SlideShare a Scribd company logo

Heroku to Kubernetes & Gihub to Gitlab success story

J
Jérémy Wimsingues

The document discusses the migration of infrastructure and DevOps improvements at Everoad, transitioning from Heroku and GitHub to Kubernetes and GitLab. It highlights the setup of a GitLab server using Helm and Kubernetes runners, the establishment of CI/CD pipelines, and the importance of managing secrets with Vault. The migration aimed to enhance development efficiency, manage costs, and streamline testing environments for new features and components.

Engineering
1 of 32
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Heroku / Github / CircleCI to Kubernetes and Gitlab (using Helm & Vault) Jérémy Wimsingues @jwimsingues March 2019 1
● Context of the migration and overall infrastructure setup before migration ● GitHub → Gitlab ● Heroku → Kubernetes ● DevOps Improvements What will we talk about? 2
Marketplace connecting shippers with truckers Jérémy Wimsingues DevOps & Data engineer 2 years of Cloud Experience @jwimsingues Who are we? 3
Everoad’s infrastructure @September 2017 Frontend Backend Heroku MongoDB (atlas) Projection databases + Event store Elastic (cloud) RabbitMQ cloudamqp Pricing Google cloud platform LogEntries 4
GitHub + CircleCI to Gitlab, gitlab-ci & Kubernetes runners ● Easy for dev ● Efficiency ● Wait for a pipeline to be run ● Pay for each dev joining the team ● Switch between several tools ● Pain for dev to put in production on Kubernetes ● CI/CD integration with Kubernetes ● On demand test environment ● Focus the dev to what they do the best And… I had some experience with gitlab so… That was easy to sell to the CTO :-D 5
● Create the gitlab server ○ Easy to do with a Bitnami deployment ○ A lot of operational stuff (https, create teams, …) ○ Enable runners to Kubernetes ● Create the first pipeline using .gitlab-ci.yml with a test app ○ Create a prepare stage (check if it compiles) ○ Create a test stage ○ Create a build (and push) stage (create the docker image and push it) ○ Deploy the code to Heroku staging ○ Force the pipeline promotion from staging to production ● Move all the repositories Roadmap 6
● Basically, just follow the documentation… ● As an information my first gitlab server took me 10 minutes to run. It then took 2 days to setup the whole operational stuff (DNS domain, https, setup the google auth, create the team, pull the repos, setup the MR process, slack integration…) How to setup the server + runners inside Kubernetes 7 ● The easiest and fastest way is to use Bitnami release: GitLab CE Certified by Bitnami
● Helm is the BEST PRACTICE you MUST FOLLOW when you want to use Kubernetes in production ● Helm is a release manager for Kubernetes. It “merges” all the Kubernetes object into a “release”. It “links” your Kubernetes object so you can versionize them and do one command upgrade and rollback Who knows Helm in the audience? /! NEVER USE KUBERNETES WITHOUT HELM /! 8
Setup runners inside Kubernetes 9
Setup runners inside Kubernetes 10
Our first pipeline 11
Our first pipeline 12
Our first pipeline 13
Everoad’s infrastructure @November 2017 Frontend Backend Heroku MongoDB (atlas) Projection databases + Event store Elastic (cloud) RabbitMQ cloudamqp Pricing Google cloud platform LogEntries 14
Heroku to Kubernetes ● Easy for dev to put in staging/production ● Configuration of env variables ● Review app ● Scale the infrastructure with $$$ ● Pass X hours to setup the new git for the new microservice ● Have splitted metrics ● Manage our infrastructure ● Manage our costs ● Scale with microservices ● On demand test environment 15
1. Create a Kubernetes cluster 2. Install Helm ;-) 3. Setup Prometheus + Grafana to monitor the infrastructure 4. Setup a reverse proxy to spend less money (~$20/route for GCP w/o high traffic) ○ nginx-ingress-controller did the job for us 5. Prepare a Kubernetes directory with some yaml templates which are going to be present on each of your microservices: ○ One deployment ○ One service (which contains annotation to allow Prometheus to scrape the metrics) ○ If required, an ingress (which contains annotations to use nginx/other) ○ Configmap if required (we will talk/debate about secrets later) Roadmap 16
1. Create a Kubernetes cluster 2. Install Helm ;-) 3. Setup Prometheus + Grafana to monitor the infrastructure 4. Setup a reverse proxy to spend less money (something like $15/20/route for GCP) ○ nginx-ingress-controller did the job for us 5. Prepare a Kubernetes directory with a few yaml template which are going to be present on each of your microservices: ○ One deployment ○ One service (which contains annotation to allow Prometheus to scrape the metrics) ○ If required, an ingress (which contains annotations to use nginx/other) ○ Configmap if required (we will talk/debate about secrets later) Roadmap 17
Everoad’s infrastructure @January 2018 (& live one!) 18 MongoDB (atlas) Projection databases + Event store Elastic (cloud) RabbitMQ cloudamqp Google cloud platform
Everoad Kubernetes infrastructure @January 2018 (& live one!) Belgique - europe-west1-b Belgique - europe-west1-c Belgique - europe-west1-d services storage réseau sur la zone storage réseau sur la zone storage réseau sur la zone Google cloud platform 19
Cluster Proxy Proxy Proxy Proxy Risoli Backend Frontend Backend Proxy Global infrastructure Namespaces: kube-system risoli frontend backend Users (clients) Admin kubectl Services External Load Balancer 20 Frontend Backend Risoli
A to Z user request 21 ingresses ... User service nginx DNS GLB app-service pod Kubernetes cluster - of the six nodes
Kubernetes staging cluster Continuous integration 22 homemade scripts Developer Gitlab - merge => staging daemon runner local tiler pod upgrade release <project>
Kubernetes staging cluster Continuous deployment 23 Developer homemade scripts Gitlab - job => production daemon runner get prod credentials Kubernetes production cluster local tiler pod upgrade release <project> configmap.. secret.. service.. ingress..
● All the secrets are under a different path: secret/<ENV>/<SERVICE_NAME>/<LIST_OF_CONFIGURATION> ● The CI of the specific microservice is requesting all the secrets of this directory and create a Kubernetes secret ● If we want to rollback we will rollback secret with the release (useful) ● If we want to change the configuration, we change the secret and run another production pipeline (new helm release created) ● Done in bash (could have been done using your favourite language, there are just API calls on it DevOps improvements - Vault as a config manager 24
● All the secrets are under a different path: secret/<ENV>/<SERVICE_NAME>/<LIST_OF_CONFIGURATION> ● The CI of the specific microservice is requesting all the secrets of this directory and create a Kubernetes secret ● If we want to rollback we will rollback secret with the release (useful) ● If we want to change the configuration, we change the secret and run another production pipeline (new helm release created) ● Done in bash (could have been done using your favourite language, there are just API calls on it DevOps improvements - Vault as a config manager 25
● All the secrets are under a different path: secret/<ENV>/<SERVICE_NAME>/<LIST_OF_CONFIGURATION> ● The CI of the specific microservice is requesting all the secrets of this directory and create a Kubernetes secret ● If we want to rollback we will rollback secret with the release (useful) ● If we want to change the configuration, we change the secret and run another production pipeline (new helm release created) ● Done in bash (could have been done using your favourite language, there are just API calls on it DevOps improvements - Vault as a config manager 26
● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ● Automatic request a subdomain to add a new DNS entry (in fact we use a sub subdomain trick) ● Available port forward for the devs to see the data inside the dabases ● Replay events from the production to have a usable set of data ● Useful for all these kinds of use cases: ○ Bench a new feature during user tests on a dedicated environment (before huge release!) ○ Bench a new version of a core component before migrating the compotant (mongo, rabbit…) ○ Create environment with a subset of events to reproduce production issues DevOps improvements - On demand test environment 27
● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 28
● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 29
● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 30
● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 31
32 Thanks for listening, available for questions (with a beer!) @jwimsingues

More Related Content

PDF
WKSctl: Gitops Management of Kubernetes Clusters
Weaveworks
 
PDF
How to manage Kubernetes at scale with just git
Weaveworks
 
PPTX
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Weaveworks
 
PDF
Implementing Progressive Delivery with Your Team (by Leigh Capili)
Weaveworks
 
PPTX
Kubernetes and OpenStack at Scale
Stephen Gordon
 
PDF
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeAcademy
 
PDF
Patroni: Kubernetes-native PostgreSQL companion
Alexander Kukushkin
 
PDF
DockerDay2015: Getting started with Google Container Engine
Docker-Hanoi
 
WKSctl: Gitops Management of Kubernetes Clusters
Weaveworks
 
How to manage Kubernetes at scale with just git
Weaveworks
 
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Weaveworks
 
Implementing Progressive Delivery with Your Team (by Leigh Capili)
Weaveworks
 
Kubernetes and OpenStack at Scale
Stephen Gordon
 
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeAcademy
 
Patroni: Kubernetes-native PostgreSQL companion
Alexander Kukushkin
 
DockerDay2015: Getting started with Google Container Engine
Docker-Hanoi
 

What's hot (20)

PDF
A GitOps model for High Availability and Disaster Recovery on EKS
Weaveworks
 
PPTX
A Primer on Kubernetes and Google Container Engine
RightScale
 
PPTX
KubeOne
loodse
 
PDF
Kubermatic How to Migrate 100 Clusters from On-Prem to Google Cloud Without D...
Tobias Schneck
 
PDF
Getting started with kubernetes
Janakiram MSV
 
PDF
2016 08-30 Kubernetes talk for Waterloo DevOps
craigbox
 
PDF
Kubernetes - A Rising Hero
Huynh Thai Bao
 
PDF
PuppetConf 2017: Zero to Kubernetes -Scott Coulton, Puppet
Puppet
 
PDF
Container Camp London (2016-09-09)
craigbox
 
PDF
KubeWHAT!?
Stephen Gordon
 
PDF
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeAcademy
 
PPTX
Introduction kubernetes 2017_12_24
Sam Zheng
 
PDF
KubeCon Prometheus Salon -- Kubernetes metrics deep dive
Bob Cotton
 
PDF
Kubernetes Basis: Pods, Deployments, and Services
Jian-Kai Wang
 
PDF
The State of containerd
Moby Project
 
PDF
Integration kubernetes with docker private registry
HungWei Chiu
 
PDF
Lessons learned from the charts repo
Victor Iglesias
 
PDF
Rex gke-clustree
Romain Vrignaud
 
PDF
Open stack nova reverse engineer
Vietnam Open Infrastructure User Group
 
PPTX
Docker with OpenStack
chmouel
 
A GitOps model for High Availability and Disaster Recovery on EKS
Weaveworks
 
A Primer on Kubernetes and Google Container Engine
RightScale
 
KubeOne
loodse
 
Kubermatic How to Migrate 100 Clusters from On-Prem to Google Cloud Without D...
Tobias Schneck
 
Getting started with kubernetes
Janakiram MSV
 
2016 08-30 Kubernetes talk for Waterloo DevOps
craigbox
 
Kubernetes - A Rising Hero
Huynh Thai Bao
 
PuppetConf 2017: Zero to Kubernetes -Scott Coulton, Puppet
Puppet
 
Container Camp London (2016-09-09)
craigbox
 
KubeWHAT!?
Stephen Gordon
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeAcademy
 
Introduction kubernetes 2017_12_24
Sam Zheng
 
KubeCon Prometheus Salon -- Kubernetes metrics deep dive
Bob Cotton
 
Kubernetes Basis: Pods, Deployments, and Services
Jian-Kai Wang
 
The State of containerd
Moby Project
 
Integration kubernetes with docker private registry
HungWei Chiu
 
Lessons learned from the charts repo
Victor Iglesias
 
Rex gke-clustree
Romain Vrignaud
 
Open stack nova reverse engineer
Vietnam Open Infrastructure User Group
 
Docker with OpenStack
chmouel
 
Ad

Similar to Heroku to Kubernetes & Gihub to Gitlab success story (20)

PDF
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
Wong Hoi Sing Edison
 
PDF
CI/CD Across Multiple Environments
Karl Isenberg
 
PDF
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]
Wong Hoi Sing Edison
 
PDF
Extending kubernetes
Gigi Sayfan
 
PDF
KubeCon 2017: Kubernetes from Dev to Prod
Subhas Dandapani
 
PDF
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
PDF
A DevOps guide to Kubernetes
Paul Czarkowski
 
PPTX
Container Conf 2017: Rancher Kubernetes
Vishal Biyani
 
PDF
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
PDF
DevOpsDays Houston 2019 - Dan Kirkpatrick - My Kubernetes Tool Chain: Open-So...
DevOpsDays Houston
 
PDF
Can i service this from my raspberry pi
Thoughtworks
 
PDF
Best practices in Deploying SUSE CaaS Platform v3
Juan Herrera Utande
 
PDF
Kubecon seattle 2018 workshop slides
Weaveworks
 
PDF
Kubernetes Best Practices 1st Edition Brendan Burns Eddie Villalba
duukkoofi65
 
PPTX
DRUPAL CI/CD FROM DEV TO PROD WITH GITLAB, KUBERNETES AND HELM
DrupalCamp Kyiv
 
PDF
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Ambassador Labs
 
PDF
Kubernetes for Beginners
DigitalOcean
 
PPTX
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
DevOpsDaysJKT
 
PDF
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
Ambassador Labs
 
PPTX
Kubernetes Manchester - 6th December 2018
David Stockton
 
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
Wong Hoi Sing Edison
 
CI/CD Across Multiple Environments
Karl Isenberg
 
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]
Wong Hoi Sing Edison
 
Extending kubernetes
Gigi Sayfan
 
KubeCon 2017: Kubernetes from Dev to Prod
Subhas Dandapani
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
A DevOps guide to Kubernetes
Paul Czarkowski
 
Container Conf 2017: Rancher Kubernetes
Vishal Biyani
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
DevOpsDays Houston 2019 - Dan Kirkpatrick - My Kubernetes Tool Chain: Open-So...
DevOpsDays Houston
 
Can i service this from my raspberry pi
Thoughtworks
 
Best practices in Deploying SUSE CaaS Platform v3
Juan Herrera Utande
 
Kubecon seattle 2018 workshop slides
Weaveworks
 
Kubernetes Best Practices 1st Edition Brendan Burns Eddie Villalba
duukkoofi65
 
DRUPAL CI/CD FROM DEV TO PROD WITH GITLAB, KUBERNETES AND HELM
DrupalCamp Kyiv
 
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Ambassador Labs
 
Kubernetes for Beginners
DigitalOcean
 
How Honestbee Does CI/CD on Kubernetes - Vincent DeSmet
DevOpsDaysJKT
 
O'Reilly Software Architecture Conference London 2017: Building Resilient Mic...
Ambassador Labs
 
Kubernetes Manchester - 6th December 2018
David Stockton
 
Ad

Recently uploaded (20)

PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Sustainable Sites - Green Building Construction
mhdumerali
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 

Heroku to Kubernetes & Gihub to Gitlab success story

  • 1. Heroku / Github / CircleCI to Kubernetes and Gitlab (using Helm & Vault) Jérémy Wimsingues @jwimsingues March 2019 1
  • 2. ● Context of the migration and overall infrastructure setup before migration ● GitHub → Gitlab ● Heroku → Kubernetes ● DevOps Improvements What will we talk about? 2
  • 3. Marketplace connecting shippers with truckers Jérémy Wimsingues DevOps & Data engineer 2 years of Cloud Experience @jwimsingues Who are we? 3
  • 4. Everoad’s infrastructure @September 2017 Frontend Backend Heroku MongoDB (atlas) Projection databases + Event store Elastic (cloud) RabbitMQ cloudamqp Pricing Google cloud platform LogEntries 4
  • 5. GitHub + CircleCI to Gitlab, gitlab-ci & Kubernetes runners ● Easy for dev ● Efficiency ● Wait for a pipeline to be run ● Pay for each dev joining the team ● Switch between several tools ● Pain for dev to put in production on Kubernetes ● CI/CD integration with Kubernetes ● On demand test environment ● Focus the dev to what they do the best And… I had some experience with gitlab so… That was easy to sell to the CTO :-D 5
  • 6. ● Create the gitlab server ○ Easy to do with a Bitnami deployment ○ A lot of operational stuff (https, create teams, …) ○ Enable runners to Kubernetes ● Create the first pipeline using .gitlab-ci.yml with a test app ○ Create a prepare stage (check if it compiles) ○ Create a test stage ○ Create a build (and push) stage (create the docker image and push it) ○ Deploy the code to Heroku staging ○ Force the pipeline promotion from staging to production ● Move all the repositories Roadmap 6
  • 7. ● Basically, just follow the documentation… ● As an information my first gitlab server took me 10 minutes to run. It then took 2 days to setup the whole operational stuff (DNS domain, https, setup the google auth, create the team, pull the repos, setup the MR process, slack integration…) How to setup the server + runners inside Kubernetes 7 ● The easiest and fastest way is to use Bitnami release: GitLab CE Certified by Bitnami
  • 8. ● Helm is the BEST PRACTICE you MUST FOLLOW when you want to use Kubernetes in production ● Helm is a release manager for Kubernetes. It “merges” all the Kubernetes object into a “release”. It “links” your Kubernetes object so you can versionize them and do one command upgrade and rollback Who knows Helm in the audience? /! NEVER USE KUBERNETES WITHOUT HELM /! 8
  • 9. Setup runners inside Kubernetes 9
  • 10. Setup runners inside Kubernetes 10
  • 14. Everoad’s infrastructure @November 2017 Frontend Backend Heroku MongoDB (atlas) Projection databases + Event store Elastic (cloud) RabbitMQ cloudamqp Pricing Google cloud platform LogEntries 14
  • 15. Heroku to Kubernetes ● Easy for dev to put in staging/production ● Configuration of env variables ● Review app ● Scale the infrastructure with $$$ ● Pass X hours to setup the new git for the new microservice ● Have splitted metrics ● Manage our infrastructure ● Manage our costs ● Scale with microservices ● On demand test environment 15
  • 16. 1. Create a Kubernetes cluster 2. Install Helm ;-) 3. Setup Prometheus + Grafana to monitor the infrastructure 4. Setup a reverse proxy to spend less money (~$20/route for GCP w/o high traffic) ○ nginx-ingress-controller did the job for us 5. Prepare a Kubernetes directory with some yaml templates which are going to be present on each of your microservices: ○ One deployment ○ One service (which contains annotation to allow Prometheus to scrape the metrics) ○ If required, an ingress (which contains annotations to use nginx/other) ○ Configmap if required (we will talk/debate about secrets later) Roadmap 16
  • 17. 1. Create a Kubernetes cluster 2. Install Helm ;-) 3. Setup Prometheus + Grafana to monitor the infrastructure 4. Setup a reverse proxy to spend less money (something like $15/20/route for GCP) ○ nginx-ingress-controller did the job for us 5. Prepare a Kubernetes directory with a few yaml template which are going to be present on each of your microservices: ○ One deployment ○ One service (which contains annotation to allow Prometheus to scrape the metrics) ○ If required, an ingress (which contains annotations to use nginx/other) ○ Configmap if required (we will talk/debate about secrets later) Roadmap 17
  • 18. Everoad’s infrastructure @January 2018 (& live one!) 18 MongoDB (atlas) Projection databases + Event store Elastic (cloud) RabbitMQ cloudamqp Google cloud platform
  • 19. Everoad Kubernetes infrastructure @January 2018 (& live one!) Belgique - europe-west1-b Belgique - europe-west1-c Belgique - europe-west1-d services storage réseau sur la zone storage réseau sur la zone storage réseau sur la zone Google cloud platform 19
  • 20. Cluster Proxy Proxy Proxy Proxy Risoli Backend Frontend Backend Proxy Global infrastructure Namespaces: kube-system risoli frontend backend Users (clients) Admin kubectl Services External Load Balancer 20 Frontend Backend Risoli
  • 21. A to Z user request 21 ingresses ... User service nginx DNS GLB app-service pod Kubernetes cluster - of the six nodes
  • 22. Kubernetes staging cluster Continuous integration 22 homemade scripts Developer Gitlab - merge => staging daemon runner local tiler pod upgrade release <project>
  • 23. Kubernetes staging cluster Continuous deployment 23 Developer homemade scripts Gitlab - job => production daemon runner get prod credentials Kubernetes production cluster local tiler pod upgrade release <project> configmap.. secret.. service.. ingress..
  • 24. ● All the secrets are under a different path: secret/<ENV>/<SERVICE_NAME>/<LIST_OF_CONFIGURATION> ● The CI of the specific microservice is requesting all the secrets of this directory and create a Kubernetes secret ● If we want to rollback we will rollback secret with the release (useful) ● If we want to change the configuration, we change the secret and run another production pipeline (new helm release created) ● Done in bash (could have been done using your favourite language, there are just API calls on it DevOps improvements - Vault as a config manager 24
  • 25. ● All the secrets are under a different path: secret/<ENV>/<SERVICE_NAME>/<LIST_OF_CONFIGURATION> ● The CI of the specific microservice is requesting all the secrets of this directory and create a Kubernetes secret ● If we want to rollback we will rollback secret with the release (useful) ● If we want to change the configuration, we change the secret and run another production pipeline (new helm release created) ● Done in bash (could have been done using your favourite language, there are just API calls on it DevOps improvements - Vault as a config manager 25
  • 26. ● All the secrets are under a different path: secret/<ENV>/<SERVICE_NAME>/<LIST_OF_CONFIGURATION> ● The CI of the specific microservice is requesting all the secrets of this directory and create a Kubernetes secret ● If we want to rollback we will rollback secret with the release (useful) ● If we want to change the configuration, we change the secret and run another production pipeline (new helm release created) ● Done in bash (could have been done using your favourite language, there are just API calls on it DevOps improvements - Vault as a config manager 26
  • 27. ● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ● Automatic request a subdomain to add a new DNS entry (in fact we use a sub subdomain trick) ● Available port forward for the devs to see the data inside the dabases ● Replay events from the production to have a usable set of data ● Useful for all these kinds of use cases: ○ Bench a new feature during user tests on a dedicated environment (before huge release!) ○ Bench a new version of a core component before migrating the compotant (mongo, rabbit…) ○ Create environment with a subset of events to reproduce production issues DevOps improvements - On demand test environment 27
  • 28. ● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 28
  • 29. ● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 29
  • 30. ● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 30
  • 31. ● Based on Helm, we use the CI to deploy an ephemeral environment with all the micro services ○ A frontend ○ A backend ○ Some microservices (pricing, emails …) ○ Ephemeral databases (postgresql, elastic, mongo) ● Automatic request a sub domain to add a new DNS entry (in fact we use a sub subdomain trick) ● Replay events from the production to have a usable set of data ● Useful to: ○ Bench a new feature during user tests on a dedicated env ○ Bench a new version of a core component before migrate the compotant ○ Create env with a subset of events to reproduce production issues DevOps improvements - On demand test environment 31
  • 32. 32 Thanks for listening, available for questions (with a beer!) @jwimsingues