GitOps and Kubernetes

Book description

GitOps and Kubernetes teaches you how to use Git and the GitOps methodology to manage a Kubernetes cluster. The book interleaves theory with practice, presenting core Ops concepts alongside easy-to-implement techniques so you can put GitOps into action. Learn to develop pipelines that trace changes, roll back mistakes, and audit container deployment.

Table of contents

  1. inside front cover
  2. GitOps and Kubernetes
  3. Copyright
  4. contents
  5. front matter
    1. preface
    2. acknowledgments
    3. about this book
      1. Who this book is for
      2. Who this book is not for
      3. How this book is organized: A roadmap
      4. About the code
      5. liveBook discussion forum
    4. about the authors
    5. about the cover illustration
  6. Part 1. Background
  7. 1 Why GitOps?
    1. 1.1 Evolution to GitOps
      1. 1.1.1 Traditional Ops
      2. 1.1.2 DevOps
      3. 1.1.3 GitOps
    2. 1.2 Developer benefits of GitOps
      1. 1.2.1 Infrastructure as code
      2. 1.2.2 Self-service
      3. 1.2.3 Code reviews
      4. 1.2.4 Git pull requests
    3. 1.3 Operational benefits of GitOps
      1. 1.3.1 Declarative
      2. 1.3.2 Observability
      3. 1.3.3 Auditability and compliance
      4. 1.3.4 Disaster recovery
    4. Summary
  8. 2 Kubernetes and GitOps
    1. 2.1 Kubernetes introduction
      1. 2.1.1 What is Kubernetes?
      2. 2.1.2 Other container orchestrators
      3. 2.1.3 Kubernetes architecture
      4. 2.1.4 Deploying to Kubernetes
    2. 2.2 Declarative vs. imperative object management
      1. 2.2.1 How declarative configuration works
    3. 2.3 Controller architecture
      1. 2.3.1 Controller delegation
      2. 2.3.2 Controller pattern
      3. 2.3.3 NGINX operator
    4. 2.4 Kubernetes + GitOps
    5. 2.5 Getting started with CI/CD
      1. 2.5.1 Basic GitOps operator
      2. 2.5.2 Continuous integration pipeline
    6. Summary
  9. Part 2. Patterns and processes
  10. 3 Environment management
    1. 3.1 Introduction to environment management
      1. 3.1.1 Components of an environment
      2. 3.1.2 Namespace management
      3. 3.1.3 Network isolation
      4. 3.1.4 Preprod and prod clusters
    2. 3.2 Git strategies
      1. 3.2.1 Single branch (multiple directories)
      2. 3.2.2 Multiple branches
      3. 3.2.3 Multirepo vs. monorepo
    3. 3.3 Configuration management
      1. 3.3.1 Helm
      2. 3.3.2 Kustomize
      3. 3.3.3 Jsonnet
      4. 3.3.4 Configuration management summary
    4. 3.4 Durable vs. ephemeral environments
    5. Summary
  11. 4 Pipelines
    1. 4.1 Stages in CI/CD pipelines
      1. 4.1.1 GitOps continuous integration
      2. 4.1.2 GitOps continuous delivery
    2. 4.2 Driving promotions
      1. 4.2.1 Code vs. manifest vs. app config
      2. 4.2.2 Code and image promotion
      3. 4.2.3 Environment promotion
      4. 4.2.4 Putting it all together
    3. 4.3 Other pipelines
      1. 4.3.1 Rollback
      2. 4.3.2 Compliance pipeline
    4. Summary
  12. 5 Deployment strategies
    1. 5.1 Deployment basics
      1. 5.1.1 Why ReplicaSet is not a good fit for GitOps
      2. 5.1.2 How Deployment works with ReplicaSets
      3. 5.1.3 Traffic routing
      4. 5.1.4 Configuring minikube for other strategies
    2. 5.2 Blue-green
      1. 5.2.1 Blue-green with Deployment
      2. 5.2.2 Blue-green with Argo Rollouts
    3. 5.3 Canary
      1. 5.3.1 Canary with Deployment
      2. 5.3.2 Canary with Argo Rollouts
    4. 5.4 Progressive delivery
      1. 5.4.1 Progressive delivery with Argo Rollouts
    5. Summary
  13. 6 Access control and security
    1. 6.1 Introduction to access control
      1. 6.1.1 What is access control?
      2. 6.1.2 What to secure
      3. 6.1.3 Access control in GitOps
    2. 6.2 Access limitations
      1. 6.2.1 Git repository access
      2. 6.2.2 Kubernetes RBAC
      3. 6.2.3 Image registry access
    3. 6.3 Patterns
      1. 6.3.1 Full access
      2. 6.3.2 Deployment repo access
      3. 6.3.3 Code access only
    4. 6.4 Security concerns
      1. 6.4.1 Preventing image pull from untrusted registries
      2. 6.4.2 Cluster-level resources in a Git repository
    5. Summary
  14. 7 Secrets
    1. 7.1 Kubernetes Secrets
      1. 7.1.1 Why use Secrets?
      2. 7.1.2 How to use Secrets
    2. 7.2 GitOps and Secrets
      1. 7.2.1 No encryption
      2. 7.2.2 Distributed Git repos
      3. 7.2.3 No granular (file-level) access control
      4. 7.2.4 Insecure storage
      5. 7.2.5 Full commit history
    3. 7.3 Secrets management strategies
      1. 7.3.1 Storing Secrets in Git
      2. 7.3.2 Baking Secrets into the container image
      3. 7.3.3 Out-of-band management
      4. 7.3.4 External Secrets management systems
      5. 7.3.5 Encrypting Secrets in Git
      6. 7.3.6 Comparison of strategies
    4. 7.4 Tooling
      1. 7.4.1 HashiCorp Vault
      2. 7.4.2 Vault Agent Sidecar Injector
      3. 7.4.3 Sealed Secrets
      4. 7.4.4 Kustomize Secret generator plugin
    5. Summary
  15. 8 Observability
    1. 8.1 What is observability?
      1. 8.1.1 Event logging
      2. 8.1.2 Metrics
      3. 8.1.3 Tracing
      4. 8.1.4 Visualization
      5. 8.1.5 Importance of observability in GitOps
    2. 8.2 Application health
      1. 8.2.1 Resource status
      2. 8.2.2 Readiness and liveness
      3. 8.2.3 Application monitoring and alerting
    3. 8.3 GitOps observability
      1. 8.3.1 GitOps metrics
      2. 8.3.2 Application sync status
      3. 8.3.3 Configuration drift
      4. 8.3.4 GitOps change log
    4. Summary
  16. Part 3. Tools
  17. 9 Argo CD
    1. 9.1 What is Argo CD?
      1. 9.1.1 Main use cases
      2. 9.1.2 Core concepts
      3. 9.1.3 Sync and health statuses
      4. 9.1.4 Architecture
    2. 9.2 Deploy your first application
      1. 9.2.1 Deploying the first application
      2. 9.2.2 Inspect the application using the user interface
    3. 9.3 Deep dive into Argo CD features
      1. 9.3.1 GitOps-driven deployment
      2. 9.3.2 Resource hooks
      3. 9.3.3 Postdeployment verification
    4. 9.4 Enterprise features
      1. 9.4.1 Single sign-on
      2. 9.4.2 Access control
      3. 9.4.3 Declarative management
    5. Summary
  18. 10 Jenkins X
    1. 10.1 What is Jenkins X?
    2. 10.2 Exploring Prow, Jenkins X pipeline operator, and Tekton
    3. 10.3 Importing projects into Jenkins X
      1. 10.3.1 Importing a project
      2. 10.3.2 Promoting a release to the production environment
    4. Summary
  19. 11 Flux
    1. 11.1 What is Flux?
      1. 11.1.1 What Flux does
      2. 11.1.2 Docker registry scanning
      3. 11.1.Architecture
    2. 11.2 Simple application deployment
      1. 11.2.1 Deploying the first application
      2. 11.2.2 Observing application state
      3. 11.2.3 Upgrading the deployment image
      4. 11.2.4 Using Kustomize for manifest generation
      5. 11.2.5 Securing deployment using GPG
    3. 11.3 Multitenancy with Flux
    4. Summary
  20. appendix A. Setting up a test Kubernetes cluster
    1. A.1 Prerequisites for working with Kubernetes
      1. A.1.1 Configure kubectl
    2. A.2 Installing minikube and creating a cluster
      1. A.2.1 Configuring minikube
    3. A.3 Creating a GKE cluster in GCP
    4. A.4 Creating an EKS cluster in AWS
  21. appendix B. Setting up GitOps tools
    1. B.1 Installing Argo CD
    2. B.2 Installing Jenkins X
      1. B.2.1 Prerequisites
      2. B.2.2 Installing Jenkins X in a Kubernetes cluster
    3. B.3 Installing Flux
      1. B.3.1 Installing CLI client
  22. appendix C. Configuring GPG key
  23. index
  24. inside back cover

Product information

  • Title: GitOps and Kubernetes
  • Author(s): Billy Yuen, Jesse Suen, Alex Matyushentsev, Todd Ekenstam
  • Release date: April 2021
  • Publisher(s): Manning Publications
  • ISBN: 9781617297274