容器化後，持續交付不可缺的敲門磚 - Helm

tags: DevOpsDays Taipei 2018 9/12 14:50~15:30 Track B

https://www.facebook.com/groups/113425279448910/

background

• Terraform
  • VMs
  • Network
• Ansible
  • package
  • code deployment
• GCP
• 技術負責人願意導入(重點?)

top down 從上往下比較簡單

problem

• Many VMS
• Configuraions with environment
  • beta, staging, production
  • MySQL, Redis, Cassandra, MongoDB..etc
• deploy太花時間
• 本地端開發很複雜

Objective

• Containerized
  • 10 Components
  • 35 Works
  • 30 Jobs
• migrate to k8s

18天就finish了
好喝

Prod & Cons

prod

• fast code deployment and rolling upgrade
• K8s managed resource
  • Ingress(load balance, ssl)
  • Less Terraform
• decouble configurations
  • redis-dev,redis-beta,redis-prod
    => k8s service
  • redis-service => in image

Cons

• Bunch of k8s manifests
  • YAMLs x Environments
• Deployment knowledge
  • manifest creation order, parameters

How we work with K8s?

Helm

Helm is a package manager

Helm is…

• Template engine

• Release management

• Portability & easy onboard

• Repository hosting

• Versioning & dependency

• No more kubectl apply

• Chart

• Chart Repository

• Release

安裝Helm => 埋一個agent在k8s裡面

設定template
將設定抽出變成變數

helm init
helm create [name]

Disadvantages

• Helm
  • Hard to troubkeshoot
    • No diff
    • Tiler upgrade failded without error
    • Generate full k8s Manifest
  • => Helm3
• For team
  • Need to know Helm / k8s
  • Gap between Engineer and DevOps
    • Still need DevOps efforts
  • Who can deploy? How totrigger?
  • Who write the Chart?
  • => GitOps

Heml 3.x

• Template syntax hard to read & poor documentation
• Immutable variables, confusing…

New in Helm3

• Lua as embedded scripting language
  • Scripts are stored in charts
• No more Tiller
  • Security enhancement
  • New Helm controller
• Hooks can bemanaged
• Pull-basd…

容器化了 然後呢

• gitkube
• test-infra
• Jenkins-X
• 忘了還有哪些工具…

Key Takeaways

• Containerized and migrate to k8s, refactor by Helm

  • Save money , Increase productivity
  • Reduce deployment time
  • Release Managerment

• key to the future, Helm 3 and GitOps

場外聊天室，歡迎在下方喇賽

自建 k8s? 不然怎麼會需要 ingress?

用ingress可以省load balancer的費用阿ＸＤ(所有服務用一個LB)

用 sidecar 的方式不就解決一個環境一個 configuration 的問題?

感覺不大一樣XD

ingress 請加入反抗軍

template 語法醜醜的

糟糕…習慣 jinja2 真的有點不習慣這個

j2好讀很多啊

喔喔… Helm 完全利用了 k8s 內建的機制在玩…

這樣可以blue green deployment嗎

應該是設定deployment.yaml那邊就可以吧？
這樣是需要兩組helm嗎？

應該是，前面 service 要把 traff切過去
參考這篇

再強調一次 語法好醜

先買 Go Programming Langauage 來讀

看golang本身還好 可是大括號包起來就感覺差很多

用packer的部分剛剛有講嗎?

不報 error 我覺得挺合理的…他原本目的就不是要解決這個問題…XD

靠CI/CD流程解吧

這算官方吐槽嗎

lua 擼啊

DB適合放到k8s裡面嗎？

yes, but use statefulset with high iops persistent volume

雲的部分我覺得還是用提供商給的比較省事就是了
再用proxy的方式連出來