SlideShare a Scribd company logo

2022-05-23-DevOps pro Europe - Managing Apps at scale.pdf

Ł
Łukasz Piątkowski

Slides about how we at Giant Swarm manage Kubernetes apps at scale. This was a talk I gave during DevOps Pro Europe '22 conference.

Technology
1 of 42
Download to read offline
May 26, 2022 Łukasz Piątkowski Kubernetes Platform Architect Managing Apps at Scale In Kubernetes
Agenda Introduction What’s the problem, what’s the solution? How does it work? Summary
Introduction
Problems ● Preparing applications for a Kubernetes cluster ○ How to prepare (package) an app? ○ How to ensure best practices? ○ How to make sure the application will run on your cluster? ● Deploying applications ○ How to manage life cycle? ○ How to manage configuration? ■ Extracting common patterns ■ Yet doing last mile overrides
What is Helm? ● Package manager for Kubernetes ● Allows you to pack different YAMLs (Deployment, Service, anything) into a single package and run some templating on the YAMLs ● Templating parameters act as Chart’s configuration ● Terminology ○ Chart - a package that can be installed on a cluster ○ Repository - a service exposing downloadable Charts ○ Release - a Chart and its configuration installed on a Kubernetes cluster
More problems ● Shortcomings of Helm ○ No support for deploying to multiple clusters ○ Only installation time tests ○ No representation in K8s API ○ One configuration layer only ○ CRD management can be hard ○ Cluster live state detection is hard ○ Source command (intent) is On My Laptop Only (™)
Solution: App Platform
Why App Platform? We manage fleets (hundreds) of Kubernetes clusters, so we need tools that can: ● Ensure quality at build and release time, with easy repeatable process ● Target many clusters from a single control point, ● Share, reuse, and also override configuration of applications across multiple clusters, ● Offer the same set of applications across all managed clusters, ● Offer a native Kubernetes API for application management.
What is App Platform? A set of tools to help create, test, deliver and manage applications (Helm charts) on top of Kubernetes, at scale. ● create - app-build-suite ○ Best practices about building and QA-ing Helm charts ○ Providing additional metadata about the app ● test - app-test-suite ○ Tools to help test the app before delivering to clusters ● deliver - chart repositories ○ Tools and practices about storing Helm charts ● manage - operators ○ Kubernetes native app life-cycle management API for fleets
App Platform 10,000 m view app-build-suite Operators Operators app-test-suite Workload Cluster Management Cluster Helm chart sources Metadata info Helm chart Test Kubernetes Cluster Helm repository Tests Metadata CI/CD Process scan deploy
App Platform 1,000 m view Operators Operators app-test-suite Workload Cluster Management Cluster Test Kubernetes Cluster Helm repository scan deploy app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata CI/CD Process
Building an app ● App-build-suite ○ Opinionated and repeatable process to run on dev machines and in CI/CD ○ Docs: https://github.com/giantswarm/app-build-suite ○ The build process ■ App and chart versions in the Chart.yaml file are set using git info (if configured) ■ External linters and code quality tools are invoked ■ Helm creates a chart archive ■ Metadata is generated from the data collected during the build (if configured) ○ What is metadata? ■ We extend Helm with a side file that includes more non-standard metadata about the chart, like: ● Which cloud infrastructure provider is this app valid for? ● Is it safe to install it multiple times on a single cluster or in a single namespace?
App Platform 1,000 m view Operators Operators Workload Cluster Management Cluster deploy app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata app-test-suite Test Kubernetes Cluster Helm repository scan CI/CD Process
Testing an app ● App-test-suite ○ Repeatable process to test on dev machines and in CI/CD ○ Docs: https://github.com/giantswarm/app-test-suite ○ Runs scenarios, currently smoke, functional and upgrade tests ○ Takes care of bootstrapping target cluster ○ Allows to implement tests in python or go ○ Declarative matching between scenarios and test implementation ○ Can produce additional metadata ■ Upgrade tests save info on successfully tested upgrade path
Testing an app Test matching and execution Smoke run tests marked @smoke Functional run tests marked @functional Upgrade • run tests marked @upgrade on stable App version • upgrade the App version • run tests marked @upgrade again on new App version @pytest.mark.smoke def test_app_installed(cluster): @pytest.mark.functional @pytest.mark.upgrade def test_login_api_ok(cluster): @pytest.mark.upgrade def test_new_api_ok(cluster): app-test-suite tests.py
Testing an app ● Python test helper - pytest-helm-charts ○ Pytest plugin ○ Delivers test information and cluster connection as a set of fixtures (dependency-injected objects) ○ Integrated with pykube-ng library
App Platform 10.000 m view Operators Operators Workload Cluster Management Cluster deploy app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata app-test-suite Test Kubernetes Cluster Helm repository scan CI/CD Process
Chart storage ● Currently, very simple ○ As a Helm repository available through HTTPS ○ Charts stored together with their metadata ○ The repository is periodically scanned by our life-cycle management operators and reflected as Kubernetes objects
App Platform 10.000 m view app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata app-test-suite Test Kubernetes Cluster Helm repository CI/CD Process Operators Operators Workload Cluster Management Cluster deploy scan
Life-cycle management ● Tasks ○ Managing configuration - global defaults, last mile overrides ○ Native K8s style API - available the same way as any other object in API server ○ Status reporting and monitoring ○ Configuration validation and defaulting ● 100% compatible with Helm charts and catalogs ○ With optional extensions like metadata
App life-cycle management API overview Catalog CR AppCatalogEntry CR Shows which app described by AppCatalogEntry should be installed on which Workload Cluster. Does that by creating Chart CR there. App CR Local representation (on the Workload Cluster) of an app that should be installed on that cluster. Creates local Helm Release. Chart CR Show what we have. Catalogs point to remote Helm repositories. AppCatalogEntries are created for each app and its version present in the catalog. Management Cluster Workload Cluster
Main software components ● App-operator ○ Watches Catalog CRs ■ “Where is the catalog?” ○ Watches configured Catalog URLs to produce AppCatalogEntries CRs ■ “What is in the catalog?” ■ Based on index.yaml and metadata files ○ Watches App CRs ■ “On which WC a specific app described by ACE should be deployed?” ○ Does 3-level config merge ■ Catalog level config and 2 App level configs (base and user configs) ○ Creates Chart CR on the target WC
Main software components ● Chart-operator ○ Runs on WC (applies to all CRs below) ○ Watches Chart [namespaced] ■ “Where should I install with Helm on this cluster?” ○ Manages local installation/update/removal requests using Helm ● App-admission-controller ○ Runs on MC ○ Validation and admission of App CRs ● App-exporter ○ Runs on MC ○ Prometheus metrics about the status of locally present App CRs
App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller
App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE Catalog kubectl app-operator
App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE Catalog kubectl app-operator
App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator
App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe1 Cluster giantswarm namespace chart-operator ACE ACE Chart
App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe1 Cluster giantswarm namespace chart-operator ACE ACE Chart app1 namespace Helm release Deployment Service …
App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe2 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe1 Cluster giantswarm namespace chart-operator ACE ACE Chart app1 namespace Helm release Deployment Service … cafe2 Cluster giantswarm namespace chart-operator ACE ACE Chart app2 namespace Helm release Deployment Service …
Integration with gitops tools How to integrate app platform with gitops? ● The integration is natural - just keep your App CRs definitions in the repo ● Remember to add configuration ConfigMaps and Secrets ○ Secrets need to be encrypted at rest in the repo, so use tools like sops ● We recommend flux as gitops tool
Summary
Summary ● We need to deliver multiple apps to many clusters ○ We’re using Helm and are Helm compatible, but also extended it a lot ○ We’re addressing the delivery process from build, through test and then life-cycle management ○ We care about user experience ○ Nothing lives in void ■ We integrate well with gitops tools - we use Flux to manage our apps ● Future ○ Delivery pipeline security ○ More functionality in the metadata area ■ Kubernetes version compatibility testing ■ App dependencies
Questions?

Recommended

ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
UA DevOps Conference
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
Kangaroot
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...
Michael Elder
 
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
Lightbend
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Andrew Phillips
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
William Caban
 
Pivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformPivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platform
Ronak Banka
 

Recommended

ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
UA DevOps Conference
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
Kangaroot
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...Introducing github.com/open-cluster-management – How to deliver apps across c...
Introducing github.com/open-cluster-management – How to deliver apps across c...
Michael Elder
 
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
Lightbend
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Andrew Phillips
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
William Caban
 
Pivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformPivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platform
Ronak Banka
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
Microsoft
 
KCD Italy 2022 - Application driven infrastructure with Crossplane
KCD Italy 2022 - Application driven infrastructure with CrossplaneKCD Italy 2022 - Application driven infrastructure with Crossplane
KCD Italy 2022 - Application driven infrastructure with Crossplane
sparkfabrik
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps Workshop
Weaveworks
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloud
Datadog
 
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
ShapeBlue
 
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps EnterpriseSpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
VMware Tanzu
 
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
Alexandre Roman
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architectures
nine
 
Kubernetes deep dive - - Huawei 2015-10
Kubernetes deep dive - - Huawei 2015-10Kubernetes deep dive - - Huawei 2015-10
Kubernetes deep dive - - Huawei 2015-10
Vishnu Kannan
 
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
GetInData
 
(DVO313) Building Next-Generation Applications with Amazon ECS
(DVO313) Building Next-Generation Applications with Amazon ECS(DVO313) Building Next-Generation Applications with Amazon ECS
(DVO313) Building Next-Generation Applications with Amazon ECS
Amazon Web Services
 
AKS: k8s e azure
AKS: k8s e azureAKS: k8s e azure
AKS: k8s e azure
Alessandro Melchiori
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
Tamir Dresher
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
VMware Tanzu
 
Lessons learned using GitOps
Lessons learned using GitOpsLessons learned using GitOps
Lessons learned using GitOps
Edgaras Apšega
 
How to Improve the Observability of Apache Cassandra and Kafka applications...
How to Improve the Observability of Apache Cassandra and Kafka applications...How to Improve the Observability of Apache Cassandra and Kafka applications...
How to Improve the Observability of Apache Cassandra and Kafka applications...
Paul Brebner
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
Opsta
 
How kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updatedHow kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updated
Shikha Srivastava
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service
WinWire Technologies Inc
 
CI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsCI/CD Across Multiple Environments
CI/CD Across Multiple Environments
Karl Isenberg
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 

More Related Content

Similar to 2022-05-23-DevOps pro Europe - Managing Apps at scale.pdf

Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
Microsoft
 
KCD Italy 2022 - Application driven infrastructure with Crossplane
KCD Italy 2022 - Application driven infrastructure with CrossplaneKCD Italy 2022 - Application driven infrastructure with Crossplane
KCD Italy 2022 - Application driven infrastructure with Crossplane
sparkfabrik
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps Workshop
Weaveworks
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloud
Datadog
 
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
ShapeBlue
 
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps EnterpriseSpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
VMware Tanzu
 
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
Alexandre Roman
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architectures
nine
 
Kubernetes deep dive - - Huawei 2015-10
Kubernetes deep dive - - Huawei 2015-10Kubernetes deep dive - - Huawei 2015-10
Kubernetes deep dive - - Huawei 2015-10
Vishnu Kannan
 
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
GetInData
 
(DVO313) Building Next-Generation Applications with Amazon ECS
(DVO313) Building Next-Generation Applications with Amazon ECS(DVO313) Building Next-Generation Applications with Amazon ECS
(DVO313) Building Next-Generation Applications with Amazon ECS
Amazon Web Services
 
AKS: k8s e azure
AKS: k8s e azureAKS: k8s e azure
AKS: k8s e azure
Alessandro Melchiori
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
Tamir Dresher
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
VMware Tanzu
 
Lessons learned using GitOps
Lessons learned using GitOpsLessons learned using GitOps
Lessons learned using GitOps
Edgaras Apšega
 
How to Improve the Observability of Apache Cassandra and Kafka applications...
How to Improve the Observability of Apache Cassandra and Kafka applications...How to Improve the Observability of Apache Cassandra and Kafka applications...
How to Improve the Observability of Apache Cassandra and Kafka applications...
Paul Brebner
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
Opsta
 
How kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updatedHow kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updated
Shikha Srivastava
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service
WinWire Technologies Inc
 
CI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsCI/CD Across Multiple Environments
CI/CD Across Multiple Environments
Karl Isenberg
 

Similar to 2022-05-23-DevOps pro Europe - Managing Apps at scale.pdf (20)

Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
 
KCD Italy 2022 - Application driven infrastructure with Crossplane
KCD Italy 2022 - Application driven infrastructure with CrossplaneKCD Italy 2022 - Application driven infrastructure with Crossplane
KCD Italy 2022 - Application driven infrastructure with Crossplane
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps Workshop
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloud
 
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
 
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps EnterpriseSpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
 
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architectures
 
Kubernetes deep dive - - Huawei 2015-10
Kubernetes deep dive - - Huawei 2015-10Kubernetes deep dive - - Huawei 2015-10
Kubernetes deep dive - - Huawei 2015-10
 
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
 
(DVO313) Building Next-Generation Applications with Amazon ECS
(DVO313) Building Next-Generation Applications with Amazon ECS(DVO313) Building Next-Generation Applications with Amazon ECS
(DVO313) Building Next-Generation Applications with Amazon ECS
 
AKS: k8s e azure
AKS: k8s e azureAKS: k8s e azure
AKS: k8s e azure
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
 
Lessons learned using GitOps
Lessons learned using GitOpsLessons learned using GitOps
Lessons learned using GitOps
 
How to Improve the Observability of Apache Cassandra and Kafka applications...
How to Improve the Observability of Apache Cassandra and Kafka applications...How to Improve the Observability of Apache Cassandra and Kafka applications...
How to Improve the Observability of Apache Cassandra and Kafka applications...
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
 
How kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updatedHow kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updated
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service
 
CI/CD Across Multiple Environments
CI/CD Across Multiple EnvironmentsCI/CD Across Multiple Environments
CI/CD Across Multiple Environments
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 

2022-05-23-DevOps pro Europe - Managing Apps at scale.pdf

  • 1. May 26, 2022 Łukasz Piątkowski Kubernetes Platform Architect Managing Apps at Scale In Kubernetes
  • 2. Agenda Introduction What’s the problem, what’s the solution? How does it work? Summary
  • 4. Problems ● Preparing applications for a Kubernetes cluster ○ How to prepare (package) an app? ○ How to ensure best practices? ○ How to make sure the application will run on your cluster? ● Deploying applications ○ How to manage life cycle? ○ How to manage configuration? ■ Extracting common patterns ■ Yet doing last mile overrides
  • 5. What is Helm? ● Package manager for Kubernetes ● Allows you to pack different YAMLs (Deployment, Service, anything) into a single package and run some templating on the YAMLs ● Templating parameters act as Chart’s configuration ● Terminology ○ Chart - a package that can be installed on a cluster ○ Repository - a service exposing downloadable Charts ○ Release - a Chart and its configuration installed on a Kubernetes cluster
  • 6.
  • 7.
  • 8. More problems ● Shortcomings of Helm ○ No support for deploying to multiple clusters ○ Only installation time tests ○ No representation in K8s API ○ One configuration layer only ○ CRD management can be hard ○ Cluster live state detection is hard ○ Source command (intent) is On My Laptop Only (™)
  • 10. Why App Platform? We manage fleets (hundreds) of Kubernetes clusters, so we need tools that can: ● Ensure quality at build and release time, with easy repeatable process ● Target many clusters from a single control point, ● Share, reuse, and also override configuration of applications across multiple clusters, ● Offer the same set of applications across all managed clusters, ● Offer a native Kubernetes API for application management.
  • 11. What is App Platform? A set of tools to help create, test, deliver and manage applications (Helm charts) on top of Kubernetes, at scale. ● create - app-build-suite ○ Best practices about building and QA-ing Helm charts ○ Providing additional metadata about the app ● test - app-test-suite ○ Tools to help test the app before delivering to clusters ● deliver - chart repositories ○ Tools and practices about storing Helm charts ● manage - operators ○ Kubernetes native app life-cycle management API for fleets
  • 12. App Platform 10,000 m view app-build-suite Operators Operators app-test-suite Workload Cluster Management Cluster Helm chart sources Metadata info Helm chart Test Kubernetes Cluster Helm repository Tests Metadata CI/CD Process scan deploy
  • 13. App Platform 1,000 m view Operators Operators app-test-suite Workload Cluster Management Cluster Test Kubernetes Cluster Helm repository scan deploy app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata CI/CD Process
  • 14.
  • 15. Building an app ● App-build-suite ○ Opinionated and repeatable process to run on dev machines and in CI/CD ○ Docs: https://github.com/giantswarm/app-build-suite ○ The build process ■ App and chart versions in the Chart.yaml file are set using git info (if configured) ■ External linters and code quality tools are invoked ■ Helm creates a chart archive ■ Metadata is generated from the data collected during the build (if configured) ○ What is metadata? ■ We extend Helm with a side file that includes more non-standard metadata about the chart, like: ● Which cloud infrastructure provider is this app valid for? ● Is it safe to install it multiple times on a single cluster or in a single namespace?
  • 16. App Platform 1,000 m view Operators Operators Workload Cluster Management Cluster deploy app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata app-test-suite Test Kubernetes Cluster Helm repository scan CI/CD Process
  • 17.
  • 18. Testing an app ● App-test-suite ○ Repeatable process to test on dev machines and in CI/CD ○ Docs: https://github.com/giantswarm/app-test-suite ○ Runs scenarios, currently smoke, functional and upgrade tests ○ Takes care of bootstrapping target cluster ○ Allows to implement tests in python or go ○ Declarative matching between scenarios and test implementation ○ Can produce additional metadata ■ Upgrade tests save info on successfully tested upgrade path
  • 19. Testing an app Test matching and execution Smoke run tests marked @smoke Functional run tests marked @functional Upgrade • run tests marked @upgrade on stable App version • upgrade the App version • run tests marked @upgrade again on new App version @pytest.mark.smoke def test_app_installed(cluster): @pytest.mark.functional @pytest.mark.upgrade def test_login_api_ok(cluster): @pytest.mark.upgrade def test_new_api_ok(cluster): app-test-suite tests.py
  • 20. Testing an app ● Python test helper - pytest-helm-charts ○ Pytest plugin ○ Delivers test information and cluster connection as a set of fixtures (dependency-injected objects) ○ Integrated with pykube-ng library
  • 21. App Platform 10.000 m view Operators Operators Workload Cluster Management Cluster deploy app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata app-test-suite Test Kubernetes Cluster Helm repository scan CI/CD Process
  • 22.
  • 23. Chart storage ● Currently, very simple ○ As a Helm repository available through HTTPS ○ Charts stored together with their metadata ○ The repository is periodically scanned by our life-cycle management operators and reflected as Kubernetes objects
  • 24. App Platform 10.000 m view app-build-suite Helm chart sources Metadata info Helm chart Tests Metadata app-test-suite Test Kubernetes Cluster Helm repository CI/CD Process Operators Operators Workload Cluster Management Cluster deploy scan
  • 25.
  • 26. Life-cycle management ● Tasks ○ Managing configuration - global defaults, last mile overrides ○ Native K8s style API - available the same way as any other object in API server ○ Status reporting and monitoring ○ Configuration validation and defaulting ● 100% compatible with Helm charts and catalogs ○ With optional extensions like metadata
  • 27. App life-cycle management API overview Catalog CR AppCatalogEntry CR Shows which app described by AppCatalogEntry should be installed on which Workload Cluster. Does that by creating Chart CR there. App CR Local representation (on the Workload Cluster) of an app that should be installed on that cluster. Creates local Helm Release. Chart CR Show what we have. Catalogs point to remote Helm repositories. AppCatalogEntries are created for each app and its version present in the catalog. Management Cluster Workload Cluster
  • 28. Main software components ● App-operator ○ Watches Catalog CRs ■ “Where is the catalog?” ○ Watches configured Catalog URLs to produce AppCatalogEntries CRs ■ “What is in the catalog?” ■ Based on index.yaml and metadata files ○ Watches App CRs ■ “On which WC a specific app described by ACE should be deployed?” ○ Does 3-level config merge ■ Catalog level config and 2 App level configs (base and user configs) ○ Creates Chart CR on the target WC
  • 29. Main software components ● Chart-operator ○ Runs on WC (applies to all CRs below) ○ Watches Chart [namespaced] ■ “Where should I install with Helm on this cluster?” ○ Manages local installation/update/removal requests using Helm ● App-admission-controller ○ Runs on MC ○ Validation and admission of App CRs ● App-exporter ○ Runs on MC ○ Prometheus metrics about the status of locally present App CRs
  • 30. App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller
  • 31. App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE Catalog kubectl app-operator
  • 32. App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE Catalog kubectl app-operator
  • 33. App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator
  • 34. App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe1 Cluster giantswarm namespace chart-operator ACE ACE Chart
  • 35. App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe1 Cluster giantswarm namespace chart-operator ACE ACE Chart app1 namespace Helm release Deployment Service …
  • 36. App Platform Deployment Process Management Cluster giantswarm namespace app-operator chart-operator app-exporter app-admission-controller cafe1 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe2 namespace ACE ACE ACE ACE ACE App ACE ACE Catalog kubectl app-operator cafe1 Cluster giantswarm namespace chart-operator ACE ACE Chart app1 namespace Helm release Deployment Service … cafe2 Cluster giantswarm namespace chart-operator ACE ACE Chart app2 namespace Helm release Deployment Service …
  • 37.
  • 38. Integration with gitops tools How to integrate app platform with gitops? ● The integration is natural - just keep your App CRs definitions in the repo ● Remember to add configuration ConfigMaps and Secrets ○ Secrets need to be encrypted at rest in the repo, so use tools like sops ● We recommend flux as gitops tool
  • 40.
  • 41. Summary ● We need to deliver multiple apps to many clusters ○ We’re using Helm and are Helm compatible, but also extended it a lot ○ We’re addressing the delivery process from build, through test and then life-cycle management ○ We care about user experience ○ Nothing lives in void ■ We integrate well with gitops tools - we use Flux to manage our apps ● Future ○ Delivery pipeline security ○ More functionality in the metadata area ■ Kubernetes version compatibility testing ■ App dependencies