SlideShare a Scribd company logo

Cloud Native Apps with GitOps

Weaveworks
Weaveworks

GitOps provides a way for organizations to adopt continuous delivery practices using cloud native technologies like Kubernetes and Docker. It advocates storing all infrastructure configurations and code in a Git repository to enable automated deployment and management of applications. Weaveworks adopted GitOps and was able to recover from a complete system failure in just 45 minutes by having their entire system defined as code. GitOps follows the principles of continuous delivery and observability by integrating deployment pipelines, monitoring, and security policies to drive faster, more reliable software releases.

Technology
1 of 76
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
More, Better, Faster! Cloud Native Apps with GitOps Alexis Richardson CEO, Weaveworks & TOC Chair, CNCF September 27, 2017
WTF I want to show you how Weaveworks learned to apply technology to make our business go much faster, using cloud native and continuous delivery
WTF GitOps – empowering developers to do operations
How did we get here
Remember this?
1994
1995
1996
2003
2004
2005
(1999-) 2008
Netflix wanted to improve streaming service for all, fast Must Read!https://www.slideshare.net/AmazonWebServices/dmg206
2009-2010 – cloud native appears as a set of requirements https://www.slideshare.net/AmazonWebServices/dmg206 Must Read!
Investors pile in because: velocity equals big bucks
We are all developers now ● If you can merge a pull request on GitHub then you are a developer ● The industry has learnt how to connect GitHub to running applications via CICD pipelines, enabling Git to drive Ops… GitOps
Frontend (Nginx) The Interwebs RDS Instance Frontend (Nginx) Frontend (Nginx) Authenticatin g Proxy WeaverangCollection Service AWS DynamoDB Query Service WeaverangControl Service AWS SQS WeaverangPipe Service AWS S3 Consul Cluster NATS Cluster Static Content Users Service Core Services Scope Services AWS DynamoDB AWS S3 WeaverangDistribution Service WeaverangIngester Service Consul Cluster Cortex ServicesMonitoring & Management Services Grafana Prometheus Weave Scope WeaverangNode Exporter WeaverangScope Probes Kubediff One time, when we blew up Weave Cloud…
Before After
45 minutes from complete and total wipeout back to happy
“I want to go faster” Then Adopt continuous delivery & align business and tech to work as one team Tech teams are empowered to act quickly upon business needs, so they must be multi-skilled and “own the system, own the changes”.  more operations roles in “dev” teams And Use the right Cloud Native technologies Automation means getting fewer errors and scaling safely  Git, CICD, containers, orchestration GitOps = Cloud Native + Continuous Delivery
Continuous Delivery
Fundamental Theorem of DevOps What can be described, can be automated and accelerated
But most businesses release infrequently
DevOps while ubiquitously known has not yet delivered magic velocity & continuous everything
1. New cloud Native apps and tools  is forcing change 2. Accelerate all the things 3. Automation phase shift – adapting to many releases per day Summer is coming
Cloud Native
“Curate and promote tools for cloud native” Microservices Containerised apps Dynamically orchestrated
Industry has bought in
Kubernetes is a platform for cloud native apps “orchestration”  Means that it runs containerised apps the way Linux runs processes Powerful but ”low level” – will have many simplifying tools in future Important: It is declarative automated infrastructure Kubernetes
We can store Kubernetes config in Git and validate it
The key to velocity
Weave Kubernetes gRPC Docker Fluentd OpenTracing Prometheus *** CUNNING SUBLIMINAL ADVERT ***
GitOps
• We use declarative infrastructure ie. Kubernetes, Docker, Terraform, & more • Our entire system including code, config, monitoring rules, dashboards, is described in GitHub with full audit trail • We can roll our major or minor changes as pull requests, and automatically check for diffs if system diverges from the desired “source of truth” in Git How did Weaveworks rebuild our systems in 45 mins?
• Config is code • Code must be version controlled • Config must be version controlled too GitOps follows the Logic of DevOps
GitOps follows the Logic of DevOps • Config is code • Code must be version controlled • Config must be version controlled too • What can be described can be automated • Describe everything: code, config, monitoring & policy; and then keep it in version control
GitOps • Git as a source of truth for desired state of whole system • Compare desired with actual state to fire diff alerts • Make ops changes by pull request
What this gets us • Any developer can use GitHub • Anyone can join team and ship a new app or make changes easily • All changes can be triggered, stored, audited and validated in Git And we didn’t have to do anything very new or clever 
The future is joined up • DevOps is evolving to accommodate the potential of cloud native tools to get more joined up CICD and release automation at a much higher quality • GitOps shows us how to join up workflows and action oriented dashboards in ways that make sense for developers doing more ops
GitOps Deep Dive
GitOps journey • Day 0 – push first app on first cluster & validate that it works • Day 1 – add CICD updates & rollbacks via Git PRs • Day 2 – observing and controlling a production system • Day 3 – scale up – eg. better service routing (mesh) & security policy
The three pillars of GitOps CompletePipeline Observability Security
Pipelines – ABCDE pattern Deployment App Dev Build (CI) Containers Any Cluster Any Cloud Execution Push app to cloud
Pipelines – ABCDE pattern Deployment App Dev Build (CI) Containers Any Cluster Any Cloud Execution Push app to cloud
GitOps - do CD right • Config is code & everything is config (‘declarative infra’) • Code (& config!) must be version controlled • CD tools that do not record changes in version control are harmful
Continuous Delivery/Deployment The GitOps Pipeline – automate releases, sync with Git Image Repo OrchestratorDeploy Synchronizer Config change Manual deployment Git Code change Git Update Hint Continuous Integration Deploy Automator CI Pipeline
Takeaways • Pushing apps & changes is the fundamental operation • GitOps needs complete pipelines that join up CI, CD and Release Automation in one flow • The right tools must be used – they coordinate between Git, CI, and the services running in the cluster, enabling sophisticated deployment policies
Observability
GitOps & Observability • If a change is released and no- one is around to see it, then did it really work?
Read the whole thing – https://twitter.com/mipsytipsy/status/911711540008628224
Observability – understanding whole system wellness • In GitOps we want to get developers comfortable with operational concepts like monitoring, tracing, and incident handling • Like doctors, we must be able to validate health as well as diagnose problems, using a common language and a coherent set of tools
Observability – understanding whole system wellness monitor log trace visualize troubleshoot debugdiffs alerts validate Incident management & response
BigCos pioneer integrated solutions to spur faster action
Observability Asking hard questions of the system is not the same as setting up a load of alerts
Diffs & auto sync are really great Bake in metrics end to end and full stack from the start For alerts, use RED metrics  focus on services You can’t avoid some instrumentation – but that’s ok since all in Git Visuals in Git – grafanalib Policy & Rules in Git (traffic, incident management) Automate (autogenerate) per-service screens & keep in Git Some lessons we learnt running Weave Cloud
Digression
• Observability is a way to verify that our system is in the desired state as specified in Git eg. diffs & alerts & more • An observable system is one that can be controlled, via a feedback control loop that drives continuous improvement A bit of theory
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps
The GitOps Pipeline is really driving a CONTROL LOOP… GitOps loop Deployment App Dev Build (CI) Containers Any Cluster Any Cloud Execution Release ObserveOperate
Runtime System Monitoring Tracing Logging… Control System Git Diff People Release Observe Operate
System Actual State Observable State Understanding Desired State (in Git) Observe Orient Decide Act Release Diff ROODA Loop
Fundamental Theorem of GitOps What can be described and observed can be automated and controlled and accelerated
Takeaways ● Observability is fundamental to automation and understanding ● It is holistic and encompasses any question you could ask about the difference between desired and observed state ● You must bake it in from start, using monitoring, tracing, diff tools …
Security (& Policy)
Recap… • Day 0 – push first app on first cluster & validate that it works • Day 1 – add CICD updates & rollbacks via Git PRs • Day 2 – observing and controlling a production system • Day 3 – scale up – eg. better service routing (mesh) & security policy
Who sees what Who talks to whom  Matters more as you scale Based on rules Routing, Firewalls, ACLs, Rollouts  Declarative? Store them in Git Security
● By using diffs, we can immediately and automatically enforce convergence to a correct (desired) system state ● SOX: Git repos control which developers touch the system, which via GitOps CICD tooling can be mapped directly into running clusters ● Secrets? Security: some examples we have seen @ Weaveworks
Parting Thoughts
● A much easier way to deliver and manage better apps, faster ● Works anywhere! ● Much more resilient – 45 mins to recover from total system wipeout What we got
● Git is a source of truth *for everything* in cloud native era ● GitOps ROODA loop improves velocity & collaboration ● Focus on the 3 pillars: pipelines, observability & security central This is leading us to new insights, new tools, new dashboards today Key takeaways
Observe Orient Decide Act Release GitOps is social Understand Team Control System
Why GitOps The need for speed! Business expects tech to be super responsive  consolidation of dev & ops skills in the most agile teams Automation: a phase shift is coming If we want to go from 1 release per MONTH to 1 or more release per DAY then we need to automate the complete lifecycle New app types will accelerate change DevOps and cloud adoption have arrived. New application types are emerging. Many use tools like Kubernetes & Docker which support “everything as code” and practices that deliver a complete automated & accelerated lifecycle
Where ops happens Powered by Kubernetes

More Related Content

What's hot (20)

PDF
GitOps 101 Presentation.pdf
ssuser31375f
 
PDF
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale
 
PDF
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
PDF
Kubernetes: A Short Introduction (2019)
Megan O'Keefe
 
PDF
Delivering Quality at Speed with GitOps
Weaveworks
 
PPTX
GitOps w/argocd
Jean-Philippe Bélanger
 
PDF
An overview of the Kubernetes architecture
Igor Sfiligoi
 
PDF
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
William Caban
 
PDF
Get started with gitops and flux
LibbySchulze1
 
PDF
Continuous Integration/Deployment with Gitlab CI
David Hahn
 
PDF
Argocd up and running
Raphaël PINSON
 
PPTX
GitOps - Modern best practices for high velocity app dev using cloud native t...
Weaveworks
 
PDF
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
PDF
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
PDF
GitOps for Helm Users by Scott Rigby
Weaveworks
 
PDF
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
PDF
Intro to GitOps & Flux.pdf
Weaveworks
 
PDF
Kubernetes Basics
Eueung Mulyana
 
PDF
Introduction to kubernetes
Raffaele Di Fazio
 
PDF
DevOps & SRE at Google Scale
Kaushik Bhattacharya
 
GitOps 101 Presentation.pdf
ssuser31375f
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale
 
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
Kubernetes: A Short Introduction (2019)
Megan O'Keefe
 
Delivering Quality at Speed with GitOps
Weaveworks
 
GitOps w/argocd
Jean-Philippe Bélanger
 
An overview of the Kubernetes architecture
Igor Sfiligoi
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
William Caban
 
Get started with gitops and flux
LibbySchulze1
 
Continuous Integration/Deployment with Gitlab CI
David Hahn
 
Argocd up and running
Raphaël PINSON
 
GitOps - Modern best practices for high velocity app dev using cloud native t...
Weaveworks
 
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
GitOps for Helm Users by Scott Rigby
Weaveworks
 
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
Intro to GitOps & Flux.pdf
Weaveworks
 
Kubernetes Basics
Eueung Mulyana
 
Introduction to kubernetes
Raffaele Di Fazio
 
DevOps & SRE at Google Scale
Kaushik Bhattacharya
 

Similar to Cloud Native Apps with GitOps (20)

PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
PDF
Deploy 22 microservices from scratch in 30 mins with GitOps
Opsta
 
PDF
What is GitOps? How GitOps works? we discuss Key Challanges.
aniporwal00
 
PDF
Cloud native CI/CD with GitOps
Antonio Liccardi
 
PDF
Understanding GitOps Stages
Domain News Tech
 
PDF
Make a better DevOps with GitOps
Opsta
 
PPTX
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
PDF
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
PDF
Gitops. what’s it all about
Veritis Group, Inc
 
PDF
Why GitOps Model Is the Future of DevOps
PratikMistry38
 
PDF
Achieve Data & Operational Sovereignty: Managing Hybrid & Edge EKS Deployment...
Weaveworks
 
PDF
What is the concept of GitOps.pdf
Ciente
 
PDF
CI/CD on Google Cloud Platform
DevOps Indonesia
 
PDF
Whitepaper automating kuberneteswithgitops 1
Kenneth Nnadikwe
 
PPTX
Lyra Infosystems - GitLab Overview Deck 2020
Lyra Infosystems Pvt. Ltd
 
PDF
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Weaveworks
 
PPTX
Are your DevOps and Security teams friends or foes?
Reuven Harrison
 
PDF
Next Level DevOps Implementation with GitOps
Ramadoni Ashudi
 
PPTX
Empowering developers and operators through Gitlab and HashiCorp
Mitchell Pronschinske
 
PDF
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
Deploy 22 microservices from scratch in 30 mins with GitOps
Opsta
 
What is GitOps? How GitOps works? we discuss Key Challanges.
aniporwal00
 
Cloud native CI/CD with GitOps
Antonio Liccardi
 
Understanding GitOps Stages
Domain News Tech
 
Make a better DevOps with GitOps
Opsta
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
Gitops. what’s it all about
Veritis Group, Inc
 
Why GitOps Model Is the Future of DevOps
PratikMistry38
 
Achieve Data & Operational Sovereignty: Managing Hybrid & Edge EKS Deployment...
Weaveworks
 
What is the concept of GitOps.pdf
Ciente
 
CI/CD on Google Cloud Platform
DevOps Indonesia
 
Whitepaper automating kuberneteswithgitops 1
Kenneth Nnadikwe
 
Lyra Infosystems - GitLab Overview Deck 2020
Lyra Infosystems Pvt. Ltd
 
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Weaveworks
 
Are your DevOps and Security teams friends or foes?
Reuven Harrison
 
Next Level DevOps Implementation with GitOps
Ramadoni Ashudi
 
Empowering developers and operators through Gitlab and HashiCorp
Mitchell Pronschinske
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Ad

More from Weaveworks (20)

PDF
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
PDF
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
PDF
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
PDF
Six Signs You Need Platform Engineering
Weaveworks
 
PDF
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
PDF
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
PDF
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
PDF
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
PDF
Building internal developer platform with EKS and GitOps
Weaveworks
 
PDF
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
PDF
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
PDF
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
PDF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
PDF
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
PDF
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
PDF
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
PDF
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
PDF
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
PDF
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Six Signs You Need Platform Engineering
Weaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Ad

Recently uploaded (20)

PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PDF
Advancing WebDriver BiDi support in WebKit
Igalia
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
PDF
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PPTX
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PPTX
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
Advancing WebDriver BiDi support in WebKit
Igalia
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
Biography of Daniel Podor.pdf
Daniel Podor
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 

Cloud Native Apps with GitOps

  • 1. More, Better, Faster! Cloud Native Apps with GitOps Alexis Richardson CEO, Weaveworks & TOC Chair, CNCF September 27, 2017
  • 2. WTF I want to show you how Weaveworks learned to apply technology to make our business go much faster, using cloud native and continuous delivery
  • 3. WTF GitOps – empowering developers to do operations
  • 4. How did we get here
  • 10. 2004
  • 11. 2005
  • 13. Netflix wanted to improve streaming service for all, fast Must Read!https://www.slideshare.net/AmazonWebServices/dmg206
  • 14. 2009-2010 – cloud native appears as a set of requirements https://www.slideshare.net/AmazonWebServices/dmg206 Must Read!
  • 15. Investors pile in because: velocity equals big bucks
  • 16. We are all developers now ● If you can merge a pull request on GitHub then you are a developer ● The industry has learnt how to connect GitHub to running applications via CICD pipelines, enabling Git to drive Ops… GitOps
  • 17. Frontend (Nginx) The Interwebs RDS Instance Frontend (Nginx) Frontend (Nginx) Authenticatin g Proxy WeaverangCollection Service AWS DynamoDB Query Service WeaverangControl Service AWS SQS WeaverangPipe Service AWS S3 Consul Cluster NATS Cluster Static Content Users Service Core Services Scope Services AWS DynamoDB AWS S3 WeaverangDistribution Service WeaverangIngester Service Consul Cluster Cortex ServicesMonitoring & Management Services Grafana Prometheus Weave Scope WeaverangNode Exporter WeaverangScope Probes Kubediff One time, when we blew up Weave Cloud…
  • 19. 45 minutes from complete and total wipeout back to happy
  • 20. “I want to go faster” Then Adopt continuous delivery & align business and tech to work as one team Tech teams are empowered to act quickly upon business needs, so they must be multi-skilled and “own the system, own the changes”.  more operations roles in “dev” teams And Use the right Cloud Native technologies Automation means getting fewer errors and scaling safely  Git, CICD, containers, orchestration GitOps = Cloud Native + Continuous Delivery
  • 22. Fundamental Theorem of DevOps What can be described, can be automated and accelerated
  • 23. But most businesses release infrequently
  • 24. DevOps while ubiquitously known has not yet delivered magic velocity & continuous everything
  • 25. 1. New cloud Native apps and tools  is forcing change 2. Accelerate all the things 3. Automation phase shift – adapting to many releases per day Summer is coming
  • 27. “Curate and promote tools for cloud native” Microservices Containerised apps Dynamically orchestrated
  • 29. Kubernetes is a platform for cloud native apps “orchestration”  Means that it runs containerised apps the way Linux runs processes Powerful but ”low level” – will have many simplifying tools in future Important: It is declarative automated infrastructure Kubernetes
  • 30. We can store Kubernetes config in Git and validate it
  • 32. Weave Kubernetes gRPC Docker Fluentd OpenTracing Prometheus *** CUNNING SUBLIMINAL ADVERT ***
  • 34. • We use declarative infrastructure ie. Kubernetes, Docker, Terraform, & more • Our entire system including code, config, monitoring rules, dashboards, is described in GitHub with full audit trail • We can roll our major or minor changes as pull requests, and automatically check for diffs if system diverges from the desired “source of truth” in Git How did Weaveworks rebuild our systems in 45 mins?
  • 35. • Config is code • Code must be version controlled • Config must be version controlled too GitOps follows the Logic of DevOps
  • 36. GitOps follows the Logic of DevOps • Config is code • Code must be version controlled • Config must be version controlled too • What can be described can be automated • Describe everything: code, config, monitoring & policy; and then keep it in version control
  • 37. GitOps • Git as a source of truth for desired state of whole system • Compare desired with actual state to fire diff alerts • Make ops changes by pull request
  • 38. What this gets us • Any developer can use GitHub • Anyone can join team and ship a new app or make changes easily • All changes can be triggered, stored, audited and validated in Git And we didn’t have to do anything very new or clever 
  • 39. The future is joined up • DevOps is evolving to accommodate the potential of cloud native tools to get more joined up CICD and release automation at a much higher quality • GitOps shows us how to join up workflows and action oriented dashboards in ways that make sense for developers doing more ops
  • 41. GitOps journey • Day 0 – push first app on first cluster & validate that it works • Day 1 – add CICD updates & rollbacks via Git PRs • Day 2 – observing and controlling a production system • Day 3 – scale up – eg. better service routing (mesh) & security policy
  • 42. The three pillars of GitOps CompletePipeline Observability Security
  • 43. Pipelines – ABCDE pattern Deployment App Dev Build (CI) Containers Any Cluster Any Cloud Execution Push app to cloud
  • 44. Pipelines – ABCDE pattern Deployment App Dev Build (CI) Containers Any Cluster Any Cloud Execution Push app to cloud
  • 45. GitOps - do CD right • Config is code & everything is config (‘declarative infra’) • Code (& config!) must be version controlled • CD tools that do not record changes in version control are harmful
  • 46. Continuous Delivery/Deployment The GitOps Pipeline – automate releases, sync with Git Image Repo OrchestratorDeploy Synchronizer Config change Manual deployment Git Code change Git Update Hint Continuous Integration Deploy Automator CI Pipeline
  • 47. Takeaways • Pushing apps & changes is the fundamental operation • GitOps needs complete pipelines that join up CI, CD and Release Automation in one flow • The right tools must be used – they coordinate between Git, CI, and the services running in the cluster, enabling sophisticated deployment policies
  • 49. GitOps & Observability • If a change is released and no- one is around to see it, then did it really work?
  • 50. Read the whole thing – https://twitter.com/mipsytipsy/status/911711540008628224
  • 51. Observability – understanding whole system wellness • In GitOps we want to get developers comfortable with operational concepts like monitoring, tracing, and incident handling • Like doctors, we must be able to validate health as well as diagnose problems, using a common language and a coherent set of tools
  • 52. Observability – understanding whole system wellness monitor log trace visualize troubleshoot debugdiffs alerts validate Incident management & response
  • 53. BigCos pioneer integrated solutions to spur faster action
  • 54. Observability Asking hard questions of the system is not the same as setting up a load of alerts
  • 55. Diffs & auto sync are really great Bake in metrics end to end and full stack from the start For alerts, use RED metrics  focus on services You can’t avoid some instrumentation – but that’s ok since all in Git Visuals in Git – grafanalib Policy & Rules in Git (traffic, incident management) Automate (autogenerate) per-service screens & keep in Git Some lessons we learnt running Weave Cloud
  • 57. • Observability is a way to verify that our system is in the desired state as specified in Git eg. diffs & alerts & more • An observable system is one that can be controlled, via a feedback control loop that drives continuous improvement A bit of theory
  • 62. The GitOps Pipeline is really driving a CONTROL LOOP… GitOps loop Deployment App Dev Build (CI) Containers Any Cluster Any Cloud Execution Release ObserveOperate
  • 64. System Actual State Observable State Understanding Desired State (in Git) Observe Orient Decide Act Release Diff ROODA Loop
  • 65. Fundamental Theorem of GitOps What can be described and observed can be automated and controlled and accelerated
  • 66. Takeaways ● Observability is fundamental to automation and understanding ● It is holistic and encompasses any question you could ask about the difference between desired and observed state ● You must bake it in from start, using monitoring, tracing, diff tools …
  • 68. Recap… • Day 0 – push first app on first cluster & validate that it works • Day 1 – add CICD updates & rollbacks via Git PRs • Day 2 – observing and controlling a production system • Day 3 – scale up – eg. better service routing (mesh) & security policy
  • 69. Who sees what Who talks to whom  Matters more as you scale Based on rules Routing, Firewalls, ACLs, Rollouts  Declarative? Store them in Git Security
  • 70. ● By using diffs, we can immediately and automatically enforce convergence to a correct (desired) system state ● SOX: Git repos control which developers touch the system, which via GitOps CICD tooling can be mapped directly into running clusters ● Secrets? Security: some examples we have seen @ Weaveworks
  • 72. ● A much easier way to deliver and manage better apps, faster ● Works anywhere! ● Much more resilient – 45 mins to recover from total system wipeout What we got
  • 73. ● Git is a source of truth *for everything* in cloud native era ● GitOps ROODA loop improves velocity & collaboration ● Focus on the 3 pillars: pipelines, observability & security central This is leading us to new insights, new tools, new dashboards today Key takeaways
  • 75. Why GitOps The need for speed! Business expects tech to be super responsive  consolidation of dev & ops skills in the most agile teams Automation: a phase shift is coming If we want to go from 1 release per MONTH to 1 or more release per DAY then we need to automate the complete lifecycle New app types will accelerate change DevOps and cloud adoption have arrived. New application types are emerging. Many use tools like Kubernetes & Docker which support “everything as code” and practices that deliver a complete automated & accelerated lifecycle
  • 76. Where ops happens Powered by Kubernetes