- What do you need to deploy microservices? - What is Docker, Kubernetes, Infrastructure, and GitOps? - Why can GitOps help us to improve the DevOps process? - Demo GitOps Jirayut Nimsaeng Founder & CEO Opsta (Thailand) Co., Ltd. Google DevFest 2022

1. Bangkok
Jirayut Nimsaeng
CEO & Founder, Opsta (Thailand)
Deploy 22 microservices
from scratch in 30 mins
with GitOps

2. Jirayut Nimsaeng (Dear)
● He is Founder and CEO of Opsta (Thailand) Co.,Ltd.
● He has been involved in DevSecOps, Container, Cloud
Technology and Open Source for over 10 years.
● He is the first Certified Kubernetes Security Specialist
(CKS) and Certified Kubernetes Administrator (CKA) in
Thailand
● He is first Thai Google Cloud Developer Expert (GDE) in
Thailand

3. How long does it take to build and deploy all of these?
https://github.com/dotnet-architecture/eShopOnContainers

4. And much more..

5. How we build?
hook
plan & apply
ingress-nginx
argocd.bangkok.opsta.in.th
eshop.dev.bangkok.opsta.in.th
eshop.uat.bangkok.opsta.in.th
eshop.bangkok.opsta.in.th
cert-manager
EShop ApplicationSets
cloud load
balancer
EShop
Dockerfile
1
2
3
4
5

6. What is Docker?

7. Evolution of Application Deployment

8. Dockerfile
Docker Image
Build
Push
Run
Pull
Docker Life Cycle
Run
Run
Docker Container

9. What is
Kubernetes?

10. One server
Node
Container

11. Multiple servers
Node1 Node2 Node3
Container
???

12. What is Kubernetes?
● Kubernetes, in Greek, means the Helmsman, or pilot of the ship,
pilot of a ship of containers
● Kubernetes is a software written in Go for automating deployment,
scaling, and management of containerized applications
● Focus on manage applications, not machines
● Open source, open API container orchestrator
● Supports multiple cloud and bare-metal environments
● Inspired and informed by 15 years of Google’s experiences and
internal systems

13. Kubernetes Architecture

14. Docker & Kubernetes Life Cycle
Dockerfile
Docker Image
Kubernetes Cluster
Build
Push
Run
Pull

15. What is Google Kubernetes Engine? (GKE)
Google Kubernetes Engine (GKE) provides a managed environment for deploying,
managing, and scaling your containerized applications using Google infrastructure
with these benefits
● Single-click clusters
● A high-availability control plane including multi-zonal and regional clusters
● Auto-repair, auto-upgrade, and release channels
● Vulnerability scanning of container images and data encryption
● Integrated cloud monitoring with infrastructure, application, and
Kubernetes-specific views

16. What is
Infrastructure as
Code (IaC)?

17. Infrastructure as Code
● Define Infrastructure as Code instead of
creating it manually
● Infrastructure can be easily reproduced

18. Everything as Code
Configuration as Code
Network as Code Security as Code
Policy as Code
Infrastructure as Code

19. Declarative
Describe the Outcome
Imperative vs
Explicit Instructions
The system is smart,
you don’t care
The system is stupid,
you are smart

20. Declarative
resource "google_kms_key_ring" "vault" {
name = "vault-helm-unseal-kr"
location = "asia-southeast1"
}
Imperative vs
gcloud kms keyrings create
vault-helm-unseal-kr
--location asia-southeast1

21. IaC Tools

22. Infrastructure as Code Tools

23. Dockerfile
FROM node:16.14.2-alpine3.15
COPY . /nodejs/.
WORKDIR /nodejs
RUN npm install
ENV VERSION 1.0
EXPOSE 8081
CMD ["node", "/nodejs/main.js"]
OS + System Packages
Source Code
Library Dependencies
Configuration

24. Kubernetes Manifest
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox
command:
- sleep
- "3600"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-foo
spec:
rules:
- host: "foo.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: app-a
port:
number: 8080

25. Problem with Kubernetes Manifest
● 1 Microservice consist of:
○ Deployment
○ Service
○ Ingress
○ Configmap
○ Secret
● More effort for operate and difficult
control environment values.
● Hard to manage release (Rollback, Rollout, history).
● Hard to reuse configuration template cause
specification environment.

26. Helm
Kubernetes Cluster
Helm
Value UAT
Microservice
DB
Microservice
UI
DB
Production
Microservice
DB
Microservice
UI
DB
+
app:
image: app-a
tag: dev
replicas: 2
healthCheck: "/health"
ingress:
host: app-a.example.com
env:
DB_URL: db-dev:5432
Helm
Chart

27. Terraform
Provision and manage any cloud,
infrastructure, or service

28. Terraform Syntax
resource "google_container_cluster" "gke_eshop" {
name = "gke-eshop"
location = var.zone
release_channel {
channel = "RAPID"
}
min_master_version = "1.25.0-gke.1100"
remove_default_node_pool = true
initial_node_count = 1
}

29. Terraform Cloud

30. What is GitOps?

31. What is GitOps?
GitOps is a set of best practices where the entire code delivery
process is controlled via Git, including infrastructure and application
definition as code and automation to complete updates and rollbacks.
gitops

32. GitOps Principles v1.0.0
A system
managed by
GitOps must
have its desired
state expressed
declaratively
Desired state is
stored in a way that
enforces
immutability,
versioning and
retains a complete
version history
Software agents
automatically pull
the desired state
declarations from
the source
Software agents
continuously
observe actual
system state and
attempt to apply
the desired state
https://opengitops.dev

33. Overview
Git GitOps Tool
pull request
for change
continuous
pulling
DEV
UAT
PRD
sync stage

34. Benefits
● Better traceability
● Easier rollbacks
● The state of the cluster is always described in Git
● Safer deployments, there is no external deployment system with full
access to the cluster
● Transparent, Straightforward Auditing
● Detecting/Avoiding configuration drift
● Multi-cluster deployments
● Build Code Reviews and Collaboration Culture
gitops

35. Challenges
● Many teams will have to adjust their culture and way of working to
support using Git as the single source of truth
● There may be times when that is necessary and will require suspending
GitOps in some way
● Good testing and CI already in place
● A strategy for dealing with promotions between environments
● Secrets strategy
gitops

37. Before
commit
Git CI
Container
Registry
CI CD
DEV
UAT
PRD
build
push
kubectl apply
helm upgrade

38. After
Git Container
Registry
CI CD
commit build
push
Git GitOps Tool
pull request
for change
continuous
pulling
DEV
UAT
PRD
sync stage
[optional] update infrastructure as code

39. ArgoCD Architecture
https://argo-cd.readthedocs.io/en/stable/

40. ArgoCD Application
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision : HEAD
path: guestbook
destination :
server: https://kubernetes.default.svc
namespace: guestbook

41. Show me
your code

42. Infrastructure Layer
service account
machine_type: e2-custom-4-8192
node_count: 5
hook plan & apply

43. Kubernetes Layer
hook
plan & apply
ingress-nginx
argocd.bangkok.opsta.in.th
cert-manager
cloud load
balancer

44. ArgoCD Layer
hook
plan & apply
ingress-nginx
argocd.bangkok.opsta.in.th
eshop.dev.bangkok.opsta.in.th
eshop.uat.bangkok.opsta.in.th
eshop.bangkok.opsta.in.th
cert-manager
EShop ApplicationSets
cloud load
balancer
EShop
Dockerfile

45. ArgoCD ApplicationSets
ApplicationSets

46. Contact Us
Jirayut Nimsaeng (Dear)
Facebook:
Email:
Website:
fb.me/DearJirayut
jirayut@opsta.co.th
www.opsta.co.th
Founder & CEO