In this presentation, I will recount the challenges my team and I faced over the past year and how we overcame obstacles and achieved our goals.
Even for greenfield projects, our journey had its share of surprises. Despite living in 2023, we still encountered common problems that many think are long-solved. I'll delve into topics such as defining DNS zones across multiple environments, dealing with ineffective build artifacts from mature development teams, GitHub Actions for CI/CD, versioning, cost optimization, and the potential pitfalls of adopting GitOps in combination with a "reuse as much as possible" mentality.
So, join me as we explore the trade-offs and lessons learned from these real-world scenarios. With this presentation, you'll gain valuable insights to help you navigate similar challenges quickly and confidently.
Axa Assurance Maroc - Insurer Innovation Award 2024
"Modern DevOps & Real Life Applications. 3.0.0-devops+20230318", Igor Fesenko
1.
2. Who Am I?
Engineer<T> where T : Azure | DevOps | C#
Microsoft® Most Valuable Professional
Solutions Architect @ SoftServe, Inc.
Spend time in the cloud
More… go to https://ifesenko.com
3. Agenda DNS
Versioning
GitOps & ArgoCD
GitHub Actions for CI/CD
7. DNS. Lessons Learned
Do NOT use {env}.{app}.company.com as a naming convention
Do {app}.{env}.company.com
Use {internal}.{env}.company.com DNS zone if you have resources
that are not exposed to public internet
CNAME records will help during potential migration if you use them
10. Semantic Versioning (SemVer) & Branch Strategy
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes
MINOR version when you add functionality in a backwards compatible manner
PATCH version when you make backwards compatible bug fixes
11. Calendar-Based Versioning (CalVer)
YYYY.MM.Sequence(.Patch)
Breaking changes are for changelog
Ship feature and fix as soon as possible
Gregorian calendar and UTC time are only dependencies
If you have support cycle each user can easily check if it is supported
12. Versioning. Lessons Learned
Ensure calendar-based version is generated per a run and only once
Always leave traces to correlate build number with commit id
Git tag
Version metadata
You should be able to generate new version number on any platform
15. GitOps. Repository Layout
.github/
azure/ - definitions related to policy as code
cluster/ - all files related to AKS
argocd/ - Application of Applications (cluster bootstrapping)
non-prod/
apps/
projects/
prod/
apps/
projects/
rabbitmq/ - RabbitMQ Helm chart
stunnel/ - stunnel Helm chart
docs/ - runbooks, scripts, decision records, etc.
terraform/ - Terraform files to manage infrastructure
16. ArgoCD. App Of Apps Pattern
When ArgoCD is deployed
create a new app “root”
that consists other apps and projects
PATH: cluster/argocd/non-prod
Apps
definitions of 1st party and 3rd party apps
Projects
we use ArgoCD projects as environments
19. ArgoCD. Helm Chart Layout
common/ - configuration which is common to all envs
envs/ - holds environment specific configuration
templates/ - Helm chart files
variants/ - holds characteristics between similar envs
27. Keep Up To Date Your Actions & Charts
Dependabot or Renovate
28. GitHub Actions. Lessons Learned
Be careful when sharing state between Jobs via GitHub Artifacts
Do not publish build artifacts to GitHub Artifacts
Allow a subsequently queued workflow run to interrupt previous
runs. GitHub Docs
Limit number of open pull requests for version updates
Cache dependencies
Nested workflows and secrets scope
```mermaid
sequenceDiagram
participant PI as Public Internet
participant CF as Cloudflare
participant Prod as Azure DNS (Prod)
participant NonProd as Azure DNS (Non-Prod)
PI->>CF: company.com
CF->>Prod: product.company.com
Prod->>NonProd: dev.product.company.com
Prod->>NonProd: sqa.product.company.com
Prod->>NonProd: uat.product.company.com
```
How it works
If the current commit has a version tag:
The version is used as-is
If the current commit does not have a version tag:
The commit history is searched for the latest commit with a version tag.
If a commit with a version tag is found:
If the version is a pre-release:
The version is used as-is, with height added.
If the version is RTM (not pre-release):
The patch number is incremented.
Default pre-release identifiers are added.
Height is added.
If no commit with a version tag is found:
The default version0.0.0-preview.0 is used, with height added.
Height
If the current commit does not have a version tag, another number is added to the pre-release identifiers. This is the number of commits since the latest commit with a version tag or, if no commits have a version tag, since the root commit. This is known as "height". For example, if the latest version tag found is 2022.11.0-rc.1, at a height of 42 commits, the calculated version is 2022.11.0-rc.1.42.Example: 2022.11.1-preview.7+f52c82b -> 2022.11.1-rc.1+e42c32b -> 2022.11.1+9693551