Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins

•Transferir como PPTX, PDF•

2 gostaram•608 visualizações

NYC Kubernetes Meetup Presentation - May 29, 2018 Presentation describes how we use Makefiles to build and deploy microservices on Kubernetes; how code is shared using git submodules; why we chose Helm; how sensitive data is stored in Git. https://www.meetup.com/New-York-Kubernetes-Meetup/events/250629415

Tecnologia

Deploying Microservices -
Makefiles, K8S Config Templates,
Git Submodules, Helm, Git-crypt
and Jenkins
Satish Devarapalli

$whoami
Satish Devarapalli
Cloud Platform Architect @ Wolters Kluwer
@devasat

Agenda
● Project Intro
● Makefiles
● Why Helm
○ K8S Config Templates
○ Version Management
○ Property Lookup Hierarchy
○ Release = Code + Config + DB Change
● Passwords Management
● Spinnaker vs. Jenkins

Project Intro
Platform
auth 𝞵 svc𝞵 svc ...

● Simplify developer onboarding
● Consistent commands usage on workstations and Jenkins
● Build and deploy Steps
○ Build container
■ Build
■ Tag
■ Publish
○ Deploy
■ Environment parameters
■ K8s config templates
Makefiles
Naming Convention
project-prefix/service:version-githash
Example: wk/auth:1.0-a8765
make clean build deploy
make env=qa deploy

Makefiles
𝞵 svc Makefile
Parent Makefile

Agenda
● Project Intro
● Makefiles
● Why Helm
○ K8S Config Templates
○ Version Dependency Management
○ Property Lookup Hierarchy
○ Release = Code + Config + DB
● Passwords Management
● Spinnaker vs. Jenkins

K8S Config Templates
● Configuration files are similar
○ Deployment
○ Service
○ Ingress
○ Horizontal Pod Autoscaler
○ Config Map
● Helm Template Engine
○ Go Templates
○ Built-in objects
○ Dry run option
○ NOTES.txt

Version Management
Helm Chart Dependencies
Platform
1.0
auth
1.0
𝞵 svc
1.0
𝞵 svc
1.0
...
Platform
1.1
auth
1.0
𝞵 svc
1.0
𝞵 svc
1.1
...
Platform
1.2
auth
1.0
𝞵 svc
1.2
𝞵 svc
1.1
...
Platform
1.3
auth
1.0
𝞵 svc
1.2
𝞵 svc
1.1
...

Property Lookup Hierarchy
Identical in all environments
DEV QA PROD
PROJECT
Identical in all environments
DEV QA PROD
𝞵 svc
Identical in all environments
DEV QA PROD
replicaCount=1
replicaCount=4
helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml --set db-
server=cmdline-override.wk.com
1
2
3
4
1
2
Common across all microservices and in all environments
Common across all microservices in an environment
3
4
Common for a specific microservice in all environments
Specific value for a specific microservice in a specific environment
replicaCount=2

● Option 1: package environment values in to chart and extract them at install
time
○ helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml
● Option 2: create a chart for each environment
○ Project1-0.1.0-dev.tgz, project1-0.1.0-qa.tgz, project1-0.1.0-prod.tgz
● Option 3: package environment values as sub-charts
Property Lookup Hierarchy
https://github.com/kubernetes/helm/issues/2620

Release = Code + Config + DB
Helm Chart
Chart auth-1.0 = auth:1.0 + config 1.0
Chart auth-1.1 = auth:1.1 + config 1.0
Chart auth-1.2 = auth:1.1 + config 1.2
?
+ 0-db.sql
+ 0-db.sql
+ 1-db.sql
Reference: Containerizing SQL DB changes with Flyway, Kubernetes, and OpenShift
https://developers.redhat.com/blog/2018/01/10/flyway-containerized-db-changes/

Passwords Management
● Kubernetes Secrets
● Separate Git repository
● Git-crypt
○ GPG keys
○ Production keys accessible only to operations team
● Future
○ Hashicorp Vault
Helm Plugin

Spinnaker vs. Jenkins
● Spinnaker
○ Kubernetes V2 plugin - promising
■ Helm support not GA yet
○ Administration?
○ Cost?
● Jenkins
○ Canary deployment
○ Blue/green

Mais conteúdo relacionado

Mais procurados

Deploying NGINX Plus with Ansible

Kevin Jones

Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)

Michelle Antebi

Containing the Gear: Deep Dive on SELinux, Multi-tenancy, Containers & Security with Dan Walsh Presenter: Dan Walsh In this talk, Dan will do a deep dive into the Origin PaaS use of SELinux and containerization. He will discuss how SELinux being utilized to ensure that Origin is the the most secure PAAS available today. He will address some of his ideas for the future of Origin and SELinux. From 2013-04-14 OpenShift Origin Community Day in Portland, Oregon

OpenShift & SELinux with Dan Walsh @rhatdan

OpenShift Origin

"Technologies that are going to affect our lives in the next decade are being tested and developed in the video game sphere." In January 2016 Activision approved a pilot project to build a containerised continuous delivery pipeline using Docker. This project spanned multiple devops teams and would culminate in launching a production title "Skylanders Imaginators" in October 2016. The Mission Statement : “Our mission is to deliver an amazing build, test and deploy pipeline that aims to be so reliable, effective and easy to use that our product and title departments will end up writing high value gaming services all day long without giving a second thought to how they may reliably deliver these in record time.” This talk will discuss the cultural and technical challenges faced throughout the pilot. Spoiler alert: Not everyone was happy with the decision to use Docker. The talk will cover the concerns and how we handled them. It will cover why it is important, especially in the games industry, to be evaluating and integrating technologies like Docker in order to remain relevant. For the first time in Demonware history developers were responsible for the launch and support of a title. We are also the first studio under Activision to be running Docker in Production.

Activision's Skypilot: Delivering Amazing Game Experiences Through Containeri...

Docker, Inc.

Docker Swarm Meetup (15min lightning)

Mike Goelzer

Kubernetes is more or less one of the biggest players when it comes to Container orchestration. Since Kubernetes 1.7 RBAC (Role Based Access Control) is the default for the authorisation of actions in you cluster. There are many other components, like Pod Security Policies, Network Policies, Admisstion Controllers, that allows you to secure your Kubernetes cluster. In this talk I will show you how these things can work together and which problem these components try to solve. Also I will show you an overview how other tools like Vault can fit into the Kubernetes ecosystem to make you platform more secure. Event: DevFest Karlsruhe, 09.12.2017 Speaker: Johannes M. Scheuermann Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/ Weitere Tech-Artikel: https://www.inovex.de/blog/

Kubernetes Security

inovex GmbH

Or, how NGINX can act as your stevedores properly routing and accelerating HTTP and TCP traffic to pods of containers across a globally distributed environment. NGINX can be used to manage and route your traffic across your distributed micro services architecture offering a seamless interface to your customers and giving you granular management of backend service scaling and versions. Add in some caching and load balancing and the efficiencies of an application delivery platform become apparent.

Interconnecting containers at scale #Dockercon

sarahnovotny

Security best practices for kubernetes deployment

Michael Cherny

The majority of middleware and messaging systems in use were built in a time that did not have the concept of scale and real-time data that developers operate in today. With the rise of Cloud Native and Microservices architectures as a design principle and the emphasis on simplicity, speed, and flexibility that come with it, developers need a messaging protocol to match. Enter NATS. NATS is a remarkably lightweight messaging protocol, and extremely flexible and resilient. It is just a few MB in size, and can scale to publish tens of millions of message from a single server.

NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era

wallyqs

Load Balancing Applications with NGINX in a CoreOS Cluster

Kevin Jones

DockerCon EU 2015: What's New with Docker Trusted Registry

Docker, Inc.

Kubernetes - how to orchestrate containers

inovex GmbH

NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.Additional Sponsor InformationDuring our session we will be Raffling off a swag pack to live attendees. We'll also be offering 30% off our swag store that can be shared via social. Details below:URL: swag-nginx.com Code: DOCKERCON30 Value: 30% off

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

Kevin Jones

DCSF19 Deploying Istio as an Ingress Controller

Docker, Inc.

Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup

Laure Vergeron

LlinuxKit security, Security Scanning and Notary

Docker, Inc.

Contiv provides a higher level of networking abstraction for microservices: it provides built-in service discovery and service routing for scale out services, working with schedulers like Docker Swarm, Kubernetes, Mesos and Openshift. A powerful policy-based management that makes networking on large scale easy. We will see some code examples, use cases and an easy tutorial on the web. This session is a follow up to the successful sessions at Codemotion Rome and Amsterdam in 2016: we'll go deeper into the architecture and the use cases.

Luca Relandini - Microservices and containers networking: Contiv, deep dive a...

Codemotion

Moby and Kubernetes entitlements

Docker, Inc.

Secrets management vault cncf meetup

Juraj Hantak

Role based access control - RBAC - Kubernetes

Milan Das

Mais procurados (20)

Deploying NGINX Plus with Ansible

Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)

OpenShift & SELinux with Dan Walsh @rhatdan

Activision's Skypilot: Delivering Amazing Game Experiences Through Containeri...

Docker Swarm Meetup (15min lightning)

Kubernetes Security

Interconnecting containers at scale #Dockercon

Security best practices for kubernetes deployment

NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era

Load Balancing Applications with NGINX in a CoreOS Cluster

DockerCon EU 2015: What's New with Docker Trusted Registry

Kubernetes - how to orchestrate containers

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

DCSF19 Deploying Istio as an Ingress Controller

Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup

LlinuxKit security, Security Scanning and Notary

Luca Relandini - Microservices and containers networking: Contiv, deep dive a...

Moby and Kubernetes entitlements

Secrets management vault cncf meetup

Role based access control - RBAC - Kubernetes

Semelhante a Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins

Kubernetes - training micro-dragons without getting burnt

Amir Moghimi

Continuous Delivery with Docker and Amazon ECS

Amazon Web Services

In this deck from the Stanford HPC Conference, Christian Kniep from Docker, Inc. gives a tutorial on linux containers. "This tutorial provides a detailed overview of the components needed to run containerized applications and explores how distributed HPC applications can be tackled. We’ll explain the concept of Linux Containers and describe the bits and pieces participants will explore following step-by-step examples. The workshop will introduce the predominant forms of orchestration in the industry; what problems they solve and how to approach the problem. Attendees will explore the benefits and drawbacks of orchestrators first hand with their own small exemplary stack deployments. Finally the workshop will introduce how HPC and Big Data workloads can be tackled on-top of these service-oriented clusters." Watch the video: https://youtu.be/LJinZpCTyk0 Learn more: http://www.docker.com/ and http://hpcadvisorycouncil.com Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter

DevOps Workflow: A Tutorial on Linux Containers

inside-BigData.com

bettterCode, 24.06.2021, Online: Workshop of Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware) & Markus Zimmermann (@markus_zm, Senior Software Engineer at QAware) == Please download slides in case they are blurred! === Use the right tool and language for the job! Especially in the DevOps tooling area, Go has established itself as a simple, reliable and efficient programming language. In this workshop, we learned about suitable application areas and implementing quite a few tools.

betterCode Workshop: Effizientes DevOps-Tooling mit Go

QAware GmbH

Oliver Pomeroy, Docker & Laura Tacho, Cloudbees Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges; Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and how-to's, Olly and Laura will guide you through common situations and decisions related to your pipelines. We'll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.

DCSF 19 Building Your Development Pipeline

Docker, Inc.

Kubernetes: training micro-dragons for a serious battle

Amir Moghimi

Developing with-devstack

Deepak Garg

BASTA! 2017, Mainz: Talk von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware). Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud-Native-Stack. In dieser Session stellen wir die wichtigsten Konzepte und aktuellen Schlüsseltechnologien kurz vor. Anschließend implementieren wir einen einfachen Microservice mit .NET Core und Steeltoe OSS und bringen ihn zusammen mit ausgewählten Bausteinen für Service-Discovery und Konfiguration schrittweise auf einem Kubernetes-Cluster zum Laufen.

Cloud-native .NET Microservices mit Kubernetes

QAware GmbH

Docker containers provide an ideal foundation for running Kafka-as-a-Service on-premises or in the public cloud. However, using Docker containers in production environments for Big Data workloads using Kafka poses some challenges – including container management, scheduling, network configuration and security, and performance. In this session at Kafka Summit in August 2017, Nanda Vijyaydev of BlueData shared lessons learned from implementing Kafka-as-a-Service with Docker containers. https://kafka-summit.org/sessions/kafka-service-docker-containers

Best Practices for Running Kafka on Docker Containers

BlueData, Inc.

Lightning talk: 12 Factor Containers

Mukhtar Haji

Docker Engine 1.12 can be rightly called ” A Next Generation Docker Clustering & Distributed System”. Though Docker Engine 1.12 Final Release is around corner but the recent RC3 brings lots of improvements and exciting features. One of the major highlight of this release is Docker Swarm Mode which provides powerful yet optional ability to create coordinated groups of decentralized Docker Engines. Swarm Mode combines your engine in swarms of any scale. It’s self-organizing and self-healing. It enables infrastructure-agnostic topology.The newer version democratizes orchestration with out-of-box capabilities for multi-container on multi-host app deployments.

What's New in Docker 1.12?

Ajeet Singh Raina

We will see how to easily deploy and maintain a secure environment managed by Swarm - a built-in orchestration platform into Docker. We will cover topics such as managing services with Stack files, service discovery, zero downtime deployment and monitoring business-critical applications. The presentation will contain examples from production usage of this solution sharing the useful hands-on experience.

JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek

PROIDEA

Docking with Docker

University of Alabama at Birmingham

Continuous Delivery With Selenium Grid And Docker

Barbara Gonzalez

廣宣學堂: 容器進階實務 - Docker進深研究班

Paul Chao

Automating Software Development Life Cycle - A DevOps Approach

Akshaya Mahapatra

Docker 進階實務班

Philip Zheng

Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop. Led By Docker Security Experts: Riyaz Faizullabhoy David Lawrence Viktor Stanchev Experience Level: Intermediate to advanced level Docker experience recommended

Docker Security workshop slides

Docker, Inc.

Antons Kranga Building Agile Infrastructures

Antons Kranga

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...

Patrick Chanezon

Semelhante a Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins (20)

Kubernetes - training micro-dragons without getting burnt

Continuous Delivery with Docker and Amazon ECS

DevOps Workflow: A Tutorial on Linux Containers

betterCode Workshop: Effizientes DevOps-Tooling mit Go

DCSF 19 Building Your Development Pipeline

Kubernetes: training micro-dragons for a serious battle

Developing with-devstack

Cloud-native .NET Microservices mit Kubernetes

Best Practices for Running Kafka on Docker Containers

Lightning talk: 12 Factor Containers

What's New in Docker 1.12?

JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek

Docking with Docker

Continuous Delivery With Selenium Grid And Docker

廣宣學堂: 容器進階實務 - Docker進深研究班

Automating Software Development Life Cycle - A DevOps Approach

Docker 進階實務班

Docker Security workshop slides

Antons Kranga Building Agile Infrastructures

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...

Último

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Histor y of HAM Radio presentation slide

vu2urc

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins

1. Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins Satish Devarapalli

2. $whoami Satish Devarapalli Cloud Platform Architect @ Wolters Kluwer @devasat

3. Agenda ● Project Intro ● Makefiles ● Why Helm ○ K8S Config Templates ○ Version Management ○ Property Lookup Hierarchy ○ Release = Code + Config + DB Change ● Passwords Management ● Spinnaker vs. Jenkins

4. Project Intro Platform auth 𝞵 svc𝞵 svc ...

5. ● Simplify developer onboarding ● Consistent commands usage on workstations and Jenkins ● Build and deploy Steps ○ Build container ■ Build ■ Tag ■ Publish ○ Deploy ■ Environment parameters ■ K8s config templates Makefiles Naming Convention project-prefix/service:version-githash Example: wk/auth:1.0-a8765 make clean build deploy make env=qa deploy

6. Makefiles

7. Makefiles

8. Makefiles 𝞵 svc Makefile Parent Makefile

9. Agenda ● Project Intro ● Makefiles ● Why Helm ○ K8S Config Templates ○ Version Dependency Management ○ Property Lookup Hierarchy ○ Release = Code + Config + DB ● Passwords Management ● Spinnaker vs. Jenkins

10. K8S Config Templates ● Configuration files are similar ○ Deployment ○ Service ○ Ingress ○ Horizontal Pod Autoscaler ○ Config Map ● Helm Template Engine ○ Go Templates ○ Built-in objects ○ Dry run option ○ NOTES.txt

11. Version Management Helm Chart Dependencies Platform 1.0 auth 1.0 𝞵 svc 1.0 𝞵 svc 1.0 ... Platform 1.1 auth 1.0 𝞵 svc 1.0 𝞵 svc 1.1 ... Platform 1.2 auth 1.0 𝞵 svc 1.2 𝞵 svc 1.1 ... Platform 1.3 auth 1.0 𝞵 svc 1.2 𝞵 svc 1.1 ...

12. Property Lookup Hierarchy Identical in all environments DEV QA PROD PROJECT Identical in all environments DEV QA PROD 𝞵 svc Identical in all environments DEV QA PROD replicaCount=1 replicaCount=4 helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml --set db- server=cmdline-override.wk.com 1 2 3 4 1 2 Common across all microservices and in all environments Common across all microservices in an environment 3 4 Common for a specific microservice in all environments Specific value for a specific microservice in a specific environment replicaCount=2

13. Property Lookup Hierarchy Identical in all environments DEV QA PROD PROJECT Identical in all environments DEV QA PROD 𝞵 svc Identical in all environments DEV QA PROD replicaCount=1 replicaCount=4 helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml --set db- server=cmdline-override.wk.com 1 2 3 4 replicaCount=2 1

14. Property Lookup Hierarchy Identical in all environments DEV QA PROD PROJECT Identical in all environments DEV QA PROD 𝞵 svc Identical in all environments DEV QA PROD replicaCount=1 replicaCount=4 helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml --set db- server=cmdline-override.wk.com 1 2 3 4 replicaCount=2 2

15. Property Lookup Hierarchy Identical in all environments DEV QA PROD PROJECT Identical in all environments DEV QA PROD 𝞵 svc Identical in all environments DEV QA PROD replicaCount=1 replicaCount=4 helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml --set db- server=cmdline-override.wk.com 1 2 3 4 replicaCount=2 3

16. Property Lookup Hierarchy Identical in all environments DEV QA PROD PROJECT Identical in all environments DEV QA PROD 𝞵 svc Identical in all environments DEV QA PROD replicaCount=1 replicaCount=4 helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml --set db- server=cmdline-override.wk.com 1 2 3 4 replicaCount=2 4

17. ● Option 1: package environment values in to chart and extract them at install time ○ helm install . -f values.yaml,dev/values.yaml,svc/values.yaml,svc/dev/values.yaml ● Option 2: create a chart for each environment ○ Project1-0.1.0-dev.tgz, project1-0.1.0-qa.tgz, project1-0.1.0-prod.tgz ● Option 3: package environment values as sub-charts Property Lookup Hierarchy https://github.com/kubernetes/helm/issues/2620

18. Release = Code + Config + DB Helm Chart Chart auth-1.0 = auth:1.0 + config 1.0 Chart auth-1.1 = auth:1.1 + config 1.0 Chart auth-1.2 = auth:1.1 + config 1.2 ? + 0-db.sql + 0-db.sql + 1-db.sql Reference: Containerizing SQL DB changes with Flyway, Kubernetes, and OpenShift https://developers.redhat.com/blog/2018/01/10/flyway-containerized-db-changes/

19. Passwords Management ● Kubernetes Secrets ● Separate Git repository ● Git-crypt ○ GPG keys ○ Production keys accessible only to operations team ● Future ○ Hashicorp Vault Helm Plugin

20. Spinnaker vs. Jenkins ● Spinnaker ○ Kubernetes V2 plugin - promising ■ Helm support not GA yet ○ Administration? ○ Cost? ● Jenkins ○ Canary deployment ○ Blue/green

21. Thank You HBO

Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins

Semelhante a Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins (20)

Último

Último (20)

Deploying Microservices - Makefiles, K8S Config Templates, Git Submodules, Helm, Git-crypt and Jenkins