Skip to content

chick-fil-a/gitops

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
gitlab
gitlab
 
 
vessel
vessel
 
 
weave
weave
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SETUP.md
SETUP.md
 
 
gitops.png
gitops.png
 
 
notsosecret.yaml
notsosecret.yaml
 
 

Repository files navigation

KubeCon + CloudNativeCon Demo

This GitOps demo is open source and is available at https://github.com/chick-fil-a.

Setup

Please see setup for instructions on setting up an environment for the demo.

GitOps

GitOps

Gitlab

The Atlas is a git repository with a project for each cluster.

Vault

Vault stores secrets to be distributed to each cluster.

Weave Cloud

Weave Cloud is used to visualize the cluster.

GitOps via Command Line

Simple demonstration of GitOps via the command line. This is run on the edge.

git clone http://gitlab.cloud/atlas/kubecon.cluster.riot.edge.git

cd kubecon.cluster.riot.edge

# get secrets
vault kv get -field=spec secret/atlas/kubecon.cluster.riot.edge/podinfo/secret.yaml > podinfo/secret.yaml 

# apply
kubectl apply -f . --recursive -l heritage=Fleet --prune \
  --prune-whitelist /v1/ConfigMap \
  --prune-whitelist /v1/Secret \
  --prune-whitelist /v1/ConfigMap \
  --prune-whitelist /v1/Secret \
  --prune-whitelist /v1/Service \
  --prune-whitelist /v1/ServiceAccount \
  --prune-whitelist apps/v1/DaemonSet  \
  --prune-whitelist apps/v1/Deployment  \
  --prune-whitelist apps/v1beta1/Deployment  \
  --prune-whitelist autoscaling/v2beta1/HorizontalPodAutoscaler  \
  --prune-whitelist extensions/v1beta1/Deployment  \
  --prune-whitelist extensions/v1beta1/Ingress  \
  --prune-whitelist storage.k8s.io/v1/StorageClass  \
  --prune-whitelist rbac.authorization.k8s.io/v1/ClusterRole  \
  --prune-whitelist rbac.authorization.k8s.io/v1/ClusterRoleBinding

kubectl -n demo get all

GitOps via Vessel

Demonstrate vessel run on the edge.

kubectl apply -f vessel

kubectl -n kube-system get po

kubectl -n kube-system logs <pod> -f

Caveats with Kubectl Apply with Prune

  • Apply is run in only one namespace. In order to be namespace specific, the Namespace: metadata must be provided.
  • In order to prune resources no longer in the repository, Heritage: Fleet label is used.
  • If all k8s resources need to be removed, must have at least one resource per namespace, see empty.yaml.
  • There is an incomplete default whitelist of resource, so --prune-whitelist must be provided. See getRESTMappings in apply.go
  • Any resource that creates another resource must add Heritage: Fleet
  • Must be run multiple times as it does not order resource dependencies

Empty

To prune all Fleet resources:

kubectl apply -f empty.yaml -l heritage=Fleet --prune \
  --prune-whitelist /v1/ConfigMap \
  --prune-whitelist /v1/Secret \
  --prune-whitelist /v1/ConfigMap \
  --prune-whitelist /v1/Secret \
  --prune-whitelist /v1/Service \
  --prune-whitelist /v1/ServiceAccount \
  --prune-whitelist apps/v1/DaemonSet  \
  --prune-whitelist apps/v1/Deployment  \
  --prune-whitelist apps/v1beta1/Deployment  \
  --prune-whitelist autoscaling/v2beta1/HorizontalPodAutoscaler  \
  --prune-whitelist extensions/v1beta1/Deployment  \
  --prune-whitelist extensions/v1beta1/Ingress  \
  --prune-whitelist storage.k8s.io/v1/StorageClass  \
  --prune-whitelist rbac.authorization.k8s.io/v1/ClusterRole  \
  --prune-whitelist rbac.authorization.k8s.io/v1/ClusterRoleBinding

About

Managing Fleets of Kubernetes Clusters w/GitOps

Resources

Readme
Activity
Custom properties

Stars

46 stars

Watchers

7 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages