book

GitOps and Kubernetes

by Todd Ekenstam, Billy Yuen, Jesse Suen, Alex Matyushentsev

April 2021

Intermediate to advanced

344 pages

9h 29m

English

Manning Publications

Read now

Unlock full access

prefaceacknowledgmentsabout this bookWho this book is forWho this book is not forHow this book is organized: A roadmapAbout the codeliveBook discussion forumabout the authorsabout the cover illustration
1.1 Evolution to GitOps1.1.1 Traditional Ops1.1.2 DevOps1.1.3 GitOps1.2 Developer benefits of GitOps1.2.1 Infrastructure as code1.2.2 Self-service1.2.3 Code reviews1.2.4 Git pull requests1.3 Operational benefits of GitOps1.3.1 Declarative1.3.2 Observability1.3.3 Auditability and compliance1.3.4 Disaster recoverySummary
2.1 Kubernetes introduction2.1.1 What is Kubernetes?2.1.2 Other container orchestrators2.1.3 Kubernetes architecture2.1.4 Deploying to Kubernetes2.2 Declarative vs. imperative object management2.2.1 How declarative configuration works2.3 Controller architecture2.3.1 Controller delegation2.3.2 Controller pattern2.3.3 NGINX operator2.4 Kubernetes + GitOps2.5 Getting started with CI/CD2.5.1 Basic GitOps operator2.5.2 Continuous integration pipelineSummary
3.1 Introduction to environment management3.1.1 Components of an environment3.1.2 Namespace management3.1.3 Network isolation3.1.4 Preprod and prod clusters3.2 Git strategies3.2.1 Single branch (multiple directories)3.2.2 Multiple branches3.2.3 Multirepo vs. monorepo3.3 Configuration management3.3.1 Helm3.3.2 Kustomize3.3.3 Jsonnet3.3.4 Configuration management summary3.4 Durable vs. ephemeral environmentsSummary

4.1 Stages in CI/CD pipelines4.1.1 GitOps continuous integration4.1.2 GitOps continuous delivery4.2 Driving promotions4.2.1 Code vs. manifest vs. app config4.2.2 Code and image promotion4.2.3 Environment promotion4.2.4 Putting it all together4.3 Other pipelines4.3.1 Rollback4.3.2 Compliance pipelineSummary
5.1 Deployment basics5.1.1 Why ReplicaSet is not a good fit for GitOps5.1.2 How Deployment works with ReplicaSets5.1.3 Traffic routing5.1.4 Configuring minikube for other strategies5.2 Blue-green5.2.1 Blue-green with Deployment5.2.2 Blue-green with Argo Rollouts5.3 Canary5.3.1 Canary with Deployment5.3.2 Canary with Argo Rollouts5.4 Progressive delivery5.4.1 Progressive delivery with Argo RolloutsSummary
6.1 Introduction to access control6.1.1 What is access control?6.1.2 What to secure6.1.3 Access control in GitOps6.2 Access limitations6.2.1 Git repository access6.2.2 Kubernetes RBAC6.2.3 Image registry access6.3 Patterns6.3.1 Full access6.3.2 Deployment repo access6.3.3 Code access only6.4 Security concerns6.4.1 Preventing image pull from untrusted registries6.4.2 Cluster-level resources in a Git repositorySummary
7.1 Kubernetes Secrets7.1.1 Why use Secrets?7.1.2 How to use Secrets7.2 GitOps and Secrets7.2.1 No encryption7.2.2 Distributed Git repos7.2.3 No granular (file-level) access control7.2.4 Insecure storage7.2.5 Full commit history7.3 Secrets management strategies7.3.1 Storing Secrets in Git7.3.2 Baking Secrets into the container image7.3.3 Out-of-band management7.3.4 External Secrets management systems7.3.5 Encrypting Secrets in Git7.3.6 Comparison of strategies7.4 Tooling7.4.1 HashiCorp Vault7.4.2 Vault Agent Sidecar Injector7.4.3 Sealed Secrets7.4.4 Kustomize Secret generator pluginSummary
8.1 What is observability?8.1.1 Event logging8.1.2 Metrics8.1.3 Tracing8.1.4 Visualization8.1.5 Importance of observability in GitOps8.2 Application health8.2.1 Resource status8.2.2 Readiness and liveness8.2.3 Application monitoring and alerting8.3 GitOps observability8.3.1 GitOps metrics8.3.2 Application sync status8.3.3 Configuration drift8.3.4 GitOps change logSummary
9.1 What is Argo CD?9.1.1 Main use cases9.1.2 Core concepts9.1.3 Sync and health statuses9.1.4 Architecture9.2 Deploy your first application9.2.1 Deploying the first application9.2.2 Inspect the application using the user interface9.3 Deep dive into Argo CD features9.3.1 GitOps-driven deployment9.3.2 Resource hooks9.3.3 Postdeployment verification9.4 Enterprise features9.4.1 Single sign-on9.4.2 Access control9.4.3 Declarative managementSummary
10.1 What is Jenkins X?10.2 Exploring Prow, Jenkins X pipeline operator, and Tekton10.3 Importing projects into Jenkins X10.3.1 Importing a project10.3.2 Promoting a release to the production environmentSummary
11.1 What is Flux?11.1.1 What Flux does11.1.2 Docker registry scanning11.1.Architecture11.2 Simple application deployment11.2.1 Deploying the first application11.2.2 Observing application state11.2.3 Upgrading the deployment image11.2.4 Using Kustomize for manifest generation11.2.5 Securing deployment using GPG11.3 Multitenancy with FluxSummary
A.1 Prerequisites for working with KubernetesA.1.1 Configure kubectlA.2 Installing minikube and creating a clusterA.2.1 Configuring minikubeA.3 Creating a GKE cluster in GCPA.4 Creating an EKS cluster in AWS
B.1 Installing Argo CDB.2 Installing Jenkins XB.2.1 PrerequisitesB.2.2 Installing Jenkins X in a Kubernetes clusterB.3 Installing FluxB.3.1 Installing CLI client

Content preview from GitOps and Kubernetes

appendix C. Configuring GPG key

GPG, or GNU Privacy Guard, is a public key cryptography implementation. GPG allows for the secure transmission of information between parties and can be used to verify that the origin of a message is genuine. Following are the steps to set up a GPG key:

First of all, we need to install the GPG command-line tool. Regardless of your operating system, the process might take a while. macOS users might use the brew package manager to install GPC with the following command:
```
brew install gpg
```
The next step is generating a GPG key that will be used to sign and verify commits. Use the following command to generate a key. At the prompt, press Enter to accept default key settings. While entering the user identity information, ...