Overview
Developers these days are more likely to be involved in the provisioning of the infrastructure used to run their applications than they did before. Back in the day, things like servers took weeks if not months to deliver, making the whole process slow and cumbersome. Usually, there was a clear separation between developers and operations, and a developer wouldn't be allowed to be anywhere near the configuration of a server. When the DevOps movement started, it mainly argued for closer collaboration between the two groups.
Today, cloud providers offer programmatic interfaces that make the whole endeavor much faster. That flexibility comes at a cost, though. Doing things manually is error-prone and doesn't scale well. So, creating infrastructure is becoming more like developing an application. And that means you need the proper tools and practices to ensure that you can deliver quickly and reliably.
GitOps is a set of practices aimed at enabling developers to deliver infrastructure changes using continuous deployment. The core principles are:
- Describe the system declaratively, building on top of infrastructure as code.
- Keep the canonical desired system state versioned, in a Git repository.
- Changes to the system are applied automatically.
- A software agent ensures that the current system's state converges to the desired state.
This course shows you how to take ownership of the delivery of your applications in a cloud-native architecture. You won't have to depend on an operations team to do it for you ever again.
GSA: $1462.5 USD
Next Upcoming Course
Train up your teams with private group training
Have a group of 5 or more students? Cprime also provides specialist private training with exclusive discounts for tailored, high-impact learning.
GitOps Boot Camp Schedule
Full Course Details
Part 1: Introduction
- Required knowledge
- Git: Committing code and creating pull requests
- Kubernetes: Deploying a service to Kubernetes and basic checks with kubectl
- Docker: Pushing an image to a Docker repository
- CI/CD: GitOps reverses the traditional understanding of continuous integration/continuous development.
- Core concepts: A quick introduction
- Immutable infrastructure
- Infrastructure as code
- Orchestration
- Convergence
- CI/CD
- What GitOps is not
- GitOps is not infrastructure as code.
- GitOps doesn't replace continuous integration (CI).
- The use case: Deploying a highly available microservice
- Deploying a microservice to Kubernetes, with all the surrounding infrastructure to make it available
Part 2: Setting up the Tools
- Kubernetes
- In advance: Setting up a cluster from scratch is time-consuming, even if you use a managed solution like EKS. Pre-allocating a cluster per person is something you can do in advance.
- Preparation: Setting up kubectl
- Every participant should have credentials to connect to the cluster using kubectl.
- Preparation: Access a cluster through kubectl/k9s.
- Check running pods.
- Check deployments.
- Check running pods.
- Repository
- Preparation: Infrastructure repository
- An empty repository in GitHub/GitLab to use for deploying infrastructure
- Application repository
- Strictly speaking, you don't need to separate the application and infrastructure, but it's easier to understand what goes where this way.
- A sample application that serves a web server with a hello world response as the baseline (NodeJS-based, for instance)
- Strictly speaking, you don't need to separate the application and infrastructure, but it's easier to understand what goes where this way.
- ArgoCD
- Why ArgoCD?
- ArgoCD is tightly integrated with Kubernetes and closely follows the GitOps mindset. Therefore, it's a good tool to showcase GitOps.
- Exercise: Add ArgoCD to the cluster.
- Create namespace.
- Deploy ArgoCD to the cluster.
- Access ArgoCD using the CLI.
Part 3: Deploying a Microservice
- Exercise: Prepare a simple microservice to be deployed in k8s.
- Build sample application as a Docker container (Dockerfile can be provided in advance)
- Push service to a Docker registry (cloud-native, docker.io, or quay.io)
- Exercise: Create a k8s deployment.
- Create a Kubernetes deployment definition in code for the application (here's a sample).
- Push code to infrastructure repository.
- Create an application in ArgoCD.
- This time, you'll use the ArgoCD CLI so you can see that part. You'll move to use Git from here on, which is more aligned to GitOps.
- Sync the application.
- Again, use the CLI.
- Test: Use kubectl check to ensure that deployment works.
- Automated synchronization
- Pull versus push: How ArgoCD can read from a repository and automatically apply the changes
- Exercise: Activate synchronization so that further changes happen when you push code to the infrastructure repository.
- Exercise: Create a k8s service. (A deployment alone doesn't expose the microservice, so let's build on that.)
- Create service definition.
- Pull request
- This is an opportunity to introduce the pull request aspect of the flow. You can extend pull requests so that extra checks are performed, using something like GitHub Actions.
- Implementing CI with something like GitHub Actions isn't part of the exercise, although it's something that you can complete as an extra exercise. (See the bonus section at the end of this post.)
- Test: Carry out a kubectl check to prove that service was deployed.
- This is an opportunity to introduce the pull request aspect of the flow. You can extend pull requests so that extra checks are performed, using something like GitHub Actions.
- Exercise: Create a load balancer. (You still can't access service from the outside.)
- Create loadbalancer k8s definition for cloud provider.
- Pull request
- Test: Curl to load balancer address to ensure that service is actually online.
- Exercise: Update the application.
- Change something in the application, such as the body of the response of a route in the application.
- Rebuild container with a new tag and push it to Docker registry.
- Update k8s deployment to use new tag.
- Pull request
- Test: New version of the app should be deployed.
- Exercise: Update the infrastructure. (Why do this? So you can demonstrate that changing the application and the infrastructure results in blurry boundaries.)
- Update k8s deployment to be highly available (more than one replica).
- Pull request
- Test: kubectl shows that there are multiple pods running.
- Wrap-up: This covers the workflow of deploying an application and then performing updates and changes on it.
- This is the core of GitOps!
- There are also other, more advanced use cases to cover.
Part 4: Promoting Changes Through Different Environments
- In advance: Prepare a second cluster.
- As with the first cluster, this is something to have prepared in advance.
- Preparation: Register the cluster in ArgoCD to allow deployments to it.
- From development to production
- Which options are there to represent different stages?
- This is an open discussion, as there's no set recipe to do environment promotion, with different options:
- Use different infrastructure repositories.
- Use different folders in the same infrastructure repository.
- Use branches.
- Exercise: Promotion of a version
- Set up a second cluster (production) to read from a different folder.
- Copy the infrastructure created for the first folder into this one.
- Pull request
- Test: Second cluster should have the service available as well.
- More advanced deployment scenarios (Controlled release is an important part of releasing traffic, especially to production. It's worth talking about the options that you have that can be based on the exact same building blocks as explained before.)
- Exercise: Blue/Green
- Enable Argo Rollouts in cluster.
- Test: Observe rolling deployment with kubectl.
- Install argo-rollouts plugin for kubectl.
- Create rollout to apply to existing microservice.
- Enable Argo Rollouts in cluster.
- Canary release
- Theory only (This can be a good lead-in to a discussion of the merits and tradeoffs of different deployment strategies.)
- Exercise: Error handling (This exercise shows that failure in infra deployment is expected and is handled through code changes—not panicked actions!)
- Introduce an error in the hello world application (this results in a thrown exception instead of starting the webserver).
- Rebuild the container with a new tag and push it to Docker registry.
- Update k8s deployment to use new tag.
- Pull request
- Test: Confirm with kubectl that deployment is failing.
- Revert a failed change through code.
Part 4: Security in GitOps
- Accessing resources
- kubectl shouldn't replace observability, such as logging and monitoring (similar to secure shell—SSH—into a production server)
- Secrets
- No plaintext secrets should ever be stored in Git.
- Vault
- This is theory only because it's probably too much to do for a practical exercise.
- Exercise: Sealed secrets
- Depending on time, this can be treated as theory or as an exercise. Furthermore, you can split it in two depending on how much time you have.
- Modify microservice to read the secret and make it available through a request.
- Provision secrets in the infrastructure repository.
- Use secrets from either the cluster or the application.
- Install the sealed secrets controller.
- Inject an encrypted secret in the infrastructure repository.
- Modify Kubernetes deployment to inject a secret into the microservice.
- Depending on time, this can be treated as theory or as an exercise. Furthermore, you can split it in two depending on how much time you have.
Part 7: Recap
- Core concepts: Infra as code, Git as the source of truth, pull model, converging changes
- Core flow: declare infrastructure, commit it, pull request for review, merge to apply
- Next steps
- Automated promotion (If a deployment to a staging environment succeeds, then trigger a deployment to production.)
- Observability (microservices that export metrics, logging aggregator, and monitoring)
Bonus exercises
- Replace manual steps (push Docker container, build application code) with CI, such as GitHub actions.
- Introduce templating (Jsonnet, Helm) to foster reuse of Kubernetes resources.
- Exercise: Parameterize deployment so that port can be defined as configuration. Deploy a second copy of the same service with a different name, running on a different port.
- Install more advanced resources in the cluster using the same mechanism, such as an ingress controller.
Developers who want to understand how to deploy their applications to a target environment are the ideal audience for this course. These developers want to take ownership of the surrounding infrastructure while following best practices.
Professionals who benefit from this course include:
- Software Engineers
- Software Developer
- Site Reliability Engineers
- Systems Engineers
- Network Engineers
- Anyone involved with DevOps-style workflows
- Anyone involved with IT infrastructure
- Set up an environment to do GitOps (You'll use ArgoCD for that.)
- Deploy and update an application to Kubernetes using GitOps, including the required auxiliary infrastructure
- Scale the GitOps approach to multiple environments
- Address operational concerns, such as security