Deploy 22 microservices from scratch in 30 mins with GitOps

Bangkok Jirayut Nimsaeng CEO & Founder, Opsta (Thailand) Deploy 22 microservices from scratch in 30 mins with GitOps

Jirayut Nimsaeng (Dear) ● He is Founder and CEO of Opsta (Thailand) Co.,Ltd. ● He has been involved in DevSecOps, Container, Cloud Technology and Open Source for over 10 years. ● He is the first Certified Kubernetes Security Specialist (CKS) and Certified Kubernetes Administrator (CKA) in Thailand ● He is first Thai Google Cloud Developer Expert (GDE) in Thailand

How long does it take to build and deploy all of these? https://github.com/dotnet-architecture/eShopOnContainers

How we build? hook plan & apply ingress-nginx argocd.bangkok.opsta.in.th eshop.dev.bangkok.opsta.in.th eshop.uat.bangkok.opsta.in.th eshop.bangkok.opsta.in.th cert-manager EShop ApplicationSets cloud load balancer EShop Dockerﬁle 1 2 3 4 5

Evolution of Application Deployment

Dockerﬁle Docker Image Build Push Run Pull Docker Life Cycle Run Run Docker Container

Multiple servers Node1 Node2 Node3 Container ???

What is Kubernetes? ● Kubernetes, in Greek, means the Helmsman, or pilot of the ship, pilot of a ship of containers ● Kubernetes is a software written in Go for automating deployment, scaling, and management of containerized applications ● Focus on manage applications, not machines ● Open source, open API container orchestrator ● Supports multiple cloud and bare-metal environments ● Inspired and informed by 15 years of Google’s experiences and internal systems

Docker & Kubernetes Life Cycle Dockerﬁle Docker Image Kubernetes Cluster Build Push Run Pull

What is Google Kubernetes Engine? (GKE) Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure with these benefits ● Single-click clusters ● A high-availability control plane including multi-zonal and regional clusters ● Auto-repair, auto-upgrade, and release channels ● Vulnerability scanning of container images and data encryption ● Integrated cloud monitoring with infrastructure, application, and Kubernetes-specific views

What is Infrastructure as Code (IaC)?

Infrastructure as Code ● Define Infrastructure as Code instead of creating it manually ● Infrastructure can be easily reproduced

Everything as Code Configuration as Code Network as Code Security as Code Policy as Code Infrastructure as Code

Declarative Describe the Outcome Imperative vs Explicit Instructions The system is smart, you don’t care The system is stupid, you are smart

Declarative resource "google_kms_key_ring" "vault" { name = "vault-helm-unseal-kr" location = "asia-southeast1" } Imperative vs gcloud kms keyrings create vault-helm-unseal-kr --location asia-southeast1

Dockerfile FROM node:16.14.2-alpine3.15 COPY . /nodejs/. WORKDIR /nodejs RUN npm install ENV VERSION 1.0 EXPOSE 8081 CMD ["node", "/nodejs/main.js"] OS + System Packages Source Code Library Dependencies Configuration

Kubernetes Manifest apiVersion: v1 kind: Pod metadata: name: busybox namespace: default spec: containers: - name: busybox image: busybox command: - sleep - "3600" apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-foo spec: rules: - host: "foo.com" http: paths: - pathType: Prefix path: "/" backend: service: name: app-a port: number: 8080

Problem with Kubernetes Manifest ● 1 Microservice consist of: ○ Deployment ○ Service ○ Ingress ○ Configmap ○ Secret ● More effort for operate and difficult control environment values. ● Hard to manage release (Rollback, Rollout, history). ● Hard to reuse configuration template cause specification environment.

Helm Kubernetes Cluster Helm Value UAT Microservice DB Microservice UI DB Production Microservice DB Microservice UI DB + app: image: app-a tag: dev replicas: 2 healthCheck: "/health" ingress: host: app-a.example.com env: DB_URL: db-dev:5432 Helm Chart

Terraform Provision and manage any cloud, infrastructure, or service

Terraform Syntax resource "google_container_cluster" "gke_eshop" { name = "gke-eshop" location = var.zone release_channel { channel = "RAPID" } min_master_version = "1.25.0-gke.1100" remove_default_node_pool = true initial_node_count = 1 }

What is GitOps? GitOps is a set of best practices where the entire code delivery process is controlled via Git, including infrastructure and application definition as code and automation to complete updates and rollbacks. gitops

GitOps Principles v1.0.0 A system managed by GitOps must have its desired state expressed declaratively Desired state is stored in a way that enforces immutability, versioning and retains a complete version history Software agents automatically pull the desired state declarations from the source Software agents continuously observe actual system state and attempt to apply the desired state https://opengitops.dev

Overview Git GitOps Tool pull request for change continuous pulling DEV UAT PRD sync stage

Benefits ● Better traceability ● Easier rollbacks ● The state of the cluster is always described in Git ● Safer deployments, there is no external deployment system with full access to the cluster ● Transparent, Straightforward Auditing ● Detecting/Avoiding configuration drift ● Multi-cluster deployments ● Build Code Reviews and Collaboration Culture gitops

Challenges ● Many teams will have to adjust their culture and way of working to support using Git as the single source of truth ● There may be times when that is necessary and will require suspending GitOps in some way ● Good testing and CI already in place ● A strategy for dealing with promotions between environments ● Secrets strategy gitops

Before commit Git CI Container Registry CI CD DEV UAT PRD build push kubectl apply helm upgrade

After Git Container Registry CI CD commit build push Git GitOps Tool pull request for change continuous pulling DEV UAT PRD sync stage [optional] update infrastructure as code

ArgoCD Architecture https://argo-cd.readthedocs.io/en/stable/

ArgoCD Application apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: guestbook namespace: argocd spec: project: default source: repoURL: https://github.com/argoproj/argocd-example-apps.git targetRevision : HEAD path: guestbook destination : server: https://kubernetes.default.svc namespace: guestbook

Infrastructure Layer service account machine_type: e2-custom-4-8192 node_count: 5 hook plan & apply

Kubernetes Layer hook plan & apply ingress-nginx argocd.bangkok.opsta.in.th cert-manager cloud load balancer

ArgoCD Layer hook plan & apply ingress-nginx argocd.bangkok.opsta.in.th eshop.dev.bangkok.opsta.in.th eshop.uat.bangkok.opsta.in.th eshop.bangkok.opsta.in.th cert-manager EShop ApplicationSets cloud load balancer EShop Dockerﬁle

ArgoCD ApplicationSets ApplicationSets

Contact Us Jirayut Nimsaeng (Dear) Facebook: Email: Website: fb.me/DearJirayut jirayut@opsta.co.th www.opsta.co.th Founder & CEO

Deploy 22 microservices from scratch in 30 mins with GitOps

More Related Content

What's hot

Similar to Deploy 22 microservices from scratch in 30 mins with GitOps

More from Opsta

Recently uploaded

Deploy 22 microservices from scratch in 30 mins with GitOps