Speakers: Vic Iglesias, Benjamin Good, Karl Isenberg
Venue: Google Cloud Next '19
Video: https://www.youtube.com/watch?v=rt287-94Pq4
Continuous Integration and Delivery allows companies to quickly iterate on and deploy their ideas to customers. In doing so, they should strive to have environments that closely match production. Using Kubernetes as the target platform across cloud providers and on-premises environments can help to mitigate some difficulties when ensuring environment parity but many other concerns can arise.
In this talk we will dive into the tools and methodologies available to ensure your code and deployment artifacts can smoothly transition among the various people, environments, and platforms that make up your CI/CD process.
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
CI/CD Across Multiple Environments
1. HYB205: CI/CD Across
Multiple Environments
Vic Iglesias, Cloud Solutions Architect, Google Cloud
Benjamin Good, Solutions Architect, Google Cloud
Karl Isenberg, Tech Lead Manager, Cruise
13. Layers of your stack
Platform
Deployment tools, Service Management
Infrastructure
Networking, Compute, Storage
Applications
14. Layers of your stack
Users
Devs
Infrastructure
Platform
App
15. Benefits of Building with Kubernetes
● Substrate for building a consistent
deployment platform
● Single API for workload management
● Managed service on all major cloud providers
● On-prem installations with GKE On-prem
23. Helm
● Use a templating engine to render your
manifests by passing in variables called
“values”
● Large community and lots of examples at
https://hub.helm.sh
● Use loops and conditionals to “program”
your end result. A double-edged sword.
● Familiar for folks coming from CM tools
like Ansible and Chef
26. Kustomize
Additional Features
● Apply common labels and
annotations
● Add a prefix to all resource names
● Inject config map & secret contents
from local files
● Built-in to kubectl as of 1.14
Add patches to Kubernetes
YAML files leaving the
original YAML untouched
and usable as is.
46. We’re building the world’s most advanced
self-driving vehicles to safely connect people with
the places, things, and experiences they care about.
https://cruise-automation.github.io/webviz/worldview/https://getcruise.com/
47. Multi-Cloud Infrastructure
On Premises
● Office IT
● Data Ingest
● Network Hub
GCP
● PaaS GKE
● Image Registry
● Continuous
Deployment
● Data Lake
● Data Processing
● Data Science
● Machine Learning
● Simulation
AWS
● PaaS AWS
● Source Control
● Continuous
Integration
@karlkfi
50. Security Challenges
Login
● Identity Provider
● Single Sign-On
● Service Accounts
● Credential Rotation
● Bootstrapping
Encryption
● Secret
Management
● Secrets Injection
● Secrets Caching
● TLS Termination
● TLS End to end
Access Control
● Groups
● Roles
● Role Binding
● User to Platform
● User to Service
● User through Service
● Service to Service
@karlkfi
51. In-Memory
Volume
DAYTONA
Init Container
App Container
Kubernetes Pod
Secrets
Login
Vault Integration
(Internal) cruise/daytona@karlkfi
Vault Login
Kubernetes service accounts used
for Vault authentication.
Secrets Injection
Init container side-loads secrets
GCP Service Accounts
Vault generates temporary
credentials on-demand
52. Vault Namespacing
@karlkfi
Group Permissions Path
Team Admin admin secret/<prefix>/<namespace>/*
Team Contractor list secret/<prefix>/<namespace>/*
App Service Account list, get secret/<prefix>/<namespace>/<env>/<app>/*
62. Your Feedback is Greatly Appreciated!
Complete the
session survey
in mobile app
1-5 star rating
system
Open field for
comments
Rate icon in
status bar