Brandon is dedicated to bringing modern technical solutions together to drive tangible business outcomes for customers adopting containers into their application life cycle using Docker, CI/CD and Kubernetes. As a technologist, Brandon brings expertise in open source and enterprise technologies to go beyond solving the technical problem by helping customers to adopt and operationalize comprehensive solutions. As a leader, Brandon is passionate about building teams that are obsessed with customer success.View the profile
About the talk
Increasing the productivity of developers is top of mind for all digital businesses. Creating an internal software delivery platform provides developers with streamlined mechanisms for onboarding, updating, and maintaining their apps while ensuring that security and operations teams can set the proper guardrails as their environments and regulatory requirements grow and change over time.
Learn how to build a platform using Anthos and see how principles like declarative configuration management, and GitOps provide an ideal user experience for developers, security engineers, and operators.
Speakers: Brandon Royal, Ben Good
Google Cloud Next ’20: OnAir → https://goo.gle/next2020
Subscribe to the GCP Channel → https://goo.gle/GCP
product: Anthos, Kubernetes Engine; fullname: Brandon Royal, Ben Good;
event: Google Cloud Next 2020; re_ty: Publish;
Alright, I'm bringing well. Who is she manager and Technical strategist for CI CD and answer questions. You're cool. I'm going by my colleagues and good solution architect and also, if there's any session will discuss some of the common challenges that customer see when it comes to Modern Eyez in your CI CD, especially around a core principles that we think about when are detecting and modernizing CI, CD solution customers can be leveraged within your system
pipeline to cost as well. How did Jason X Factor? CI CD is not a New Concept and a lot of tools and practices really haven't changed that much has changed. Quite significantly is the infrastructure. Surrounding git, a move from imperative infrastructure. Describing all the changes that we need to do without pipelines, two more update, declarative 94 applications, but also our underlying infrastructure and Security Mall. Purity security off a different operating model. Something else. First and operation and be seen as a point of friction within for her
customers between on premises to finance. Its t, i c e and many of our customers described to have one very different set of tools for managing to point this test field automation for Compass application on premises. We all know there, and we find that the huge issue, quit hurting, those inconsistencies, especially between, About research and assessment a organization that brings you to stay up. Poor performance, it directly correlated with organizational performance Cody.
I'm in which addiction to recover from any service degradation. It directly correlates your organization performance. Also the selection of these tools have a very meaningful impact in your ability. To be a high-performing organizations are using more slow change management approval processes using standard often do I perform as well as those are using more spaced methods. That when we think about modernizing citd, we think about these five principles.
So security is not only in terms of separation of Duties, developers, operator. And secure her images as it go from field to tasks to the point and we want to manage the entire process. Imperative versus declarative infrastructure. We would manage all of our configuration, single possible, source of Truth, all of our application and also gives us a clean kit basic interface in which we can manage. All those considerations, look at the concert environment is
critical to automate as well wherever possible, call Suburban Who are the significant commitment to Renee's. Open Park, ecosystem, open standards-based interfaces. For all of our infrastructure. Allow you to leverage existing Investments. With that mean, ultimately modern practices with bourbon and focus on value-added tax and bites, your customers. It will help you to establish their governments across your entire CIT and allow you to share the best practices between
1. 20 containers from the innovation of another solution undergarments as well as classes Tanner Clinic process below. The surface below, the roadway, they're all kind of managing the structure. CI CD in a very similar way across environments and underlining for sure. Play we do, this is we break up into, and we weren't sure what this methodology. You're able to leverage existing components that you might have in place already. If you might have a solution allows you to play music system, investment them on top of it
after When we talked about various stakeholders in the organization developers operators in security different goals when it comes to modernizing their standardized, an application and how those applications are diminished over time as a new set of the ultimately need to inject application policies. I don't need to focus on helping to reduce the burden for the developers wherever possible, and allow them to provide a valuable What do we do? If we do that in this solution is to provide standard interfaces, are y'all
open standard interfaces that we used to plug in those existing whenever possible is Standard Market Place in our faces, all of our code, and configuration directly through these images. But all door infrastructure, using standard ozi images, and those provide the cougar, these platform and using things like answer, configuration management message to Renee Smith. Who talked a little bit about the workflow. Aspects will seem very familiar to those of you who are deploying. See, I said you were closed within your
first started application. Cobra country music continuous integration platform to build and deploy into a Station Park. Our container images, and we'll put them into a container registry. Connect up with all of the shared standard for very complications. That might be deployed within the Enterprise and the operator to use in a relationship between West Point Energy station and wealth management. In the Sharks, a rendering policy considerations, so, using to
render them into hydrated, manifest and will be called Call our consideration. We can see all of these specific configuration images. Certainly not least our security, they need to use a panther configuration management auditory for a co2, powered on using a panther consideration management. Barbie application, configuration certain Stern, start with a shared so that allows us to do things like a baby. What is it, configurations that we might out? Repository, the allocation code for
images, or any additional for configuration or or application. It will render 800 manifest within our environment. What's the application? One of these treats are underlined and structure but the responsibility of security in this context in managing propagation of various policies, security policies policies, anything that describes the behavior is what we Define. As apologies store directly has to earn a spot in her handle the finances. Configuration management under the hood and configuration management
and coordination with our operations teams. And what's the policies and configuration Asian Express. and for integration into, Go to bed. How that works. Thanks. Brandon must take a look at the demo. Let's take a look at a couple of the workflows. How did Brandon was just describing in the CI CD on anthos presentation? So before we dig into the exact into the work, clothes will take a look at the GK. He clusters that we have to plan what we'll be using it for. So we have four clusters, it will be using to run our applications. The first
is a Dev cluster. So in the demo will you scaffold to automatically detect? The changes to the application code and then deploy them into the this will enable us to live test or changes on the death Buster before we push them into the repository from there. Once when they're pushed into the main line of the application Kodi repository of deployment is automatically kicked off, which deploys are changes to the staging coaster. Then once when we validated her changes on the stage and cluster, we can merge the environment
configuration from the staging Branch into the mainline branch. Which would trigger the production deployment to our two Corrections Officers. The 5th Quarter that we have out here is used for a shared services, so on that cluster, we're running get lab and that's where we'll be storing our source code and running RCA CD Pipelines. So, now, it's pretend that I'm an application developer and I have a simple go Application. If we take a look at that, You see that it's simply outputs. Hello world. And my task is to update that
reading this output from Hello World to something else. So as a as a good developer, what we'll do is we'll start by creating a new branch called new reading. And before I start making changes here, I want to get scaffold started, so it's connected up to our development cluster first. Make sure that we're in the right context here. So scaffold is going to watch our source code. And as it changes, it's automatically going to build new versions of the container. Push them into
artifact Bridge Street and then run deployments on those of the new container images out to our deployment development cluster. So that way we can test. So we can see here that scaffold is up and running. And if we preview We can see. Hello world is output. So now we're ready to get started with her changes. So we'll go to work editor here. Silver to say hello. Google. That'll be our new greeting. So we can see, as I change back to Cloud shell, that scaffold has detected that change and it's already starting to
rebuild the image. Now that image has been deployed. So if we refresh in our browser out there is our new reading And that looks good. So we're ready to push our changes into our source control system and kick off the cacd Pipelines. So let's stop scaffold here. More men are changes. And will push them out. okay, now if we go over in to get lab, and we login as the developer here, okay, we can see you tonight, just pushed and you Branch. So let's go ahead and create a merge request.
So at this point what's happening is they're running a CI Pipeline on our branch and we are running tests were going to hydrate the Manifest and we're going to validate the manifests so we're running. A subset of the stages that will run later on. So everything except for the deployment part of the pipeline. So this is giving us the opportunity to validate any manifest changes that we might have made in that application Kodi repository, as well as any application cooking. And we'll just have to get lab
merge when it succeeds. Okay, so we can see through the comments here that everything is merged So if we look at our CI CD pipeline, we're now running another pipeline. So in this one, we're running tests again, we're going to build our new image. We're going to hydrate and validate configs, and then we're going to push those configs into our environment for Buster. So while we wait for this to run, let's take a quick look at our repository. What we have in here. So I
in here, we have our source code, so our main. Go with our greeting, we have our daughter file and then we have some kubernetes manifest. So these manifests are the changes that we want to make. So in this case, we're setting the environment to Dev for each environment. And if we look at staging Our production. Are we can see there were also set in the environment to prot. So these changes are getting merged together with the common share best practices that are stored.
In this year customized base. So here's our shared bases and these this is a a full or manifest. So those environment settings are getting merged into this And what's the CI pipeline? The CI CD pipeline is doing is it is going to commit, those manifest push those manifest into the stable Branch here. So it's still running at this point. Okay, so our pipeline is now finished. So if we go and look at our environment, Repository Your staging branch. We can see the we just push new configs for staging and production Amal. We hydrate them all at the same time so they're
consistent. And see they are all fully fully hydrated manifest. So what that push did that push triggered a pipeline to deploy those manifest to our staging. Not now. So if we switch back to punch out, Now, we can see what we have running in our name, space and our application. Is now running and it's been running for 24 seconds. So we have deployed our changes to our staging cluster. Now we're quickly. Promote those changes from the staging Branch into the mainline branch and that will trigger the production. So we're going here, we'll make a new merch request.
Will merge with us. If we take a quick peek at the changes here, we can see the only really change with the hash. But that merger Quest. Has now triggered the deployment to production. So, we'll switch to our pride Central contacts. And we can see that our new pods been running for about 14 seconds. So our deployment to our production cluster CCD. Okay. Now for the next worked, well as the developer I've been talking with the Hipster shop running team, that they have also have their applications running on our cluster
and they would like to be able to connect to our go Application that we've been working with. So, What we're going to do is we're going to switch over to the antos. Config management Repository. So you see here, we have Oliver namespaces, and our cluster, Registries and that kind of stuff in there. So what we're going to do is we're going to make a quick change. Your network policy to allow hipster shot front, end to connect to Argo at So first, before
we get started here, it's take a quick look at our current Network policies. So we can see that right here we have a just a default deny for anything that's not within our name space. So and what we're going to do is we're going to enable that for a hipster shop in the Hipster shot from you. So we'll start again by creating a branch and we'll jump back over to her and deter, And here's our Network policy that is sitting inside of our namespaces, and are managed applications, so our Go app.
So this policy is going to allow traffic from the Hipster front-end to connect to Argo application. You say that? And then, what's put your change? Okay, so are changes them push. So if we jump back over to the gitlab you, I hear what we'll see. Is are we just pushed a new Branch? So since I pushed that branch of the developer, I'm going to create a merger Quest so we're going to allow traffic from the Hipster front. To submit that merger Quest. Now our policy has been set up such that I am not as a developer. I'm not allowed to
merge or to merge request into the main line. So we're going to have to switch over to our Network admin. So now I'm going to be our network administrator and will review those policy changes so that way we can Non emergent requesting a lot of traffic and while we're doing that, you can see that we would connect we kicked off another CI pipeline where were verifying the changes that we're making to our configuration. So we're running CI on our country and our Aunt has configuration Controller.
And we have a merger Quest here. So now I'm in is the network administrator and we see the merger Quest hear from me. I wanting to allow traffic from the Hipster front-end into our go out application. So our while we were doing that, all of our test pass so quickly, if you are changes So, there's are changes that we made you look good. So what's merge them? And now we're going to run CI on them again just to make sure everything is still good. And once when CI has finished, will be able
to go out to our cluster and will see that this change has been applied, I will check it on, both the production stage and cluster. Okay, see, I ain't finished. So now if we jump back out to Cloud shell and we look at our Network policies again, Now we see that we're allowing traffic from application, hipster friend in into our into our Go app named space so that process as a developer I needed to make a network policy change. I made the change and the answers to
figuration management repository and then that change was reviewed and approved by a network administrator. As we saw in the demo, we had several applications deployed across a number of clusters both production and production, each application brand, and their own name space or their own little playground. So, that way, they ran in an isolated environment. In order to allow applications to communicate with each other, we had to involve that operations and security team. So that way we can update the network policies for the name and those policies and
configurations were being managed, using ATM automatically being deployed and reconciled across all the cost. Now as a developer, they can focus on using a get off work flow. So developers can build new features and feature branches, and using tools like scaffold. Those changes can be automatically deployed to a development Coster so they can be live tested. When those changes are finished, a murder quest is created. And when they're merged into the main line, the station deployment is automatically
triggered by the push of hydrated. Man is into the staging branch of the environment Repository. After the changes have been validated on the stage and cluster, the operations team, or the developer depending on your workbook. In, create a merger quest to promote the configurations from the staging Branch to the main library. In Windows change has emerged as the main lines of deployment to production is automatically. So using the principles that we described you are now able to build
upon a secure platform where you're creating and deploying your policy using Aunt does configuration manager your store in that configuration as code? So you automatically get the tracking and traceability provided by kit. And as you saw in the demo, everything is highly automated from the deployment of application changes, all the way through the configuration changes that are tested and deployed using ATM. We're also using container. So we're leveraging. The amiable nature containers to increase the route to disability of our deployment
in our infrastructure and real leveraging Anthem as an open-source standards-based infrastructure that you can then extend your infrastructure even further. Brandy. I would like to thank you for your time today.
Buy this talk
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.