Running OpenAI in Kubernetes

Using the OpenAI API with Python is a powerful way to incorporate state-of-the-art natural language processing capabilities into your applications. This blog post provides a step-by-step walk through for creating an OpenAPI account, obtaining an API key, and creating a program to perform queries using the OpenAI API. Additionally, an example demonstrating how to create a podman image to run the code on Kubernetes is provided.

Creating an OpenAI Account and API Key

Before building the code, create an OpenAI account and obtain an API key. Follow these steps:

Go to the OpenAI website.
Click on the “Sign up for free” button in the top right corner of the page.
Fill out the registration form and click “Create Account”.
Once an account has been created, go to the OpenAI API page.
Click on the “Get API Key” button.
Follow the prompts to obtain a API key.

Installing Required Packages

To use the OpenAI API with Python, install the OpenAI package. Open a command prompt or terminal and run the following command:

pip install openai

Using the OpenAI API with Python

With the OpenAI account and API key, as well as the required packages installed, write a simple Python program. In this example, create a program that generates a list of 10 potential article titles based on a given prompt.

First, let’s import the OpenAI package and set our API key:

import openai
openai.api_key = "YOUR_API_KEY_HERE"

Next, define the prompt:

prompt = "10 potential article titles based on a given prompt"

Now use the OpenAI API to generate the list of article titles:

response = openai.Completion.create(
    engine="text-davinci-002",
    prompt=prompt,
    max_tokens=50,
    n=10,
    stop=None,
    temperature=0.5,
)
titles = [choice.text for choice in response.choices]

Let’s break this down:

engine="text-davinci-002" specifies which OpenAI model to use. This example uses the “Davinci” model, which is the most capable and general-purpose model currently available.
prompt=prompt sets the prompt to our defined variable.
max_tokens=50 limits the number of tokens (words) in each generated title to 50.
n=10 specifies that we want to generate 10 potential article titles.
stop=None specifies that we don’t want to include any stop sequences that would cause the generated text to end prematurely.
temperature=0.5 controls the randomness of the generated text. A lower temperature will result in more conservative and predictable output, while a higher temperature will result in more diverse and surprising output.

The response variable contains the API response, which includes a list of choices. Each choice represents a generated title. This will extract the generated titles from the choices list and store them in a separate titles list.

Finally, print out the generated titles:

for i, title in enumerate(titles):
    print(f"{i+1}. {title}")

This will output something like:

10 Potential Article Titles Based on a Given Prompt
The Top 10 Articles You Should Read Based on This Prompt
How to Come Up with 10 Potential Article Titles in Minutes
The Ultimate List of 10 Article Titles Based on Any Prompt
10 Articles That Will Change Your Perspective on This Topic
How to Use This Prompt to Write 10 Articles Your Audience Will Love
10 Headlines That Will Instantly Hook Your Readers
The 10 Most Compelling Article Titles You Can Write Based on This Prompt
10 Article Titles That Will Make You Stand Out from the Crowd
The 10 Best Article Titles You Can Write Based on This Prompt

And that’s it! You’ve successfully used the OpenAI API to generate a list of potential article titles based on a given prompt.

Creating a Podman Image to Run on Kubernetes

To run the program on Kubernetes, create a podman image containing the necessary dependencies and the Python program. Here are the steps to create the image:

Create a new file called Dockerfile in a working directory.
Add the following code to the Dockerfile:

FROM python:3.8-slim-buster
RUN pip install openai
WORKDIR /app
COPY your_program.py .
CMD ["python", "your_program.py"]

This file tells Docker to use the official Python 3.8 image as the base, install the openai package, set the working directory to /app, copy your Python program into the container, and run the program when the container starts.

To build the image:

Open a terminal or command prompt and navigate to a working directory.
Build the image by running the following command:

podman build -t your_image_name .

Replace “image_name” with the name for the image.

To run the image:

podman run image_name

This will start a new container using the image created and subsequently run the program created above.

Verify the image runs and spits out what the desired output. Run it on a Kubernetes cluster as a simple pod. There are two ways to accomplish this in Kubernetes, declaratively or imperatively.

Imperative

The imperative way is quite simple:

kubectl run my-pod --image=my-image

This command will create a pod with the name “my-pod" and the image “my-image".

Declarative

The declarative way of creating a Kubernetes pod involves creating a YAML file that describes the desired state of the pod and using the kubectl apply command to apply the configuration to the cluster.

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
    - name: my-container
      image: my-image

Save it as “my-pod.yaml”

Outside of automation running this on the Kubernetes cluster from the command line can be accomplished with:

kubectl apply -f my-pod.yaml

This command will create a pod with the name “my-pod" and the image “my-image". The -f option specifies the path to the YAML file containing the pod configuration.

Obviously this is quite simple and there’s plenty of ways to accomplish running this code in Kubernetes as a deployment or replicaset or some other method.

Congratulations! Using the OpenAI API with Python and creating a podman image to run a program on Kubernetes is quite straightforward. With these tools available. Incorporating the power of natural language processing into your applications is both straightforward and very powerful.

By John • April 12, 2023

Read More →

Securing cloud native containers

Security, in and of itself, is a broad topic. Container security adds yet another facet to the already nebulous subject of security.

Security, in and of itself, is a broad topic. Container security adds yet another facet to the already nebulous subject of security. In a lot of enterprises today security is first and foremost and the process for securing applications continues to shift left, meaning security is moving to be integrated earlier into the development process. This post will focus on some of the high level tasks and automations developers and operators can implement to mitigate risk.

The issues.

Misconfiguration

The #1 security risk in any cloud native environment is misconfiguration. How do operators know if what they are deploying is secured properly? In a lot of cases, deployments are left insecure for long periods of time without anyone noticing. This is a massive problem, especially for new technologies such as Kubernetes.

Software Defects

Another security risk is software bugs. Every day new vulnerabilities are found in software. Some of the vulnerabilities are minor, but increasingly the discoveries constitute a potentially critical issue when deploying software to a public facing system. Vulnerabilities are “what is known”. There is a signature for each of the known vulnerabilities which can be used to scan software.

However, “you don’t know what you don’t know”. Keep in mind many defects exist which are not known. These are the zero-day vulnerabilities.

Defense-in-depth

Scanning

Scanning software for known vulnerabilities is an absolute must have in any defense-in-depth strategy. However, even the best scanning tools have unknown vulnerabilities (or known limitations). The best defense is offense so creating a system where your container images go through multiple scanners is always a good strategy.

It is important to scan at many different points in the development process and also continually when in production. Any change could potentially be a breach. It is also very important to have layers which would support the other layers if a layer is permeable. Impervious security requires layers and your goal as a security architect is to create impervious security. Read on for other layers.

Network visualization

“It starts and ends with the network”. Kubernetes, being the orchestrator of choice for cloud native deployments, attempts to keep things simple which has lead to a number of CNIs (container network interface) to give platform engineering many choices when deploying workloads. Having something to visualize the network is important, especially when you can act upon those connections. NeuVector provides these capabilities. Being able to quarantine a pod or take a packet capture is key to ensuring continuous protection against unknown attacks and for any required forensics.

Data protection

Many different regulations apply to data for enterprises. Being able to provide audit reports for specific data regulations is massively important for HIPAA or PCI DSS. Being able to provide reporting for SOC2 compliance may be important. If your tool cannot “see” into the packet before it traverses the kernel, then it cannot prevent data from crossing a “domain” or prevent sensitive information from being leaked.

WAF

A lot of cloud native security tools have the ability to block layer 3 packets. Very few have true layer 7 capabilities. Being able to manage traffic at layer 7 is critical to anyone who is running applications on Kubernetes. Layer 7 is where a lot of unknown vulnerabilities are stopped, but only if the tool can look into the application packet before it traverses the kernel. This is the important point. Once the packet crosses the kernel you are compromised. Use a tool which will learn your workloads behavior. This behavior is the workloads signature and would be the ONLY traffic allowed to traverse the network.

Wrapping it up

Security is the highest scoring word in buzzword bingo these days. Everyone wants to ensure their environments are secure and it takes specialized tools for specific platforms. Don’t use the perimeter firewall as a Kubernetes firewall…it simply will not suffice for complete security inside a Kubernetes cluster. Use a tool which can watch every packet and the data inside every packet ensuring only packets with your workloads signature and nothing else traverses the network. One that allows for visualization of the network along with the traditional scanning, admission control, and runtime security requirements every cloud native implementation requires.

By John • April 5, 2023

Read More →

Knowledge spew on GitOps

In working with a handful of customers the concept of GitOps continues to resonate more and more. Let us dive into a brain dump of some of the conversations related to GitOps and how these customers tackled the task at hand.

First thing to remember is these customers are not massive. They are rather common actually. A Gartner defined “medium-sized” enterprise. Keep in mind these customers have the same issues as the giant enterprises just at a different scale.

In every case there was a user story. At a high level, a common theme was the need to roll out updates to a specific application regularly enough to find ways to entice the consumer to purchase a widget of some sort. Ok, A/B testing. Simple enough.

Each of the customers were in different maturity levels when it came to development processes, kubernetes knowledge, and devops methods. However they all have one thing in common…the need to deliver an application to their customer base on a deadline and continuously improve the application based on user feedback. All three of them were successful in meeting their self imposed deadlines. How?

Simple. Every one of them came together, ironed out a plan, and implemented the plan. The interesting part, every one of them already knew how to get the product to market. All they needed was a bit of guidance on how to overcome obstacles and get shit done. How?

Step one. Define the top of the mountain, the finish line, the end result.
Step two. The project leads built out a high level timeline from end to beginning.
Step three. All of the team members came together to build out the task teams.
Step four. Each of the teams built out their respective timeline for contribution.
Step five. Build.

Now how does this relate to GitOps? GitOps was the pivotal methodology to get it done. The pipeline was built with all of the parts in mind. If you recall the DevOps “infinity loop“, the key is to use that and combine it with the OODA loop decision model. The combination creates a very powerful decision making framework facilitating agile development with constant improvement. Sound simple? It’s not. It is in theory, but the implementation is like a relationship. Everything is great when dating, but the hard work is when dating turns to marriage. Same goes for creating a product. Designing the product, what it needs to do, all of the moving parts is fun. The real work comes in when the first working build is complete.

This is where GitOps shines. The developers build things, test locally, and commit. The pipelines move it through the process and all of the other teams contribute to each part in this machine. If one part breaks down, the other work stops to crowdsource the problem. The problem is fixed and the machine continues on. GitOps is the magical fairy dust. What about the technology?

The technology is rather mundane actually. Git. A code repository. A CI/CD pipeline. A build system. A test harness. A deployment platform. Git…the tools of choice are Github or Gitlab. Github is pretty slick, but Gitlab will allow for running locally in small environments building closed source deliverables. Each has a pipeline mechanism or there are many other tools such as Texton, Argo, CircleCI and many others with various features depending on what was needed. For build systems, many exist and again each as features as needed. However the deployment platform consistently remains the same, Kubernetes.

Building deploy-able applications at scale is hard. There are many other moving parts, processes, tools, etc. in play. However one thing stands out in all of these engagements…give the right people who have the will to succeed the skills needed to succeed and the execution part will look easy.

It is always fun to be a part of something, but its most precious reward is being able to step away and watch the machine run on it’s own.

That’s the end of this spew. It went everywhere…maybe it’s more like a sneeze.

Peace out.

By John • February 14, 2023

Read More →

A chat with the GPT about DevOps.

The 1st prompt to set the stage

Me: Tell me why the Devops methodology works the best for cloud native application development. Explain as if you know nothing about development.

chat.openai.com: DevOps is a method of working where development and operations teams collaborate closely to deliver software and systems more efficiently. This approach works well for cloud native application development because it allows for faster and more frequent updates to be made to the application, which is important when working in a cloud environment. Additionally, the focus on automation and testing in DevOps helps to ensure that the application is stable and reliable, which is critical when running in a cloud environment where resources can be scaled up or down as needed. This can help to minimize downtime and ensure that the application is always available to users. Overall, DevOps helps to make the development and delivery of cloud native applications more efficient and reliable.

The 2nd prompt

Me: Explain why AI is important to devops

chatgpt.openai.com: AI (Artificial Intelligence) can be beneficial to DevOps in several ways. One of the main ways that AI can help is by automating certain tasks and processes. For example, AI can be used to automatically detect and diagnose problems in the system, which can help to reduce downtime and improve overall system reliability. Additionally, AI can be used to perform predictive maintenance, which can help to identify potential issues before they occur, allowing them to be addressed before they cause problems.

AI can also be used to improve the performance of the system. For example, it can be used to optimize resource allocation, such as scaling up or down the number of servers as needed to meet changing demand, which can help to improve the efficiency and cost-effectiveness of the system.

AI can also be used to improve the security of the system. For example, it can be used to detect and prevent security threats, such as intrusion attempts, by using machine learning algorithms to identify and respond to abnormal behavior.

Overall, AI can help to improve the speed, efficiency, reliability, performance, and security of DevOps processes, which can help organizations to deliver applications and services more quickly and effectively.

The 3rd prompt

Me: and why is automation a key concept in devops

chat.openai.com: Automation is a key concept in DevOps because it allows for the efficient and consistent execution of repetitive tasks and processes. By automating these tasks, organizations can reduce the risk of human error, increase the speed and accuracy of their work, and free up human resources to focus on more strategic and value-added activities.

In the context of software development, automation can be used to automate tasks such as testing, building, and deploying code. For example, automated testing can help to ensure that the code is working as expected and is free of bugs, while automated building and deployment can help to speed up the process of getting code into production.

In the context of infrastructure management, automation can be used to automate tasks such as provisioning, scaling, and monitoring of resources. For example, automation can be used to automatically spin up new servers as needed to handle increased traffic, and automatically scale back resources when they are no longer needed. This can help to optimize resource utilization and reduce costs.

Overall, automation is important in DevOps because it helps to increase the speed, efficiency, and reliability of the development and delivery process, which can help organizations to deliver applications and services more quickly and effectively.

Wrapping up

Interesting conversation. Instead of a big instruction set, I literally chatted with chat.openai.com. It did manage to describe DevOps fairly well and even though the prose was not exactly advanced chat.openai.com did get the point across based on my prompts. It appears the prose was actually prompted by how the questions were asked. Simple questions, simple responses. Had the questions been more eloquent the responses seem as if they would follow suit. Need to test out that theory next. What fun. Stay tuned.

By John • February 14, 2023

Read More →

Declarative vs Imperative in Kubernetes

To be declarative or to be imperative?

Kubernetes is a powerful tool for orchestrating containerized applications across a cluster of nodes. It provides users with two methods for managing the desired state of their applications: the Declarative and Imperative approaches.

The imperative approach

The Imperative approach requires users to manually issue commands to Kubernetes to manage the desired state of their applications. This approach gives users direct control over the state of their applications, but also requires more manual effort and expertise, as well as a more in-depth understanding of Kubernetes. Additionally, the Imperative approach does not provide any version control or rollback capabilities, meaning that users must be more mindful of any changes they make and take extra care to ensure they are not introducing any unintended consequences.

A simple set of imperative commands to create a deployment

To create a Kubernetes deployment using the Imperative approach, users must issue the following commands:

Create a new deployment named my-deployment and use the image my-image:

kubectl create deployment my-deployment --image=my-image

Scale the deployment to 3 pods:

kubectl scale deployment my-deployment --replicas=3

Declarative approach

In the Declarative approach, users express their desired state in the form of Kubernetes objects such as Pods and Services. These objects are then managed by Kubernetes, which ensures that the actual state of the system matches the desired state without requiring users to manually issue commands. This approach also provides version control and rollback capabilities, allowing users to easily revert back to a previous state if necessary.

Below is an example Kubernetes deployment yaml (my-deployment.yaml) which can be used to create the same Kubernetes deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
  labels:
    app: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: my-image:latest
        ports:
        - containerPort: 80

To create or update the deployment using this yaml, use the following command:

kubectl apply -f my-deployment.yaml

Infrastructure as Code

The primary difference between the Declarative and Imperative approaches in Kubernetes is that the Declarative approach is a more automated and efficient way of managing applications, while the Imperative approach gives users more direct control over their applications. Using a Declarative approach to Kubernetes gives rise to managing Infrastructure as Code which is the secret sauce in being able to maintain version control and rollback capabilities.

In general, the Declarative approach is the preferred way to manage applications on Kubernetes as it is more efficient and reliable, allowing users to easily define their desired state and have Kubernetes manage the actual state. However, the Imperative approach can still be useful in certain situations where direct control of the application state is needed. Ultimately, it is up to the user to decide which approach is best for their needs.

By John • February 10, 2023

Read More →

Using a dev container in VSCode

How to Use Dev Containers in VSCode

Dev containers are a powerful tool for developers to use when coding, testing, and debugging applications. VSCode provides an integrated development environment (IDE) for developers to use when working with dev containers. This guide will show you how to get started with dev containers in VSCode and how to use them to your best advantage.

Install the Remote – Containers extension
Create a dev container configuration file
Launch the dev container
Connect to the dev container
Start coding!

Installing the Remote – Containers Extension

The first step to using dev containers is to install the Remote – Containers extension. This extension allows you to create dev container configurations and launch them from within VSCode. To install the extension, open the Extensions panel in VSCode and search for Remote – Containers. Click the ‘Install’ button to install the extension. After installation, you will need to restart VSCode for the extension to take effect.

Creating a Dev Container Configuration File

Once the Remote – Containers extension is installed, you can create a dev container configuration file. This file will define the environment for your dev container. For example, you can define the programming language, libraries, and other settings for your dev container. You can also specify a base image to be used by the dev container, such as a Linux or Windows image.

Example Dev Container Configuration File

Below is an example of a dev container configuration file. This configuration file specifies a base image of Ubuntu 18.04, a programming language of Python, and a library of TensorFlow.

{
    "name": "example-dev-container",
    "dockerFile": "Dockerfile",
    "settings": {
        "terminal.integrated.shell.linux": "/bin/bash"
    },
    "remoteUser": "devuser",
    "forwardPorts": [],
    "mounts": [],
    "image": {
        "name": "ubuntu:18.04",
        "remote": false
    },
    "workspaceMount": "/workspace",
    "runArgs": [
        "-v",
        "/workspace:/workspace",
        "-it",
        "--rm",
        "python:3.7.5-stretch"
    ],
    "extensions": [
        "ms-python.python"
    ],
    "libraries": [
        "tensorflow"
    ],
    "postCreateCommand": "",
    "remoteType": "wsl"
}

Launching the Dev Container

Once your dev container configuration file is created, you can launch the dev container. To do this, open the Remote – Containers view in VSCode. You should see your dev container configuration file listed. Click the Launch button to start the dev container. Once the dev container is launched, you will be able to access a terminal window, allowing you to control the dev container.

Connecting to the Dev Container

Once the dev container is running, you can connect to it. To do this, open the Remote – SSH view in VSCode. You should see your dev container listed. Click the Connect button to connect to the dev container. Once connected, you will be able to access the dev container’s terminal window and run commands.

Start Coding!

Now that you’ve connected to the dev container, you can start coding! You can use the integrated development environment (IDE) to write, debug, and test your code. This allows you to work on your project within the dev container, without the need for additional setup. Once you’re done, you can close the dev container and move on to the next project.

By John • February 9, 2023

Read More →

Becoming Successful in DevOps: A Beginners Guide

Where to start

As a platform engineer, you will be tasked with ensuring that software projects run smoothly and efficiently. This includes managing all of the various components needed to develop and launch an app or system.

This may include choosing your development platform, setting up servers for hosting, finding vendors for integrations, and more. Beyond just technology, there are also time-management strategies to manage your day.

As you can imagine, being a part of this team comes with its own set of challenges and responsibilities. Being a senior member of the team takes some work — but it is totally worth it!

Being a senior developer means that you know what’s going on technologically, and you’re able to teach others that knowledge. You’ll have the opportunity to make an impact by helping other engineers get things done effectively.

It’s also important to remember that not everyone has a career in tech like you do, so don’t feel like you need to take over every task.

Plan your career

As mentioned earlier, being a successful platform engineer is more than just knowing how to work in different environments having separate and distinctly different conversations with various people about what tools you use for each environment, and how to manage your time effectively between projects and departments. It also means planning your career ahead of time.

Most experienced devs will tell you that it’s impossible to become a senior developer without first becoming a team lead or manager. This makes sense, because you need to establish relationships within the department and organization that depend on you for leadership, guidance, and resources.

And since most tech companies are moving towards agile project management systems like Scrum, you need to be able to facilitate those meetings, talk about logistics, and make sure everyone has everything they need to complete their assignments on schedule.

All of these things require someone who leads by example, sets appropriate priorities, and keeps people motivated so that they feel comfortable coming to you for help when needed. You can’t expect anyone lower up the chain-of-command to do this if they don’t see you putting in the effort into developing your leadership skills.

It’s totally normal to want to move up the ladder, but making changes to your position requires proving that you’re capable of doing so while still keeping quality control over your tasks and setting realistic deadlines.

Create a good work-life balance

Being a platform engineer means having close relationships with other people in your organization that depend on you for success, so make sure you are not overworking yourself.

It is important to enjoy what you do for a living, and staying motivated requires finding time to unwind and relax. You can’t expect to be passionate about your job if you don’t take care of yourself outside of work.

You need to recognize that it takes a lot out of you, both physically and mentally, and give yourself breaks to keep up momentum. Take frequent vacations, organize social events outside of work, and try to limit how many hours you spend working every day.

In addition to taking care of yourself, use the same energy you put into your career on your personal life to promote healthy relationships and friendships.

Having friends who treat you well will help you feel more balanced and confident in your position, and they will help you stay happier at home. Try to meet someone new once a week, if possible, to maintain strong ties with family members and colleagues.

Be a creative thinker

As a platform engineer, you will be tasked with many different projects and responsibilities. This can make it hard to know what your next job is! As such, being able to think outside of the box and brainstorm new ideas and solutions to current issues is important.

You will have to use your creativity to figure out how to best solve these problems.

A great way to hone this skill is by taking part in various tech events or masterclasses. You may even get chance to present your own project or idea!

By attending events like these, not only do they give you knowledge about the field, but also lots of opportunities to improve yourself professionally.

Stay up-to-date with technology

As a platform engineer, you will be tasked with keeping up with new technologies. This is not only important for your career, but also to satisfy users’ demands for quality services they can rely on.

As more companies implement automation via software or robotics, there are always new tools being used for this process. You will need to know what these tools are and how to use them.

You will also have to stay up-to-date with the ever-evolving practices in both development and operations. For example, when developers adopt newer agile methodologies like scrum, you must understand why that approach is better than the traditional waterfall model.

Likewise, understanding lean startup methodology means knowing why it works and if it applies to your organization. These concepts help bring down the overhead of launching an app by reducing the number of steps needed to get things going.

By staying informed about such developments, you will make sure apps launch as quickly as possible while still meeting standards.

Be a good leader

As a platform engineer, you will be in charge of many different departments within your organization. You can expect that not every department in your own company or others you work with have strong leadership qualities.

If this is something that worries you, don’t worry! It’s totally normal.

It takes time to develop leadership skills, but you are never too young or old to learn them.

You can always look to those around you for examples of how to lead and learn from their mistakes. There are several books and courses available online and through educational institutions that focus on developing leadership abilities.

There are also mentorship programs where experienced leaders share knowledge and resources with younger people. By being part of these groups, you could gain some valuable lessons yourself.

Be a good team member

As a platform engineer, your success will depend on how well you collaborate with others. You can’t have successful collaborations if one party is constantly trying to get their way or take over the process.

This isn’t helpful for anyone involved in the project, and it won’t set well with leadership either. Make every effort to work with people around you using sound reasoning and evidence, and keep discussions focused on topics that are productive and positive.

Avoid gossip unless you want to deal with a lot of resentment later, and be willing to go beyond what is practical or appropriate to help someone feel better about themselves or the situation.

By John • February 8, 2023

Read More →

Creating a pipeline in Gitlab

Creating a pipeline in Gitlab is a great way to deploy applications to various environments. It allows you to automate the process of building, testing, and deploying your application. With Gitlab, you can define a pipeline that consists of a series of stages, which can include tasks such as building the application, running tests, and deploying the application. By leveraging the power of a pipeline, you can ensure that your application is deployed quickly, efficiently, and with minimal hassle. This guide will walk you through the steps to create a pipeline in Gitlab, with code examples.

Step 1: Creating a New Project

To start a new pipeline, you will first need to create a new project in Gitlab. To do this, you can go to Projects > New Project and fill out the form.

Step 2: Creating the Pipeline

Once the project is created, you can go to CI/CD > Pipelines and create a new pipeline. You will be able to define the stages and tasks for the pipeline, and even add code snippets to configure the pipeline. Here is an example of a simple pipeline:

stages:
  - build
  - test
  - deploy

build:
  stage: build
  script:
    - npm install
    - npm build

test:
  stage: test
  script:
    - npm test

deploy:
  stage: deploy
  script:
    - npm deploy

Step 3: Running the Pipeline

Once you have created the pipeline, you can run it by going to CI/CD > Pipelines and clicking the “Run Pipeline” button. This will execute the pipeline, and you can check the progress of the pipeline in the pipeline view.

Step 4: Troubleshooting

If you encounter any issues while running the pipeline, you can click on the pipeline to open up the pipeline view. Here, you will be able to view the log output of each stage, and debug any issues that may be occurring.

Conclusion

Creating a pipeline in Gitlab is a great way to easily deploy applications to various environments. By leveraging the power of a pipeline, you can ensure that your application is deployed quickly, efficiently, and with minimal hassle. This guide has walked you through the steps to create a pipeline in Gitlab, with code examples.

By John • February 8, 2023

Read More →

Using CI/CD pipelines in Kubernetes explained

Building efficient development pipelines in Kubernetes requires the right tooling, a lot of planning, and a good understanding of your development processes.

To quickly build and deliver robust products and benefit from automation and efficient collaboration, the software team relies on continuous integration/continuous delivery (CI/CD) pipelines. Implementing CI/CD for cloud native applications makes delivery cycles more robust while streamlining the development and deployment workflow.

Let’s talk about the key components of a CI/CD pipeline, how to optimize these pipelines and some recommended best practices and tools.

What Makes an efficient CI/CD Pipeline

The Kubernetes platform and CI/CD workflows both aim to improve software quality, as well as automate and boost development velocity. So companies benefit from having CI/CD pipelines to use with Kubernetes.

The following are some key components of a Kubernetes-based CI/CD pipeline:

Containers help achieve encapsulation of application components while enabling seamless integration through runtimes.
Operating clusters deploy the containers for your software build once the CI/CD tool approves the containers.
Configuration management stores all details related to the infrastructure setup and identifies any newly introduced change in the system.
A version control system (VCS) is a unified source code repository that maintains code changes. This generates the trigger for a CI/CD tool to start the pipeline whenever a new change is pushed into its repository.
Image registries store container images.
Security testing and audits maintain the equilibrium between rapid development and security of the application by ensuring the pipelines are free from potential security threats.
Continuous monitoring and observability allow developers to obtain actionable insights and metrics by providing complete visibility into the application life cycle.

Key Considerations to Make Your Pipeline Effective

CI/CD sits at the core of DevOps practice, enabling a sustainable model to streamline and accelerate production releases. A comprehensive understanding of the workflow is fundamental to building an effective CI/CD pipeline, along with evaluating the enterprise requirement to help choose the right framework.

Below are some key considerations for making your pipeline effective:

All-in-one CI/CD tool vs. case-specific solutions: Similar to the infrastructure setup, it is crucial to diligently assess the available CI/CD tools based on use cases, technical requirements and organizational goals.
On-premises vs. managed vs. hybrid CI/CD: Each CI/CD pipeline type has its own effectiveness, depending on your requirements and infrastructure. Factors that determine the type of CI/CD pipeline to choose include ease of use, ease of setup, infrastructure and operating system support.

Code testing and validation: An effective validation and automated testing framework is one of the core components of a CI/CD pipeline. This ensures a stable build with zero code-quality issues while highlighting potential failure scenarios.
Rollbacks: These help organizations redeploy the previous stable release of an application. Implementing a diligently planned rollback mechanism in CI/CD is vital to safeguarding the application in case of failure or security incidents.

Defining a Kubernetes-Based CI/CD Pipeline

While defining a Kubernetes-based CI/CD pipeline, you can go with one of the two major paradigms below.

Push-Based Pipeline

An external system like a CI pipeline generates build triggers to deploy the changes to the Kubernetes cluster following a commit to a version control system repository in a push-based pipeline. Kubernetes cluster credentials are exposed outside the domain of the cluster in such a model.

Pull-Based Pipeline

Kubernetes operators deploy the changes from inside a cluster whenever new images are pushed to the registry in a pull-based pipeline.

Some Best Practices

Here are some recommendations for building an effective Kubernetes CI/CD pipeline. These include some useful best practices.

Avoid Hardcoding Secrets and Configurations in Containers

You should store configurations in configmap and not hardcode them in the containers. This provides the flexibility of deploying the same container in different environments without making environment-specific changes to it.

It’s also recommended to keep secrets out of containers and encrypt and store them in Kubernetes Secrets. This prevents credentials from getting exposed through a version control system in a CI/CD pipeline.

Use Helm for Deployments

Use the Helm package manager for Kubernetes application deployments to keep track of releases or logical groupings.

Enable Git-Based Workflows

To allow for all infrastructure configurations to be stored within git, CI/CD pipelines should follow a GitOps methodology. It makes infrastructure code more accessible to developers, letting them review the changes before they’re deployed.

Git also provides a unified source repository and snapshots of the cluster. These are easy for developers to refer to as needed and recover the application to the last stable state in the case of failure.

Use Canary/Blue-Green Deployment Patterns

Parallel to the running production instances, running a blue-green pattern of instances lets you test changes and switch over traffic when testing is complete, eliminating the need for downtime during deployment.

Cache and Reuse Container Images

Use caching and reuse features of Docker container images to minimize container build times and reduce the risk of introducing defects into the newly built container image.

Tools for Kubernetes CI/CD Pipelines

All-in-One CI/CD Tools

GitHub Actions is an open source CI/CD tool that supports automated build, test and deployment pipelines. It is the preferred CI/CD platform when the source code repository is GitHub.

GitLab CI/CD facilitates the continuous build, test and deployment of software applications without the need for third-party integration. Checkout our article on implementing a Gitlab pipeline for your project.

Jenkins (including Jenkins X) is an open source, automation server that promotes CI and CD in varying levels of cluster complexity, enabling developers to automate application build, test and deployment processes seamlessly across hybrid/multicloud setups. Jenkins X is an upgraded version that facilitates automated CI/CD for cloud native containerized applications and orchestration tools like Kubernetes or Docker.

Rancher Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

CI Tools

Circle CI is a cloud-based CI tool that uses an API to facilitate automatic Kubernetes deployments. It is intensely focused on testing the new commit before deploying via various methods like unit testing, integration testing, etc. Because of its features for implementing complex pipelines with configurations like caching and resource classes, it is one of the most popular lightweight integration tools for a Kubernetes ecosystem.

Drone CI is an open source CI tool built entirely on Docker that uses a container-first approach. The plugins, components and pipeline stages of Drone are deployed and executed as Docker containers. The platform offers a wide range of flexibility for using different tools and environments for the build, but you have to integrate it with a git repository.

CD Tools

Spinnaker is an open source continuous delivery tool that integrates with multiple cloud providers. Since the platform does not rely on a GitOps model, config files can be stored in the cloud provider’s storage.

Argo CD is a declarative GitOps continuous delivery tool that is lightweight, easy to configure and purpose-built for Kubernetes. The platform considers git the source of truth, which enhances security, making access control and permission management easier to administer.

Automation and Infrastructure Configuration Tools

Terraform by Hashicorp is an open source Infrastructure as Code tool that facilitates DevOps teams’ ability to provision and manage infrastructure programmatically via configuration files.

Red Hat Ansible is an open source automation platform that enables automation for provisioning, configuration management and infrastructure deployment across cloud, virtual and on-premises environments.

Salt by Saltstack contains a robust and flexible configuration management framework, which is built on the remote execution core. This framework executes on the minions, allowing effortless, simultaneous configuration of tens of thousands of hosts, by rendering language specific state files. Unlike Ansible, Salt is agentless, relying instead on secure shell (SSH) connections to complete tasks. For a security architect, Salt is a gem!

Collaboration and Issue Management Tools

Jira is implemented by teams for software collaboration, defect tracking and work management. The tool offers customizable features like an intuitive dashboard, optimized workflows, efficient search, filtering and defect management. Jira is purpose-built to support various use cases of project management, such as capturing requirements, test case management and tracking tasks in real time.

Zendesk is a cloud-based customer support platform that enables an organization to engage with its client through different collaboration channels, including phone, email, chat and social media. Zendesk provides one easy-to-use platform for cross-functional collaboration and customer communications, thereby helping organizations to better manage customer queries and respond quickly.

Security

Open Policy Agent (OPA) is an open source policy engine that supports a high-level declarative language that lets developers specify Policy as Code. The platform is built to impose granular-level policies on different components, including CI/CD pipelines, microservices, Kubernetes clusters, etc.

Kubewarden is an open source policy engine simplifying the adoption of policy-as-code. It does not require any domain specific knowledge or new language constructs and can take existing policies, compile into WebAssembly and deploy into existing pipelines using existing processes.

Kube-bench is an open source tool used to run the CIS Kubernetes Benchmark test on Kubernetes clusters. This ensures that the Kubernetes cluster is secure and deployed according to the security recommendations in the benchmark document.

SUSE NeuVector is a fully open source end to end cloud native security platform to implement zero-trust security in containerized environments. With full support for Openshift, Kubernetes, and simple containerized workloads, SUSE NeuVector allows for complete visibility into your cloud-native network and will prevent any communication not explicitly required for an application or workload to function.

Monitoring Tools

Foresight is an observability product for CI pipelines and tests that enable secure, real-time monitoring of CI/CD pipelines. In addition to tracking metrics, traces and logs, the platform offers live debugging capabilities to facilitate quicker resolution of failures.

Prometheus/Grafana are open source, event-monitoring tools that implement a high-dimensional data model and store metrics along with timestamps in a time-series database. Prometheus ships with a flexible query language and is one of the most popular alerting systems for complex Kubernetes clusters. Based on metrics generated by Prometheus, Grafana offers built-in visualization support for efficient querying and analysis.

Summary

Delivering high-quality software at speed is not easy to sustain and scale. If you develop modern applications today, CI/CD sits at the heart of your software development process because it offers agility, reduces risks of production recessions and ensures quality. It is often considered critical to build an effective CI/CD pipeline for rapid workflow execution. Doing so requires diligent technical analysis, a generous amount of planning and choosing the right set of tools.

By John • February 8, 2023

Read More →

7 SRE tools to know today

As an SRE or platform engineer, you’re likely constantly looking for ways to streamline your workflow and make your day-to-day tasks more efficient. One of the best ways to do this is by utilizing popular SRE or DevOps tools. In this post, we’ll take a look at 7 of the most popular tools that are widely used in the industry today and explain their value in terms of how they can help make you more efficient in your day-to-day tasks.

As an SRE or platform engineer, you’re likely constantly looking for ways to streamline your workflow and make your day-to-day tasks more efficient. One of the best ways to do this is by utilizing popular SRE or DevOps tools. In this post, we’ll take a look at 7 of the most popular tools that are widely used in the industry today and explain their value in terms of how they can help make you more efficient in your day-to-day tasks.

Prometheus: Prometheus is a popular open-source monitoring and alerting system that is widely used for monitoring distributed systems. It allows you to collect metrics from your services and set up alerts based on those metrics. Prometheus is known for its simple data model, easy-to-use query language, and powerful alerting capabilities. With Prometheus, you can quickly and easily identify issues within your systems and be alerted to them before they become a problem.
Grafana: Grafana is a popular open-source visualization tool that can be used to create interactive dashboards and charts based on the metrics collected by Prometheus. It allows you to easily view the health of your systems, identify trends, and spot outliers. With Grafana, you can quickly and easily identify patterns and trends within your data, which can help you optimize your systems and improve their performance.
Kubernetes: Kubernetes is an open-source container orchestration system that allows you to automate the deployment, scaling, and management of containerized applications. It helps you to define, deploy, and manage your application at scale, and to ensure high availability and fault tolerance. With Kubernetes, you can automate many routine tasks associated with deploying and managing your applications, which frees up more time for you to focus on other important tasks.
Ansible: Ansible is an open-source automation tool that can be used to automate the provisioning, configuration, and deployment of your infrastructure. Ansible is known for its simple, human-readable syntax and its ability to easily manage and automate complex tasks. With Ansible, you can automate the provisioning and configuration of your infrastructure, which can help you save time and reduce the risk of errors.
Terraform: Terraform is a popular open-source tool for provisioning and managing infrastructure as code. It allows you to define your infrastructure as code and to use a simple, declarative language to provision and manage resources across multiple providers. With Terraform, you can automate the process of provisioning and managing your infrastructure, which can help you save time and reduce the risk of errors.
Jenkins: Jenkins is an open-source automation server that can be used to automate the building, testing, and deployment of your software. It provides a powerful plugin system that allows you to easily integrate with other tools, such as Git, Ansible, and Kubernetes. With Jenkins, you can automate many routine tasks associated with building, testing, and deploying your software, which frees up more time for you to focus on other important tasks.
GitLab: GitLab is a web-based Git repository manager that provides source code management (SCM), continuous integration, and more. It’s a full-featured platform that covers the entire software development life cycle and allows you to manage your code, collaborate with your team, and automate your pipeline. With GitLab, you can streamline your entire software development process, from code management to deployment, which can help you save time and reduce the risk of errors.

These are just a few examples of the many popular SRE and DevOps tools that are widely used in the industry today.

By John • January 10, 2023

Read More →