Skip to content

Commit

Permalink
Untangled GitOps
Browse files Browse the repository at this point in the history
  • Loading branch information
nicholasdille committed May 16, 2020
1 parent 1eddd5a commit 21d2775
Show file tree
Hide file tree
Showing 9 changed files with 280 additions and 276 deletions.
84 changes: 84 additions & 0 deletions 140_gitops/definition.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
## What is GitOps

Continuous Deployment for Cloud Native Applications

Developer centric experience when operating infrastructure

Version control as single source of truth

Declarative infrastructure as desired state

Automation is key

Ops can learn from devs

Invented by WeaveWorks in 2017

--

## GitOps != DevOps

### DevOps is cultural change

Shared responsibility

Tools can support but are not essential

### GitOps is a methodology

Technical implementation

--

## How to do GitOps?

Version control

Declarative infrastructure

Automation to *make it so*

Minimize glue code

You decide
- Repository layout (monorepo or multirepo)
- Development mode (trunk-based or gitflow)
- Stages (one or more)

--

## How to do GitOps?

When this becomes religion...

### Push deployment

All-knowing CI/CD pipeline

Extensive permissions required

WeaveWorks calls this *CIOps*

### Pull deployment

Preached by WeaveWorks

Smaller attack surface due to few permissions

--

## Do not be religious

### Doing CIOps is just fine

Select well-established CI/CD tool

Do pipeline-as-code

Do fully automated deployments

Redeploy regularly

Calling it GitOps is also fine ;-)

### *Official GitOps* may be an evolutionary step
14 changes: 13 additions & 1 deletion 140_gitops/flux/slides.template.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,18 @@
## flux

XXX
GitOps for Kubernetes

Cluster state is stored in git repository

Changes are deployed automatically every 5m

Automated image updates

CLI `fluxctl`

--

## Demo: flux

<!-- include: flux-0.command -->

Expand Down
31 changes: 31 additions & 0 deletions 140_gitops/projects.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
## Noteworthy projects

Most certainly not exhaustive ;-)

### [flux](https://fluxcd.io/)

The GitOps reference project

Created by [WeaveWorks](https://www.weave.works/), CNCF [sandbox project](https://www.cncf.io/sandbox-projects/)

### [tekton](https://tekton.dev/)

Kubernetes native CI/CD

Part of the [cd.foundation](https://cd.foundation/)

Jenkins X builds on top

--

## Demo: flux

GitOps for Kubernetes

Cluster state is stored in git repository

Changes are deployed automatically every 5m

Automated image updates

CLI `fluxctl`
6 changes: 6 additions & 0 deletions 140_gitops/quote_keysey_hightower.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<!-- .slide: class="center" -->

*GitOps: versioned CI/CD on top of declarative infrastructure. Stop scripting and start shipping.*

[Kelsey Hightower, Developer Advocate @ Google](https://twitter.com/kelseyhightower/status/953638870888849408)
<!-- .element: style="text-align: right;" -->
49 changes: 49 additions & 0 deletions 140_gitops/security.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
## Secrets

### Push deployment

Permissions in target environment required

Secrets are injected by pipeline

### Pull deployment

Deployments performed from inside the target environment

Secrets using [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) or pulled from Vault

--

## Privileges

### Least privileges

Deny by default and add permissions

Use deploy keys but harder for auditing

Do not compromise

### Separation of concerns

Dedicated account per use case

Evaluate permissions per account

--

## Security in dev and ops

Make human interaction more secure

### Local development

Always add `.env` to your `.gitignore`

Place required environment variables in `.env`

### Troubleshooting

Default to read access to live environment

Limit interactive access to target system
31 changes: 31 additions & 0 deletions 140_gitops/summary.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
## Summary

WeaveWorks invented GitOps in 2017

GitOps is...

...automated ops

...from version control

...using declarative infrastructure

(...using pull deployments)

WeaveWorks `flux` implements GitOps

CIOps is also fine ;-)

--

## Further reading

[gitops.tech](https://www.gitops.tech/)

[Weave Works blog](https://www.weave.works/blog/category/gitops/)

[Guide to GitOps](https://www.weave.works/technologies/gitops/)

[CIOps as an anti-pattern](https://www.weave.works/blog/kubernetes-anti-patterns-let-s-do-gitops-not-ciops)

[Awesome GitOps](https://github.com/weaveworks/awesome-gitops)
58 changes: 58 additions & 0 deletions 140_gitops/tekton/slides.template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
## tekton

Pipelines executed natively inside Kubernetes

Pipelines are expressed as YAML documents

Example `Task`:

```yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: echo-hello-world
spec:
steps:
- name: echo
image: ubuntu
command:
- echo
args:
- "Hello World"
```
--
## tekton
Example `TaskRun`:

```yaml
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: echo-hello-world-task-run
spec:
taskRef:
name: echo-hello-world
```

--

## Demo: TaskRun

<!-- include: taskrun-0.command -->

<!-- include: taskrun-1.command -->

<!-- include: taskrun-2.command -->

--

## Demo: PipelineRun

<!-- include: pipelinerun-0.command -->

<!-- include: pipelinerun-1.command -->

<!-- include: pipelinerun-2.command -->
Loading

0 comments on commit 21d2775

Please sign in to comment.