Kubernetes is the essential tool for orchestrating cloud native applications. However getting Kubernetes up and running is only a small piece of what you need to start developing applications. There are many tools to choose from within the cloud native ecosystem before the team can start increasing feature velocity and selecting the right ones can be a challenge.
Use a Managed Kubernetes Service
If on-premise Kubernetes is not an option or if you are just starting out with Kubernetes, a simpler choice is to use a managed Kubernetes service. Managed Kubernetes services are offered by all of the major cloud providers: Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Amazon’s Elastic Kubernetes Service (EKS). With a managed Kubernetes service, the control plane is hosted for you, eliminating much of the complexity of having to administer it yourself.
There are also some excellent open-source tools to simplify Kubernetes. Helm was one of the first tools on this scene and remains one of the most popular. With Helm charts, the complexity of Kubernetes is hidden; users can manage the business logic for the application without being exposed to the details of how Kubernetes will execute that logic.
For users who want to manage the complexity of Kubernetes without being shielded from it, Kustomize offers a different solution. It provides tools to patch the Kubernetes YAML configurations to configure them for different environments. This simplifies the process of adapting your Kubernetes setup to the changing needs of your application.
The best tool for managing Kubernetes, though, may be less of a tool and more of a philosophy. GitOps is a new way of thinking about Kubernetes management that starts with the question “What is the desired state of your clusters?” By answering that question, you declare a “source of truth” for your infrastructure. Changes to this declaration can be tracked with a version control system. (That’s the “Git” of “GitOps”). Software agents implemented as Kubernetes operators can be leveraged to bring the desired state into being, and to alert you when the live state has diverged from what you’ve declared. Weave GitOps is specifically developed for GitOps Kubernetes management.
Under the GitOps model, changes to your infrastructure can be automated with a CI/CD pipeline just as changes to your source code are. Edits to your desired cluster configuration are committed through Git, which triggers the automatic creation of a new image. The image is deposited to a registry, which is monitored for changes by Weave GitOps. The change in the registry then triggers an update to the appropriate Kubernetes configuration YAML. Weave GitOps –which is installed in the cluster itself – then detects that its configuration has been updated, and deploys the new configuration. This process can be used to implement everything from your initial application deployment, to the final cluster teardown.
A GitOps approach to Kubernetes management offers many advantages. It simplifies the process of working with Kubernetes by automating the complex details of deployment and letting teams make changes through an already familiar version-control system. By automating the process of making configuration upgrades, teams are able to quickly respond to changes in their computational requirements. Any previous state of the clusters can be easily reproduced by simply rolling back to the commit that produced it. This allows for rapid incident response if the infrastructure is compromised by a security breach – or just plain human error. Additionally, with Weave GitOps, deployments also keep sensitive credentials within the cluster, making your application more secure. Since changes are tracked and logged in Git, compliance and auditing are as simple as printing your commit log.
A GitOps workflow requires a fairly specific stack of tools. Let’s take a more detailed look at the building blocks you need.
Kubernetes: This is the foundation of it all; the cluster(s) on which your application runs. The GitOps model can be used both with a managed Kubernetes service or a DIY deployment.
Git: While you don’t necessarily need Git specifically, you will need a version-controlled repository containing your source code as well as the YAML configurations for your clusters. The principle is to have your infrastructure be versioned just as your code base is.
Continuous Integration: The changes to your infrastructure specified in the latest push to your repository should be tested and integrated automatically. There are some tools that take a cloud-native approach to CI, such as CircleCI or GitLab, which are compatible with the GitOps model.
Continuous Deployment: Approved changes to your code and infrastructure should be automatically deployed. While there are many ways to achieve this with your code, Weave GitOps is designed specifically for deploying infrastructure and application changes to your Kubernetes clusters once it detects a new image in the image repository. When Weave GitOps notices the new image, it will check out the corresponding manifest, update it and then check it back into Git. At this point the state has changed and the new image is deployed, bringing the cluster state back in balance with what’s in git.
Secrets Management: If you are storing secrets in Git or you are using a private repository, you will need a tool to manage your authentication credentials and protect them from exposure. Sealed Secrets is an open source project specifically designed for a GitOps workflow. Another popular choice is Vault from Hashicorp.
Reports & Alerts: When the live state of your infrastructure diverges from your “source of truth,” you want software to detect the difference and alert you to it. Weave GitOps delivers this with comparison tools like kubediff.
Deploying a cloud-native application on Kubernetes requires many shifts in your operations approach, and new skills to master. Fortunately, there are many tools to help manage the complexity of cloud-based infrastructure and let you focus on developing your application.
The more you automate your Kubernetes management, the more agile your team will be, so it makes sense to leverage the power of these tools at every step of your deployment process. A full GitOps system is built from a chain of services that automate the management of your clusters from end-to-end. When the pieces all come together, the result is a fully-automated infrastructure that can be managed without exposing the underlying complexity. The cloud can be a beautiful thing!
Download our Whitepaper on Automating Kubernetes for an in depth reading on this topic.