Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
GitOps and Kubernetes Multi-Cluster Management
1. V0000000
OpenInfra Days @ Vietnam 2022
27-Aug-2022
A Practical Approach to Traditional
and Cloud Native Infrastructure
Management using GitOps
Anthony Lin
anthony.lin@redhat.com
Hybrid Cloud Specialist,
Red Hat ASEAN
1
2. AGENDA
OpenInfra Days @ Vietnam 2022
▪ What is GitOps?
▪ IaC Automation and GitOps
▪ GitOps and Kubernetes Multi-Cluster Management
▪ Q&A
4. GitOps
● Prescriptive style of Infrastructure as Code
○ For deploying and managing large, sophisticated, distributed and cloud-native
systems
○ Uses Git as the single source of truth for declarative infrastructure and
applications
■ Defined state of infrastructure is Git version controlled, complete with a
useful audit log of all activity
● Brings together developments and operations with development process and
tooling
○ Provides a consistent means of working across the organization
○ Helps to increase productivity and velocity of deployments and development
5. GitOps considers that Git repository is our only source of truth. Manual
operations are prohibited and changes are introduced through git to
perform deployments adopting “Continuous Deployment”.
Contributor’s
Pull Request
Content
Review
Release
for
Consumption
Generate
Artifacts
Test
Content
7. 7
#1 Fill the form Request For Change.
#2 Fill the form again after talking with senior colleague.
#3 Now you can fill the webform and link CIs from CMDB.
#4 Your Configuration Item (CI) is not in the CMDB.
#5 Use your own team's CMDB (A.K.A Excel).
#6 Sleep(1 week) and waitfor(Change Advisory Board).
#7 Explain why you really, really need to do your job.
#8 Someone's else execute and get syntax error.
#9 Goto #2
The Joy of Request For Changes
8. 8
Infrastructure As Code
"Infrastructure As Code is the capability to rebuild the entire infrastructure only with
system’s data and code from your version control systems "
Data Code
9. IaC Practices
Data Code
Automated tests
Security and compliance
Automating execution from a
shared environment
Source Control
Modularizing and
versioning
Documentation
14. On-Premise Infrastructure with CI/CD
Infrastructure
● CI/CD
● Fully Tested
● Fully Automated
● Infra as Code (IaC)
Applications
W W W
DB
15. What is Need to Enable CI/CD in an
Infrastructure Project?
● Infrastructure as Code
● Test Environments
● Time and Effort
16. Applying Software Best Practices to Hardware
Physical
Infrastructure as
Code
● Speed+
● Cost-
● Risk-
● Velocity
● Productivity
● Sustainability
Physical
CI/CD
Infrastructure as code is
the foundation required to
automate deployments
and scaling in the physical
world.
17. What CI/CD Looks like in Practice
Step1 Step 2 Step3 Step5
Step4
Pipeline
RUN
Q. How do we know the operation will be
successful?
A. Because we test it first (that is the CI part)
18. What CI/CD Looks like in Practice
Step 1 Step 2 Step 4
Step 3
A pipeline consisting of all the
automated steps needed to
achieve the required operation:
● New deployment
● Upgrade
● Scale-up/Scale-down
● Config change
● and others ...
For proper CI/CD, some of these
steps are tests that are usually
executed in a virtual environment
Prepare the
Virtual
Environment
Actual Operation:
- Deployment
- Upgrade
- Config Change
- and others ...
Test the
result of this
operation
Repeat the
operation in a
production
environment
CD
CI
19. deploy test
environment
start impact
monitoring
upgrade
process
impact
analysis
Iteration 1
deploy test
environment
start impact
monitoring
upgrade
process
impact
analysis
Iteration 2
deploy test
environment
start impact
monitoring
upgrade
process
impact
analysis
Iteration 13
deploy test
environment
start impact
monitoring
upgrade
process
impact
analysis
Production
deployment
Iteration 14
Process did not complete because
of error in upgrade process
orchestration
Impacted test application
because of BZ #xxxxxx. hotfix
provided by Red Hat.
No impact detected!
Site 1
Site 2
Site 3
Multiple production clusters
upgraded with:
● Very high confidence
● One-click operation
● Engineers already working
on something else
...
...
...
...
...
Cloud Upgrade Example
20. GitOps + IaC in Action
Check-Out
Content
1
Trigger CI
Check-In
Changes
Approve
Changes
3
6
7 Trigger CD
Peer
Reviewer(s)
Engineers
Test
4
8 Deploy
2
Notify
5
Notify
9
Dev Workspace
0
21. Golden Image GitOps Pipeline with Ansible Automation Platform
Code
Version
Control
Build
Code Editor
Source Code
Management
Artifact /
Image
Creation
Leads to much faster reaction time to new CVEs and security
vulnerabilities as new images can be built quickly with pipeline!
Package New Base OS Server Image
● Pipeline allows easy
rebuild of Base OS
Image
● Rebuilt image is
properly hardened
and updated with
the latest security
patches
● Provides hardened
Base OS Image for
Developers to carry
out application
testing
● Pipeline can be
easily extended to
include application
installation and
other custom
requirements
25. 25
Cloud-native Approaches
● Declarative infrastructure definitions
● Separation of Software / Data / Configuration
● Automate everything
● Rebuild vs Repair
● Scalability. Scale Out not Up.
● Oriented to:
○ Containers / Kubernetes
○ Microservices architectures
○ 12 factor apps
○ DevSecOps / Agility
○ Portability -> Multi/Hybrid cloud
26. ▸ Disparate clusters built by
individual teams within the
organization.
▸ Significant effort spent to meet
security, governance and
compliance requirements of the
organization.
▸ Ensuring the platform is
operationally ready within days
and not weeks-to-months to
onboard developer teams.
Challenges
▸ Provide containers-as-a-service
capability within the organization
through self-service
consumption
▸ Automate standard container
platform build within the
organization
▸ Enforce policies and
configuration on the container
platform in a consistent manner
▸ Using git as the source of truth
Solution
26
Adopting Kubernetes Enterprise Wide
27. Run
▸ Observability: Central monitoring and logging
▸ DevOps tooling. Automated builds. CI/CD, IDE, Container registry
▸ Unified storage abstraction
Manage
▸ Multi cluster management
▸ GitOps. Application lifecycle management.
▸ Project team and application onboarding
Governance, Compliance and Security
▸ Policy-based governance, risk, and compliance
▸ Shift Left. Container security.
▸ Zero trust security
▸ Trusted supply chain
▸ Approved tech stack. Language runtime, databases, RHEL UBI images.
Automate Everything
▸ IaC
▸ Configuration Management
▸ Workflow orchestration
▸ Network and security automation
Supporting Application Modernization
Application
modernization
Run
Automate
Manage
27
Governance,
compliance and
security
Consistency is key across the organization
Physical
Virtua
l
Private
cloud
Public
cloud
Edge
28. Sync
Monitor
Detect
drift
Take
action
Argo CD
● Cluster and application configuration versioned in Git
● Automatically syncs configuration from Git to clusters
● Drift detection, visualization and correction
● Granular control over sync order for complex rollouts
● Rollback and rollforward to any Git commit
● Manifest templating support (Helm, Kustomize, etc)
● Visual insight into sync status and history
28