20180503_talk_3
20180503_talk_3
GitOps for Istio
GitOps
Concepts
* Config is code
* Code must be Version controlled
* Config must be version controlled also
Git as a source of truth
Tips: Build “diff” tools to compare current & desired states
GitOps workflow:
* 1 repo /app
* Separate branch per env
* Push changes to feature branch first
* Rollout with Merge
Summary:
* Declarative config
* All changes go throught vcm (no kubectl actions any more)
* Use operators in clusters to drive the observed cluster state to the desired state
Benefits:
* Atomic, Audit logs and rollback capabilities
* Config and Images push 1st acts as Firewall
* Team work: No single and alone actions
Tools
* JenkinsX
* GitKube
Istio
Overview
- Dedicated, programable Layer
GitOps for Istio
- WorkFlow picture
ConfigSets
Traffic Mgmt
- Canary release
- Rate limiting
- Ingress
-> Network Admins
Observability
- Metrics (What kind, which backend)
- Default config
-> SRE & DevOps
Security
- Authz
-> SecOps
App performances
- Retries
- TimeOuts
- FaultInjections
- CircuitBreaker
-> Devs
=> Tool for collaboration