A million ways to promote changes between environments

Slides

Baseline

  • Promotion: Move things from one env to another
  • Options: Sequentially or both
  • Challenge: Env differences
  • Challenge: How do we link our promotion tasks?

GitOps

  • Declarative: YAML, JSON, XML (Not helm or kcl or anything else)
  • Versioned and immutable: Git
  • Pulled automatiocally: No wirte access from cluster
  • Continously reconciled: Maintain parity between desired and actual state

Rules

  • Part of SLDC
  • Declarative
  • Versioned and immutable
  • Pulled automatiocally
  • Continously reconciled

Workflows

Manual

  1. Deploy
  2. Run tests
  3. Push to next stage
  4. Test again or roll back

Manual with gitops

  1. Update manifest
  2. Push to git
  3. Test
  4. Next stage

Problem: Eventual consistency makes the process async instead of sync (important for tests)

Generic workflows

  1. Dev: Bump, push
  2. QS: Wait for success of 1 (how?), do the same
  3. Prod: Wait for success of 2 (how?)

TODO: Steal code screenshots from slides

Tools

Extend your standard CI

Not async, risk of flapping, either blindly trust the state or break the pull-principle by running argo sync or kubectl apply

AppSets Progressive Sync

  • Built in to Application Sets (alpha)
  • Targeting by label, promotes everything
  • Not supported with autosync, bechause it basically manually triggers sync one after another
  • Changes from git have to be manually triggered

Image updater

  • Subscribe to semver based image updates and write them to kubernetes and/or git
  • You have to implement promotions via image naming schemes

TODO: Steal flowchart

Kargo

  • Freight: Artifact or manifest versions to promote
  • Stage: ArgoCD Apps

TODO: Steal flowchart

Telefonistka

  • IaC Agnostic tooling
  • Idea: Watch folder contents and copy contents to new folder
  • Pretty mutch a bundeled CI-Script

TODO: Draw your own chart

Codefresh GitOps

This is one of the speaker’s tools

  • Product: Applications with relationships
  • Env: Any cluster and/or namespace
  • Promotion: CRD for policy (when does it happen, what get’s validated)
  • Promotions can happen manually or automated via commit/pr
  • BAsed on argo workflows

GitOps Promoter (Intuit)

  • Define Manifests once and hydrate them later
  • Sourcehydrator: Argocd feature that handels the rendering and commits it to a new dedicated branch (one branch per stage)
  • The Branches are the branches used by argo, e.g. environments/dev get’s watched by the dev cluster
  • Changes result in environment proposal branches, PR get’s oppened, PR checks run, when PR requirements are met (Tests), it will merge them into the real env branches

TODO: Steal Pattern

Overview of the philosopies

Artifact Oriented: Imageupdater, Kargo Define Manifests once: AppSets Progessive Sync, GitOps Promoter Deff and workflow: CI, Codefresh

TODO: Steal from slides

Best practives

  • Can you recover from git at any point? No -> Do better
  • Does git reflect what’s deployed without looking?
  • Does this enable SDLC?
  • Interfaces in folders, not branches? -> Branches may get crowded