book

GitOps and Kubernetes

Name: GitOps and Kubernetes
ISBN: 9781617297274

by Billy Yuen, Todd Ekenstam, Jesse Suen, Alex Matyushentsev

April 2021

Intermediate to advanced

344 pages

9h 29m

English

Manning Publications

Read now

Unlock full access

inside front cover
GitOps and Kubernetes
Copyright
contents
front matter
prefaceacknowledgmentsabout this bookWho this book is forWho this book is not forHow this book is organized: A roadmapAbout the codeliveBook discussion forumabout the authorsabout the cover illustration
Part 1. Background
1 Why GitOps?
1.1 Evolution to GitOps1.1.1 Traditional Ops1.1.2 DevOps1.1.3 GitOps1.2 Developer benefits of GitOps1.2.1 Infrastructure as code1.2.2 Self-service1.2.3 Code reviews1.2.4 Git pull requests1.3 Operational benefits of GitOps1.3.1 Declarative1.3.2 Observability1.3.3 Auditability and compliance1.3.4 Disaster recoverySummary
2 Kubernetes and GitOps
2.1 Kubernetes introduction2.1.1 What is Kubernetes?2.1.2 Other container orchestrators2.1.3 Kubernetes architecture2.1.4 Deploying to Kubernetes2.2 Declarative vs. imperative object management2.2.1 How declarative configuration works2.3 Controller architecture2.3.1 Controller delegation2.3.2 Controller pattern2.3.3 NGINX operator2.4 Kubernetes + GitOps2.5 Getting started with CI/CD2.5.1 Basic GitOps operator2.5.2 Continuous integration pipelineSummary
Part 2. Patterns and processes
3 Environment management
3.1 Introduction to environment management3.1.1 Components of an environment3.1.2 Namespace management3.1.3 Network isolation3.1.4 Preprod and prod clusters3.2 Git strategies3.2.1 Single branch (multiple directories)3.2.2 Multiple branches3.2.3 Multirepo vs. monorepo3.3 Configuration management3.3.1 Helm3.3.2 Kustomize3.3.3 Jsonnet3.3.4 Configuration management summary3.4 Durable vs. ephemeral environmentsSummary

4 Pipelines
4.1 Stages in CI/CD pipelines4.1.1 GitOps continuous integration4.1.2 GitOps continuous delivery4.2 Driving promotions4.2.1 Code vs. manifest vs. app config4.2.2 Code and image promotion4.2.3 Environment promotion4.2.4 Putting it all together4.3 Other pipelines4.3.1 Rollback4.3.2 Compliance pipelineSummary
5 Deployment strategies
5.1 Deployment basics5.1.1 Why ReplicaSet is not a good fit for GitOps5.1.2 How Deployment works with ReplicaSets5.1.3 Traffic routing5.1.4 Configuring minikube for other strategies5.2 Blue-green5.2.1 Blue-green with Deployment5.2.2 Blue-green with Argo Rollouts5.3 Canary5.3.1 Canary with Deployment5.3.2 Canary with Argo Rollouts5.4 Progressive delivery5.4.1 Progressive delivery with Argo RolloutsSummary
6 Access control and security
6.1 Introduction to access control6.1.1 What is access control?6.1.2 What to secure6.1.3 Access control in GitOps6.2 Access limitations6.2.1 Git repository access6.2.2 Kubernetes RBAC6.2.3 Image registry access6.3 Patterns6.3.1 Full access6.3.2 Deployment repo access6.3.3 Code access only6.4 Security concerns6.4.1 Preventing image pull from untrusted registries6.4.2 Cluster-level resources in a Git repositorySummary
7 Secrets
7.1 Kubernetes Secrets7.1.1 Why use Secrets?7.1.2 How to use Secrets7.2 GitOps and Secrets7.2.1 No encryption7.2.2 Distributed Git repos7.2.3 No granular (file-level) access control7.2.4 Insecure storage7.2.5 Full commit history7.3 Secrets management strategies7.3.1 Storing Secrets in Git7.3.2 Baking Secrets into the container image7.3.3 Out-of-band management7.3.4 External Secrets management systems7.3.5 Encrypting Secrets in Git7.3.6 Comparison of strategies7.4 Tooling7.4.1 HashiCorp Vault7.4.2 Vault Agent Sidecar Injector7.4.3 Sealed Secrets7.4.4 Kustomize Secret generator pluginSummary
8 Observability
8.1 What is observability?8.1.1 Event logging8.1.2 Metrics8.1.3 Tracing8.1.4 Visualization8.1.5 Importance of observability in GitOps8.2 Application health8.2.1 Resource status8.2.2 Readiness and liveness8.2.3 Application monitoring and alerting8.3 GitOps observability8.3.1 GitOps metrics8.3.2 Application sync status8.3.3 Configuration drift8.3.4 GitOps change logSummary
Part 3. Tools
9 Argo CD
9.1 What is Argo CD?9.1.1 Main use cases9.1.2 Core concepts9.1.3 Sync and health statuses9.1.4 Architecture9.2 Deploy your first application9.2.1 Deploying the first application9.2.2 Inspect the application using the user interface9.3 Deep dive into Argo CD features9.3.1 GitOps-driven deployment9.3.2 Resource hooks9.3.3 Postdeployment verification9.4 Enterprise features9.4.1 Single sign-on9.4.2 Access control9.4.3 Declarative managementSummary
10 Jenkins X
10.1 What is Jenkins X?10.2 Exploring Prow, Jenkins X pipeline operator, and Tekton10.3 Importing projects into Jenkins X10.3.1 Importing a project10.3.2 Promoting a release to the production environmentSummary
11 Flux
11.1 What is Flux?11.1.1 What Flux does11.1.2 Docker registry scanning11.1.Architecture11.2 Simple application deployment11.2.1 Deploying the first application11.2.2 Observing application state11.2.3 Upgrading the deployment image11.2.4 Using Kustomize for manifest generation11.2.5 Securing deployment using GPG11.3 Multitenancy with FluxSummary
appendix A. Setting up a test Kubernetes cluster
A.1 Prerequisites for working with KubernetesA.1.1 Configure kubectlA.2 Installing minikube and creating a clusterA.2.1 Configuring minikubeA.3 Creating a GKE cluster in GCPA.4 Creating an EKS cluster in AWS
appendix B. Setting up GitOps tools
B.1 Installing Argo CDB.2 Installing Jenkins XB.2.1 PrerequisitesB.2.2 Installing Jenkins X in a Kubernetes clusterB.3 Installing FluxB.3.1 Installing CLI client
appendix C. Configuring GPG key
index
inside back cover

Overview

GitOps and Kubernetes introduces a radical idea—managing your infrastructure with the same Git pull requests you use to manage your codebase. In this in-depth tutorial, you’ll learn to operate infrastructures based on powerful-but-complex technologies such as Kubernetes with the same Git version control tools most developers use daily. With these GitOps techniques and best practices, you’ll accelerate application development without compromising on security, easily roll back infrastructure changes, and seamlessly introduce new team members to your automation process.

About the Technology
With GitOps you use the Git version control system to organize and manage your infrastructure just like any other codebase. It’s an excellent model for applications deployed as containers and pods on Kubernetes.

About the Book
GitOps and Kubernetes teaches you how to use Git and the GitOps methodology to manage a Kubernetes cluster. The book interleaves theory with practice, presenting core Ops concepts alongside easy-to-implement techniques so you can put GitOps into action. Learn to develop pipelines that trace changes, roll back mistakes, and audit container deployment.

What's Inside

Managing secrets the GitOps way
Controlling access with Git, Kubernetes, and Pipeline
Branching, namespaces, and configuration

About the Reader
For developers and operations engineers familiar with continuous delivery, Git, and Kubernetes.

About the Authors

Billy Yuen, Alexander Matyushentsev, Todd Ekenstam, and Jesse Suen are principal engineers at Intuit. They are widely recognized for their work in GitOps for Kubernetes.

Quotes
A really great book for understanding and implementing GitOps!
- Matthieu Evrin, AddÉnergie Technologies

Vital for understanding what GitOps is, and what tools will get you there.
- Chris Viner, Forged Development

How to deliver operational excellence through industry-level practices.
- Satej Sahu, Honeywell

This book takes two massively complex topics and breaks them down into understandable and approachable tools.
- Samuel Brown, Expel

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781617297274Publisher Support Publisher Website

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills