Argo CD - Declarative Continuous Delivery for Kubernetes

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay so just to make sure other than employed people everybody can hear us Jeremy I see your chat so you guys can hear now do it in your phone okay all right thank you hi everyone so welcome to our NGO community meeting today's agenda is to first demo Argo CG or Argo continuous delivery which is our new open source project and then we will open it up for Q&A and any any feedback on any of the Oracle project also we we're really looking for some volunteers to demo our go workflow usage nobody has volunteered so next meeting please it would be awesome if one of you can demo like how you're using our Google toast I will do a quick round of introductions not like a long one because our NGO community is still new so we just want to understand who all are using and attending so I see a bunch of people from Intuit in the meeting so I'll skip them any other people any other company's members joining just quickly dip into a handoff yeah we're working Localytics okay anybody else yeah this cannons I'm I'm a physicist working at CERN the European and particle physics laboratory and we're trying to use them I'll go for in particularly even actually the workflows for reproducing a little physics analysis I'm trying to explore if that's a good option yes anybody else wants to speak out okay okay we can just continue let me share my screen first I'll do a five minute overview of our goal CD and then uh Jesse will do a detailed demo okay I guess everybody can see okay so all of your from most of you are familiar with all the different argue open-source projects we started with our global flow then we customized it a little bit and created Argos di last month we open source hardware then thanks to the Black Rock team who contributed the first version of the code and everybody is reviewing and hopefully we'll get some more feedback and then today we will discuss about Argo CD our newest open source project most of the community members as far as we know are using our goal for ML or data related types and workflows and some are using it for CI CD pipeline if there are other use cases it would be awesome if you can talk about it on our slack Channel so let me understand these are the people who actually open pull request to list their company whether they're contributors or users on our goal na main page and the github repo it would be great if others also when they are more comfortable open a pull request to list themselves that helps grow the community so let's talk about Argo CD what is Argo CD it is a declarative continuous delivery solution for kubernetes the enjoyed team the Argo team at Intuit earlier this year a couple of months back where tasks with the delivering a continuous delivery service for the point to kubernetes continuously as a part of into its modern SAS platform initiative we looked at a couple of solutions in the market open-source and based on the following criteria the first criteria we wanted is that it has to be kubernetes native because it was a continuous delivery service for the point hundreds of services on kubernetes the next criteria was we wanted it to be declarative so that we can define the desires faith in gift and any changes to the desire state of can do automatic deployment so we particularly love kiss on it as our configuration management solution so our goal CD is built on top of kiss on it and when Jesse gives the demo he'll explain why we really nice kiss on it we wanted this CD solution to be to have a clear separation from our CI solution and we'll explain why as well and then we wanted some enterprise friendly features because multiple teams will use the CD solution to deploy multiple services in parallel so we wanted more audit trails then security single sign-on are back logging etc so given these features we didn't find anything that suited our needs and so we decided to build something and then open sourcing so how it is our the CD work it works in two simple steps you define your application and your different environments where your application will be deployed in get free fall and then any change to your application can fix will trigger deployment so we'll call are those things to deploy your app so two simple steps are go CD can be called from any pipeline whether we would love arts to be called from our go workflows but it can be called from any circle CI or jenkins or any pipeline or you can also invoke it from tli or UI with that we will move to the demo Jessie will first show a simple app guestbook app which comes actually with the spot a sonic project he will first show like how to define your app using tips on it and then he will trigger a change of the guestbook app and then you will go into more complex application any questions so far can you guys hear us yep okay okay that's a Uther sub training for me you okay so asthma Kalika I mentioned we settled on case on it because when we weren't trying to solve the problem of configuration management my office didn't want package management solution like since we're the plane SAS services and we don't need to be packaging and distributing something to like an end user what we really needed was just aids of the point man tool to deploy applications from us from some state and get and case ina has been doing a really good job solving the configuration management problem for us where we have many environments like a death pre prod stage and then prod with subtle differences between those environments like some maybe a AWS account number is different that you need to send to the app TLS certificates DB connection strings etc so I'll give a really high-level quick primer on case on it so for those who don't know so we have a make you have an example application repo for demo purposes and in this repo I have four apps I'll be will go over the guestbook up really quick so a case on it app is really just a directory structure opinions are actually structure of how you organize your manifest and your environment here we have a components directory this is where your manifest lives and case on it supports llamo JSON JSON and which is a superset of JSON and in their upcoming release will be supporting film charts you have an environment directory this is where you put any type of customizations that you want to happen between environments like let's say you want to add a sidecar in the prod environment you would write some JSON it inside the prod directly under the environments to customize it for that particular environment and finally you have a um oh and this is kind of like the high-level description of your application and its environment so in looking at the guestbook up we have three environments and they are going to three different namespaces for demo purposes we're deploying to the cluster that Argos CD is running in but Argos CD actually supports deploying to external clusters that's a big change oh yeah it can deploy to multiple clusters I think so won't be - playing this desk look up to me Argo CD okay so the first thing you might notice is we have this single sign on sign in via github I haven't configured this Argosy the instance to sign in via github but it's actually implemented using decks from core OS so this actually allows our go city to integrate with all major forms of SSO including oh i DC providers like Google and Azure you gives a sam'l 2.0 l dab github linkedin this one just happens to be configured with github so any right now any our go proj members can log into this this instance okay so what I'll be doing is I'll be linking with this the git repository that I showed you just recently and then we'll be creating the guestbook up from that repository so the first thing you'll do is you'll connect the repository I already have it connected and and we'll select my repo and it's searching for all the case on the apps in that repository I found the guestbook we see that it has three environments I will be choosing the default environment to point to you the same cluster that Arbor CD is running it and it's just just kind of a final review page two to review where this app will be will be going okay so so after we created it we see that the app is in an out of sync state and this simply means that it hasn't yet been deployed yet the reason is how the sync is because it's missing from the target environment we have this view of all the components of your resources and that's actually let's go ahead and sync this up okay as you can see that you can see the live state changes as they happen we're actually streaming the resource state changes from the kubernetes api server and because of that we are able to show the live changes as they happen this tree view that I mentioned as we get the resources associated with application we're able to reconstruct the parent-child relationship between these kubernetes resources based on their ownership references that kubernetes cuts between between the resources so this pod we can see is owned by this replica set which is owned by this deployment which is owned by this application and this comes in really handy when you're trying to debug like a failed deployment rollout because you can kind of see the new replicas that's coming and going and and which pods are associated with with which replicas set okay so so the guestbook app is running on so some of the UI features is that you can actually click on any one of these things you can see the actual llamo or in this case you can see the JSON of that resource we have live logs of pods and else also kubernetes events associate with that resource so we'll go ahead now and make a big change to upgrade this guestbook so I'm going to go to my Fork of the example app which I deploy to and I'm going to change the guestbook version from 0 to 2 0 xxx okay all right so what you see happened is that immediately the the guestbook application state is now in a how distinct state so I happen to configure my repository to send the webhook to a cargo city that webhook was consumed we refresh we did the reassessment of the sink state of this application and we discovered hey we're out of sync with our tracking revision which has had and to visualize the difference we see that the deployment is the one that's how that sync so let's see what's happening with that resource and so we do a JSON death of the live State and the target desired State and what this is showing us and read is that we want to be running 0 at 3 but we're not and what's really running is they're allowed to and this this gives you just kind of like this continuous view of am i running what I think I should be running so let's get out of this corrected situation I'm going to go ahead and sink again you okay so so it's if you're familiar with kubernetes deployments you'll know that still when they do the rolling update they'll create a second replica set of the new version of the appointment meanwhile they'll keep around the old replica set as they do a do a rolling update of the pods and some things something didn't go quite right here wearing it we're now in a sink state but we're not really healthy yet and you can see this this blue icon is indicating that we're not fully healthy and we get a little bit detailed message and the help is saying waiting for a rollout to finish one old replicas are pending determination and frienda see what you can see my new replica set pod as a some kind of air is the air image pool so going into the events we can see the kubernetes events associated with this pot and we see that I it's unable to pull this new version of guestbook from the registry so I happen to know that there is no d03 version of the guestbook which is the reason for this failure so a little bit about the health we have specific health checks for different types of resources for all of those deployments type of resources like deployments replica set diamond sights staple sets we have the same status as a QC TL rollout status come in and basically what that means is that the observers generation if that resources is matching what to you which you want it too much and you have the desired number of updated replicas and for service and ingress objects a health check is we are if your service with tight little bouncer you have actual external IP that has been assigned or a host name so let's get fat out of this bad state we have a roll back button so looking at the history of this application we saw that we were running the 0 a 2 version of guestbook up until two minutes ago and let's go back to this version so for the rope of how aware robach works for every application we currently started the git commit shot of the last five successful syncs and so we'll just keep this kind of this tail of the last five successful syncs just so that you have the facility to rollback but really when you want to we can roll anywhere because when you do this thing you actually can specify a revision to things to and there's going to be a git commit shot it can be a branch it can be a gift tag okay so um before I move on I like to just actually stop here and answer any questions that people might have so far about our go CD anyone so I'm wondering do you have an example of an encore in Eddie's location right now like one of the like our use cases we selected our go over a Concorde CI because we had a bunch of we wanted to get more sophisticated with our deployment of some of our legacy applications and they're not packaged as they're not packaged to run on committees right now they're like manipulating AWS auto-scaling groups so how would something how I'm sorry so this so this CD solution is only for deploying to kubernetes and that is the reason why we made this separate from our Givat so you can continue using our go workflows to deploy to whatever kind of environment from ours overflows you can cause Argo TB or from any other pipeline you can call Argo CD only when you want to defy to connect I see and even internally into it we're actually looking using Service Catalog yes service catalog which would allow us to orchestrate some of these kind of external type of resource and not that not kubernetes needed resources through your service catalog and that that's one way like we also have this internal need to orchestrate external stuff but we are looking at service catalog to do allow us to define them as kubernetes manifests but allow these servers Celtic to do the deployment for us okay I wanted to clarify are the workflows and use anything to do deployment using say for example called Q Cpl Phi whereas Argus CD can again be called by any pipeline so we wanted to keep these two separate some people will use our goal of 12x Argo CD but you can decide to use a different pipeline with Argo city and our go both flows with a different deployment tool so that can kind of aggregate that's kind of aggregate the state across these things like one of our needs right now is is well we're well we're replac forming on top of our go work closes is we're needing to write kind of like this this dashboard view we need something that's kind of keeping the state of all the moving pieces in the in so if you can imagine if human-type lines are using Argos CD but a few other ones are using some other stuff we don't really have any kind of aggregated view right now do you envision that becoming a thing in the project or is that going to be like you know teams themselves when they for example insight into it we will have a we are taking for example we need our cervical istic service view and some of those services will be deployed using Argos CD so I think maybe a lot we actually maybe we should ask the community to start helping us build a dashboard yeah yeah yeah right now the only thing that Argos CD and Argo workflow have in common is really the name I mean there is some serious serious some special knowledge built into about workflows which I'll show you coming up in the sink hook feature but I really there's they're actually completely separate at this point in time we impact the waste internally Jenkins we're using Jenkins to drive our CI yeah and so that's that's making calls through the harbor CLI to Argos CD to do the sync but let's think about it had to build a holistic dashboard yeah okay because one of our our goal community member is actually even the kubernetes dashboard contributor and we don't see much change of the kubernetes dashboard so yes a multiplexer dashboard is very meetings oh babe you have a question do their support play in the ammos for deployment or just kiss on that yes yes okay Sonya itself has a feature called drop many animals and so actually let me show you [Music] so in the Argosy the example I mentioned I have these four apps one of which is sock shot you might have seen this as a micro-services demo and inside the components dirty this all of these demos that you see here I literally just took it from the git repo and dropped it into this case on it yeah and so the case on it supports the this feature of drop in the animals my only reason why I'm asking like we found like an hour experience like once my own boarding card games into papyrus and our CI CT and deployment pipelines people get really lost in case on that so like complexity of tracing your llamo put the actual source is not worth it especially when we do really small amount of customization and try to get keep it really straightforward for people and actually we prefer to copy things when just like yeah I do create different promote a shoe that's why I'm asking like our deployment is usually playing the animals and what we do right now we just do a CAPTCHA to apply like I'm a sewer but this it's really similar so this one is looks much prettier what we have absolutely whatever like how we could use what we have like we have direct or a like predefined directory structure with stop and and which is deploy llamo but this one this is what it does it's just like it's right now it's calling case on led to generate manifest instead of just using already generated manifests right all right that's right yeah so we use case on it as a manifest generator and so initially caisson it was supporting only chase on it and it was actually it looked very complex for a lot of our team and actually Jesse gave that feedback back to the case on a team so if you see then the song shop you can just drop in your llamo in that same folder structure what else um that's pretty much it um they say there's a command called chaos import case import will take in some existing yeah and then it will basically place it'll split those chemical into the individual components of that that young women does putting inside this directory so so you don't have to worry about case on it by using JSON it's our lips on it are you know like yeah like let me reiterate I'll worry with that so ok sonic itself like I know you just think like it says ok complexity but we found out it's not that's why we're just asking how we could kind of sidestep a little bit and just like feat did have pianos because we don't use case summons which imply that we don't like we use a build system for templating it's it's and probably you'll find like a corrosive board people will ever own weird way of doing things but what I found out like our developers I really don't want to launch a sauna it's like why should it care when why should I write like like 40 lines of JSON or Yamaha company and stuff and configurations where where my Yama file is 20 Alliance itself I'm giving what I hear from developers and like you know I yeah I definitely understand where you're coming from because that was very similar feedback that I gave back to the case on his team yeah so I think things so I'm not you were aware the feature like when I shine you in the screen it is literally just yellow files from the song shop so so these are just unmodified diamo files that you that you can drop in into the case on it app and yes you don't have to write it as JSON it yeah so we don't understand but like we don't want to teach our developers what case on that app dough like this is where I'm coming from because like like like this is pretty much like one level you have between kubernetes and and the rest of things I know it is probably like not disputed not a discussion for community but I try to provide feedback because you assume in case on that is okay and like like we can do kind of impose honest life even Argo can hopefully you can just we potentially could service to the features yeah someone give us a directory and we generated basically we write kiss on it so constantly we understand the concern and we'll take the feedback and maybe somebody will see how we can do that but today today it is using the paste on it commands to do the same etc and also we needed something to do the environment folder structure because using the same yeah moans we wanted to deploy to multiple environment just learn in a fight I'm using the same llamo and parameterizing by environment we want to be able to reply to dev QA and production and not have your research one different of our use case where we don't generate yeah like we generate GMOs before we gets into the visitor so pretty much our state of environment has submitted to kubernetes is committed to give it's not something you could get generate environment configuration I submit like if you see right now you have it's not really a state of environment state an environment in what case imagine for you for this environment only place you could see it and kubernetes api it's not in source control your development alright guys like I just wanted to her okay no a be using more people Constantine we have to then look at how to use just but I think we can today so this kind of but it seems yeah do one environment one app and basically get a directory of your animals and that is the app and then you're done [Music] parts of case on it that we use is really the manifest generation so there's really what's happening is when we when we ask the repo server of like hey give me the manifest we ran a KS show of that application and that just spits out this standard out a bunch of yeah manifest in Yama format and then we we unmarshal that into like a Cabrini's data structures and we submit that have you related so that we're not using the case on it apply feature yeah so if it could sidestep our case show and just get stuff out of directory with what we call them but don't ask for anything else I I do want to mention we actually had kind of the opposite concern meaning there were people who were interested in writing very as helm charts and so it's not it's not like they have a flat directory of yeah Mohawk but they actually have a home truck and how could we deploy their helmet art into into production and in one of the problem that problem is being solved for us by case well I we want we don't want to build in special knowledge about contracts and Argo city we case when it's solving that by supporting help charts in their application and then and we benefit from just doing KS show again and we don't know that that there is a helmet right inside this case on the app it's just we just just ranked air show and we get the minister s from there grace I'm not I'm not asking you to change what you do it I just ask an add-on option to skip wear because it will be like you all come under it more use cases this way not try to force people angry and and also one more question is what would between really like right now UI assumes everything happens my knowledge so you're rolling back you startled out automatically you're rolling back things manually and I think it's a is our idea is to actually force it because we were allowed automatically oh yeah so everything you saw today I've been doing through the UI there's a CLI equivalent to that command okay not only that we have the API server is both AG RPC server so we have the profiles for all of these API calls that they're happening we also have a swagger UI for this for the API servers so if you prefer a rest-based interface to Argos CD you can also do it in that fashion but could you over Jerry shapes know that they go this is for the off yeah it's great I would be the bottom very yes in and the other thing you asked about with kind of this is what you're seeing is all manual how do we do automated answer to things like like internally here at u2 is a lot of this stuff is on a minute through the pipeline to the COI commands but one of the features that has yet to be implemented is a feature called Auto sync and and other things died leaving and other thing is that is it when we detected that other sync condition of that guestbook up we would then go and try to perform is saying automatically when we get out of sync so that lets you do all your changes to an environment or application through get rather than these manual steps that I showing you through the UI but yeah it's was I think I don't think it's what you're looking for oh yeah so idea Perrault oh yeah it's still going to it's not a big deal but earlier right okay thank you yep yeah okay the last thing I wanted to cover um do your thing oh four minutes hey guys we really want to also cover any other questions around our goal of throwing events okay okay um just really quickly and so when in the new feature in Argos CD is the concept of sync hooks so in the example of repository and there is an app called prepossessing and the idea behind sync hooks if you ever use hell they have helm has the concept of hooks and a hook lets you kind of interject at certain stages of a deployment like custom logic that you want to happen so in the so in this case i print this example Creepo sink before I sink the app I want a kubernetes job to run and then after it's the sink I also want another crew very strong to run so the way you define that job is going back to you pre post think we have components and I have this post sync job and it's basically devices we manifest that live side-by-side with your application manifest but it has this special annotation called Argo TDR GoPro 7l / hook and in your mind if you use helm hooks just replace Fargo CDI repress our yoga / foot with helmet sh / hook and this basically will execute this job before we do the same if it's successful will proceed to doing the same and then on a post sync job we'll wait for that application to complete its rollout become healthy and then we'll execute the post link job and some of the use cases for this is like if you want a database migration schema migration to happen prior to the sink and then after the application has been deployed you want to rinse them like integration and health tests maybe send some type of notification that those are cut some of the use cases behind pre and post things hey I'll kick this off but you can actually you can see in the sink pane the fact that I have this disc job running and you see the status of this sink job is that it's running the precinct hook my jobs just sleeps for 10 seconds once it finishes this job it will do the actual sink which is the QT they'll apply and then they'll move on to the post st. job once the application is healthy so we do see that it is deployed the keep CTO apply happen and the post sink job is currently waiting for the application to become healthy and then after it's healthy it will execute the posting job that guys a lot of people who want to run tests or some other will stroll are due really data population okay yes okay that's all I had I'll briefly mention other features that are supported in Argus Edie we have our back you you can control who can login and what we will we will you can configure like what Oh our two groups have access to what what apps and we provide a next level of organization called projects and basically this allows you to group acts in a logical way for your organization okay so that's that's all I wanted to cover on the on the roadmap we have some upcoming features centered around more security related stuff we want audit trails to happen basically on all application events like sync events we want Cabrini's events for these things we'll also be adding service account tokens so that your CI pipeline can have a restricted set of privileges of what it can do like maybe you want your Jenkins job to only be able to do a sync and nothing else and in that you can generate a token and give that to a Jenkins pipeline in and that's how you can do the POIs okay okay so thanks any other questions on our goal CD okay we took the feedback we have ten minutes uh anybody wants to discuss any feature questions around argon what flaws or argument somebody we did have we did think our goal event was it was pretty interesting in our in our use case we have we had this idea that there would be like the dependencies between between workflows that might also get satisfied from like an external input so basically what I'm asking with the argyll events design right now as it appears to me that when you setup it I'm good forgive me I don't have all the terminology straight in my head I'm flying blind a little bit but so you would set up a sensor that had awful triggers and whenever a trigger would happen it would trigger the sensor would occur which would cause a workflow to happen do you have a concept may be done maybe I just need to look at the price a little bit more but you have a concept where the workflow doesn't get triggered and so all of the triggers have fired a first time and basically fanon I've kind of thing in our go events and I just missed yeah when you create a sensor you can create multiple triggers and yes there is a there is a way where you can have multiple triggers and the actual action which is the workflow that needs to execute can will execute only after all the triggers are ifile so there is an example I believe of this in the repo where where it says that there should be there is an event for example an s3 foot event and a time where he went and when s3 put happens and after that like a ten-second d-day happen then the so right now it doesn't have we we needed to have basically either a github status or our sources our source is sort of github and we do triggering from there into Travis and then Travis from Travis we pick it up into our internal to deploy this and so and our I do use case either a change to a github status or a change to something within a github repo would be an incoming trigger for this and so would you recommend that we would fork and implement the functionality or would you recommend that we attempts to include it in there like what is the intended scope of the different kind of triggers that are in there right now so there is a web look event right now that you could potentially use where github sends of a book to the kubernetes cluster to some endpoint and that web hook then triggers the world's loop that's one option but otherwise if there is something specific about the github event which is not of a book then yeah I mean feel free to buy github issue I like you would love to get more contributions okay so just in that if we if we were nervous about if we were nerves not getting the logic right the first time and we tried to do it with the web hook your suggestion would be then that the way we structured our workflow the first step in that workflow would basically be parsing the semantic meaning of what that would look was figure out what to do next is that that what we have to do yeah so there is a little bit of work in progress there actually the the part that is also missing right now is that the actual payload of the event so in this case that says that github event sign the web hook but the actual payload doesn't get passed to the controller or to the to the actual event handler so that is something that is also a little bit in the works in fact someone just asked this question today morning on the algo event slack channel about the fact that the payload is needed so this is something that we need to do so in order to parse the event and then make sense out of what happened that is something that would be needed but yeah this is something in the words some of us we're still getting used to this is Matt or waiver from black rose are they on the call okay because they would have more insights onto this but yeah this is something that we are looking into right now but I mean let's discuss this maybe or slack about we prioritize this is something important even we have a use case where we want to run a CI one low continuous integration workflow based on a github event right now but here right now we had we are doing some of that ourselves but we will probably need to do it as part of the event itself awesome yeah what the German flag thank you very much yeah sure anything else okay all right okay yeah in case you guys should try Argos CDL and give feedback like you know constant to get great feedback and get any usability are things wish list stuff that you want I'll actually be kind of switching gears and trying to address the backlog of our go work boat stuff that's been accumulating so I'm I think starting next week I'll be able to start addressing the workflow backlog and also we will demo this in the privileges app sync so we'll see what feedback we get from their end of this month but thanks for all the feedback and anybody else who want to sign up in the list of users please open a pull request we need to grow the community that's all and if anybody wants to call some meter cube current papers please slap me on the slack Channel otherwise I'm going to ping some of you that I know all right thanks everyone thank you thank you thank you

Info

Channel: Argo Proj

Views: 5,267

Rating: 4.8518519 out of 5

Keywords: Kubernetes, declarative, CD, continuous delivery, gitops, ksonnet, helm

Id: KJzgwJrY-mE

Channel Id: undefined

Length: 47min 23sec (2843 seconds)

Published: Wed Jul 18 2018