 Thank you for the flowers if you want to follow the slides on your Notebook, there is this URL tiny URL.com slash modern CD And this will kind of move you forward automatically as we move forward here Alright Yeah, have you ever compared other professions with software development really I mean I'm talking about construction plumbers electricians and Doctors so You know what I mean is do doctors wash their hands when they do before they do a surgery on you Do you want that or would you pay extra if they do? Electricians today at a grounding phase to every installation or just the ones that are paid better plumbers, you know when they fix a toilet When they mount a toilet They usually use a rubber seal on for every toilet don't they and And then in construction. I mean bridges. This is the Example Yeah, they usually there is an architect that does the bridge and there he hires or she hires structural engineers That do stress analysis and calculations so that that really works out and doesn't break so imagine the Golden Gate Bridge Breaking down with a lot of traffic on it. I mean, it's horrible. So So what about software development? Do we do that? So Does everyone of us write tests I mean seriously who writes tests for every piece of code Well, I mean what you you think that's fine everything every valuable piece of code if you think the code is not worth anything Probably don't need but who who does it? I mean who does it really? Yeah, more than I would have guessed and Well the modern about the The continuous delivery here in this talk Let me just get my Beamer on yeah This show yeah, so the modern is actually less modern and you would think it's more about how would Yeah, how should you work today? so and so that it's actually working out for tomorrow and Nothing bad happens like Bridges that break down or so So it's not only about Kubernetes and hyper technologies and so All the technologies you'll probably notice But keep in mind that the the actual point of this presentation of this talk is that you should do your software properly Right. My name is Peter Bidner I'm a developer of people companies in code. I run painless software and From a day job. I'm DevOps engineer at visioner gay in Zurich And I do a couple of open source of free software projects really so there is a choice of them here on the slide and Yes Well, I love to to Help everyone run their software smoothly and this is also what is continuous delivery about so let's go to the basics This is the definition It's a set of practices and principles and software engineering aimed at building testing and releasing software safely faster more frequently and in a sustainable way and there's more to it It is the goal of continuous delivery To put the release schedules out of the hands of it and into the hands of business So the one that pays you I mean I'm not talking about your boss Your customer the the feature sponsors They are meant to press the release button and you are meant to prepare everything for that and there are some other terms that are While used Confusing Lee in a similar way that I might and that I want to mention so especially continuous deployment So this is popular It's a popular term today used by Amazon GitLab Atlassian unfortunately in the wrong way I believe because continuous delivery is actually a concept and the other two are techniques, so you use a technique of Integration and deployment within the concept of continuous delivery So and actually automatically releasing is much much easier than giving control out of your hands Think about that. And if you want to read more, it's just humble who wrote the book in 2010 about it Yeah, and what's the modern then about here? Specifically, it's about what everyone does today. It's about Come on probably batteries are empty It's about immutable infrastructure. That's containers. It's about container orchestration. That's Kubernetes open shift stock of swarm and so on It's about version control automation So all things you know already you may also use on a day-to-day basis. This is about CI CD pipelines And it's about cloud native application which are applications that are resilient on scale So resilient means when they fall over they stand up again by themselves So after a tech for example, and when there is a heavy load, you can scale and you can launch multiple copies of them And they will share the load And there is more about modern also another aspect Modern the modern world is so complex That we need help so there are various offering offerings that help us with with getting our software in a cloud know Yeah cloud services like an AWS by Google by a Microsoft Asia, there's open shift, of course so there's all the Kubernetes stack and Yeah, and and not everything is a choice here. So some is a lock-in I mean the the borders are blurred but There is a there's that's a bit of a problem with being locked in and we are locked in when we use a an API Appropriatory API so we are locked in when we use something that is only available on AWS for example And why is this a problem? Because it doesn't allow us to move fast So imagine one day you find out well They raise their prices and you you don't like to pay the higher price tag. I mean, okay They're best in town, but yeah, let's switch over to Asia or Google cloud They have a similar thing How long will it take you? It's probably a project of weeks and months But actually it should take you if you do it right a couple of what I'm probably not saying minutes But maybe hours and that's it so That should be so this is the this is the today's situation so Do we have a choice? Can we change this and I would say yes and There is a very boring answer to this Some people may know him this is Uncle Bob. He is telling for years that we should do clean code so we should do proper software development and I would add to that we should deploy from from commit one to production Because that's where you have your that's why your time is missing in the end before you're releasing to production You know so scary be bang All right, so let's jump directly in a demo. So I want to show you how this can be done So I actually Showed a demo with two things. This is on not showing here This is on Let me actually Do the I need to make this simpler. Otherwise, I can't go fast Where is it? I'm sorry about that I need to make that works out. Okay, so I Show a deployment on a Puyo. I mean, this is just an an open shift Platform that that I run that vision runs the company I work for and this is just just open shift so Yeah, what I've already prepared is I've I have Yeah, kind of made this a free trial and I created two Two projects as three project projects actually and I'm going to use. Oh, no, that was the wrong button I'm going to use a cookie cutter for generating a a project a jungle project So I'm going to copy this code here to get started with cookie cutter and Then Yeah, here we are So, yeah, I've downloaded this already So who is me, it's me And this is the Euro demo and a demo for Delivery sorry, I'm not so fast like other people and And we're going to do that with good lab.com. We have I have prepared a namespace there get left see I Deploy to a Puyo for the moment Because that's supported and then I use Django and Postgres We run all the linting and test for Python 3.0 7 and be a BDD and As some century thing. All right. Voila. So This has been created. If you don't see this, this is the important part. So this is what happened You're a Python demo and yes, really there is a repository already initialized and It removed minus V and it's there as promised. So it says I can create the project here Let's create it here But that work out Well, it's probably on the wrong Well, let's do it like this Get lab Puyo and Yeah, we need to create that one So creating project. Oh, it's actually your Python demo Yeah There was the Demo for talk Delivery so everyone knows about it make it public so everyone can see what we're doing Yeah, so that's it. So we know that we can don't need we don't need to look up with the instruction where Because we know when we push there That should work out right Okay, let's take a look Yeah, that's cool at worked out. So there's the first commit and Yeah, we need to do some setup of the app Puyo Instance so the OpenShift Cluster so we need we have three we have actually three accounts here. That's the CI process is explained here down here And We need to run those setup procedures that are described Can be a concisely here and the read me As a service account that we have created Everyone who does cover need to snows or OpenShift knows what this means and then we give them the permissions And oops, sorry wrong button and Yeah, now we need the token here And we need this token because we do the current integration This is nice Where is it operations? Kubernetes and There is no cluster configured yet So we add a new an existing one We add This is the URL of a Puyo and there is the service token This is managed by a vision so we don't need to manage this with GitLab Yeah, okay, are we done? Let's check well last step We need to provide Access to up to the service of the service account to from from the other Namespaces so we have this this was the the last one was for the development namespace and now we have and before we had the integration namespace so yeah, and That's it Let's check what happened in the meantime so we have a Pipeline running on GitLab that was configured and It looks like this. It has the checks. So this is the linting and we run tests the one that we configured and Then there will the bill the image will be built so the jungle application will be built Into an application image and it will be deployed later So this all goes directly with with a single commit Of course, we have prepared this and you can can do this too or you can use something like the cookie cutter That is that is there Good so let's go back to the where is the Presentation actually Don't need that. Yeah so Let's talk about what is in there. Oh, that's what I wanted to show actually so There is this tree structure here so I can show this what the structure actually is so we have the application here the application code to the typical jungle application and then we have the deployment stuff in a single Folder this is these are yaml files. This is kubernetes Open shift the kubernetes yaml files and then we have The Docker compose for local development we have the tests for local development and Also, of course for the pipeline and we have for local development. We have talks at talks configuration So we have a few things here running. You can you know as usual you can use that. What is it? Let's do the safety that looks nice So the same thing we run so actually when we run just talks we run everything so the same thing that runs on Here Runs Well the same thing that runs here runs identically on my local computer So I'm not doing anything special, you know, and I'll show you why and why this is important So and of course it behaves the same way it will behave on on the pipeline So all of the tests at the linting past and there was nothing built yet But we'll see that later So let's take a look at what that is all about. So it's actually I made this the setup in I What I used our kind of Responsibility responsibility layers. So it kind of looks like the boat here For a reason. So there's a layer for the application logic. There is There is one for development. There is one that is concerned just for about deployment So this is actual deployment to some environments and then there's the automations automation stuff So the the pipeline mainly so in detail What is it about so? What you should care about is that you When you do it in a modern way, you just do it for one environment don't think in environments like this was traditionally done Do you think in 12-factor apps? So you read everything out from the environment logically? But don't design for different environments designed for features you build for features and what does it mean? when you build for features it looks like this that Okay, you get a century DSN and when this is defined and not non you configure it is and The same thing for the debug when debug is true. You do something That you don't do when debug is false Obviously, yeah But you don't design for I do debug only on in the integration and development you if you want to turn it on in integration it should be possible and So you build for features and you compose those features In environments, so you compose that for the environments Then the development Layer and this is actually about The tooling so how you How you do proper software development? How do you do professional software development? I may go back to the application this here should actually just work like you did software development 15 years ago So it's just I'm doing some hacking and I get and do pip install Django and then I do create You know part managed by a new project and they're not start hacking it install everything locally So it should work like this So each this makes you independent and then for development you this is a separate layer you have What do you have here yeah, you have the talks configuration that helps you doing the tooling with Yeah with all your Python stuff so without having it to install the thing separately, you know this helps You only need to install talks then you have of course you have the test because Professional software element you do that you have all kinds of tests acceptance tests unit tests and For easy development you may have something like a Docker compose Which of course then goes into the deployment at a deployment configuration that so the Docker file We'll see that later Yeah, but make it easy your standard practices So no make file or something if if there is a docker compose file every developer knows that yeah, you write docker compose Up docker compose build and it just works. You know you do this like this. Yeah, it's darker compose But I actually may do the build Also put this and demonized because I want to do the migrations later Yeah, so Don't write lots of instructions comprehensive instructions It should be simple and user friendly, you know, so when something is logic It's large it must be logic and not in the documentation the week you're not even in the read me The setup wasn't super logic that I mean Kubernetes is complex And then you have the deployment kind of responsibility layer Which is actually just concerned about everything that is About deploying to environments and of course you're a local machine or you're when you develop in containers. It's also an environment So that is where you by the way would turn on the bug for example but you call it also turn on sentry and that should be Completely at your disposal and nuts, you know kind of made by a decision made by design for environments and so there is the dockerfiling here everything that belongs to the dog file the you whiskey any and so for for the the web server for the application server and Or a guinea-corner whatever you want that and and this is important that this is a separate file so you can expect inspected like you would inspect it as a you whiskey hero Micro whiskey hero you would look into that don't put it in a YAML file Don't mingle it into YAML files for example and the same for the web server Don't mingle that nginx configuration into the YAML files You can do that technically, but it's like PHP developers mix HTML with PHP code. Don't do that It's difficult in Django. It's almost impossible. So don't do that in YAML Okay, and for the secrets, of course, you should put them in in your repository. That's the new thing but of course Not in plaintext Because if you don't put them in the repository, you can deploy it. You can have complicated things like a vault But the simple thing is you seal the secrets so you you Encrypt them with a public key and only the The cluster has the private key to decrypt them and you have a kind of Kubernetes operator there that decrypts it all right, and then the automation that's the simple part keep it simple and Let the the CI service do what you would do manually don't Install things in the YAML, you know, let's take a look at that So you don't do kind of install things here you have an image that has talks installed and that you know That does some things here you say, okay the The test image the test actually that's just a template so the test thing has a talks image and I test for pi a 3.7 And it's not installing anything. It's all there. It also speeds up your builds and It should also be nicely readable. So, you know, this is it's pilot is checking here You should be able to tell a story with that This here is deploying to integration only for Changes on the master branch. So when you merge a major quest into master for example into the main branch This deploys to production and only when you push attack So you can tell a story and guess what when do we deploy to the development environment only when we open a merger quest? So this is nice to read and that's how it should be Tell a story and make it as simple as possible. Okay, so and there are some some some other Yeah terms that or Considerations I would like you to follow. So it's the asset when you hear asset don't hear us, you know, don't hear the usual thing Here as simple as possible I'll show you why and Deploy deploy early deploy often and that means deploy from Comet one and directly to production So by the way, what do we do? Let's check what happened In the meantime, yeah, there's already Deployed so we can see here the build Yeah, that that's building. That's just Docker, you know, you know that I don't need to show this So and but by the way here the test for example that Looks like just it looks on your console on your local machine. Yeah and then for the deployment after building the image the image was pushed to The Kubernetes cluster to open shift actually because it has a registry And then for deployment. Yeah, this looks a little bit more complicated But these are just OC commands a single command. So you have one image that does everything and the good thing is here This is nicely integrated. Let's take a look where this ended up There we go click on a link and there we go Well, it's stuck for some reason. Yeah, this is the usual demo God Yeah Let's check back later Usually this is because Django needs to wait for the database but this Is actually being a little bit law All right, so Let's take a look at the process by the way So we said Merge requests you remember they end up on development When you open a When you merge a merger quest so you make a change on master this ends up on integration So I pushed directly on master for the first for the first commit. So that's that's fine then Afterwards it should be protected that would be good so you can only do merge requests and then So for triggering a deployment You just push a tag so you do something like it Good tag one OSA and did you say get push tax and then the tag is pushed and What happens is that? We get a thing Running the initial commits that will deploy to production the image is already built so we don't need to build it again. So By the way What was that darker compose? Exek Application oh, yeah Um, what is it? Manage hi Migrate right so that is for jungle. Yeah, that's cool And then I can do everything that you know and when you know how to work with dr. Compose Logs, I think logs minus F right Yes, it does something that was because we had no migrations and when and dad is actually So when you stop this Dr. Compose Down the compose up You can see this directly Yeah, and that's easy. I can't I have the link here. I can click on it. So this is just saying Not found because this is this is actually there is nothing here, but this is actually running This is actually a running up the jungle application because we have the I mean We don't have it from the front page yet So, yeah, so we can see the request here and this is actually a nice trick that you can do this like this and Yeah We can see this We can see this trick In the dr. Compose file So we are not even running the web server We are actually doing what you would do 15 years ago or 10 years ago when jungle was born you would just run Python managed by the run server And then you can click on this and it's actually that this is running inside the container But I can still access it because we have configured it correctly like this So but it should be nice and easy to use Good, then where did we stop? Yeah Okay, and then of course you commit You push your first commit. Okay. It's not worth anything because you don't have a front page. Yeah, but you iterate You improve you add monitoring you add you add actual tests because the the first test the dummy tests and so on and then I Mean just the usual, you know crying of of us That do agile do test-driven development do a prayer program make pair programming First, you know do that first because you get more things done when you have two heads doing things and when and try to to Tackle the test-driven thing try to try to write the test first a single line of Code in the test that must fail a single line of code in your code in your application That makes the test pass back and forth back and forth only a single line. That's how you do it And you you have to do this goat It's on the workshop on some pie kind of so this is super when you when you experience how good this feels You'll never gonna write code without test again and free your software. So this is more for you know general Consideration for projects the less code you have to maintain internally The less burden you have in the end of okay open source free software projects are a burden of a different kind But you are it you force yourself to make it nice You can't just leave You know your code base without test because this will harm your reputation for example and When you have no secrets or when you have no closed source or you have very little closed source You don't you have very little security holes ideally and hopefully when you make this popular then You you have people looking at the code for security holes Yeah, and that is what Robert C. Martin says the only way to go fast is to go well and I know people don't believe this. So let's look at this Whether he says this for real Tell your friends in technology that the only way to go fast is to go well Okay, if you don't believe me believe him that was basically it So if you want to try out Cookie cutter you can scan a QR code or click on all one of those logos and We are open now for for questions But I may suggest before we start the questions because we are all Python is right who is a Pythonista Hands up So and then you know the oaths that we have to speak so speak with me Beautiful is better than ugly Explicit is better than implicit Simple is better than complex Complex is better than complicated and people are leaving because they get scared flat is better than nested sparse is better than dense a readability counts special cases Aren't special enough to break the rules although practicality beats purity Errors should never pass silently unless explicitly silence and in the face of Be good to refuse the temptation to guess There should be one and only one obvious way to do it. Although that way may not be obvious at first sight Take some time Now it's better than never although never is often better than right now if The implementation is hard to explain It's a bad idea It is one if the implant implementation is easy to explain it may be a good idea Continuous delivery is the honking great idea. If you deploy to production from comment one, let's do it I start today Python Thank you Peter and especially for your live demo very interesting and I think we have time for some questions You talk briefly about secrets. My question is how do you inject the private key to the container? yes That's a fair question because I talk about secrets and I Actually expect that people say why Why to commit to deploy to production? You don't do this. Anyway, maybe someone else will ask it So the typical solution you do with Kubernetes cluster is you run an operator so you you you run practically a service in the in the In your cloud instance that has the the secret key in there, but there are other ways. I mean this Yeah, I'm really not a text like I'm test expert. I'm not a Kubernetes expert. I'm not a Docker expert. I'm not I'm not I'm just telling you what you should do because Uncle Bob says it So but it works. I mean we do it Yeah, yeah, yeah, and the people are struggling with the vaults And and when what's what's are down? They are the single point of failure, but man as everything when the cluster is down It's a single point of failure another question I've seen that you deploy the merge request code to Development environment. So how do you handle if there are several merge requests open in parallel that all have to be refute Yes, so the typical answer is skitlab review apps I've not done this here for simplicity because it really depends on how big your team is And and also, you know, how much you want to spend because you know The concepts are nice to explain it. But in the end there are business people that say Okay, you need more RAM. You need more CPU. This costs us 50 francs more a month. No, no, no, no, no, no, we don't we don't do that So the easy solution is to only have one instance. So and then it all it's all about discipline So if you have two three developers, they say, okay, now I'm pushing my merge request I'm opening merge request and Yeah, it's not the ideal way But it saves money for for the customers and that we have Such customers and for the others that want the cool solution We do review apps and you can find this in the git lab CI documentation Thank you another question I Have a question So you mentioned cookie cutter and I already heard in other talks and do you recommend you use it every day for creating the template? Well, I'm in DevOps. So I'm not creating the templates. It's for me. It's mainly Yeah, I'm trying to help bootstrap others. I mean What we also do what what I plan to do is have the creation of the different combinations automated But I'm not using it on a daily basis if for me it's more like, you know How do I put the the things that I would that we see every day and and you know ideas evolve and we Find out new things. For example, we have we have some kind of git pool now in the in the build step And this is weird, but it but it it makes your your build faster when when you cash the image layers So I need a place to put that information somewhere So I put it in the cookie cutter and and there are other tools. I know some There's some Tom some something that I that I started with but cookie cutter is popular and yeah It has some defects because you can't upgrade really the code you have you have created. Yeah Thank you other question Hi How do I prevent getting locked into my CD tool in this case kid lap? Excuse me. I couldn't hear the first part. So you've chosen to use kid lap. Yes Now you're essentially locked into kid lap because that's all very specific Configurations, how do I avoid that? Yeah, so the the point is you have seen I've presented those layers and The the kid lap is practically only the should I go back? kid lap is only this Automation layer, so it's the last layer here so my ideas to So what what would we create what I create is? in an automation so a a Bitbucket pipeline configuration or a circle CI configuration or a Travis CI configuration that fits with the deployment for example that Runs all the commands that work that are designed and that are compatible with the deployment layer So that's the only thing I have to do and and for for building. Well, it's actually just a deployment layer Because there you build the image In for building and then you you run the OC commands or cubes cuddle commands for deploying So that's how you solve it you you generate this and you and you you You take the what what you wanted bit bucket pipelines YAML file put it in there and you You push that to a bit bucket repository Does that answer your question? Thanks so much Other question. Yeah Hi So I'm just trying to understand so okay. This is Python conference, but are you? Like proposing all those things with what you said so they should work in like language and technology agnostic way or Is this somehow very tied to Python and docker and so on why I'm asking this question is because When you talk about production for everybody production is a different thing Yeah, so right now as I understand it's just a docker container which is deployed somewhere, right? This is the end product of this Yes, so I mean other people have Different types of production. Yeah, for example, they release. I don't know RPM packages that being packages which then have to be Manually installed and so on so No, you don't have this if you do if you do docker if you do containers You don't have this because you can run a you can you can install everything in your containers. So everything is in your Docker file here. So you do what you do you I mean you're talking about traditional Deployments, correct Yes, and no so my point is docker has also security concerns. So that's why well, that's not everyone You can use it for testing sometimes but not for deployments. Yeah, deployments have can have different procedure I mean to production. Yeah, they can have completely different procedure from for example, what you do development but if you if you go through the talks through the slides again and try to understand how I mean I mean is It's really when you work with containers It's completely isolated. That's that's the whole point of containers that you don't have to worry about What does my target? Environment look like you don't have to worry about you don't even have to worry about Processors and all that stuff because in the end you you don't even have to worry about when this happens with Kubernetes because you only say Hey, Kubernetes. Look, there is an image. You push it somewhere now actually for to Kubernetes. You only say here is the configuration and then Kubernetes has a concept that is called Eventual consistency so it does not immediately deploy it deploys when it thinks it's right So when the time has come so kind of you know, so it kind of Fires up your container and when that works it shuts down the the older one So you don't have to worry about this and the solution is containers But this is not a my talk that's that explains that this is just why we use containers Okay The is this Is this okay for you that I answered this way? Can you give me the mic back, please? So in some companies the installation procedures are much more difficult than than this due to security concerns and due to machines being in some remote locations and so on so and Yeah, but it doesn't work as simple as this but let's all for local development. It's it's okay You can you can know no not at all local local is just one environment You know that's a point and everyone needs to understand this. This is critical. There is no local environment There's no production. That's why I say production because hopefully some people would jump up and say no We are not deploying to production. This is dangerous. It's not You know, it's just one environment and you know, the point is you can give if you have security concerns You give the darker containers to the people that deal with security and they will make it secure That's the solution So it's not I'm not it's not much about my talk I'm taking this for granted because the industry now works like that if you and your company don't work like that again You should catch up. You really should Thank You Peter we are Free and for this session and thank you for your time and we can proceed with the other look. Thank you