Declarative continuous deployment for your Kubernetes workloads

Mountains
Mountains
Photo by Jeremy Bishop on Unsplash.

Argo CD is an extremely popular declarative, GitOps-based continuous delivery tool. It is an open source tool and part of the Cloud Native Computing Foundation (CNCF).

It is effortless to install and set up, and it offers various features and a jazzy UI to manage all your application requirements. In addition, the tool is Kubernetes-aware and helps you implement GitOps by continuously syncing your Kubernetes resource manifests from Git to your Kubernetes cluster.

Why Argo CD?

It allows teams to achieve GitOps, which has the following principles:

  • Git is the single source of truth.
  • Git is the single place to operate all environments…


The new serverless solution using the friendly Kubernetes API

Plane taking off
Plane taking off
Photo by Ivan Diaz on Unsplash.

We are at a historic juncture at the moment. Google has attempted to put a serverless solution behind a friendly Kubernetes API. It recently launched GKE Autopilot, which offers us a serverless option while running the popular managed Kubernetes solution.

So, instead of launching a GKE cluster with worker nodes within your Google Cloud environment, you can now offload all the management hassle to Google’s SREs and focus entirely on your application while using the friendly Kubernetes API.

That means you don’t have to work around anything within your applications and can use the serverless solution with ease. Plus, you…


Run a vulnerability scanner on your container images within CI/CD pipelines

Star Wars lego figurines
Star Wars lego figurines
Photo by Daniel Cheung on Unsplash.

With the advent of the cloud and container orchestrators, containers are becoming more commonplace. Docker is one of the most popular container runtimes that we use, and Docker images are everywhere. However, as it is a relatively new technology — and with the increased focus on shift-left — container security is a hot topic.

Most enterprises focus on runtime container security. However, sometimes the containers themselves have a vulnerability at build time that goes undetected to the untrained eye.

Containers use layers, and most containers are built from third-party base images that are available on Docker Hub. So, even if…


Do Infrastructure and Config As Code the right way

Clouds
Clouds
Photo by Łukasz Łada on Unsplash.

For most DevOps professionals, creating a VM usually consists of spinning it up on a cloud using Terraform and then using a config management tool (e.g. Ansible or Puppet) or a bootstrap script (e.g. cloud-init) to convert the raw Virtual Machine to a purposeful server.

We all have been doing it for a long time and it works for most cases, but it comes with some drawbacks.

I will give you an example from personal experience. We have a horizontally scalable web server running on GCP using managed instance groups (MIG). …


What’s the change, who’s impacted, how does one migrate, and why it isn’t a reason to panic?

A flow chart: Kubelet > Dockershim > Docker Engine > Containerd > Containers
A flow chart: Kubelet > Dockershim > Docker Engine > Containerd > Containers
Image by the author

Like most of us have heard, Kubernetes is deprecating Docker as a runtime from v1.20 in favour of runtimes using the Container Runtime Interface (CRI), such as containerd and CRI-O.

It isn’t a reason to panic, though. First of all: it’s a deprecation — i.e., you’ll start getting a warning from v1.20, so you aren’t immediately impacted. You still have a full year to come up with a plan, as Docker will be unsupported at v1.22, which they’ll roll out in late 2021.

Even if you aren’t ready by that time, you can choose to not upgrade to v1.22 until…


A guide to Sidecar, Ambassador, and Adapter patterns with hands-on examples

Photo by Tevin Trinh on Unsplash

A Kubernetes Pod is the basic building block of Kubernetes. Comprising of one or more containers, it is the smallest entity you can break Kubernetes architecture into.

When I was new to Kubernetes, I often wondered why they designed it so. I mean why containers did not become the basic build block instead. Well, a bit of doing things in the real environment and it makes more sense now.

So, Pods can contain multiple containers, for some excellent reasons — primarily, the fact that containers in a pod get scheduled in the same node in a multi-node cluster. …


Enforce Kubernetes best practices for your organisation with CRD

Aerial view of highway
Aerial view of highway
Photo by Denys Nevozhai on Unsplash.

Kubernetes has been able to revolutionise the cloud-native ecosystem by allowing people to run distributed applications at scale. Though Kubernetes is a feature-rich and robust container orchestration platform, it does come with its own set of complexities. Managing Kubernetes at scale with multiple teams working on it is not easy, and ensuring that people do the right thing and do not cross their line is difficult to manage.

Kyverno is just the right tool for this. It is an open source, Kubernetes-native policy engine that helps you define policies using simple Kubernetes manifests. It can validate, mutate, and generate Kubernetes…


Comprehensive runtime security for your containers with a hands-on demo

View of nature from inside a tent
View of nature from inside a tent
Photo by Dominik Jirovský on Unsplash.

Falco is an open source runtime security tool that can help you to secure a variety of environments. Sysdig created it and it has been a CNCF project since 2018. Falco reads real-time Linux kernel logs, container logs, Kubernetes logs, etc. against a powerful rules engine to alert users of malicious behaviour.

It is particularly useful for container security — especially if you are using Kubernetes to run them — and it is now the de facto Kubernetes threat detection engine. It ingests Kubernetes API audit logs for runtime threat detection and to understand application behaviour.

It also helps teams…


Rolling updates, recreates, ramped rollouts, canary deployments, and more

Spaceship lifting off.
Spaceship lifting off.
Photo by Bill Jelen on Unsplash.

Deployment resources within Kubernetes have simplified container deployments, and they are one of the most used Kubernetes resources. Deployments manage ReplicaSets, and they help create multiple deployment strategies by appropriately manipulating them to produce the desired effect.

Surprisingly, deployments only have two Strategy types: RollingUpdate and Recreate.

While RollingUpdate is the default strategy where Kubernetes creates a new ReplicaSet and starts scaling the new ReplicaSet up and simultaneously scaling the old ReplicaSet down, the Recreate strategy scales the old ReplicaSet to zero and creates a new one with the desired replicas immediately.

That does not limit Kubernetes’ ability, though, for…


Understanding KinD with a hands-on example

Pipelines.
Pipelines.
Photo by Krish Gandhi on Unsplash.

Setting up a Kubernetes cluster is getting simpler with time. There are several turnkey solutions available in the market, and no one currently does it the hard way!

Notably, Minikube has been one of the go-to clusters for developers to get started with development and testing their containers quickly. While Minikube currently supports a Multi-node cluster in an experimental phase, it isn’t GA yet.

Therefore, this becomes a limitation for integration and component testing, and most organisations rely on cloud-based managed Kubernetes services for that.

Integrating Kubernetes in the CI/CD pipeline and doing a test requires multiple tools, such as…

Gaurav Agarwal

Author of Modern DevOps Practices — https://amzn.to/3rGFwii| Certified Kubernetes Administrator | Cloud Architect | Connect @ https://gauravdevops.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store