Let's Talk DevOps

Real-World DevOps, Real Solutions

Tag: Platform Engineer

  • Using CI/CD pipelines in Kubernetes explained

    Building efficient development pipelines in Kubernetes requires the right tooling, a lot of planning, and a good understanding of your development processes.

    To quickly build and deliver robust products and benefit from automation and efficient collaboration, the software team relies on continuous integration/continuous delivery (CI/CD) pipelines. Implementing CI/CD for cloud native applications makes delivery cycles more robust while streamlining the development and deployment workflow.

    Let’s talk about the key components of a CI/CD pipeline, how to optimize these pipelines and some recommended best practices and tools.

    What Makes an efficient CI/CD Pipeline

    The Kubernetes platform and CI/CD workflows both aim to improve software quality, as well as automate and boost development velocity. So companies benefit from having CI/CD pipelines to use with Kubernetes.

    The following are some key components of a Kubernetes-based CI/CD pipeline:

    • Containers help achieve encapsulation of application components while enabling seamless integration through runtimes.
    • Operating clusters deploy the containers for your software build once the CI/CD tool approves the containers.
    • Configuration management stores all details related to the infrastructure setup and identifies any newly introduced change in the system.
    • A version control system (VCS) is a unified source code repository that maintains code changes. This generates the trigger for a CI/CD tool to start the pipeline whenever a new change is pushed into its repository.
    • Image registries store container images.
    • Security testing and audits maintain the equilibrium between rapid development and security of the application by ensuring the pipelines are free from potential security threats.
    • Continuous monitoring and observability allow developers to obtain actionable insights and metrics by providing complete visibility into the application life cycle.

    Key Considerations to Make Your Pipeline Effective

    CI/CD sits at the core of DevOps practice, enabling a sustainable model to streamline and accelerate production releases. A comprehensive understanding of the workflow is fundamental to building an effective CI/CD pipeline, along with evaluating the enterprise requirement to help choose the right framework.

    Below are some key considerations for making your pipeline effective:

    • All-in-one CI/CD tool vs. case-specific solutions: Similar to the infrastructure setup, it is crucial to diligently assess the available CI/CD tools based on use cases, technical requirements and organizational goals.
    • On-premises vs. managed vs. hybrid CI/CD: Each CI/CD pipeline type has its own effectiveness, depending on your requirements and infrastructure. Factors that determine the type of CI/CD pipeline to choose include ease of use, ease of setup, infrastructure and operating system support.
    • Code testing and validation: An effective validation and automated testing framework is one of the core components of a CI/CD pipeline. This ensures a stable build with zero code-quality issues while highlighting potential failure scenarios.
    • Rollbacks: These help organizations redeploy the previous stable release of an application. Implementing a diligently planned rollback mechanism in CI/CD is vital to safeguarding the application in case of failure or security incidents.

    Defining a Kubernetes-Based CI/CD Pipeline

    While defining a Kubernetes-based CI/CD pipeline, you can go with one of the two major paradigms below.

    Push-Based Pipeline

    An external system like a CI pipeline generates build triggers to deploy the changes to the Kubernetes cluster following a commit to a version control system repository in a push-based pipeline. Kubernetes cluster credentials are exposed outside the domain of the cluster in such a model.

    Pull-Based Pipeline

    Kubernetes operators deploy the changes from inside a cluster whenever new images are pushed to the registry in a pull-based pipeline.

    Some Best Practices

    Here are some recommendations for building an effective Kubernetes CI/CD pipeline. These include some useful best practices.

    Avoid Hardcoding Secrets and Configurations in Containers

    You should store configurations in configmap and not hardcode them in the containers. This provides the flexibility of deploying the same container in different environments without making environment-specific changes to it.

    It’s also recommended to keep secrets out of containers and encrypt and store them in Kubernetes Secrets. This prevents credentials from getting exposed through a version control system in a CI/CD pipeline.

    Use Helm for Deployments

    Use the Helm package manager for Kubernetes application deployments ​​to keep track of releases or logical groupings.

    Enable Git-Based Workflows

    To allow for all infrastructure configurations to be stored within git, CI/CD pipelines should follow a GitOps methodology. It makes infrastructure code more accessible to developers, letting them review the changes before they’re deployed.

    Git also provides a unified source repository and snapshots of the cluster. These are easy for developers to refer to as needed and recover the application to the last stable state in the case of failure.

    Use Canary/Blue-Green Deployment Patterns

    Parallel to the running production instances, running a blue-green pattern of instances lets you test changes and switch over traffic when testing is complete, eliminating the need for downtime during deployment.

    Cache and Reuse Container Images

    Use caching and reuse features of Docker container images to minimize container build times and reduce the risk of introducing defects into the newly built container image.

    Tools for Kubernetes CI/CD Pipelines

    All-in-One CI/CD Tools

    GitHub Actions is an open source CI/CD tool that supports automated build, test and deployment pipelines. It is the preferred CI/CD platform when the source code repository is GitHub.

    GitLab CI/CD facilitates the continuous build, test and deployment of software applications without the need for third-party integration. Checkout our article on implementing a Gitlab pipeline for your project.

    Jenkins (including Jenkins X) is an open source, automation server that promotes CI and CD in varying levels of cluster complexity, enabling developers to automate application build, test and deployment processes seamlessly across hybrid/multicloud setups. Jenkins X is an upgraded version that facilitates automated CI/CD for cloud native containerized applications and orchestration tools like Kubernetes or Docker.

    Rancher Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    CI Tools

    Circle CI is a cloud-based CI tool that uses an API to facilitate automatic Kubernetes deployments. It is intensely focused on testing the new commit before deploying via various methods like unit testing, integration testing, etc. Because of its features for implementing complex pipelines with configurations like caching and resource classes, it is one of the most popular lightweight integration tools for a Kubernetes ecosystem.

    Drone CI is an open source CI tool built entirely on Docker that uses a container-first approach. The plugins, components and pipeline stages of Drone are deployed and executed as Docker containers. The platform offers a wide range of flexibility for using different tools and environments for the build, but you have to integrate it with a git repository.

    CD Tools

    Spinnaker is an open source continuous delivery tool that integrates with multiple cloud providers. Since the platform does not rely on a GitOps model, config files can be stored in the cloud provider’s storage.

    Argo CD is a declarative GitOps continuous delivery tool that is lightweight, easy to configure and purpose-built for Kubernetes. The platform considers git the source of truth, which enhances security, making access control and permission management easier to administer.

    Automation and Infrastructure Configuration Tools

    Terraform by Hashicorp is an open source Infrastructure as Code tool that facilitates DevOps teams’ ability to provision and manage infrastructure programmatically via configuration files.

    Red Hat Ansible is an open source automation platform that enables automation for provisioning, configuration management and infrastructure deployment across cloud, virtual and on-premises environments.

    Salt by Saltstack contains a robust and flexible configuration management framework, which is built on the remote execution core. This framework executes on the minions, allowing effortless, simultaneous configuration of tens of thousands of hosts, by rendering language specific state files. Unlike Ansible, Salt is agentless, relying instead on secure shell (SSH) connections to complete tasks. For a security architect, Salt is a gem!

    Collaboration and Issue Management Tools

    Jira is implemented by teams for software collaboration, defect tracking and work management. The tool offers customizable features like an intuitive dashboard, optimized workflows, efficient search, filtering and defect management. Jira is purpose-built to support various use cases of project management, such as capturing requirements, test case management and tracking tasks in real time.

    Zendesk is a cloud-based customer support platform that enables an organization to engage with its client through different collaboration channels, including phone, email, chat and social media. Zendesk provides one easy-to-use platform for cross-functional collaboration and customer communications, thereby helping organizations to better manage customer queries and respond quickly.

    Security

    Open Policy Agent (OPA) is an open source policy engine that supports a high-level declarative language that lets developers specify Policy as Code. The platform is built to impose granular-level policies on different components, including CI/CD pipelines, microservices, Kubernetes clusters, etc.

    Kubewarden is an open source policy engine simplifying the adoption of policy-as-code. It does not require any domain specific knowledge or new language constructs and can take existing policies, compile into WebAssembly and deploy into existing pipelines using existing processes.

    Kube-bench is an open source tool used to run the CIS Kubernetes Benchmark test on Kubernetes clusters. This ensures that the Kubernetes cluster is secure and deployed according to the security recommendations in the benchmark document.

    SUSE NeuVector is a fully open source end to end cloud native security platform to implement zero-trust security in containerized environments. With full support for Openshift, Kubernetes, and simple containerized workloads, SUSE NeuVector allows for complete visibility into your cloud-native network and will prevent any communication not explicitly required for an application or workload to function.

    Monitoring Tools

    Foresight is an observability product for CI pipelines and tests that enable secure, real-time monitoring of CI/CD pipelines. In addition to tracking metrics, traces and logs, the platform offers live debugging capabilities to facilitate quicker resolution of failures.

    Prometheus/Grafana are open source, event-monitoring tools that implement a high-dimensional data model and store metrics along with timestamps in a time-series database. Prometheus ships with a flexible query language and is one of the most popular alerting systems for complex Kubernetes clusters. Based on metrics generated by Prometheus, Grafana offers built-in visualization support for efficient querying and analysis.

    Summary

    Delivering high-quality software at speed is not easy to sustain and scale. If you develop modern applications today, CI/CD sits at the heart of your software development process because it offers agility, reduces risks of production recessions and ensures quality. It is often considered critical to build an effective CI/CD pipeline for rapid workflow execution. Doing so requires diligent technical analysis, a generous amount of planning and choosing the right set of tools.

  • 7 SRE tools to know today

    7 SRE tools to know today

    As an SRE or platform engineer, you’re likely constantly looking for ways to streamline your workflow and make your day-to-day tasks more efficient. One of the best ways to do this is by utilizing popular SRE or DevOps tools. In this post, we’ll take a look at 7 of the most popular tools that are widely used in the industry today and explain their value in terms of how they can help make you more efficient in your day-to-day tasks.

    1. Prometheus: Prometheus is a popular open-source monitoring and alerting system that is widely used for monitoring distributed systems. It allows you to collect metrics from your services and set up alerts based on those metrics. Prometheus is known for its simple data model, easy-to-use query language, and powerful alerting capabilities. With Prometheus, you can quickly and easily identify issues within your systems and be alerted to them before they become a problem.
    2. Grafana: Grafana is a popular open-source visualization tool that can be used to create interactive dashboards and charts based on the metrics collected by Prometheus. It allows you to easily view the health of your systems, identify trends, and spot outliers. With Grafana, you can quickly and easily identify patterns and trends within your data, which can help you optimize your systems and improve their performance.
    3. Kubernetes: Kubernetes is an open-source container orchestration system that allows you to automate the deployment, scaling, and management of containerized applications. It helps you to define, deploy, and manage your application at scale, and to ensure high availability and fault tolerance. With Kubernetes, you can automate many routine tasks associated with deploying and managing your applications, which frees up more time for you to focus on other important tasks.
    4. Ansible: Ansible is an open-source automation tool that can be used to automate the provisioning, configuration, and deployment of your infrastructure. Ansible is known for its simple, human-readable syntax and its ability to easily manage and automate complex tasks. With Ansible, you can automate the provisioning and configuration of your infrastructure, which can help you save time and reduce the risk of errors.
    5. Terraform: Terraform is a popular open-source tool for provisioning and managing infrastructure as code. It allows you to define your infrastructure as code and to use a simple, declarative language to provision and manage resources across multiple providers. With Terraform, you can automate the process of provisioning and managing your infrastructure, which can help you save time and reduce the risk of errors.
    6. Jenkins: Jenkins is an open-source automation server that can be used to automate the building, testing, and deployment of your software. It provides a powerful plugin system that allows you to easily integrate with other tools, such as Git, Ansible, and Kubernetes. With Jenkins, you can automate many routine tasks associated with building, testing, and deploying your software, which frees up more time for you to focus on other important tasks.
    7. GitLab: GitLab is a web-based Git repository manager that provides source code management (SCM), continuous integration, and more. It’s a full-featured platform that covers the entire software development life cycle and allows you to manage your code, collaborate with your team, and automate your pipeline. With GitLab, you can streamline your entire software development process, from code management to deployment, which can help you save time and reduce the risk of errors.

    These are just a few examples of the many popular SRE and DevOps tools that are widely used in the industry today.