Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud native continuous delivery

54 views

Published on

In this talk, Sami will provide some tips and good practices learnt from doing continuous delivery for cloud native apps. He will also demo a GitOps approach for continuous delivery of kubernetes deployments with Helmsman. Although, the talk focuses on Kubernetes as a deployment platform, the tips apply to other platforms too.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Cloud native continuous delivery

  1. 1. www.praqma.com
  2. 2. www.praqma.com Cloud Native Continuous Delivery Sami Alajrami
  3. 3. www.praqma.com Who am I? ● DevOps consultant @Praqma ● PhD in Computing Science [ cloud, MDE … ] ● Interests: Automation, Processes, Cloud , Kubernetes … ● Creator of Helmsman - A tool for CD of Helm charts
  4. 4. www.praqma.com Why Continuous Delivery? - State of DevOps Report 2018 https://cloudplatformonline.com/2018-state-of-devops.html
  5. 5. www.praqma.com What is Cloud Native? Cloud Native Apps Cloud Native Infrastructure
  6. 6. www.praqma.com Customers love to: Cloud Native Apps develop release feedback ● Develop fast. Operability● Determine the status of the app. Agility ● Gain business insights about the app. Observability ● Embrace failures. Resiliency
  7. 7. www.praqma.com ● Cloud Native Apps expect to run on dynamic and autonomous environments Cloud Native Infrastructure Kubernetes Resource management, dynamic orchestration, service discovery ... IaaS VMs, Networking … ● Apps take some of the traditional infrastructure responsibility
  8. 8. www.praqma.com Learnings From Cloud Native Continuous Delivery
  9. 9. www.praqma.com ● Use Declarative tools for defining your infrastructure. ● Treat utility apps (e.g. monitoring tools, ingress controllers …) as infrastructure. ● Have a test/dev infrastructure which is identical to prod. Infrastructure
  10. 10. www.praqma.com Options: ● Trust CI/CD tools with your secrets as env variables. ● Rely on managed key management services (e.g. AWS KMS, GCP KMS …) ● Use an self-managed secret management tool (e.g. Hashicorp Vault) Secrets
  11. 11. www.praqma.com Mr. Bean’s security model
  12. 12. www.praqma.com Secrets Vault: Kubernetes Auth Pod 1 Serviceaccount 1 Pod 2 Serviceaccount 2 Kubernetes Auth config i. Get Vault Token (using k8s service account JWT) ii. Read Secrets (using the token ) 3 Init Container Your App 12 3
  13. 13. www.praqma.com ● Package your app in an easy to deploy format (e.g. docker image, VM image …) ● In K8S, package your apps as Helm Charts ○ Charts are configurable, reusable and publishable ○ Helm hooks allow pre/post install/upgrade/delete operations Packaging
  14. 14. www.praqma.com ● Assume that everything will crash! ● Have CD that recovers your infrastructure and/or apps quickly (with minimal or no human intervention). ● Reproducible rollbacks! Fast Recovery
  15. 15. www.praqma.com Achieve GitOps https://www.weave.works/technologies/gitops/
  16. 16. www.praqma.com Demo CD of canary/dark deploys in k8s with Helmsman
  17. 17. www.praqma.com ● Kubernetes deployment strategies https://github.com/ContainerSolutions/k8s-deployment-strategies ● Kubernetes ingress Controllers comparison https://kubedex.com/nginx-ingress-vs-kong-vs-traefik-vs-haproxy-vs-v oyager-vs-contour-vs-ambassador/ ● Ambassador Shadow (dark) deploy https://www.getambassador.io/reference/shadowing ● Demo source code https://github.com/sami-alajrami/ngingo Next steps!
  18. 18. www.praqma.com Thank you! Questions?

×