GitOps inverts the Continuous Deployment model. Your production environment watches a Git repo for changes. When there's a new deployment, the production cluster pulls those changes in.
It's an approach which is becoming very popular. It reduces the number of systems involved in deployment, helps to keep your production environment secure and ensures your entire setup is reproducible.
In this episode we'll see how GitOps works, using Argo - a CNCF project - to deploy to a Kubernetes cluster running in Azure.
Here it is on YouTube - ECS-C3: GitOps with Kubernetes and Argo
-
gitops.tech - the essence of GitOps
-
Preparing Docker Apps for Production - my latest Pluralsight course
Docker Desktop for the local demos; Azure and GitHub for the others.
Create a whole new Kubernetes cluster with Argo deployed and the APOD app setup:
https://github.com/sixeyed/apod-infra/actions?query=workflow%3A%22APOD+Infra+-+Create+AKS+Cluster%22
Trigger workflow (takes a few minutes).
Install the Argo CLI.
Download the CLI for Windows:
curl -sSL -o C:/usr/local/bin/argocd.exe https://github.com/argoproj/argo-cd/releases/download/v1.8.1/argocd-windows-amd64.exe
argocd version
Deploy Argo CD:
kubectl create namespace argocd
kubectl apply -n argocd -f argo/
kubectl get crd -n argocd
Get the initial server password (which is in the Pod name):
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}'
$pwd=$(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o jsonpath='{.items[0].metadata.name}')
argocd login localhost --insecure --username admin --password $pwd
Connect Argo CLI to Kubernetes cluster:
argocd cluster add docker-desktop
kubectl describe clusterrole argocd-manager-role -n kube-system
Check the Argo CD UI at http://localhost, sign in with
adminandecho $pwd
Create the app:
argocd app create apod `
--repo https://github.com/sixeyed/ecs.git `
--path episodes/ecs-c3/apod `
--dest-server https://kubernetes.default.svc `
--dest-namespace apod
kubectl get ns
argocd app get apod
kubectl get applications -n argocd
Check the app at https://localhost/applications/apod
Sync the app:
argocd app sync apod
kubectl create ns apod
argocd app sync apod
Check in Argo UI and app at http://localhost:8010/
Set sync to automatic:
argocd app set apod --sync-policy automated
Update the API spec:
Edit the replica count in apod/api.yaml.
kubectl get rs -n apod -l app=apod-api
git add apod/api.yaml; git commit -m 'Replica update'; git push
Refresh app in Argo CD UI https://localhost/applications/apod
Check the changes are synced:
kubectl get rs -n apod -l app=apod-api --watch
Multiple Git repos for the full setup:
-
sixeyed/apod-infra - cluster deployment with Argo setup for sync; manual workflow
-
sixeyed/apod-app - Kustomize model, source for argo; dispatchable workflow to update image tags
-
sixeyed/apod-source - app source code; release workflow to build & push images, and trigger tag update in
sixeyed/apod-app
Each repo has secrets for the bits it needs
Check the whole new Kubernetes cluster:
https://github.com/sixeyed/apod-infra/actions?query=workflow%3A%22APOD+Infra+-+Create+AKS+Cluster%22
Check out apod-aks-create.yml, which does the work.
When done, check the output to get the Argo UI info. Browse to get the app IP address.
Make an ops change - update the replica count:
Push the change in sixeyed/apod-app, check Argo.
git commit -m 'Bump replicas'; git push
Make an app change - update the web page title:
Push the change in sixeyed/apod-source, and tag.
git commit -m 'Change title'; git push
git tag v3.0; git push --tags
Check in source repo: https://github.com/sixeyed/apod-source/actions
Check in app repo: https://github.com/sixeyed/apod-app/actions
Check in Argo UI
Check app
That's it for 2020 :)
The next show will be in January, where the theme is observability.