#gitops (2019-04)
Discuss continuous delivery of infrastructure
Archive: https://archive.sweetops.com/gitops/
2019-04-02
22019-04-10
2019-04-11
Here are the slides: https://cloudposse.com/slides/gitops-with-terraform-on-codefresh-webinar/
Just read all your slide decks. Very nice demos.
Thanks @jamie!
Had a lot of fun making them
(video will be posted later)
2019-04-30
So im trying to deploy to my k8s cluster w/ helm via my ci tool and I’d like for those helm deploys to kick off based off merges into special branches. For example, merging a PR into develop would kick off a helm upgrade to the dev cluster and merging a release PR into master would kick off a helm upgrade to the prod cluster. How are those of you following this pattern handling the fact that helm doesn’t redeploy pods using images on a specific tag (develop) even if there is a more recent version of that image?
we’ve used a number of strategies
for develop you can use helm upgrade --recreate-pods option
or just always tag yur docker images also with a git ref
then use the git ref for the image tag
--recreate-pods will cause a brief outage
so your repo has a tag per commit?
we tag every docker image with a git ref
ah
i misread that
that way there is a 1:1 relationship between git and docker
so when you merge into master, that will re-build the docker image meaning that you would be technically deploying with a different image (although should be identical)?
yes, but our process is different
we merge to master, we build
especially since we usually squash merge
we use release tags to deploy to environments
release tags therefore only retag a docker image. no rebuilding required.
master is continuously delivered to staging
release tags go to production.
1.2.3-foobar goes to the foobar environment
e.g. 1.2.3-prod
1.2.3-preprod
1.2.3 goes no where
then for PRs we deploy each one into a new namespace on the staging cluster
e.g. pr1234 of the example repo gets deployed to pr1234-example namespace
so for your prod deploys, they are not being triggered via git
they totally are
100% git driven
ohh
youre saying
by tagging a commit, you are pushing to specific environments?
so when you push that tag, it triggers the deploy
retag the image
thank you, i believe thats the step i was missing
deploy it
in our case, we use github
so we use the UI for releases
i do to
but essentially it’s tags
releases also have webhook events
so you create a release, which triggers a deploy in codefresh
we register those with codefresh
yup
nice thats what i’ll do
how do you like codefresh?
and then you can throw in an approval step
i believe you guys are big fans
so it queues it up for deployment, but someone higher up has to click approve
yes, we’re big time fans of #codefresh
approval step is a codefresh thing or github?
codefresh correct
approval step is a codefresh step
ask_for_permission:
type: pending-approval
title: Deploy release?
nice nice
we’re on circle right now, which isnt my favorite
yea, circle definitely has the marketshare
but i believe i can perform all of those still
with circle
and the two have been converging on functionality
but codefresh has tighter k8s integration and native helm support
plus kanban boards so youo can view your releases and what stage they are in
yeah ive built my own helm deploy script to run from circle
thats why i was interested in drone.io but right now its more affordable to pay for circle than run our own 3 node k8s cluster for drone
yea, i dn’t like hosting CI/CD
it’s foundational infrastructure, that when everything else is done right (IaC) it’s just easier to treat the CI/CD as an axiom; it just exists and we don’t need to worry about how.
same, but drone does run jobs as native k8s jobs which removes the need for managing agents which is nice
that’s nice
but yeah, thinking about our CI/CD platform having uptime issues during a client-facing outage would suck
i feel like we got enough to manage…. kiam, cert-manager, prometheus, grafana, teleport, kibana, fluentd, external-dns, keycloak, etc. . and for those there is no hosted option.
but for CI/CD there is.
haha yeah
sysdig datadog
but i get it
yea, true
sumologic, splunk
but daaaaaaang the prices $$$
yeah they are not cheap
thanks for the help, answered with the exact solution i was looking for @Erik Osterman (Cloud Posse)
thanks @btai! glad I could help