Misconfigurations are the leading cause behind security incidents in Kubernetes-orchestrated or otherwise containerized environments. Without proper configuration in place, applications would run into problems ranging from noncompliance and inconsistencies to performance bottlenecks, security vulnerabilities, and functionality failure. Therefore, configuration management is a critical component in a software development lifecycle for maintaining systems in a desired, consistent state.
According to Red Hat’s State of Kubernetes Security report, misconfigurations were the leading cause behind security incidents in Kubernetes-orchestrated or otherwise containerized environments. Without proper configuration in place, applications would run into problems ranging from noncompliance and inconsistencies to performance bottlenecks, security vulnerabilities, and functionality failure. This would make cloud-native systems unstable and cause them to become a liability to businesses. For this reason, configuration management is a critical component in a software development lifecycle for maintaining systems in a desired, consistent state. However, the way configuration management is done has been evolving over the years. This post traces the history of configuration management, focusing on how GitOps handles this critical aspect of running cloud-native applications today.
Continuous configuration occurs when a configuration platform is used to automate, monitor, design, and manage otherwise manual processes, which are essential components of improving the overall efficiency and success of your team's SDLC. There are several areas to prioritize in a continuous configuration methodology — the right tools for building a continuous deployment pipeline, effective pipeline maintenance and management, and, of course, widespread automation.
In addition to covering key benefits of continuous configuration, our Refcard details specific concepts and foundations of this modern approach to DevOps, including build automation, infrastructure as code, configuration monitoring and management, enforcement in CI/CD processes, and more!
This article is controversial. It aggressively questions helm-charts and current dev workflow designs, and I’m well aware that not everyone will like this. Let me be clear before we dive in: this is an enterprise view. It’s a view that is relevant to team sizes of 20 developers onwards. If you’re a smaller dev shop that builds a few apps, this doesn’t apply to you, and you should just keep things as is. But for those of you that are working at scale or that are about to scale: watch out. Your helm-chart zoo will kill you. Maybe not tomorrow but almost definitely next year.
Working Change by Change With kubectl
At first, they created kubectl-kangaroo, and everyone could do everything the way they wanted. However, the challenge with just using kubectl is that you are working change by change. That’s fast but makes it impossible to track what has actually changed in your cluster. One super clever person went ahead and managed everything in Kubernetes manifests and then versioned them in Git. Dope, my friend, dope.
With services like S3, Lambda, API Gateway, and AppSync, building cloud backends is easier than ever before. Serverless technology has freed developers from most of the work that provisioning and maintaining infrastructure once required.
But now, after using serverless for many years, I’ve come to realize they aren’t as easy to use as some serverless proponents might suggest.
Nowadays, there’s no lack of articles about the GitOps approach, ArgoCD, and other tools for Kubernetes configuration management and application deployments. Yet most of them are pretty high level, or don’t go beyond the “hello world” level.
In this series of articles, I’m going to explain in detail (and with examples) how to build Kubernetes infrastructure with the GitOps approach. We’ll talk about your Git repos, CI/CD pipelines for specific environments, and ways to organize your work and your automation. These guides represent and generalize my experience of building GitOps environments in different companies with different needs.
After the gang of four (GOF) Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides published the book, Design Patterns: Elements of Reusable Object-Oriented Software, learning how to describe problems and solutions became popular in almost every field in software development. Likewise, learning to describe don’ts and anti-pattern became equally as popular.
In publications that discussed these concepts, we find helpful recommendations for software design, project management, configuration management, and much more. In this article, I will share my ideas about version numbers for software artifacts.
Find out how to navigate the Deathstar.
You may also like:
Angular Libraries and Microservices
Microservice Deathstar Created when Configuration Management Shifts to Runtime
The microservice Deathstar shows a visual depiction of microservice configuration management. Yes, that phrase again, but what is it?
What's in your walle- I mean, toolbox?
DevOps has been a hot topic for many years, but it's still common for organizations to feel overwhelmed by the complexity of automating their entire infrastructure and to get hung up on which tools to use.
An integrated set of DevOps tools for monitoring has the power to improve visibility and productivity, achieve higher-performing systems, and establish cross-functional collaboration. The right toolset is more than the tools themselves — it’s about developing the culture, discipline, and practices that come to define your product/service and your workplace.
Application development teams need to move fast. Yet they often need to reinvent the wheel when it comes to machine identities such as SSL/TLS certificates. They frequently create their own security infrastructure, using a combination of Open SSL, secrets management tools, DevOps platforms, and scripts. Then, as environments and tools change, apps are migrated and regulatory frameworks change, those same developers need to spend time re-coding applications, updating scripts. or learning new certificate authority APIs.
Why Do Developers Reinvent the Wheel?
Developers prefer to stay within their existing toolchain and often view Information Security has a barrier rather than an enabler. Often, security processes for SSL/TLS certificates are antiquated and require manual steps such as submitting a ticket, which are incompatible with the dynamic, ephemeral DevOps environments. As a result, developers take on the burden of creating their own security infrastructure, even though they are not PKI experts. This diverts resources away from their core responsibilities, ultimately slowing them down.
