SlideShare a Scribd company logo

KubeCon 2017: Kubernetes from Dev to Prod

S
Subhas Dandapani

Kubernetes from Dev to Prod summarizes GoEuro's transition from a legacy environment to using Kubernetes and CI/CD pipelines from development to production. Key points: - GoEuro transitioned 50+ services across 150 engineers from separate development and operations teams to using Kubernetes, Docker, and CI/CD pipelines in 4 months. - They developed "hyper-vm" single-node Kubernetes VMs for local development and testing and "y8s" for sharing Kubernetes configurations across environments from development through production. - CI/CD pipelines were automated using GitLab CI and custom implementations running jobs on "hyper-vm" agents to deploy to environments from preview through production. - Additional services

Engineering
1 of 32
Download to read offline
Kubernetes from Dev to Prod Subhas Dandapani, CI/CD Platform Lead, GoEuro
Subhas Dandapani CI/CD Platform Lead medium.com/@rdsubhas github.com/rdsubhas 12 countries 30k+ stations 200+ airports 10+ million monthly searches
- 50 engineers, 10 services → 150 engineers, 50 services - 10 coordinated releases → 150+ independent releases per week - Legacy → CI/CD/Docker/K8s Excluding persistent services - Through all kinds of legacy problems Integration patterns: REST, File, MQ, DB-driven, Metrics-driven, Compile-time, Ancillary artifacts Dev hacks for ops issues, Ops hacks for dev issues, Debts from dev & ops working as silos - Transition in 4 months across company (ground work laid before in a pilot project) Transition Journey
Development
From the bottom up: hyper-vm - Single-node k8s+docker VM for development - docker build & kubectl apply on same node - Metadata based kubernetes customization (e.g. applying kubernetes services at bootup) - Optimized for development & testing in the cloud docker bind mounting (nested resolv, etc), integrate with internal network, dnsmasq for docker-inside-docker-inside-docker, tuned for throwaway, etc - First point to upgrade kubernetes from dev to prod hyper vm docker k8s master
Development service-repo ├ ops ├─ Dockerfile ├─ helm chart ├─ ci.yaml ├─ Makefile - Every service has "ops" folder - Self-contain most dev+ops requirements docker build hyper vm docker k8s master
service-repo ├ ops ├─ Dockerfile ├─ helm chart ├─ ci.yaml y8s (yaml-k8s-sharing) - Adopt Helm Chart standard/layout/templating - But Render-as-a-service - Additional simplification: - 1 input: “env”, configure everything else out of the box - env=dev: use local image - env=test: use stubs (provider-driven stubs/mocks) - env=qa/preprod/prod: pin revision - Optional params (overrides, etc)
y8s (yaml-k8s-sharing) kubectl apply -f http://y8s.int/repos/any-service-repo ?env=<test|dev|qa|...> &values[foo]=bar&filters[kind]=Service&... - kubectl apply any repo - DevOps services also applied/deployed same way (router, ingress, core services, database, couchbase, etc) - Additional REST options (values, filters, validate, dry run, json/yaml content types, etc) and generated metadata (for tracing back to source) hyper vm docker k8s master
CI/CD Landscape Develop Integrate Deploy hyper-vm develop in the cloud ops/chart in repo self contained repos y8s consume any repo/service
Integration
service-repo ├ ops ├─ Dockerfile ├─ helm chart ├─ ci.yaml - Adopt GitLab CI.yaml syntax/design - But parse/implement it ourselves - Automate all CI pipelines/jobs - We orchestrate all triggers, do all plumbing pr checks, manual checkpoints, cron jobs, distributed caching, nested docker builds, environments, retry/reassignment rules, slack notifications, emails, release annotations/graphs, etc CI Contract
GKEGKE image: jenkins-plain:latest unit-tests: stage: test script: test.sh master: script: release.sh deploy-qa: environment: name: qa credentials: "..." script: deploy.sh deploy-preprod: deploy-prod: ... ci.yaml PR checks master shared qa hyper-vm agent hyper-vm agent GKE preprod, prod, ... GKE
- Every agent is hyper-vm + jenkins slave - docker/kubectl readily configured - Jobs run inside configurable build images - Recreate from source every 2 hours with no downtime, no possibility of snowflake CI - Encourage early integration tests kubectl apply -f y8s.g.int/repos/anything and test - Take Jobs all the way to Prod (safety in upcoming slides) CI Contract hyper vm docker k8s master +jenkins swarm
Job Environment - Closer Look #1 image: jenkins-plain:latest my-job: script: make build - Start using docker/kubectl right away - Cleaned up after every build - Early Integration/E2E tests kubectl apply -f "y8s.int/...dependencies..." kubectl run / docker run <e2e tests> my-job agent is a hyper-vm
my-job: script: make deploy environment: name: preview-24h - Provision on-the-fly ephemeral hyper-vm Same build contract, kubectl/docker readily pointed to that VM - But lives after job completes - Show demos, connect for development/debugging Job Environment - Closer Look #2 my-job 24h preview-vm
Job Environment - Closer Look #3 my-job: script: make deploy environment: name: qa|preprod|prod-region credentials: <credentials> - Apply to Deploy! Including prod regions - We’ll talk about security in later slides my-job GKE qa|prod|...
my-job: stage: pr when: manual environment: name: preview-24h Composition Run on PRs when: manual on pipelines: manual checkpoint on PRs: comment “trigger my-job” Product demos on demand, GitHub Flow (deploy from PR to prod), etc And boot an ephemeral preview VM
Patterns - Database migrations - kubectl run --overrides=$(curl -H ...json y8s.g.int/...migration) - End to end testing - Shared E2E tests treated as services, have their own ops folder as well - kubectl apply y8s.g.int/repos/... && kubectl run <e2e-tests> - Additional Services - helm templates for services like selenium, couchbase, mysql, etc - kubectl apply y8s.g.int/...services… - No need for additional abstraction (like travis-ci services, for example)
CI/CD Landscape Develop Integrate Deploy hyper-vm develop in the cloud ops/chart in repo self contained repos y8s consume any repo/service ready environments preview, qa, preprod, prod, ... ci.yaml pipelines & patterns hyper-vm + ci agent early E2E in CI
Deployment
- Kubernetes API gateway/proxy - Deployed in every k8s cluster, proxies to kubernetes master - Compliance - Validate request on-the-fly when kubectl apply is called to deploy - Enforce presence of CPU/Memory Limits, Live/Readiness probes, … - Enforce no LoadBalancer type allowed, Ingress begins with namespace, ... - Necessary annotations on every resource, whitelisted resource kinds, … - All kinds of Governance and Standards on what is being applied - Enables Orchestration auth8s qa preprod prod ... GKE
auth8s - Enables us to safely hand over releases to developers - No way for one bad pod (memory leak) bringing the whole cluster down - Prevent “Wild wild west” of alpha/beta APIs in clusters - Use few kubernetes APIs and enforce they are used in the right way - Security - Each namespace gets its own username/password, cannot mess with others - Note: k8s 1.6 RBAC in “beta”, security can be delegated to k8s when stable Our developers don’t need to do anything, can just be changed internally - Compliance and governance is equally important, so this still stays! qa preprod prod ... GKE
- Auto-register DNS for independent clusters - Metrics: heapster, restart counters, etc - Logging: Ship structured container logs using filebeat - Routing: nodePort, containerizing current router, etc - Moving to: Ingress - Automatically instrument external health checks (pingdom-style) Value additions: Cluster services
Value additions: Sidecar and Regional services - Sidecar container for big artifacts for legacy services - Region-specific external services - All devops-managed external resources (db, logstash, etc) have their own pipelines and yamls - Provide containerized/test in dev/qa/preprod/etc - Endpoints pointing to persistent resources in prod - Multi-region focused from the beginning
- Coming up: More annotation-driven cluster services - Capture periodic thread-dumps by declaring annotations - Autoscale by declaring metric queries in annotations - Automated external uptime checks and status pages for ingresses - etc Value additions: Annotation driven
CI/CD Landscape Develop Integrate Deploy hyper-vm develop in the cloud ops/chart in repo self contained repos y8s consume any repo/service ready environments preview, qa, preprod, prod, ... value added services routing, logs, metrics, dns, ... auth8s security, compliance gke best kubernetes experience ci.yaml generated pipelines & jobs hyper-vm + ci agent early E2E in CI
Learnings
- Containers are a cultural change - Lots of presentations, PoCs, consulting, lobbying, “we needed this yesterday” - We did at same time: CI, CD, Unversioning, Dockerizing, Kubernetizing - Couldn’t have done without support from teams, managers, product, business - Don’t try too much: Changing monitoring, routing, building, processes, etc. - Migrate as-it-is - Services closer to 12factor, With small dep-graph, Hard legacy challenges - 5 minute bootup, 400 MB images, Dev vs Ops hacks, etc - Run with 0% traffic, Shadow comparison, QA/Preprod, Traffic switching - Establish the pipe, Optimize later What we learned?
- Work with feature teams - Get out of the DevOps desk/lobby - Be part of their journey - Let them own their success - Avoid repeating mistake of dev vs ops silos - Embrace Standards, Validate Subset - Too many DevOps tool ~micro-JS explosion - Choose wisely, Draw boundaries, Be compatible - Less tools, More APIs, More Dogfooding What we learned?
- Transition from Cloud resources => Container resources - From Cloud: Disk Image + InstanceGroup/ASG + LoadBalancer - To Container: Docker Image + K8s Deployment + K8s Service/Ingress - From: packer build, terraform apply, cannot be controlled, creates real cloud resources - To: docker build, kubectl apply, can be orchestrated and governed, container resources - Allow teams to deliver from Dev to Prod - Balance safety, compliance, automation and ease-of-use - Transition legacy and modern services - Integrate and iterate fast, next 1000 releases per week What Kubernetes Enabled Us
- Site Reliability Engineering - Teams deliver up to prod-x% - Rollout to rest automatically based on metrics - Better State Management - Secret Management - Multiple possibilities, ci.yaml, auth8s, etc - Ingress, Federation - Namespace Quotas - Virtual data center, Team budgets, etc Stepping Forward ENGINEERING CI/CD/Tooling/VAS INFRA SRE
Questions

Recommended

Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
Jason Hu
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
Sparkbit
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Eric Gustafson
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Rohman Muhamad
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Michal Cwienczek
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 

Recommended

Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
Jason Hu
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
Sparkbit
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Eric Gustafson
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Rohman Muhamad
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Michal Cwienczek
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
Container orchestration
Container orchestrationContainer orchestration
Container orchestration
Timo Derstappen
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Kubernetes kubecon-roundup
Kubernetes kubecon-roundupKubernetes kubecon-roundup
Kubernetes kubecon-roundup
Sebastien Goasguen
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6
Opcito Technologies
 
Kubernetes-Meetup
Kubernetes-MeetupKubernetes-Meetup
Kubernetes-Meetup
Vaibhav Kohli
 
Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)
Arkadiusz Borek
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
Rohit Jnagal
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Vishal Biyani
 
Orchestrating Docker Containers with Google Kubernetes on OpenStack
Orchestrating Docker Containers with Google Kubernetes on OpenStackOrchestrating Docker Containers with Google Kubernetes on OpenStack
Orchestrating Docker Containers with Google Kubernetes on OpenStack
Trevor Roberts Jr.
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshop
loodse
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Intro to Kubernetes
Intro to KubernetesIntro to Kubernetes
Intro to Kubernetes
Joonathan Mägi
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 Workshop
Vishal Biyani
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
Kubernetes and Hybrid Deployments
Kubernetes and Hybrid DeploymentsKubernetes and Hybrid Deployments
Kubernetes and Hybrid Deployments
Sandeep Parikh
 
Marc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 MinutesMarc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter
 
Mipro Ecoparque Industrial Cotopaxi
Mipro Ecoparque Industrial CotopaxiMipro Ecoparque Industrial Cotopaxi
Mipro Ecoparque Industrial Cotopaxi
MinisterioIndustriasEcuador
 
Expanding OER Adoption in Michigan, Oregon, and California
Expanding OER Adoption in Michigan, Oregon, and CaliforniaExpanding OER Adoption in Michigan, Oregon, and California
Expanding OER Adoption in Michigan, Oregon, and California
Una Daly
 

More Related Content

What's hot

An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 

What's hot (20)

DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
 
Container orchestration
Container orchestrationContainer orchestration
Container orchestration
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
 
Kubernetes kubecon-roundup
Kubernetes kubecon-roundupKubernetes kubecon-roundup
Kubernetes kubecon-roundup
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6
 
Kubernetes-Meetup
Kubernetes-MeetupKubernetes-Meetup
Kubernetes-Meetup
 
Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Orchestrating Docker Containers with Google Kubernetes on OpenStack
Orchestrating Docker Containers with Google Kubernetes on OpenStackOrchestrating Docker Containers with Google Kubernetes on OpenStack
Orchestrating Docker Containers with Google Kubernetes on OpenStack
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshop
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Intro to Kubernetes
Intro to KubernetesIntro to Kubernetes
Intro to Kubernetes
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 Workshop
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
 
Kubernetes and Hybrid Deployments
Kubernetes and Hybrid DeploymentsKubernetes and Hybrid Deployments
Kubernetes and Hybrid Deployments
 
Marc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 MinutesMarc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 Minutes
 

Viewers also liked

Expanding OER Adoption in Michigan, Oregon, and California
Expanding OER Adoption in Michigan, Oregon, and CaliforniaExpanding OER Adoption in Michigan, Oregon, and California
Expanding OER Adoption in Michigan, Oregon, and California
Una Daly
 

Viewers also liked (18)

Mipro Ecoparque Industrial Cotopaxi
Mipro Ecoparque Industrial CotopaxiMipro Ecoparque Industrial Cotopaxi
Mipro Ecoparque Industrial Cotopaxi
 
Expanding OER Adoption in Michigan, Oregon, and California
Expanding OER Adoption in Michigan, Oregon, and CaliforniaExpanding OER Adoption in Michigan, Oregon, and California
Expanding OER Adoption in Michigan, Oregon, and California
 
Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017Containerd Donation to CNCF Cloud Native Conference Berlin 2017
Containerd Donation to CNCF Cloud Native Conference Berlin 2017
 
Political alert house of representatives daily program (fed)
Political alert house of representatives daily program (fed)Political alert house of representatives daily program (fed)
Political alert house of representatives daily program (fed)
 
AlejandroMorenoGarcía_Puesto10
AlejandroMorenoGarcía_Puesto10AlejandroMorenoGarcía_Puesto10
AlejandroMorenoGarcía_Puesto10
 
Relatório 6
Relatório 6Relatório 6
Relatório 6
 
Relatório 8
Relatório 8Relatório 8
Relatório 8
 
Relatório 9
Relatório 9Relatório 9
Relatório 9
 
Alba luz lemos duque
Alba luz lemos duqueAlba luz lemos duque
Alba luz lemos duque
 
Datenanonymisierung und Risikomanagement mit ARX
Datenanonymisierung und Risikomanagement mit ARXDatenanonymisierung und Risikomanagement mit ARX
Datenanonymisierung und Risikomanagement mit ARX
 
Reatorio 7
Reatorio 7Reatorio 7
Reatorio 7
 
Relatório 5
Relatório 5Relatório 5
Relatório 5
 
Reciclajehospitalario 160829221040
Reciclajehospitalario 160829221040Reciclajehospitalario 160829221040
Reciclajehospitalario 160829221040
 
Reciclajehospitalario 160829221040
Reciclajehospitalario 160829221040Reciclajehospitalario 160829221040
Reciclajehospitalario 160829221040
 
Matrix
MatrixMatrix
Matrix
 
Razonamiento verbal
Razonamiento verbalRazonamiento verbal
Razonamiento verbal
 
Mapa mental desarrollo humano
Mapa mental desarrollo humanoMapa mental desarrollo humano
Mapa mental desarrollo humano
 
El rol de las grandes represas en el Fondo Verde del Clima
El rol de las grandes represas en el Fondo Verde del ClimaEl rol de las grandes represas en el Fondo Verde del Clima
El rol de las grandes represas en el Fondo Verde del Clima
 

Similar to KubeCon 2017: Kubernetes from Dev to Prod

OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...
OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...
OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...
OpenNebula Project
 
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesApache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
DataWorks Summit
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes Toolbox
Nebulaworks
 
Kubernetes @ meetic
Kubernetes @ meeticKubernetes @ meetic
Kubernetes @ meetic
Sébastien Le Gall
 
Docker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in ProductionDocker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in Production
Docker, Inc.
 

Similar to KubeCon 2017: Kubernetes from Dev to Prod (20)

Kash Kubernetified
Kash KubernetifiedKash Kubernetified
Kash Kubernetified
 
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
 
OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...
OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...
OpenNebulaconf2017US: Paying down technical debt with "one" dollar bills by ...
 
Kubernetes extensibility: crd & operators
Kubernetes extensibility: crd & operators Kubernetes extensibility: crd & operators
Kubernetes extensibility: crd & operators
 
Kubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & OperatorsKubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & Operators
 
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesApache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes Toolbox
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWS
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWS
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307
 
Open shift and docker - october,2014
Open shift and docker - october,2014Open shift and docker - october,2014
Open shift and docker - october,2014
 
IBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClassIBM Think Session 8598 Domino and JavaScript Development MasterClass
IBM Think Session 8598 Domino and JavaScript Development MasterClass
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
5 - Hands-on Kubernetes Workshop:
5 - Hands-on Kubernetes Workshop:5 - Hands-on Kubernetes Workshop:
5 - Hands-on Kubernetes Workshop:
 
Continuous Delivery at Wix
Continuous Delivery at WixContinuous Delivery at Wix
Continuous Delivery at Wix
 
From monolith to microservice with containers.
From monolith to microservice with containers.From monolith to microservice with containers.
From monolith to microservice with containers.
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
 
Kubernetes @ meetic
Kubernetes @ meeticKubernetes @ meetic
Kubernetes @ meetic
 
Docker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in ProductionDocker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in Production
 

Recently uploaded

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
dharasingh5698
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 

KubeCon 2017: Kubernetes from Dev to Prod

  • 1. Kubernetes from Dev to Prod Subhas Dandapani, CI/CD Platform Lead, GoEuro
  • 2. Subhas Dandapani CI/CD Platform Lead medium.com/@rdsubhas github.com/rdsubhas 12 countries 30k+ stations 200+ airports 10+ million monthly searches
  • 3. - 50 engineers, 10 services → 150 engineers, 50 services - 10 coordinated releases → 150+ independent releases per week - Legacy → CI/CD/Docker/K8s Excluding persistent services - Through all kinds of legacy problems Integration patterns: REST, File, MQ, DB-driven, Metrics-driven, Compile-time, Ancillary artifacts Dev hacks for ops issues, Ops hacks for dev issues, Debts from dev & ops working as silos - Transition in 4 months across company (ground work laid before in a pilot project) Transition Journey
  • 5. From the bottom up: hyper-vm - Single-node k8s+docker VM for development - docker build & kubectl apply on same node - Metadata based kubernetes customization (e.g. applying kubernetes services at bootup) - Optimized for development & testing in the cloud docker bind mounting (nested resolv, etc), integrate with internal network, dnsmasq for docker-inside-docker-inside-docker, tuned for throwaway, etc - First point to upgrade kubernetes from dev to prod hyper vm docker k8s master
  • 6. Development service-repo ├ ops ├─ Dockerfile ├─ helm chart ├─ ci.yaml ├─ Makefile - Every service has "ops" folder - Self-contain most dev+ops requirements docker build hyper vm docker k8s master
  • 7. service-repo ├ ops ├─ Dockerfile ├─ helm chart ├─ ci.yaml y8s (yaml-k8s-sharing) - Adopt Helm Chart standard/layout/templating - But Render-as-a-service - Additional simplification: - 1 input: “env”, configure everything else out of the box - env=dev: use local image - env=test: use stubs (provider-driven stubs/mocks) - env=qa/preprod/prod: pin revision - Optional params (overrides, etc)
  • 8. y8s (yaml-k8s-sharing) kubectl apply -f http://y8s.int/repos/any-service-repo ?env=<test|dev|qa|...> &values[foo]=bar&filters[kind]=Service&... - kubectl apply any repo - DevOps services also applied/deployed same way (router, ingress, core services, database, couchbase, etc) - Additional REST options (values, filters, validate, dry run, json/yaml content types, etc) and generated metadata (for tracing back to source) hyper vm docker k8s master
  • 9. CI/CD Landscape Develop Integrate Deploy hyper-vm develop in the cloud ops/chart in repo self contained repos y8s consume any repo/service
  • 11. service-repo ├ ops ├─ Dockerfile ├─ helm chart ├─ ci.yaml - Adopt GitLab CI.yaml syntax/design - But parse/implement it ourselves - Automate all CI pipelines/jobs - We orchestrate all triggers, do all plumbing pr checks, manual checkpoints, cron jobs, distributed caching, nested docker builds, environments, retry/reassignment rules, slack notifications, emails, release annotations/graphs, etc CI Contract
  • 12. GKEGKE image: jenkins-plain:latest unit-tests: stage: test script: test.sh master: script: release.sh deploy-qa: environment: name: qa credentials: "..." script: deploy.sh deploy-preprod: deploy-prod: ... ci.yaml PR checks master shared qa hyper-vm agent hyper-vm agent GKE preprod, prod, ... GKE
  • 13. - Every agent is hyper-vm + jenkins slave - docker/kubectl readily configured - Jobs run inside configurable build images - Recreate from source every 2 hours with no downtime, no possibility of snowflake CI - Encourage early integration tests kubectl apply -f y8s.g.int/repos/anything and test - Take Jobs all the way to Prod (safety in upcoming slides) CI Contract hyper vm docker k8s master +jenkins swarm
  • 14. Job Environment - Closer Look #1 image: jenkins-plain:latest my-job: script: make build - Start using docker/kubectl right away - Cleaned up after every build - Early Integration/E2E tests kubectl apply -f "y8s.int/...dependencies..." kubectl run / docker run <e2e tests> my-job agent is a hyper-vm
  • 15. my-job: script: make deploy environment: name: preview-24h - Provision on-the-fly ephemeral hyper-vm Same build contract, kubectl/docker readily pointed to that VM - But lives after job completes - Show demos, connect for development/debugging Job Environment - Closer Look #2 my-job 24h preview-vm
  • 16. Job Environment - Closer Look #3 my-job: script: make deploy environment: name: qa|preprod|prod-region credentials: <credentials> - Apply to Deploy! Including prod regions - We’ll talk about security in later slides my-job GKE qa|prod|...
  • 17. my-job: stage: pr when: manual environment: name: preview-24h Composition Run on PRs when: manual on pipelines: manual checkpoint on PRs: comment “trigger my-job” Product demos on demand, GitHub Flow (deploy from PR to prod), etc And boot an ephemeral preview VM
  • 18. Patterns - Database migrations - kubectl run --overrides=$(curl -H ...json y8s.g.int/...migration) - End to end testing - Shared E2E tests treated as services, have their own ops folder as well - kubectl apply y8s.g.int/repos/... && kubectl run <e2e-tests> - Additional Services - helm templates for services like selenium, couchbase, mysql, etc - kubectl apply y8s.g.int/...services… - No need for additional abstraction (like travis-ci services, for example)
  • 19. CI/CD Landscape Develop Integrate Deploy hyper-vm develop in the cloud ops/chart in repo self contained repos y8s consume any repo/service ready environments preview, qa, preprod, prod, ... ci.yaml pipelines & patterns hyper-vm + ci agent early E2E in CI
  • 21. - Kubernetes API gateway/proxy - Deployed in every k8s cluster, proxies to kubernetes master - Compliance - Validate request on-the-fly when kubectl apply is called to deploy - Enforce presence of CPU/Memory Limits, Live/Readiness probes, … - Enforce no LoadBalancer type allowed, Ingress begins with namespace, ... - Necessary annotations on every resource, whitelisted resource kinds, … - All kinds of Governance and Standards on what is being applied - Enables Orchestration auth8s qa preprod prod ... GKE
  • 22. auth8s - Enables us to safely hand over releases to developers - No way for one bad pod (memory leak) bringing the whole cluster down - Prevent “Wild wild west” of alpha/beta APIs in clusters - Use few kubernetes APIs and enforce they are used in the right way - Security - Each namespace gets its own username/password, cannot mess with others - Note: k8s 1.6 RBAC in “beta”, security can be delegated to k8s when stable Our developers don’t need to do anything, can just be changed internally - Compliance and governance is equally important, so this still stays! qa preprod prod ... GKE
  • 23. - Auto-register DNS for independent clusters - Metrics: heapster, restart counters, etc - Logging: Ship structured container logs using filebeat - Routing: nodePort, containerizing current router, etc - Moving to: Ingress - Automatically instrument external health checks (pingdom-style) Value additions: Cluster services
  • 24. Value additions: Sidecar and Regional services - Sidecar container for big artifacts for legacy services - Region-specific external services - All devops-managed external resources (db, logstash, etc) have their own pipelines and yamls - Provide containerized/test in dev/qa/preprod/etc - Endpoints pointing to persistent resources in prod - Multi-region focused from the beginning
  • 25. - Coming up: More annotation-driven cluster services - Capture periodic thread-dumps by declaring annotations - Autoscale by declaring metric queries in annotations - Automated external uptime checks and status pages for ingresses - etc Value additions: Annotation driven
  • 26. CI/CD Landscape Develop Integrate Deploy hyper-vm develop in the cloud ops/chart in repo self contained repos y8s consume any repo/service ready environments preview, qa, preprod, prod, ... value added services routing, logs, metrics, dns, ... auth8s security, compliance gke best kubernetes experience ci.yaml generated pipelines & jobs hyper-vm + ci agent early E2E in CI
  • 28. - Containers are a cultural change - Lots of presentations, PoCs, consulting, lobbying, “we needed this yesterday” - We did at same time: CI, CD, Unversioning, Dockerizing, Kubernetizing - Couldn’t have done without support from teams, managers, product, business - Don’t try too much: Changing monitoring, routing, building, processes, etc. - Migrate as-it-is - Services closer to 12factor, With small dep-graph, Hard legacy challenges - 5 minute bootup, 400 MB images, Dev vs Ops hacks, etc - Run with 0% traffic, Shadow comparison, QA/Preprod, Traffic switching - Establish the pipe, Optimize later What we learned?
  • 29. - Work with feature teams - Get out of the DevOps desk/lobby - Be part of their journey - Let them own their success - Avoid repeating mistake of dev vs ops silos - Embrace Standards, Validate Subset - Too many DevOps tool ~micro-JS explosion - Choose wisely, Draw boundaries, Be compatible - Less tools, More APIs, More Dogfooding What we learned?
  • 30. - Transition from Cloud resources => Container resources - From Cloud: Disk Image + InstanceGroup/ASG + LoadBalancer - To Container: Docker Image + K8s Deployment + K8s Service/Ingress - From: packer build, terraform apply, cannot be controlled, creates real cloud resources - To: docker build, kubectl apply, can be orchestrated and governed, container resources - Allow teams to deliver from Dev to Prod - Balance safety, compliance, automation and ease-of-use - Transition legacy and modern services - Integrate and iterate fast, next 1000 releases per week What Kubernetes Enabled Us
  • 31. - Site Reliability Engineering - Teams deliver up to prod-x% - Rollout to rest automatically based on metrics - Better State Management - Secret Management - Multiple possibilities, ci.yaml, auth8s, etc - Ingress, Federation - Namespace Quotas - Virtual data center, Team budgets, etc Stepping Forward ENGINEERING CI/CD/Tooling/VAS INFRA SRE