How to use GitHub to build containerized services on GitHub

GitHub’s main paved path covers everything you need to run your software, including creating, deploying, scaling, debugging, and running your application. It’s an ecosystem of tools like Kubernetes, Docker, load balancers, and many custom apps that work together to create a consistent experience for engineers. It’s not just infrastructure, it’s not just Kubernetes. Kubernetes is our base layer, and the paved path is a combination of conventions, tools, and configurations built on top of it.

Services that typically run using the paved path include web apps, compute pipelines, batch processors, and monitoring systems.

Kubernetes is the base layer of the paved path, running in multi-cluster, multi-region topologies.

GitHub has hundreds of services, from small internal tools to external APIs supporting production workloads. For various reasons, starting a virtual machine for each service is inefficient.

• Capacity usage planning and capacity usage across all services is not efficient. Continuously managing both physical and Kubernetes infrastructure creates a lot of overhead.
• Teams have to build deep expertise to manage their own Kubernetes clusters and have less time to focus on application-specific needs.
• Reduces centralized visibility of applications.
• Standardizing and enforcing security and compliance is difficult.

A paved path based on Kubernetes and other runtime apps instead allows you to:

• By centrally planning capacity for Kubernetes nodes only, small and large workloads coexist on the same machine, making optimal use of capacity across nodes.
• Scale quickly with centralized capacity planning.
• Easily manage the configuration and deployment of your entire service with one central control plane.
• Consistently provide insight into app and deployment performance of individual services.

On GitHub, deploy branches and run deployments through the Hubot ChatOps command.To deploy a branch named bug-fixes in the monalisa-app the repository staging In this environment, developers run ChatOps commands such as:

hubot deploy monalisa-app/bug-fixes to staging

This will trigger a deployment that picks up the Docker image associated with the latest commit. bug-fixes Create branches, update Kubernetes manifests, and apply those manifests to clusters in the runtime platform relevant to that environment.

Docker images are typically deployed to multiple Kubernetes clusters across multiple geographic sites within a region that form part of the runtime platform.

The security of the platform itself and the services running within it is important to any company. In addition to practices throughout engineering, such as requiring all pull his requests to be reviewed by two of her, we also have security and platform teams that automate security measures such as:

The entire deployment process looks like this:

1. A GitHub engineer merges the pull request into a branch within the repository. In the example above, bug-fixes branch of monalisa-app repository. This repository also contains a Kubernetes manifest template file for deploying your application.
2. Merging a pull request triggers the associated CI workflow. One of them is building a Docker image. It builds a container image based on the Dockerfile specified in the repository and pushes the image to the internal artifact registry.
3. After all CI workflows have completed successfully, the engineer initiates the deployment by running a ChatOps command such as: hubot deploy monalisa-app/bug-fixes to staging. This will trigger deployments to environments such as: Staging.
4. The build system fetches the Kubernetes manifest file from the repository branch, replaces the latest deployed image from the artifact registry, injects app secrets from the secret store, and performs some custom operations. At the end of this stage, you will have a ready-to-deploy Kubernetes manifest available.
5. The deployment system then applies the Kubernetes manifests to relevant clusters and monitors the rollout status of new changes.

GitHub’s internal paved path allows GitHub developers to focus less on infrastructure and more on building services and delivering value to users. We do this by giving his GitHub engineers a streamlined path to harnessing the power of containers and Kubernetes. Scalable security, authentication and authorization mechanisms. And the GitHub.com platform itself.