In this talk, Sami will provide some tips and good practices learnt from doing continuous delivery for cloud native apps. He will also demo a GitOps approach for continuous delivery of kubernetes deployments with Helmsman. Although, the talk focuses on Kubernetes as a deployment platform, the tips apply to other platforms too.
3. www.praqma.com
Who am I?
● DevOps consultant @Praqma
● PhD in Computing Science [ cloud, MDE … ]
● Interests: Automation, Processes, Cloud , Kubernetes …
● Creator of Helmsman - A tool for CD of Helm charts
6. www.praqma.com
Customers love to:
Cloud Native Apps
develop release
feedback
● Develop fast.
Operability● Determine the status of the app.
Agility
● Gain business insights about the app. Observability
● Embrace failures. Resiliency
7. www.praqma.com
● Cloud Native Apps expect to run on dynamic and autonomous
environments
Cloud Native Infrastructure
Kubernetes
Resource management, dynamic orchestration, service discovery ...
IaaS
VMs, Networking …
● Apps take some of the traditional infrastructure responsibility
9. www.praqma.com
● Use Declarative tools for defining your infrastructure.
● Treat utility apps (e.g. monitoring tools, ingress controllers …) as
infrastructure.
● Have a test/dev infrastructure which is identical to prod.
Infrastructure
10. www.praqma.com
Options:
● Trust CI/CD tools with your secrets as env variables.
● Rely on managed key management services (e.g. AWS KMS, GCP KMS
…)
● Use an self-managed secret management tool (e.g. Hashicorp Vault)
Secrets
12. www.praqma.com
Secrets
Vault: Kubernetes Auth
Pod 1
Serviceaccount 1
Pod 2
Serviceaccount 2
Kubernetes
Auth config
i. Get Vault Token
(using k8s service
account JWT)
ii. Read Secrets
(using the token )
3
Init
Container
Your App
12
3
13. www.praqma.com
● Package your app in an easy to deploy format
(e.g. docker image, VM image …)
● In K8S, package your apps as Helm Charts
○ Charts are configurable, reusable and publishable
○ Helm hooks allow pre/post install/upgrade/delete
operations
Packaging
14. www.praqma.com
● Assume that everything will crash!
● Have CD that recovers your infrastructure and/or apps quickly (with
minimal or no human intervention).
● Reproducible rollbacks!
Fast Recovery