Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud native continuous delivery


Published on

In this talk, Sami will provide some tips and good practices learnt from doing continuous delivery for cloud native apps. He will also demo a GitOps approach for continuous delivery of kubernetes deployments with Helmsman. Although, the talk focuses on Kubernetes as a deployment platform, the tips apply to other platforms too.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Cloud native continuous delivery

  1. 1.
  2. 2. Cloud Native Continuous Delivery Sami Alajrami
  3. 3. Who am I? ● DevOps consultant @Praqma ● PhD in Computing Science [ cloud, MDE … ] ● Interests: Automation, Processes, Cloud , Kubernetes … ● Creator of Helmsman - A tool for CD of Helm charts
  4. 4. Why Continuous Delivery? - State of DevOps Report 2018
  5. 5. What is Cloud Native? Cloud Native Apps Cloud Native Infrastructure
  6. 6. Customers love to: Cloud Native Apps develop release feedback ● Develop fast. Operability● Determine the status of the app. Agility ● Gain business insights about the app. Observability ● Embrace failures. Resiliency
  7. 7. ● Cloud Native Apps expect to run on dynamic and autonomous environments Cloud Native Infrastructure Kubernetes Resource management, dynamic orchestration, service discovery ... IaaS VMs, Networking … ● Apps take some of the traditional infrastructure responsibility
  8. 8. Learnings From Cloud Native Continuous Delivery
  9. 9. ● Use Declarative tools for defining your infrastructure. ● Treat utility apps (e.g. monitoring tools, ingress controllers …) as infrastructure. ● Have a test/dev infrastructure which is identical to prod. Infrastructure
  10. 10. Options: ● Trust CI/CD tools with your secrets as env variables. ● Rely on managed key management services (e.g. AWS KMS, GCP KMS …) ● Use an self-managed secret management tool (e.g. Hashicorp Vault) Secrets
  11. 11. Mr. Bean’s security model
  12. 12. Secrets Vault: Kubernetes Auth Pod 1 Serviceaccount 1 Pod 2 Serviceaccount 2 Kubernetes Auth config i. Get Vault Token (using k8s service account JWT) ii. Read Secrets (using the token ) 3 Init Container Your App 12 3
  13. 13. ● Package your app in an easy to deploy format (e.g. docker image, VM image …) ● In K8S, package your apps as Helm Charts ○ Charts are configurable, reusable and publishable ○ Helm hooks allow pre/post install/upgrade/delete operations Packaging
  14. 14. ● Assume that everything will crash! ● Have CD that recovers your infrastructure and/or apps quickly (with minimal or no human intervention). ● Reproducible rollbacks! Fast Recovery
  15. 15. Achieve GitOps
  16. 16. Demo CD of canary/dark deploys in k8s with Helmsman
  17. 17. ● Kubernetes deployment strategies ● Kubernetes ingress Controllers comparison oyager-vs-contour-vs-ambassador/ ● Ambassador Shadow (dark) deploy ● Demo source code Next steps!
  18. 18. Thank you! Questions?