Continuous Delivery

and GitOps
on OpenShift
Christian Hernandez
Technical Marketing Manager

1
 DevOps is the key to meet the
insatiable demand for delivering quality
applications rapidly

2
 Continuous Integration(CI) & Continuous Delivery (CD)
A key DevOps principle for automation, consistency and reliability

Security Deploy Deploy

Build Test Release
Checks Stage Prod

Continuous Integration

Continuous Delivery

3
 What is GitOps?
An developer-centric approach to Continuous Delivery and infrastructure operation

Git is the Treat Operations

single source everything as through Git
of truth code workflows

4
 GitOps Workflow
a declarative approach to application delivery

CD

A A A

What you want What you have

(desired state) (current state)

5
 Why GitOps?

Standard Workflow Enhanced Security

Familiar tools and Git workflows from Review changes beforehand, detect
application development teams configuration drifts, and take action

Visibility and Audit Multi-cluster consistency

Capturing and tracing any change to Reliably and consistently configure multiple
clusters through Git history Kubernetes clusters and deployment

6
 The GitOps Application Delivery Model

CI

Source Image
Git Repository Registry

7
 The GitOps Application Delivery Model

CI

Source Image
Git Repository Registry

Pull Request

CD
Push
Config
Kubernetes
Git Repository Pull

8
 The GitOps Application Delivery Model
CI
Source Image
Git Repository Registry

Pull Request

CD
Push
Config
Kubernetes
Git Repository Pull

Monitor

Detect
Deploy
drift

Take
action
9
 Continuous Integration & Continuous Delivery

Security Deploy Deploy

Build Test Release
Checks Stage Prod

OpenShift Build OpenShift Pipelines OpenShift GitOps

Automate building Kubernetes-native Declarative GitOps for
container images using on-demand delivery multi-cluster continuous
Kubernetes tools pipelines delivery

Ecosystem
Integrations

10
 The GitOps Application Delivery Model on OpenShift

OpenShift Builds
OpenShift Pipelines

Source Image
Git Repository Registry

Pull Request

Push
Config
Kubernetes
Git Repository Pull

OpenShift GitOps

11
 OpenShift Builds
Automate building container images
using Kubernetes tools

12
 GENERAL DISTRIBUTION

OpenShift Builds

Kubernatives-native Supports multiple Extend with additional

image build build strategies build strategies
A Kubernative-native way to Choose the build strategy that Extend to use community
building container images on fits best your applications and Kubernetes builds strategies or
OpenShift which is portable skills: source-to-image, your own custom builds
across Kubernetes distros Dockerfile, and Cloud-Native
Buildpacks

13
 GENERAL DISTRIBUTION

OpenShift Builds

● Build images on OpenShift and Kubernetes

● Use Kubernetes builds tools OpenShift
○ Source-to-Image Application code Builds
○ Buildpacks
○ Buildah Runtime image Runtime image

○ Kaniko
Application image
○ ...more
Build tools
image
● Create lean application images
● Extend with your own build tools
● Based on Shipwright open-source project
14
 GENERAL DISTRIBUTION

OpenShift Builds

Cloud-Native Buildpacks Source-to-Image (S2I)

kind: Build kind: Build
metadata: metadata:
name: myapp-buildpack name: myapp-s2i
spec: spec:
source: source:
url: https://github.com/myorg/myapp url: https://github.com/myorg/myapp
strategy: strategy:
name: buildpacks-v3 name: source-to-image
builder: builder:
image: paketobuildpacks/builder:full image: registry.redhat.io/openjdk/openjdk-11-rhel8
output: output:
image: quay.io/myorg/myapp:v1 image: quay.io/myorg/myapp:v1
runtime:
image: docker.io/openjdk:11-jre-slim

15
 OpenShift Pipelines
Kubernetes-native on-demand delivery
pipelines

16
 OPENSHIFT PIPELINES GENERAL DISTRIBUTION

What is Cloud-Native CI/CD?

Containers Serverless DevOps

Built for container apps and Runs serverless with no CI/CD Designed with microservices
runs on Kubernetes engine to manage and maintain and distributed teams in mind

17
 OPENSHIFT PIPELINES GENERAL DISTRIBUTION

Why Cloud-Native CI/CD?

Traditional CI/CD Cloud-Native CI/CD

Designed for Virtual Machines Designed for Containers and Kubernetes

Require IT Ops for CI engine maintenance Pipeline as a service with no Ops overhead

Plugins shared across CI engine Pipelines fully isolated from each other

Plugin dependencies with undefined update cycles Everything lifecycled as container images

No interoperability with Kubernetes resources Native Kubernetes resources

Admin manages persistence Platform manages persistence

Config baked into CI engine container Configured via Kubernetes ConfigMaps

18
 OPENSHIFT PIPELINES GENERAL DISTRIBUTION

OpenShift Pipelines

Built for Scale Secure pipeline Flexible and

Kubernetes on-demand execution powerful

Cloud-native pipelines taking Pipelines run and scale Kubernetes RBAC and Granular control over
advantage of Kubernetes on-demand in isolated security model ensures pipeline execution details
execution and , operational containers, with repeatable security consistently across on Kubernetes, to support
model and concepts and predictable outcomes pipelines and workloads your exact requirements

19

Powered by
 OPENSHIFT PIPELINES

OpenShift Pipelines

● Based on Tekton Pipelines

● Kubernetes-native declarative CI/CD
● Pipelines run on-demand in isolated containers
● No central server to maintain! No plugin conflicts!
● Task library and integration with Tekton Hub
● Secure pipelines aligned with Kubernetes RBAC
● Visual and IDE-based pipeline authoring
● Pipeline templates when importing apps
● Automated install and upgrades via OperatorHub
● CLI, Web, VS Code and IntelliJ plugins

20
 OPENSHIFT PIPELINES

Tekton Concepts

Pipeline

Task

Task step Task

step step
Task
step step
step

step

step

21
 OPENSHIFT PIPELINES

Tekton Concepts: step

● Run command or script in a container - name: build

image: maven:3.6.0-jdk-8-slim
● Kubernetes container spec command: [“mvn”]
○ Env vars args: [“install”]
○ Volumes
○ Config maps
○ Secrets - name: parse-yaml
image: python3
script:|-
#!/usr/bin/env python3
...

22
 OPENSHIFT PIPELINES

Tekton Concepts: Task

kind: Task
● Performs a specific task metadata:

● List of steps
name: buildah
spec:

● Steps run sequentially

params:
- name: IMAGE

● Reusable steps:
- name: build
image: quay.io/buildah/stable:latest
command: ["buildah"]
args: ["bud", ".", "-t", "$(params.IMAGE)"]
- name: push
image: quay.io/buildah/stable:latest
script: |
buildah push $(params.IMAGE) docker://$(params.IMAGE)

23
 Tekton Hub
Search, discover and
install Tekton Tasks

24
 OPENSHIFT PIPELINES

Tekton Concepts: Pipeline

kind: Pipeline
metadata:
name: deploy-dev
● A graph of Tasks: concurrent & sequential spec:
params:
● Tasks run on different nodes - name: IMAGE_TAG
tasks:
- name: git
● Task execution logic taskRef: git

○ Conditional
name: git-clone
params: [...]

○ Retries - name: build

taskRef:
build
name: maven
● Share data between tasks params: [...]
runAfter: ["git"]
deploy
- name: deploy
taskRef:
name: knative-deploy
params: [...]
runAfter: ["build"]
25
 OpenShift GitOps
Declarative GitOps for multi-cluster
continuous delivery

26
 OPENSHIFT GITOPS

OpenShift GitOps

Multi-cluster config Automated Argo CD Opinionated GitOps Deployments and

management install and upgrade bootstrapping environments insights
Declaratively manage cluster and Automated install, Bootstrap end-to-end GitOps Visibility into application
application configurations across configurations and upgrade workflows for application delivery deployments across
multi-cluster OpenShift and of Argo CD through using Argo CD and Tekton with environments and the history
Kubernetes infrastructure with OperatorHub GitOps Application Manager CLI of deployments in the
Argo CD OpenShift Console

27

Powered by
 OPENSHIFT GITOPS

Argo CD

● Cluster and application configuration versioned in Git

Monitor
● Automatically syncs configuration from Git to clusters
● Drift detection, visualization and correction
● Granular control over sync order for complex rollouts Detect
Sync
drift
● Rollback and rollforward to any Git commit
● Manifest templating support (Helm, Kustomize, etc)
Take
● Visual insight into sync status and history action

28
 OPENSHIFT GITOPS

Flexible Deployment Strategies

App A App B

Auth
OpenShift

NS NS
Registry
Networking
NS NS
Storage
Install Operators
NS NS
Namespaces
... App A App B

OpenShift OpenShift

Central Hub (Push) Cluster Scoped (Pull) Application Scoped (Pull)

A central Argo CD pushes Git A cluster-scope Argo CD pulls cluster An application scoped Argo CD pulls
repository content to remote service configurations into into the application deployment and
OpenShift and Kubernetes clusters OpenShift cluster configurations into app namespaces

29
 GitOps Application Manager CLI

● Bootstraps Git repos for GitOps

● Configures deployment environments
● Configures webhooks for Tekton Pipelines for CI
● Configures Argo CD for deployment to environments
● Kustomize for environment-specific configs
● Integration with secret managers

$ kam bootstrap
$ kam environment add stage
30
 GitOps Application Manager CLI

$ kam bootstrap

Webhook Push
Tekton Pipelines Image
Push source Registry
code

Pull

Dev Environment

Pull-request Pull Sync

app manifests Argo CD Staging Environment

Prod Environment

31
Optional section marker or title

Thank you
Red Hat is the world’s leading provider of enterprise
open source software solutions. Award-winning support,
training, and consulting services make Red Hat a trusted
adviser to the Fortune 500.

linkedin.com/company/red-hat facebook.com/redhatinc

youtube.com/user/RedHatVideos twitter.com/RedHat

32