash Between Devops and Quality AssuranceWebcsonsultsEU
 
Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your InfrastructureKris Buytaert
 
Survival of the Continuist
Survival of the ContinuistSurvival of the Continuist
Survival of the ContinuistPaul Blundell
 

Similar to GitOps , done Right (20)

Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous IntegrationCloud-Native Fundamentals: Accelerating Development with Continuous Integration
Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
 
Building and Deploying MediaSalsa, an Open Source DAM as Saas platform
Building and Deploying MediaSalsa, an Open Source DAM as Saas platformBuilding and Deploying MediaSalsa, an Open Source DAM as Saas platform
Building and Deploying MediaSalsa, an Open Source DAM as Saas platform
 
OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris Buytaert
OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris BuytaertOSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris Buytaert
OSMC 2014: From monitoringsucks to monitoringlove (and back) | Kris Buytaert
 
OSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris Buytaert
OSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris BuytaertOSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris Buytaert
OSMC 2014 | From monitoringsucks to monitoringlove, and back by Kris Buytaert
 
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLoveOSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
OSDC 2015: Kris Buytaert | From ConfigManagementSucks to ConfigManagementLove
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source:  Building a Distributed and Automated Open Source ProgramNetflix Open Source:  Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First  Ignite EditionContinuous Infrastructure First  Ignite Edition
Continuous Infrastructure First Ignite Edition
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey Results
 
Devops Devops Devops, at Froscon
Devops Devops Devops, at FrosconDevops Devops Devops, at Froscon
Devops Devops Devops, at Froscon
 
Infrastructure as Code Patterns
Infrastructure as Code PatternsInfrastructure as Code Patterns
Infrastructure as Code Patterns
 
stackconf 2022: Infrastructure Automation (anti) patterns
stackconf 2022: Infrastructure Automation (anti) patternsstackconf 2022: Infrastructure Automation (anti) patterns
stackconf 2022: Infrastructure Automation (anti) patterns
 
Devops For Drupal
Devops  For DrupalDevops  For Drupal
Devops For Drupal
 
Continuous Delivery at Snyk
Continuous Delivery at SnykContinuous Delivery at Snyk
Continuous Delivery at Snyk
 
Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...
Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...
Your Testing Is Flawed: Introducing A New Open Source Tool For Accurate Kuber...
 
Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?Devops, Secops, Opsec, DevSec *ops *.* ?
Devops, Secops, Opsec, DevSec *ops *.* ?
 
Continuous Delivery of Puppet Manifests
Continuous Delivery of Puppet ManifestsContinuous Delivery of Puppet Manifests
Continuous Delivery of Puppet Manifests
 
The Clash Between Devops and Quality Assurance
The Clash Between Devops and Quality AssuranceThe Clash Between Devops and Quality Assurance
The Clash Between Devops and Quality Assurance
 
Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your Infrastructure
 
Survival of the Continuist
Survival of the ContinuistSurvival of the Continuist
Survival of the Continuist
 

More from Kris Buytaert

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsKris Buytaert
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteKris Buytaert
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningKris Buytaert
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdnessKris Buytaert
 
Looking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcampLooking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcampKris Buytaert
 
Looking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDXLooking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDXKris Buytaert
 

More from Kris Buytaert (6)

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,Ignite
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learning
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness
 
Looking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcampLooking back at 5 years of #cfgmgmtcamp
Looking back at 5 years of #cfgmgmtcamp
 
Looking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDXLooking back at 7.5 years of Devopsdays , DOd PDX
Looking back at 7.5 years of Devopsdays , DOd PDX
 

Recently uploaded

All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

GitOps , done Right

  • 1. GitOps done Right Kris Buytaert @krisbuytaert
  • 3. @krisbuytaert Kris Buytaert ● I used to be a Dev, ● Then Became an Op ● CTO and Open Source Consultant @inuits.eu ● Everything is a freaking DNS Problem ● Evangelizing devops ● Organiser of #devopsdays, #cfgmgmtcamp, #loadays,
  • 5. @krisbuytaert CI In software engineering, continuous integration (CI) is the practice of merging all developers' working copies to a shared mainline several times a day.[1] Grady Booch first proposed the term CI in his 1991 method,[2] although he did not advocate integrating several times a day. Extreme programming (XP) adopted the concept of CI and did advocate integrating more than once per day
  • 9. @krisbuytaert For years we've tolerated humans to make structural manual changes to the infrastructure our critical applications are running on. Whilst at the same time demanding those critical applications to go through rigid test scenarios. Who let this happen ?
  • 10. @krisbuytaert history of devops ● Europe : – Starting from Operations, – Improved Artifact Quality, – Less pain / stability ● US : – Push from development – Faster Platforms – Faster change
  • 11. @krisbuytaert NoOps & YOLO Ops ● Startup ● VC ● Exit Strategy ● 6-9 months ● Actual Business ● Real Customers ● Survival ● 6-9 years
  • 12. @krisbuytaert 3 Different Transition Cases: Startups & Multinationals
  • 13. @krisbuytaert Case 1: Chaotic Ops ● Complete Chaos ● 10% reproducibility ● CI infra hides under a dev’s desk ● Ops in Debug Mode ● No standardization ● Apollo Moment
  • 14. @krisbuytaert Case 1: T0+3months ● Build a Reproducible Jenkins + Slaves ● CI for Puppet by OPS ● Test your code ● Promotion Stage for Infrastructure Code ● Split config out of code ● Keep delivering updates
  • 15. @krisbuytaert Case 1: T0+6 months ● Stack Alignment – 1 jdk, 1 jboss , ... ● Project Dolly : – Puppet for everything ● 90% reproducibility ● Standardized Builds ● Increased Test Coverage ● Java Developers contribute to Infra Tests
  • 16. @krisbuytaert Case 1: Conclusion ● Started with preparing ops folks to automate ● Learned the same tools developers use ● Developers help the ops folks to improve ● Collaboration + Progress ++
  • 17. @krisbuytaert Case 2: CI by Devs ● Some devs have tests ● Some dev teams have “CI” ● Deployments are Chaos ● Ops nags about Artifact Quality
  • 18. @krisbuytaert Case 2: T0+18 months ● Found the first ops skills in the org ● Mostly overworked Brent’s ● Move them out of their offices ● Focus team ● Teach Agile ● Adopt IAC (puppet) ● First Successes ● Move people back to teams
  • 19. @krisbuytaert Case 2: T0+24 months ● Grey Beard Ops person has converted to Agile Evangelist ● Preaches Kanban (for ops) and Scrum ● Writes Test for his Code ● Coaches developers to achieve CI/CD
  • 20. @krisbuytaert Case 2: Conclusions ● Starting with dev delayed the collaboration for 1+ year ● Ops were fire fighting and not involved ● Once ops resources were dedicated collaboration and quality improvement started to happen
  • 21. @krisbuytaert Case 3:Ops NOT involved ● Large Transformation ● “devops” team dictates tools they have never used them selves ● Tools they as a team don’t need themselves ● Developers complain about unusable tools ● Developers complain about broken tools ● Tools enforce a manual process
  • 22. @krisbuytaert Case 3: 2 years later ● Average “devops” role stays for 2 months , then leaves ● Senior IT management has left (2x) ● Only In house analysts remain ● Mostly contract based developers ● Failing Cloud Strategy ● Legacy Container Ecosystem
  • 23. @krisbuytaert Case Conclusions Earlier involvement of the Ops Skills creates much higher success rates , and smoother Continuous Delivery adoption
  • 24. @krisbuytaert Why ops first ? ● You can’t support / understand what you don’t do yourself ● Code = Code ● Unblock delivery ● Unblock provisioning ● Metrics & Monitoring Build in
  • 26. @krisbuytaert Culture Hack Set up CI/CD for your CI/CD infrastructure first, If the people running your infra don't know how CI/CD works , how do you expect them to support / teach your application teams ?
  • 28. @krisbuytaert A CI Ecosystem ● Version Control ● Deployment ● Build Tooling ● Artifact Repository ● Code Coverage Tooling ● Testing Tools How many of those tools is your average ops person used to use ?
  • 29. @krisbuytaert Arguments against CI ● Setting up the stack costs time ● U don’t have tests anyhow ● Operations and development are different budgets ● One shot projects , fire and forget ● ...
  • 30. @krisbuytaert Infrastructure as Code ● Treat configuration automation as code ● Development best practices ● Model your infrastructure ● Version your cookbooks / manifests ● Test your cookbooks/ manifests ● Dev/ test /uat / prod for your infra ● Model your infrastructure ● A working service = automated ( Application Code + Infrastructure Code + Security + Monitoring + ... ) PS. Converting Bash to Yaml != IAC
  • 31. @krisbuytaert Continuous Integration Continuous integration (CI) is the practice, in software engineering, of merging all developer working copies with a shared mainline several times a day. It was first named and proposed as part of extreme programming (XP). Its main aim is to prevent integration problems, referred to as "integration hell" (WikiPedia) Does the app you are deploying still work ? Did you break your puppet / chef code ?
  • 32. @krisbuytaert Pipeline As Code ● Generate Pipelines / Jobs based on config files ● Build libraries – CheckoutJob – DeployJob – PackageJob ● Use Groovy / JobDSL to generate PipelineDSL
  • 33. @krisbuytaert On Prem vs Cloudnative ● Puppet, Chef, Ansible, Terraform ● Kvm/OpenStack/.. ● VPN, Firewalls ● Pipelines & Pipelines ● Standardisation ● Security ● Monitoring ● Puppet, Chef, Ansible, Terraform ● EC2 etc .. ● VPC, SG ● Pipelines & Pipelines ● Standardisation ● Security ● Monitoring
  • 34. Todays IAC Requirements ● 3 types of tools needed – Provisioning : ● Create me an instance of application X – Container instance – VM instance – K8s Cluster – Service X configuration via API – Desired state ● Ensure that this file present / service is always running ● With these permissions ● User Removed ● Always / Verified – Orchestration ● Non frequent ● Trigger action X on resource Y based on characteristics A,B and or C ● First do X here then do Y there ● One off actions
  • 35. @krisbuytaert Large Challenge ● How do you automatically spin up a K8s setup in an existing Ecosystem ● No vendor Lock-in, Open Source only ? ● How do you deploy applications on K8s , reproducible, not using 30 bash scripts ● Container Ecosystem is no where close to the level of automation / reproducibility which we are used in VM’s
  • 36. @krisbuytaert Continuous Delivery of your Automated Infrastructure vs GitOps
  • 38. Contact Inuits Inuits Essensteenweg 31 Essensteenweg 31 Brasschaat Brasschaat Belgium Belgium 891.514.231 891.514.231 +32 475 961221 +32 475 961221 Kris Buytaert Kris.Buytaert@inuits.eu Kris Buytaert Kris.Buytaert@inuits.eu Further Reading Further Reading @krisbuytaert @krisbuytaert http://www.krisbuytaert.be/blog/ http://www.krisbuytaert.be/blog/ https://inuits.eu/ https://inuits.eu/