GitOps and Kubernetes

GitOps and Kubernetes

by Todd Ekenstam, Billy Yuen, Jesse Suen, Alex Matyushentsev
Released April 2021
Publisher(s): Manning Publications
ISBN: 9781617297274

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

GitOps and Kubernetes introduces a radical idea—managing your infrastructure with the same Git pull requests you use to manage your codebase. In this in-depth tutorial, you’ll learn to operate infrastructures based on powerful-but-complex technologies such as Kubernetes with the same Git version control tools most developers use daily. With these GitOps techniques and best practices, you’ll accelerate application development without compromising on security, easily roll back infrastructure changes, and seamlessly introduce new team members to your automation process.

About the Technology
With GitOps you use the Git version control system to organize and manage your infrastructure just like any other codebase. It’s an excellent model for applications deployed as containers and pods on Kubernetes.

About the Book
GitOps and Kubernetes teaches you how to use Git and the GitOps methodology to manage a Kubernetes cluster. The book interleaves theory with practice, presenting core Ops concepts alongside easy-to-implement techniques so you can put GitOps into action. Learn to develop pipelines that trace changes, roll back mistakes, and audit container deployment.

What's Inside
  • Managing secrets the GitOps way
  • Controlling access with Git, Kubernetes, and Pipeline
  • Branching, namespaces, and configuration


About the Reader
For developers and operations engineers familiar with continuous delivery, Git, and Kubernetes.

About the Authors

Billy Yuen, Alexander Matyushentsev, Todd Ekenstam, and Jesse Suen are principal engineers at Intuit. They are widely recognized for their work in GitOps for Kubernetes.

Quotes
A really great book for understanding and implementing GitOps!
- Matthieu Evrin, AddÉnergie Technologies

Vital for understanding what GitOps is, and what tools will get you there.
- Chris Viner, Forged Development

How to deliver operational excellence through industry-level practices.
- Satej Sahu, Honeywell

This book takes two massively complex topics and breaks them down into understandable and approachable tools.
- Samuel Brown, Expel

Table of contents

  1. inside front cover
  2. GitOps and Kubernetes
  3. Copyright
  4. contents
  5. front matter
    1. preface
    2. acknowledgments
    3. about this book
      1. Who this book is for
      2. Who this book is not for
      3. How this book is organized: A roadmap
      4. About the code
      5. liveBook discussion forum
    4. about the authors
    5. about the cover illustration
  6. Part 1. Background
  7. 1 Why GitOps?
    1. 1.1 Evolution to GitOps
      1. 1.1.1 Traditional Ops
      2. 1.1.2 DevOps
      3. 1.1.3 GitOps
    2. 1.2 Developer benefits of GitOps
      1. 1.2.1 Infrastructure as code
      2. 1.2.2 Self-service
      3. 1.2.3 Code reviews
      4. 1.2.4 Git pull requests
    3. 1.3 Operational benefits of GitOps
      1. 1.3.1 Declarative
      2. 1.3.2 Observability
      3. 1.3.3 Auditability and compliance
      4. 1.3.4 Disaster recovery
    4. Summary
  8. 2 Kubernetes and GitOps
    1. 2.1 Kubernetes introduction
      1. 2.1.1 What is Kubernetes?
      2. 2.1.2 Other container orchestrators
      3. 2.1.3 Kubernetes architecture
      4. 2.1.4 Deploying to Kubernetes
    2. 2.2 Declarative vs. imperative object management
      1. 2.2.1 How declarative configuration works
    3. 2.3 Controller architecture
      1. 2.3.1 Controller delegation
      2. 2.3.2 Controller pattern
      3. 2.3.3 NGINX operator
    4. 2.4 Kubernetes + GitOps
    5. 2.5 Getting started with CI/CD
      1. 2.5.1 Basic GitOps operator
      2. 2.5.2 Continuous integration pipeline
    6. Summary
  9. Part 2. Patterns and processes
  10. 3 Environment management
    1. 3.1 Introduction to environment management
      1. 3.1.1 Components of an environment
      2. 3.1.2 Namespace management
      3. 3.1.3 Network isolation
      4. 3.1.4 Preprod and prod clusters
    2. 3.2 Git strategies
      1. 3.2.1 Single branch (multiple directories)
      2. 3.2.2 Multiple branches
      3. 3.2.3 Multirepo vs. monorepo
    3. 3.3 Configuration management
      1. 3.3.1 Helm
      2. 3.3.2 Kustomize
      3. 3.3.3 Jsonnet
      4. 3.3.4 Configuration management summary
    4. 3.4 Durable vs. ephemeral environments
    5. Summary
  11. 4 Pipelines
    1. 4.1 Stages in CI/CD pipelines
      1. 4.1.1 GitOps continuous integration
      2. 4.1.2 GitOps continuous delivery
    2. 4.2 Driving promotions
      1. 4.2.1 Code vs. manifest vs. app config
      2. 4.2.2 Code and image promotion
      3. 4.2.3 Environment promotion
      4. 4.2.4 Putting it all together
    3. 4.3 Other pipelines
      1. 4.3.1 Rollback
      2. 4.3.2 Compliance pipeline
    4. Summary
  12. 5 Deployment strategies
    1. 5.1 Deployment basics
      1. 5.1.1 Why ReplicaSet is not a good fit for GitOps
      2. 5.1.2 How Deployment works with ReplicaSets
      3. 5.1.3 Traffic routing
      4. 5.1.4 Configuring minikube for other strategies
    2. 5.2 Blue-green
      1. 5.2.1 Blue-green with Deployment
      2. 5.2.2 Blue-green with Argo Rollouts
    3. 5.3 Canary
      1. 5.3.1 Canary with Deployment
      2. 5.3.2 Canary with Argo Rollouts
    4. 5.4 Progressive delivery
      1. 5.4.1 Progressive delivery with Argo Rollouts
    5. Summary
  13. 6 Access control and security
    1. 6.1 Introduction to access control
      1. 6.1.1 What is access control?
      2. 6.1.2 What to secure
      3. 6.1.3 Access control in GitOps
    2. 6.2 Access limitations
      1. 6.2.1 Git repository access
      2. 6.2.2 Kubernetes RBAC
      3. 6.2.3 Image registry access
    3. 6.3 Patterns
      1. 6.3.1 Full access
      2. 6.3.2 Deployment repo access
      3. 6.3.3 Code access only
    4. 6.4 Security concerns
      1. 6.4.1 Preventing image pull from untrusted registries
      2. 6.4.2 Cluster-level resources in a Git repository
    5. Summary
  14. 7 Secrets
    1. 7.1 Kubernetes Secrets
      1. 7.1.1 Why use Secrets?
      2. 7.1.2 How to use Secrets
    2. 7.2 GitOps and Secrets
      1. 7.2.1 No encryption
      2. 7.2.2 Distributed Git repos
      3. 7.2.3 No granular (file-level) access control
      4. 7.2.4 Insecure storage
      5. 7.2.5 Full commit history
    3. 7.3 Secrets management strategies
      1. 7.3.1 Storing Secrets in Git
      2. 7.3.2 Baking Secrets into the container image
      3. 7.3.3 Out-of-band management
      4. 7.3.4 External Secrets management systems
      5. 7.3.5 Encrypting Secrets in Git
      6. 7.3.6 Comparison of strategies
    4. 7.4 Tooling
      1. 7.4.1 HashiCorp Vault
      2. 7.4.2 Vault Agent Sidecar Injector
      3. 7.4.3 Sealed Secrets
      4. 7.4.4 Kustomize Secret generator plugin
    5. Summary
  15. 8 Observability
    1. 8.1 What is observability?
      1. 8.1.1 Event logging
      2. 8.1.2 Metrics
      3. 8.1.3 Tracing
      4. 8.1.4 Visualization
      5. 8.1.5 Importance of observability in GitOps
    2. 8.2 Application health
      1. 8.2.1 Resource status
      2. 8.2.2 Readiness and liveness
      3. 8.2.3 Application monitoring and alerting
    3. 8.3 GitOps observability
      1. 8.3.1 GitOps metrics
      2. 8.3.2 Application sync status
      3. 8.3.3 Configuration drift
      4. 8.3.4 GitOps change log
    4. Summary
  16. Part 3. Tools
  17. 9 Argo CD
    1. 9.1 What is Argo CD?
      1. 9.1.1 Main use cases
      2. 9.1.2 Core concepts
      3. 9.1.3 Sync and health statuses
      4. 9.1.4 Architecture
    2. 9.2 Deploy your first application
      1. 9.2.1 Deploying the first application
      2. 9.2.2 Inspect the application using the user interface
    3. 9.3 Deep dive into Argo CD features
      1. 9.3.1 GitOps-driven deployment
      2. 9.3.2 Resource hooks
      3. 9.3.3 Postdeployment verification
    4. 9.4 Enterprise features
      1. 9.4.1 Single sign-on
      2. 9.4.2 Access control
      3. 9.4.3 Declarative management
    5. Summary
  18. 10 Jenkins X
    1. 10.1 What is Jenkins X?
    2. 10.2 Exploring Prow, Jenkins X pipeline operator, and Tekton
    3. 10.3 Importing projects into Jenkins X
      1. 10.3.1 Importing a project
      2. 10.3.2 Promoting a release to the production environment
    4. Summary
  19. 11 Flux
    1. 11.1 What is Flux?
      1. 11.1.1 What Flux does
      2. 11.1.2 Docker registry scanning
      3. 11.1.Architecture
    2. 11.2 Simple application deployment
      1. 11.2.1 Deploying the first application
      2. 11.2.2 Observing application state
      3. 11.2.3 Upgrading the deployment image
      4. 11.2.4 Using Kustomize for manifest generation
      5. 11.2.5 Securing deployment using GPG
    3. 11.3 Multitenancy with Flux
    4. Summary
  20. appendix A. Setting up a test Kubernetes cluster
    1. A.1 Prerequisites for working with Kubernetes
      1. A.1.1 Configure kubectl
    2. A.2 Installing minikube and creating a cluster
      1. A.2.1 Configuring minikube
    3. A.3 Creating a GKE cluster in GCP
    4. A.4 Creating an EKS cluster in AWS
  21. appendix B. Setting up GitOps tools
    1. B.1 Installing Argo CD
    2. B.2 Installing Jenkins X
      1. B.2.1 Prerequisites
      2. B.2.2 Installing Jenkins X in a Kubernetes cluster
    3. B.3 Installing Flux
      1. B.3.1 Installing CLI client
  22. appendix C. Configuring GPG key
  23. index
  24. inside back cover

Product information

  • Title: GitOps and Kubernetes
  • Author(s): Todd Ekenstam, Billy Yuen, Jesse Suen, Alex Matyushentsev
  • Release date: April 2021
  • Publisher(s): Manning Publications
  • ISBN: 9781617297274