GitOps Toolkit (Cloud Native Nordics Tech Talk)
3 likes1,748 views
The GitOps toolkit is a set of composable APIs and specialized tools designed to create a continuous delivery platform for Kubernetes, enabling dynamic configuration and interaction through Kubernetes events. It encompasses features such as source management, kustomize and helm support, role-based reconciliation, and policy-driven validation, all integrated with Git providers. The toolkit is currently in an active experimentation phase, and feedback is encouraged from the community.
More Related Content
Similar to GitOps Toolkit (Cloud Native Nordics Tech Talk) (20)
GitOps Toolkit (Cloud Native Nordics Tech Talk)
- 1. GitOps Toolkit NextGen operational model for Kubernetes Stefan Prodan @stefanprodan Cloud Native Nordics - June 2020
- 2. What is the GitOps Toolkit? The GitOps Toolkit is a set of composable APIs and specialized tools that can be used to build a Continuous Delivery platform on top of Kubernetes. These tools are built with Kubernetes controller-runtime libraries and they can be dynamically configured with Kubernetes custom resources either by cluster admins or by other automated tools. The GitOps Toolkit components interact with each other via Kubernetes events and are responsible for the reconciliation of their designated API objects.
- 3. What is the scope of GitOps Toolkit? ● Source management ● Kustomize and Helm support ● Event-based and on-a-schedule reconciliation ● Role-based reconciliation (multi-tenancy) ● Health assessment (infra and workloads) ● Dependency management (infra and workloads) ● Alerting to external systems (webhook senders) ● External events handling (webhook receivers) ● Source write-back (automated patching) ● Policy driven validation (OPA, admission controllers) ● Seamless integration with Git providers (GitHub, GitLab, BitBucket) ● Interoperability with CAPI providers (for cluster and fleet management)
- 4. Source Controller The main role of the source management component is to provide a common interface for artifacts acquisition. The source API defines a set of Kubernetes objects that cluster admins and various automated operators can interact with to offload the Git and Helm repositories operations to a dedicated controller. Operations: ● Authentication and authenticity validation ● Event-based and on-a-schedule policy driven artifacts acquisition ● Produce immutable artifacts from sources ● Notify interested 3rd parties of source changes and availability API Spec: https://github.com/fluxcd/source-controller/tree/master/docs/spec/v1alpha1
- 6. Specialized Reconcilers The GitOps Toolkit allows specialized reconcilers to collaborate when declaring the desired state of a group of clusters: ● Kustomize Controller ● Helm Controller (TBA) ● Fleet Controller (TBA) All these controllers will be using the Source API package to acquire artifacts and subscribe to “source changes” events.
- 8. Kustomize Controller Features ● Reconciles the cluster state from multiple sources ● Generates manifests with Kustomize from plain yamls or overlays ● Validates manifests against Kubernetes API ● Impersonates service accounts (multi-tenancy RBAC) ● Health assessment of the deployed workloads ● Runs pipelines in a specific order (depends-on relationship) ● Prunes objects removed from source (garbage collection) ● Reports cluster state changes (Slack/Discord) API Spec: https://github.com/fluxcd/kustomize-controller/tree/master/docs/spec/v1alpha1
- 11. GitOps Toolkit - CLI The TK command-line utility allows cluster admins to configure the toolkit and assemble CD pipelines without having to write tomes of YAML: ● seamlessly integrates with Git providers like GitHub and GitLab ● deploy keys provisioning for Git sources (SSH and token based auth) ● install/upgrade/check/uninstall operations for the toolkit components ● create/update/get/export/delete operations for sources and kustomizations ● sync/suspend/resume operations for kustomizations
- 12. GitOps Toolkit CLI - Bootstrap One-click provisioning for: ● Git repositories ● Deploy keys ● Teams access ● Toolkit components (install/upgrade) Git providers: ● GitHub ● GitLab ● BitBucket (TBA) ● SSH-agent (TBA)
- 13. GitOps Toolkit CLI - Incident Management When dealing with an incident, cluster admins can suspend the reconciliation of some workloads and debug/fix the issues, without having to stop the reconciler and affect the whole cluster.
- 14. What about Flux and Helm Operator? We envision a future where Flux v2 and Helm Operator v2 are assembled from the GitOps Toolkit components. Roadmap (WIP) https://toolkit.fluxcd.io/roadmap/ The Flux CD team is looking for feedback and help as the toolkit is in an active experimentation phase. If you wish to take part in this quest please reach out to us on Slack and GitHub.
- 15. What about Flagger and Progressive Delivery? Flagger, like many others Kubernetes operators, works out-of-the-box with the GitOps Toolkit.
- 16. Links 16 Toolkit documentation https://toolkit.fluxcd.io Toolkit assembler https://github.com/fluxcd/toolkit Source controller https://github.com/fluxcd/source-controller Kustomize controller https://github.com/fluxcd/kustomize-controller