How CD and GitOps Help You Build a Successful K8s Platform

Increasingly, businesses are turning to Kubernetes as the go-to container orchestration platform to manage containerized applications efficiently. One important aspect of creating a great Kubernetes platform experience is by making it easy to deploy applications using continuous integration/continuous deployment (CI/CD) pipelines. When you think about internal developer platforms (sometimes called IDPs) for Kubernetes, the goal is to build a platform that minimizes the need for your development team to make infrastructure decisions while making it easy for developers to self-service environment builds. To be successful, it also needs to integrate with continuous CI/CD processes. A good IDP provides a self-service layer for developers, with guardrails and security features to ensure the apps and services you’ve deployed run securely, reliably, and cost-efficiently.

Must-Haves in a Kubernetes Platform

Inevitably, some developers know more about Kubernetes than others and want to dig into the details of K8s, while others are focused solely on their app or service. The goal of a platform is to make it easy to deploy to K8s without putting your environment or deployments at risk. In Kubernetes, a platform must include five main components:

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

• Add-ons — The tools your platform engineers or DevOps team want installed in your clusters, tools that enable you to get traffic into the cluster, expose apps externally, add certificates, configure DNS, provide autoscaling and provision new nodes as needed.
• Governance — How you apply and enforce policies related to security, reliability and cost efficiency.
• CI/CD — How you apply best practices in your cluster using automation. This article dives more deeply into how to apply CD and follow best practices in your cluster.
• Monitoring & Feedback — Identifying issues and remediation suggestions to developers during code review.
• Cost Management & Reporting — Ensuring you understand cloud spend even in ephemeral Kubernetes environments.

Continuous Deployment in Kubernetes

Together, Kubernetes and CI/CD automate application management processes. While Kubernetes manages containerized application deployment and scaling, CI/CD pipelines automate the process of integrating code changes and deploying updated code to production environments. We often use the terms CI and CD interchangeably, but they are two sides of a solution that work together. Continuous integration is based on continuous code integration and provides a means of automating builds and testing to achieve this. It can also shift best practices and policy enforcement left in the development process. Continuous delivery addresses how developers can get their code into their various environments faster and ensure standardization in their deployments. Many tools do both CI and CD, but this article focuses on GitOps and ArgoCD and how they can help you build a better IDP.

GitOps is a popular method of implementing continuous delivery. GitOps helps automate application deployment and infrastructure provisioning, allowing teams to use familiar software development tools to manage application and infrastructure changes. Argo CD is an open source GitOps tool that monitors your clusters and declarative infrastructure and resolves the differences based on what’s stored in Git. It automates application deployment and allows you to ensure anyone can view the infrastructure but that no one unauthorized is able to delete or modify it. This visibility is helpful for debugging issues; for example, if developers can’t determine whether a request is reaching the ingress controller to your pod, they can view the ingress controller logs to see what’s actually happening. Developers can also look at the live manifest to see what’s taking place in the cluster without requiring the exposure of secrets, allowing platform teams to maintain security while enabling developers to troubleshoot issues effectively.

This approach allows you to empower and enable your developers rather than restricting them by locking everything down. A platform team can set up the GitHub repository and the credentials that allow Argo CD to talk to the repositories needed, making it simple to provide access to your code repos automatically and deploy new applications. You can easily see where the infrastructure repo is added in the Argo CD configuration, which Argo does via secrets that have annotations on them using specific labels. You can also pre-populate credentials and split them between two different objects and create a repo template in Argo CD that’s been deployed with the credentials. Consider configuring that ahead of time, which will help prevent your developers from attempting to create access tokens with more access than needed.

Another good option is to set up the repo template as a specific type of object in Argo CD using the user interface or set it up so your developers can create applications using YAML. That enables teams to build their own app of apps for Argo CD, enabling a self-service model that allows your developers to deploy the way they want, maintain visibility into what’s happening and still troubleshoot effectively.

Continuous Deployment in Your Kubernetes IDP

Continuous deployment is critical to building a successful Kubernetes IDP because it automates the process of deploying applications. This helps you to ensure a reliable and efficient development process. By following best practices and using the right tools for your team and environments, you can create a scalable, robust Kubernetes platform that empowers your development teams to deliver cost-efficient, secure and reliable applications quickly and consistently.