Get started with Argo CD & Azure Kubernetes Service

As Kubernetes adoption continues to grow so does GitOps. GitOps has been increasing in adoption and popularity among enterprises at a fast rate as well. Here is what GitOps is: “GitOps is an operating model pattern for cloud-native applications & Kubernetes storing application & declarative infrastructure code in Git as the source of truth used for automated continuous delivery.” GitOps puts Git at the center of continuous delivery making git the Source of Truth describing the desired state of your entire system. For a deeper dive into GitOps check out my GitOps course on Pluralsight here: https://app.pluralsight.com/library/courses/gitops-the-big-picture

In the GitOps model, you need GitOps operators. GitOps Operators are software agents that continuously monitor your apps running on your Kubernetes clusters comparing the live state of your app against the desired state you have defined in your Git repository. These GitOps Operators ensure the desired state is in place on your Kubernetes clusters performing create, update, delete activities on your Kubernetes clusters as needed.

This is where Argo CD comes into the picture. Argo CD is one of the top GitOps Operators. It provides declarative, continuous delivery to your Kubernetes clusters. It was created by a team at Intuit in 2018 and later open-sourced. I am going to write a few blogs exploring the use of Argo CD with AKS. This will be the first of the series walking through the deployment of Argo CD to AKS. In the next post, we will deploy an app to Kubernetes using Argo CD and see where the topic goes from there. Now let’s dive into deploying Argo CD to AKS. Here are the steps:

-DEPLOYING ARGO CD ON AKS-

Log onto the Azure portal (https://portal.azure.com)

Launch Azure Cloud Shell

Connect to your AKS cluster from the Azure Cloud Shell by running the following:

# Set your subscription

az account set –subscription YOURSUBSCRIPTIONIDHERE

# Connect to your KS cluster

az aks get-credentials –resource-group YOURRESOURCEGROUPNAME –name CLUSTER NAME

Next let’s create a namespace for Argo CD to deploy all of its components in. To do this run:

kubectl create namespace argocd

Next we can install Argo CD into the new namespace we created. We will reference Argo CD’s GitHub repository for the latest Argo CD operator. Run the following:

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

You should see the following:

You should end up with many objects in the Argo CD namespace.

By default, the Argo CD is not accessible externally. It is deployed with a service type of ClusterIP.

Leaving it at ClusterIP is fine but for the purposes of this blog/lab and getting started lets change this so we can easily access the ArgoCD Server website. # Change the argocd-server service type to LoadBalancer. To do this run the following:

kubectl patch svc argocd-server -n argocd -p ‘{“spec”: {“type”: “LoadBalancer”}}’

Now you will be able to see that the argocd-server service type has been changed to a LoadBalancer type. This means that it now has a public Azure load balancer attached to it with an external IP.

NOTE: This is not recommended in production environments. Only use in a lab or dev environment. In production environments, it is recommended to use an ingress for the Argo CD API server that is secured.

Argo CD auto generated a password during the deployment. We need to get the Argo CD password so we can log into it. To get the password run the following:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=”{.data.password}” | base64 -d && echo

You will see the password in readable format so you can copy it such as shown in the screenshot.

Note the default Argo CD username is admin.

To access the Argo CD web portal you need to access the Argo CD API Server. To do this you can either do this from the external IP of the argo-cd object or the via the Argo CD CLI using the following:

 argocd login <ARGOCD_SERVER>

The Argo CD web portal will look like:

That’s it! You have Argo CD deployed on your AKS cluster. In the next post, I will walk through deploying a simple app to your Kubernetes cluster via Argo CD.

Read more

Guest on New Relic Observy McObservface Podcast – GitOps, Kubernetes, Linux on Azure, AI, Blockchain, and more

I was recently a guest on New Relic‘s Developer Relations team podcast “Observy McObservface” with Jonan Scheffler.

Jonan Scheffler and I talk about Microsoft’s Azure Kubernetes Service (AKS), Linux on Azure, how Microsoft’s been successful at working in enterprise and open source, where I believe GitOps & Kubernetes is eventually going to go, and my excitement in regards to AI and blockchain as well as how they’re going to impact the world. You can listen to the podcast and read the article links below.

Listen to the Podcast:
https://www.buzzsprout.com/1225223/8618776-open-is-not-optional-shifting-sands-and-faxing-on-blockchains-with-steve-buchanan

Read the Article:
https://www.therelicans.com/mandymoore/open-is-not-optional-shifting-sands-and-faxing-on-blockchains-with-steve-buchanan-495p

Read more

Speaking at Open Source North on Azure Arc K8s and GitOps

I am excited to be speaking at Open Source North Conference for the first time this year. It will be on May 20th, 2021.

I will be speaking on Azure Arc enabled Kubernetes and GitOps. My session is titled: “Push Code, Not Containers with Azure Arc enabled Kubernetes and GitOps“. The description is:

Use Azure Arc enabled Kubernetes to manage Kubernetes clusters across Google Cloud Platform and Azure without running a single Kubectl command! In this session, Steve Buchanan will take you into the world of GitOps. He will show you how to deploy applications and configuration to GKE clusters and AKS clusters from a GitHub repository. Explore how we can use this new operating model for Kubernetes and cloud-native apps to declaratively describe and ensure the state of our applications and Kubernetes environments.

You can see my speaker profile and session here: https://opensourcenorth.com/speakers

Register for the conference here: https://hopin.com/events/open-source-north

—-Update—-

The session went great! Here is a recording of the session in case you missed the event:

https://vimeo.com/user131685752/review/554446642/196569f760?sort=lastUserActionEventDate&direction=desc
https://vimeo.com/user131685752/review/554446642/196569f760?sort=lastUserActionEventDate&direction=desc

Read more

CloudSkills.fm Podcast: Cloud Native, Azure Arc, DevOps, GitOps, Kubernetes, and Azure

Recently I had the honor to be a guest on my friend and fellow Microsoft MVP Mike Pfeiffer’s Cloudskills.fm podcast again! This was episode is “106: Steve Buchanan on Cloud Native, DevOps, GitOps, Kubernetes, and Azure“. I was excited to be a guest again on the CloudSkills podcast and catch up with Mike.

On this new episode, we had a chance to talk about a variety of topics like leveling up your career, what I have been up to, diversity and inclusion in the tech, of course Azure, Azure Arc, DevOps, Kubernetes, GitOps, we even touched on SAP on Azure, among other insights.

You can listen to the podcast episode 106 right here on my blog:

Or you can listen to episode #106 here: https://cloudskills.fm/episodes/106.

Back in 2019 I was a guest on the Cloudskills.fm podcast on episode # 15. The past episode was a lot of fun with more of a focus on your career in the world of IT. If you want to check that out here.

Read more

GitOps: The Big Picture

There is another wave coming. This wave is GitOps. GitOps is a technology pattern and operational framework. It is often used for Kubernetes however is really for cloud-native applications in general. Being that a large amount of cloud-native applications these days are designed and built to run on Kubernetes it is no surprise that GitOps is commonly adopted in Kubernetes environments. If you are running Kubernetes or looking at it chances are you may have heard of GitOps. This is how I define GitOps:

GitOps is an operating model pattern for cloud native applications storing application & declarative infrastructure code in Git as the source of truth used for automated continuous delivery.”  

Well, that sums up with GitOps is but it still is a mouthful and can take a bit to wrap ones head around it. In a nutshell GitOps is shifting everything to code, storing everything in Git, making Git the source of truth, and using an operator deploy what is described in Git in your environment including the application and the configuration. With GitOps you describe the desired state of your entire system and GitOps makes it so. It simplifies operations and makes the experience for developers much better allowing them to work out of a tool they are familiar with (Git). Here is a basic sample diagram to give you a visual idea about what GitOps is and how it works:

So in the case of Kubernetes you would have your app code in Git, your container images in Git, and your Kubernetes manifest files. Now there is more to it and how it works but we will not get into all of that in this blog post. This is a good Segway to purpose of this blog post.

The purpose of this blog post is that I just dropped my 7th Pluralsight course GitOps: The Big Picture! This was a fun course to build as I am passionate about and like working with Containers, Kubernetes, and cloud.

A quick shoutout to both Fellow Microsoft MVP/Pluralsight Author Tim Warner and Jason Alba for amplifying my new course!

This course teaches the fundamentals of GitOps, the need for GitOps, GitOps architecture, GitOps workflow, GitOps principles, practices, & tooling such as Flux, Argo CD, AND Jenkins X. Also in this course, GitOps: The Big Picture, you’ll learn what it takes to adopt GitOps. First, you’ll explore what GitOps is and its benefits. Next, you’ll discover GitOps Tooling NS Architecture. Finally, you’ll learn how to use GitOps Workflows. When you’re finished with this course, you’ll have the skills & knowledge of the GitOps framework needed to take the next steps with GitOps.

In the course I give a couple of demos so you can see GitOps in action. The first demo is on “deploying an application using Argo CD” and the second demo is on “GitOps in Action with Azure Arc Enabled Kubernetes using Flux”. Another interesting fact about GitOps is we are starting to see the major cloud providers bring GitOps into their offerings such as Azure Arc and or couple GitOps with their services like with GCP GKE as well as create content on using GitOps with their managed Kubernetes services like with AWS EKS.

GitOps is going to continue to grow right along with the continued growth of Containers, Kubernetes, and Cloud. I am all in and you will see blogs, books, courses, speaking at events, and more from me around GitOps as I continue on my personal journey with it.

Check out the “GitOps: The Big Picture” course here: https://app.pluralsight.com/library/courses/gitops-the-big-picture

Be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing more courses soon on topics around Azure, GitOps, SAP on Azure, & Kubernetes courses soon!

Here is the link to my Pluralsight profile to follow mehttps://app.pluralsight.com/profile/author/steve-buchanan

Read more

Two new Pluralsight Courses: Heroku & Cloud Computing Fundamentals

Over the past couple of months I have been hard at work on some more Pluralsight courses. I am excited to announce that today I released 2 new courses on Pluralsight! These are both cloud related courses. One course is more DevOps focused and the other is focused more on cloud security. One of the courses is intermediate while the other is for those beginning with cloud. It’s pretty cool to have two courses listed on Pluralsight’s new releases!

Newe 0u10 
「 冫 59 ~ Manage. 
弓 Microsoft Azur 
planning Microsoft Azur

Here are the courses:

Heroku: The Big Picture

This course will teach you the basics of Heroku from; architecture components, developer and operational tooling, along with limitations and benefits of using the platform.

Q Search 
Heroku: The Big Picture 
by Steve Buchanan 
The fm

Heroku is a cloud PaaS service that enables companies to speed up the application lifecycle; building, delivering, monitoring, and scaling applications without the headaches of standing up infrastructure to support the application. 

Some of the major topics covered in this Cloud Computing course are:

  • Learn about the components of the Heroku platform and how it works including the architecture, idea to running app, the runtime, Dynos and the various Heroku services.
  • Gain an understanding about the benefits and limitations of the Heroku platform such as pricing, language support, and ecosystem.
  • Insight into the developer and operational experience on Heroku.
  • And you will also see demos on the Heroku Dashboard, Using the Heroku Estimators, and deployment of an application to the Heroku platform.

By the end of this course, you will gain a better understanding of the Heroku platform all up including how to build and operate an application on it.

Check out the course here: https://app.pluralsight.com/library/courses/heroku-big-picture

Cloud Computing Fundamentals: Governance, Risk, Compliance, and Security

This course will teach you the fundamental knowledge needed to understand the essentials of cloud Governance, Risk, Compliance, and Security.

Q Særch_ 
nt Process with aoud 
Cloud Computing F ndamentals: 
Governance, Risk, Compliance, and 
Security 
by Steve Buchanan 
tm ar in tm C:kø_"

Some of the major topics covered in this Cloud Computing course are:

  • Identifying the importance and impacts of compliance in the cloud
  • Understanding cloud policies or procedures
  • Recognizing risk management concepts related to cloud services
  • Security concerns, measures, or concepts of cloud operations

This Cloud Computing course will help you prepare for the CompTIA Cloud Essentials+ exam. This course is also useful if you don’t plan to take the CompTIA exam and just need to ramp up on cloud security.

Take this course if you want to learn cloud essentials, what it takes to successfully adopt cloud, the impact of cloud on IT service management, how security, and risks apply to cloud as well as consequences. This course is for someone with some exposure to cloud technologies and a general background in Information Technology at the minimum of a business analyst level.

Check out the course here: https://app.pluralsight.com/library/courses/cloud-computing-fundamentals-governance-risk-compliance-security

I hope you find value in each of these courses. These two courses bring me to a total of 5 courses now published on the Pluralsight platform. Be sure to follow my profile on Pluralsight so you will be notified as I release new courses! I will be releasing more courses soon!

Here is the link to my Pluralsight profile to follow mehttps://app.pluralsight.com/profile/author/steve-buchanan

Read more

Speaking at Inside Azure Management Summit

I was recently added to the speaker lineup for the “Inside  Azure Management Summit” happening on 7/23/2020. This event is a FREE 1-day virtual event. It features the Microsoft cloud experts from the authoring team of “Inside Azure Management” book, Microsoft MVP’s, and community experts from around the world.

Attendees will get a day full of deep-dive technical sessions across a variety of Microsoft cloud topics including:

  • DevOps and Automation
  • Cyber Security
  • Cloud Governance
  • Migration and Monitoring
  • Docker and Kubernetes
  • AI and Identity

The sessions will span a 13-hr period to allow audiences from around the world to join a portion of the event.

 I will be giving a session on Azure Policy. Here is my session info:

Session Title:

Azure Policy Insights & Multi-Tag demo via Azure Policy

 

Session Abstract:

Azure Policy is a great tool when it comes to auditing and ensuring your cloud governance is met. In this session 9 time Microsoft Azure MVP Steve Buchanan is going to take you on a full-speed ride on the ins and outs of Azure Policy and land you with a recipe for handling a multi-tagging strategy with Azure Policy. Some of the key topics you will learn from this session include:

  • Overview of Azure Policy
  • Azure Policy Use Cases
  • How Azure Policy can meet NIST standards
  • Azure Policy vs RBAC
  • Overview of Azure Policy Guest Configuration
  • Tagging and more

Here is the direct link to my session:

https://insideazuremgmt.com/session/azure-policy-insights-multi-tag-demo-via-azure-policy/

Be sure to register for this event to check out all the great sessions including mine on Azure Policy.

Here is the link to the official site:

https://www.insideazuremgmt.com

Here is the link to register:

https://www.eventbrite.com/e/inside-azure-management-the-virtual-summit-tickets-109230577598?aff=ebdssbeac

Read more

Application Gateway Ingress Controller Deployment Script

In Kubernetes, you have a container or containers running as a pod. In front of the pods, you have something known as a service. Services are simply an abstraction that defines a logical set of pods and how to access them. As pods move around the service that defines the pods it is bound to keeps track of what nodes the pods are running on. For external access to services, there is typically an Ingress controller that allows access from outside of the Kubernetes cluster to a service. An ingress defines the rules for inbound connections.

Microsoft has had an Application Gateway Ingress Controller for Azure Kubernetes Service AKS in public preview for some time and recently released for GA. The Application Gateway Ingress Controller (AGIC) monitors the Kubernetes cluster for ingress resources and makes changes to the specified Application Gateway to allow inbound connections.

This allows you to leverage the Application Gateway service in Azure as the entry into your AKS cluster. In addition to utilizing the Application Gateway standard set of functionality, the AGIC uses the Application Gateway Web Application Firewall (WAF). In fact, that is the only version of the Application Gateway that is supported by the AGIC. The great thing about this is that you can put Application Gateways WAF protection in front of your applications that are running on AKS.

This blog post is not a detailed deep dive into AGIC. To learn more about AGIC visit this link: https://azure.github.io/application-gateway-kubernetes-ingress. In this blog post, I want to share a script I built that deploys the AGIC. There are many steps to deploying the AGIC and I figured this is something folks will need to deploy over and over so it makes sense to make it a little easier to do. You won’t have to worry about creating a managed identity, getting various id’s, downloading and updating YAML files, or installing helm charts. Also, this script will be useful if you are not familiar with sed and helm commands. It combines PowerShell, AZ CLI, sed, and helm code. I have already used this script about 10 times myself to deploy the AGIC and boy has it saved me time. I thought it would be useful to someone out there and wanted to share it.

You can download the script here: https://github.com/Buchatech/Application-Gateway-Ingress-Controller-Deployment-Script

I typically deploy RBAC enabled AKS clusters so this script is set up to work with an RBAC enabled AKS cluster. If you are deploying AGIC for a non-RBAC AKS cluster be sure to view the notes in the script and adjust a couple of lines of code to make it non-RBAC ready. Also note this AGIC script is focused on brownfield deployments so before running the script there are some components you should already have deployed. These components are:

  • VNet and 2 Subnets (one for your AKS cluster and one for the App Gateway)
  • AKS Cluster
  • Public IP
  • Application Gateway

The script will deploy and do the following:

  • Deploys the AAD Pod Identity.
  • Creates the Managed Identity used by the AAD Pod Identity.
  • Gives the Managed Identity Contributor access to Application Gateway.
  • Gives the Managed Identity Reader access to the resource group that hosts the Application Gateway.
  • Downloads and renames the sample-helm-config.yaml file to helm-agic-config.yaml.
  • Updates the helm-agic-config.yaml with environment variables and sets RBAC enabled to true using Sed.
  • Adds the Application Gateway ingress helm chart repo and updates the repo on your AKS cluster.
  • Installs the AGIC pod using a helm chart and environment variables in the helm-agic-config.yaml file.
Application Gateway Ingress Controller Architecture

Now let’s take a look at running the script. It is recommended to upload to and run this script from Azure Cloud shell (PowerShell). Run:

./AGICDeployment.ps1 -verbose

You will be prompted for the following as shown in the screenshot:

Enter the name of the Azure Subscription you want to use.:

Enter the name of the Resource Group that contains the AKS Cluster.:

Enter the name of the AKS Cluster you want to use.:

Enter the name of the new Managed Identity.:

Here is a screenshot of what you will see while the script runs.

That’s it. You don’t have to do anything else except entering values at the beginning of running the script. To verify your new AGIC pod is running you can check a couple of things. First, run:

kubectl get pods

Note the name of my AGIC pod is appgw-ingress-azure-6cc9846c47-f7tqn. Your pod name will be different.

Now you can check the logs of the AGIC pod by running:

kubectl logs appgw-ingress-azure-6cc9846c47-f7tqn 

You should not have any errors but if you do they will show in the log. If everything ran fine the output log should look similar to:

After its all said and done you will have a running  Application Gateway Ingress Controller that is connected to the Application Gateway and ready for new ingresses.

This script does not deploy any ingress into your AKS cluster. That will need to be done in addition to this script as you need. The following is an example YAML code for an ingress. You can use this to create an ingress for a pod running in your AKS cluster.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: myapp
          servicePort: 8080

Thanks for reading and check back soon for more blogs on AKS and Azure.

Read more

Build & release a Container Image from Azure DevOps to Azure Web App for Containers

I recently published a blog post on 4sysops.com about Web App for Containers on Azure here: https://4sysops.com/archives/web-app-for-containers-on-azure. That blog post is about the often-overlooked service in Azure that can be used to host a container/s on a web app in Azure App service.

This is a great service if you just need to run a single container or even a couple of containers that you have in Docker Compose. This service is PaaS and abstracts away an orchestration system like Kubernetes. If you need insight into the Azure App Service Web App for Containers service check out the blog post on 4sysops.

In this long blog post I am going to take things a step further and walk-through the build & release of a Container from Azure DevOps to Azure Web App for Containers. The overall goal of this post is to help someone else out if they want to setup a build and release pipeline for building and deploying a container to Azure App Service. We will use a very simple PHP web app I built that will run in the container.

Here are the components that are involved in this scenario:

  • Azure Container Registry (ACR): We will use this to store our container image. We will be pushing up the container image and pull it back down from the registry as a part of the build and release process.
  • Azure DevOps (ADO): This is the DevOps tooling we will use to build our container, push it up to ACR, pull it down into our release pipeline and then deploy to our Azure App Service.
  • App Service Web App for Containers: This is the web server service on Azure that will be used to host our container. Under the hood this will be a container that is running Linux and Apache to host the PHP web app.

Here is the data Flow for our containerized web app:

  1. Deploy the Azure App Service Web App for Containers instance
  2. Deploy the Azure Container Registry
  3. Deploy the Azure DevOps organization and project, create repository to host the code, clone repository in VS Code (Not shown in this blog post. Assume you know how to this up.)
  4. Update the application code (PHP code and Docker image) in Visual Studio code
  5. Commit application code from Visual Studio code to the Azure DevOps repo (Not shown in this blog post. Assume you know how to this up.)
  6. Setup build and then run container build and push the container image to ACR
  7.  Setup release pipeline and then kick off the release pipeline pulling down the container image from ACR and deploys the container to the App Service Web App for Containers instance.

Here is a diagram detailing out the build and release process we will be using:

Click to enlarge

Note that all code used in this blog post is hosted on my GitHub here: https://github.com/Buchatech/EOTD-PHP-APP-DOCKER-CONTAINER

Ok. Let’s get into the setup of core components of the solution and the various parts of the build and release pipeline.

For starters this solution will need a project in Azure DevOps with a repo. Create a project in Azure DevOps and a repo based on Git. Name the repo exerciseoftheday. Next up let’s create the core framework we need in Azure.

Deploy Azure App Service Web App for Containers

Let’s create the Azure App Service Web App for Containers that will be needed. We will need a resource group, an app service plan and then we can setup the app service. The PHP app we will be running is named Exercise Of The Day (EOTD) for short so our resources will use EOTD. Use the following steps to set all of this up.

We will do everything via Azure Cloud Shell. Go to https://shell.azure.com/ or launch Cloud Shell within VS Code.

Run the following Syntax:

# Create a resource group

az group create –name EOTDWebAppRG –location centralus

# Create an Azure App Service plan

az appservice plan create –name EOTDAppServicePlan –resource-group EOTDWebAppRG –sku S1 –is-linux

# Create an Azure App Service Web App for Containers

az webapp create –resource-group EOTDWebAppRG –plan EOTDAppServicePlan –name EOTD –deployment-container-image-name alpine

# Create a deployment slot for the Azure App Service Web App for Containers

az webapp deployment slot create –name EOTD –resource-group EOTDWebAppRG –slot dev –configuration-source EOTD

Deploy Azure Container Registry

Now let’s create the Azure Container Registry. Again, this is where we will store the container image. Run the following Syntax:

# Create Azure Container Registry

az acr create –resource-group EOTDWebAppRG –name eotdacr –sku Basic –admin-enabled false –location centralus

Note the loginServer from the output. This is the FQDN of the registry. Normally we would need this, admin enabled, and the password to log into the registry. In this scenario we won’t need admin enabled or the password because we will be adding a connection to Azure DevOps and the pipelines will handle pushing to and pulling the image from the registry.

When it’s all done you should see the following resources in the new resource group:

Next, we will need to build an application and a container image.

Read more

2019 Review – Blogs, Pluralsight, Speaking, Podcasts, Books, Promotion and more

2019 is at its end closing out the current decade beginning a new decade! The 2010s have been great with a lot of personal and professional growth. I am looking forward to and welcome what the 2020s will bring! Overall 2019 was a great year with lots of fantastic adventures and accomplishments. In this blog post, I am going to reflect on 2019. I am also going to try something new in this blog post. I will recount some failures from this year along with the successes. I typically don’t post about failures or even speak about them publicly but I think it is important to reflect on them as a learning opportunity and share with others as we all win some and lose some.

Ok. Let me briefly recount the losses from 2019. No so good events from 2019 are:

I failed a couple of certifications including the AZ-302 upgrade exam (should have studied more) and the Terraform beta exam. I reviewed an Azure book that did not publish. This one was out of my control but still something this year that I am not proud of but definitely learned to ask more questions about a project like this before saying yes.
In 2019 I was not accepted to speak at Ignite. It’s actually been several years since I have been accepted to speak at Ignite. That is the list. Again we win some things in life and we lose some. The important thing is to learn from any losses, roll with the punches and keep moving forward.

Now for the fun part of this post. Let’s move onto the wins! First off the #1 win of 2019 is that my family was healthy and happy for another year! Also, I was able to continue to focus on Azure and DevOps adding in Containers, Kubernetes and more open source in general. Here is a full recount of what occurred in 2019.

Read more