How we build containerized services at GitHub using GitHub

Learn about how we build containerized services that power microservices on the GitHub.com platform and many internal tools.

MV Karan
7 min readadvanced
--
View Original

Overview

The article discusses how GitHub's developer experience engineering team builds containerized services using a paved path approach that leverages Kubernetes and various automated tools. It highlights the benefits of this approach, including centralized management, rapid scaling, and enhanced security, while detailing the onboarding and deployment processes for services.

What You'll Learn

1

How to onboard a service using GitHub Apps and ChatOps commands

2

Why using a paved path for Kubernetes services improves efficiency and security

3

How to deploy services using Hubot ChatOps commands

Prerequisites & Requirements

  • Basic understanding of Kubernetes and containerization concepts
  • Familiarity with GitHub and GitHub Apps(optional)

Key Questions Answered

What tools does GitHub use for building containerized services?
GitHub uses a combination of Kubernetes, Docker, load balancers, and custom applications to create a cohesive development ecosystem for building containerized services. This infrastructure allows GitHub engineers to efficiently create, deploy, scale, debug, and run applications.
How does GitHub ensure security for its containerized services?
GitHub implements several security measures, including pre-built Docker images with security updates, automated scanning for vulnerabilities, centralized secret management, and strict branch protection policies. These practices help maintain a secure environment for services running on the platform.
What is the process for deploying a service at GitHub?
To deploy a service, a developer merges a pull request, which triggers CI workflows to build a Docker image. The deployment is then initiated through a ChatOps command, which updates Kubernetes manifests and applies them to relevant clusters, ensuring a smooth rollout across environments.
What are the benefits of using a paved path for service deployment?
Using a paved path allows for centralized capacity planning, rapid scaling, easier configuration management, and consistent performance insights across services. This approach minimizes the overhead of managing individual Kubernetes clusters for each service.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Key Actionable Insights

1
Implement a centralized deployment strategy using Kubernetes to streamline service management.
Centralized deployment reduces the complexity of managing multiple clusters and allows for better resource utilization, which is crucial for organizations with numerous microservices.
2
Utilize ChatOps commands for service onboarding and deployment to enhance developer productivity.
By automating the onboarding and deployment processes, teams can focus more on application development rather than infrastructure management, leading to faster delivery of features.
3
Adopt automated security scanning practices to maintain the integrity of your services.
Regularly scanning for vulnerabilities and managing secrets effectively helps in building a secure environment, which is essential for protecting sensitive data and maintaining compliance.

Common Pitfalls

1
Failing to centralize security practices can lead to vulnerabilities across services.
Without a unified approach to security, different teams may implement varying standards, increasing the risk of exposure to threats.
2
Overlooking the importance of capacity planning can result in resource wastage.
Not planning capacity centrally can lead to inefficient use of resources, especially when small and large workloads are mixed on the same infrastructure.

Related Concepts

Microservices Architecture
CI/CD Practices
Container Orchestration
Devops Methodologies