The Tech Chorus DevOps Platform

In the last decade, the way people develop and deploy software has evolved drastically. There is an amalgamation of various sub-disciplines such as

• IT engineering - primarily deals with hardware and networking infrastructure
• System administration - responsible for managing servers in the rack, data center or at a colocation service
• Cloud infrastructure engineering - exclusively manage the infrastructure in the public cloud
• Platform engineering - build and maintain a platform to deploy software applications. Shields the users from the complixity.

All of these sub-disciplene can be called DevOps engineering.

In a previous series of blog posts, we discussed the Kubernetes objects typically used to run a web application. We covered, Namespace, Pod, ConfigMap, Secret, Service, Deployment, ServiceAccount, Ingress, PDB, HPA, PV, PVC, Job and CronJob.

In this post, we will discuss some fundamental building blocks for the Kubernetes cluster administration: RBAC objects.

In most situations, Kubernetes API server is started with the flag --authorization-mode=RBAC which enables RBAC in the cluster.

This is a guide to write a Kubernetes controller. We will kick off by inspecting the Kubernetes API from inside a pod within the cluster. Minikube suffices for this exercise. But you can conduct the exercise to any Kubernetes cluster.

The controller watches events related to Kubernetes pods using the Kubernetes API. When there is a new event, the controller logs the event’s type and the name of the affected pod. This controller can be extended to perform other actions when pod events occur, such as scaling the number of replicas for a deployment, sending notifications, or triggering a custom script or program.

Architecture 1: Kubernetes Control Plane Without HA

Create three Virtual Machine guests on your laptop or workstation.

• VM 01 - Kubernetes Control Plane
• VM 02, VM 03 - Kubernetes Worker nodes

Architecture 2: Kubernetes Control Plane With HA

Create five Virtual Machine guests on your laptop or workstation.

• VM 01, VM 02, VM 03 - Kubernetes Control Plane with HA
• VM 04, VM 05 - Kubernetes Worker nodes

Use the Kubeadm tool to create the cluster.

In the Kubernetes Objects Required For A Typical Web Application post we talked about few Kubernetes objects that a web application developer should get accustomed to. In this post, we will extend the series and talk about more objects that can help web developers scale their applications.

As we delve deeper into Kubernetes topics, the demarcation of roles and skill sets start to reveal. In larger organizations, a dedicated team of infrastructure engineers design and make choices of network topology, IAC tooling and orchestration of the Kubernetes clusters and CI/CD pipelines. Typically, such DevOps engineers manage scaling and storage by installing the required controllers and CSI drivers. Application developers whose applications are deployed on the cluster maybe able to tune certain parameters of certain objects to manage the scaling needs of their applications. Depending on the situation, the developers maybe able to request and use storage volumes with certain restrictions. Regardless of the organization’s team structure, you should be able to learn about these Kubernetes concepts and objects and play with them locally on your laptop using Minikube.

In a previous post, we discussed using age to manage secrets in Git repositories. In this post, let’s improve our secrets management workflow in Git repositories using SOPS.

sops is an editor of encrypted files that supports popular configuration formats such as YAML and various encryption techniques such as age.

Read the blog post about age to install the package and creating the key file.

This time, we will use sops to perform encryption and decryption operations instead of the age command.

Are you storing secrets such as database credentials, API keys, etc. unencrypted in Git repositories? Stop.

To protect your secrets, do not store them anywhere unencrypted. Especially in Git repositories. Ideally, your organization must have some vault solution where secrets can be stored and securely shared with people on a need-to-know basis. In many small organizations, having such a central secrets management solution is still a luxury. The need to store such secret information in Git repositories is obvious. There are a few ways in which you can encrypt secrets. We discussed using Ansible Vault in one of the previous blog posts.

From an application developer and Kubernetes user’s point of view, you have to have a working knowledge of Kubernetes. The post outlines the most important Kubernetes objects required to deploy a typical web application. Let us assume that the web application uses the two-tier architecture. We also assume that the cluster is created and administered by an infrastructure or DevOps engineer and the necessary access is provided to the developer to deploy their web application onto the Kubernetes cluster. The Kubernetes operations are performed from the web application developer’s perspective.