4. 4Confidential
• More releases and more complex systems are harder to
manage
• Agile delivery is not enough, if operations is manual
• Developers have responsibility but information
workflows are not in place (aaSthinking)
• People-centric processesare slow
Challenges
5. Confidential 5
How manyapps canyou manage?
Size
Unmanageablesize
Traditional operations
NoOps
Automation
AI
Effort
6. 6Confidential
• If you run 2 week sprints – do your release 25 times a year
• If you automate do you have a dev:ops relationship of
200:1
• Is your remediation as fast your deployment speed
• How long from a change untilthe data arrives at the
developer?
How maturearewe?
7. 7Confidential
• Release are held back from production
• Lock downperiods are introduced during critical
periods
• Team are overworkedand important projects
cancelled or delayed (unmanageable size)
• Developers don’t feel really responsible
Impactof lackofmaturity
8. 8Confidential
• Move towards massive automation (build the
enablement not the ”actualthing”)
• Monitoring part of continuous deployment
• Build“unbreakability” into the process
• Move from manual runbooks to “operations as code”
Thenew way
20. 20Confidential
DeploymentStrategy:Recreate
• Shutdown version A
• Deploy version B after Ais turnedoff
• Pros
• Easy to do
• Application state entirely renewed
• Cons
• Downtime – high impact on the user
https://thenewstack.io/deployment-strategies/
21. 21Confidential
DeploymentStrategy:Ramped
• aka Rolling upgrade
• Replace instances with new version one by one
• Pros
• Easy to setup
• New version is slowly released
• Stateful applications can rebalance data
• Cons
• No control over traffic
22. 22Confidential
DeploymentStrategy:Blue/Green
• Version B (green) is deployed alongside version A(blue)
• Traffic is switched to green at load balancer
• Blue is not immediately deleted
• Pros
• Instant rollout androllback
• Avoiding version conflicts
• Cons
• Difficult for stateful applications
• Long running transactions
23. 23Confidential
DeploymentStrategy:Canary
• Gradually shifting traffic from versionA to B
• E.g.: 90% A - 10%B for10 mins,then80% A - 20% B ...
• Controlled rollout witheasyrollback
• Criteriafor traffic distribution
• Pros
• Newversiononly releasedtoa subsetofusers
• Tryoutsunderproductionconditions
• Fast andeasyrollback
• Cons
• Difficultforstatefulapplications
24. 24Confidential
DeploymentStrategy:A/Btesting
• No deployment strategy but related
• Testing conversion ratesof features
• Criteriafor traffic distribution
• Pros
• Run several version in parallel
• Full trafficcontrol
• Cons
• Requires intelligent loadbalancer (L7)
• Hardtotroubleshoot
27. 27Confidential
Istio
• Open Source project initiated by Google andIBM
• Open services platform to manageservice interactions
• Service Mesh for cross cutting concerns
• Traffic routing
• Intelligent loadbalancing
• Security (encryption, authentication, access control)
• Circuit breaking
• Fault injection
28. 28Confidential
Istio -Architecture
• Pilot
• Controlplane toconfigure andpush service
communication policies
• Routing andforwardingpolicies
• Mixer
• Policy enforcement with aflexible plugin
model for providers fora policy
• Citadel
• Service-to-service authentication and
encryption using mutual TLS with built-in
identify andcredential management
37. 37Confidential
Keptn.sh
• Feel free to tryit out at https://keptn.sh/
• Currentrelease: v0.1with “hardcoded” demo (sockshop)
• Release v0.2 is about to happen
• Strong focus on GitOps based CD
• Mainfeature: onboarding ofyourown apps
• Release v0.3:
• Pluggability, will enable you towrite yourown Services that can reactto certain events that occur in your CDpipeline