GitOps – Buchatech.com

Guest on StreamingClouds – Navigating AKS: Scenarios and strategies, GitOps, Fleet Management, Platform Engineering and more

February 24, 2023 by sbuchanan

I recently was a guest on StreamingClouds. StreamingClouds is a multicloud live stream by Microsoft CSA Kevin Evans and Microsoft MVP Robin Smorenburg. With topics ranging from cloud native to hybrid, security, architecture, strategy, careers, personal development, and more.

StreamingClouds is more than just a live stream podcast its also a diverse community where the members can all learn from each other.

To highlight what we covered in the episode, we discussed how to effectively use Microsoft’s AKS documentation, reference architectures, scripts, and tools for your AKS project. We also touched on GitOps, Fleet Management, Platform Engineering and more.

Here is a full description of what we covered on the episode:
Starting an AKS project soon or in the middle of one and lost? Have you tried to use the Microsoft AKS documentation, reference architectures, scripts, and tools but feel stuck on what to use and when to use it? Let’s talk about it and get you the guidance you need. There is a formula and framework to using these AKS artifacts from Microsoft.

In 2022 I wrote a couple of blog posts that give guidance on how to utilize the Microsoft AKS artifacts and tools. In these blog posts I baked in experience from my days delivering AKS projects to Fortune 500 enterprises. We thought it would be a good idea to dive into the content from these live on the podcast talking through these topics to help listeners who are embarking on an AKS journey. Here aforementioned blog posts for reference:

A Guide to Navigating the AKS Enterprise Documentation & Scripts

Simplify your AKS IaC Deployments using the AKS Construction Helper tool

We dove into:

Architecture Design:
Baseline architecture for an Azure Kubernetes Service (AKS) cluster
AKS Secure Baseline with Private Cluster
AKS baseline for multi-region clusters
AKS regulated cluster for PCI
Advanced Azure Kubernetes Service (AKS) microservices architecture

Deployment:
AKS landing zone accelerator
AKS Construction Helper
AKS Baseline Automation
Azure Draft for AKS

Operation:
Operations management considerations for Azure Kubernetes Service
Azure Kubernetes Services (AKS) day-2 operations guide

You can watch a recording of the stream here:

Guest on AzureTalks Podcast – Containerize apps to AKS with Azure Draft, and Hybrid with Azure Arc

January 4, 2023 by sbuchanan

I am kicking off the new year as a guest on the “AzureTalks” podcast by Rolf Schutten. Rolf is a Microsoft MVP based out of the Netherlands. The AzureTalks podcast is a free-form conversation with experts and advocates around the industry discussing various topics on Azure, its services, and integration points with Azure. Some of the topics also get into strategy career, personal development, and more. You can listen to podcast episodes on Google Podcasts, Spotify, and YouTube. You can find the website for this podcast here: www .azuretalks.com

The episode I am a guest on is #004 titled “Containerize apps to AKS with Azure Draft, and Hybrid with Azure Arc“.

In this episode, we discuss how developers can utilize Azure Draft to streamline taking their non-containerized app from code to running on AKS. Azure Draft takes you through the entire process from creating the container, the files needed to run on Kubernetes manifests, Helm charts, or Kustomize, pushing up to an Azure Container Registry, and deploying to AKS.

We also dive into GitHub, GitOps, the differences between push and pull methods with continuous deployment, and even we even touched on hybrid cloud strategies and what role Azure Arc plays in this space. Listen to the audio version of the podcast episode here:

or check out the video version here.

My 1st Microsoft Article: Build and deploy apps on AKS using DevOps (GitHub Actions) and GitOps (ArgoCD)

October 4, 2022October 4, 2022 by sbuchanan

Yesterday a new article titled “Build and deploy apps on AKS using DevOps and GitOps” was published. This is an article I was working on for a while and it is the first item of work that I can share publicly since joining Microsoft. I am working on many other things I can’t share publicly at the moment. :-)!

The article is a part of the Azure Architecture Center. This article is about modernizing end-to-end app build and deploy using containers, continuous integration (CI) via GitHub Actions for build and push to an Azure Container Registry, as well as GitOps via Argo CD for continuous deployment (CD) to an AKS cluster.

The article can be found here:

https://learn.microsoft.com/en-us/azure/architecture/example-scenario/apps/devops-with-aks

The article explores deploying a Python and Flask based app via two CI/CD approaches push-based and pull-based (GitOps). It is complete with a pros and cons comparison of both approaches and architecture diagrams for each that you can download. Here is a screenshot of the pull-based (GitOps) architecture:

The technologies used in this article and scenario include:

GitHub

GitHub Actions

Azure Container Registry

Azure Kubernetes Service (AKS)

Argo CD (GitOps Operator)

Azure Monitor

This article also has a repository with code for both the push-based CI/CD scenario and the pull-based CI/CD (GitOps) scenario in the AKS Baseline Automation. I had the opportunity to spearhead and work on these. They will walk through using each approach and have the code for the Flask App, and GitHub Actions to run the approaches. A direct link to this section of the article is here: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/apps/devops-with-aks#deploy-this-scenario

I hope that you find all of this useful. Now go check out the article and deploy the app using the approaches. Stay tuned for more from me at Microsoft and for more blog posts here!

Simplify your AKS IaC Deployments using the AKS Construction Helper tool

September 13, 2022 by sbuchanan

After designing and architecting AKS the next step is to deploy your cluster/s. It is ideal to build your AKS deployments out as code.

This means taking your Azure infrastructure & AKS cluster/s design and scripting them as IaC (Infrastructure as Code). Scripting the AKS deployment vs manually deploying gives you documentation as code, standardization, & a templatized deployment for repeatability. You can deploy this code as is, place it in a pipeline for ease of deployment, in inner-source, or in a service catalog for access by multiple teams.

Microsoft has built a tool named the AKS Construction helper to accelerate building out your IaC for AKS. This tool is not as well-known as it should be. I wanted to blog about this tool to share this great resource that will save you tons of time. The AKS Construction helper was originally launched by Keith Howling of Microsoft. The core contributors to this tool have been Gordon Byers and Keith Howling with contributions from others as well.

The AKS Construction helper unifies guidance provided by the AKS Secure Baseline, Well Architected Framework, Cloud Adoption Framework, and Enterprise-Scale. It also is part of the official AKS Landing Zone Accelerator (Enterprise Scale). The AKS Construction helper lets you configure your AKS deployment using wizard/form style selections. After you complete your selections the tool gives you IaC code that you can copy to perform the AKS Deployment/s. You can get code for Az CLI, a Github Actions workflow, Terraform, or a Parameters file that can be used with an ARM Template.

Let’s go ahead and take a tour of the tool.

The tool lets you select Operations Principles or Enterprise-Scale path for configuring the options.

This helps narrow down the overall design requirements of your AKS deployment.

The next section of the AKS Construction helper is to fine-tune your AKS deployment. This gives you the chance to tweak things like the cluster name, K8s version, resource group, region, to be created, IP and Cider, initial RBAC, SLA, autoscaling, upgrade configuration, cluster networking, add ons such as an ingress controller (App Gateway, NGINX, etc), monitoring such as Azure Monitor, Azure policy, service mesh, secret storage, Keda, GitOps with Flux, and even has a few options to deploy some sample apps. This is done across 5 tabs in the Fine tine and Deploy section.

After you have set all of the configurations for your cluster there is code available for you to copy on the Deploy tab. Again you have options for Az CLI, a Github Actions workflow, Terraform scripts or an ARM Template Parameters file. Running the deployment code will deploy your AKS cluster exactly how you have it configured in the AKS Construction helper tool.

What if you are not ready to deploy your AKS Clusters now but you do not want to lose your configuration? The tool has you covered. At the end of the Deploy Cluster code you can click the link as shown in the screenshot to get a URL for your configuration.

The URL will look similar to this:

https://azure.github.io/AKS-Construction/?deploy.deployItemKey=deployArmCli&ops=oss&preset=defaultOps&deploy.location=EastUS2&addons.ingress=nginx&addons.monitor=aci&addons.openServiceMeshAddon=true&addons.fluxGitOpsAddon=true

You can access this URL at any time to pick up where you left off with your AKS deployment configuration.

That brings us to the end of this blog post. Stop wasting time, head over to the tool, and start using this for all of your AKS Deployments. Here are the links for the tool:

The wizard-driven tool can be found here:

https://azure.github.io/AKS-Construction

The GitHub Repository for the tool can be found here:

https://github.com/Azure/AKS-Construction

How To Set the Application Reconciliation Timeout in Argo CD

August 8, 2022 by sbuchanan

Argo CD has something called the Application reconciliation timeout. This is how often your applications will sync from Argo CD to the Git repository. It looks for changes and when it sees changes it will then apply the desired state from the repo to the Kubernetes (K8s) cluster. By default the timeout period is set to 3 minutes. This is set in the General Argo CD configuration.

The General Argo CD configuration is set in the argocd-cm ConfigMap. And the argocd-cm ConfigMap is deployed in the argocd namespace.

You can view what is currently set by running the following kubectl command on your K8s cluster that is running your Argo CD instance:

kubectl describe configmaps argocd-cm -n argocd

The output will look like the following:

You can also see that the argocd-cm Data is empty by running kubectl get configmaps -n argocd or if you are using AKS navigate to ConfigMaps in the Azure portal like in the following screenshot.

Most Argo CD instances are running the default settings for its configurations. The argocd-server component reads and writes to the argocd-cm ConfigMap and other Argo configuration ConfigMaps based on admin user interactions with the Argo CD web UI or the Argo CD CLI. It is normal for it to be empty with Data at 0 if you have not changed any defaults or set anything directly in the ConfigMap yet.

To change the Application reconciliation timeout you need to do the following:

Get a copy of the argocd-cm ConfigMap here: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
The Application reconciliation timeout can be found on line 283 “timeout.reconciliation: 180s”.
Change “180s” to whatever number you want to change it to i.e. change to “60s” to reduce the sync internal to 1 minute.
Remove all of the other settings in the file except for the Application reconciliation timeout. The file should look like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
data:
  # Application reconciliation timeout is the max amount of time required to discover if a new manifests version got
  # published to the repository. Reconciliation by timeout is disabled if timeout is set to 0. Three minutes by default.
  # > Note: argocd-repo-server deployment must be manually restarted after changing the setting.
  timeout.reconciliation: 60s

5. Save the file.

6. Connect to the Kubernetes cluster that is running Argo CD and apply the argocd-cm ConfigMap file you just updated by running the following:

kubectl apply -f argocd-cm.yaml -n argocd

7. Run the following to verify the update was applied:

kubectl describe configmaps argocd-cm -n argocd

You should also notice at least 1 is listed under Data for the ConfigMap now.

8. It is a good practice to redeploy the argocd-repo-server after updating the argocd-cm ConfgigMap. You can redeploy the argocd-repo-server by running the following:

kubectl -n argocd rollout restart deploy argocd-repo-server

That’s it! Now your app in Argo CD will sync on the new Application Reconciliation Timeout that you set. Check back soon for more Azure, Cloud, Kubernetes, GitOps, Argo CD content and more.

BTW: For more in-depth information on GitOps and Argo CD check out my GitOps and Argo CD courses on Pluralsight here:

“GitOps: The Big Picture“:

https://app.pluralsight.com/library/courses/gitops-the-big-picture

“Getting Started with Argo CD“:

https://app.pluralsight.com/library/courses/argo-cd-getting-started

And here is the link to my Pluralsight profile to follow me: https://app.pluralsight.com/profile/author/steve-buchanan

GitOps Fundamentals Certification

August 8, 2022August 6, 2022 by sbuchanan

Recently Codefresh launched the 1st certification in its GitOps certification path. This one is called “GitOps Fundamentals“. You can find it here: https://codefresh.learnworlds.com .

It takes you through the basics of GitOps to gain theoretical knowledge, and how to utilize Argo CD as the GitOps operator to gain hands-on knowledge. You will learn about both and will have questions on both in the quizzes and final exam.

They also touch on Argo Rollouts to go over Progressive Delivery with topics such as blue/green deployments and canary deployments. This is the 1st ever GitOps certification and it’s free! They do have plans for GitOps at Edge and GitOps at Scale certifications.

You can find more information about the GitOps certification and Codefresh’s future plans for it on this blog by Hannah Seligson (one of the authors of the course and exam) here: https://codefresh.io/blog/get-gitops-certified-argo.

I jumped all over this opportunity to get certified on GitOps, by signing up for the course, taking the training, and the exam! I passed and now I am GitOps certified.

Here is the certification:

GitOps is gaining adoption more and more every day in the Kubernetes space. Also, Argo CD is growing extremely fast as one of the top if not the top GitOps operator. I recommend you check this Codefresh GitOps certification out and get GitOps certified as this pattern and the technology behind it are growing at a super fast rate.

Also note, it looks like Weaveworks is planning to launch a “Certified GitOps Practitioner (CGP)” certification soon. I would guess the Weaveworks GitOps certification will contain content on Flux another GitOps operator. You can learn more about their coming GitOps certification here: https://www.weave.works/certified-gitops-practitioner

Also for more training on GitOps and Argo CD be sure to check out my GitOps and Argo CD courses on Pluralsight here:

“GitOps: The Big Picture“:

https://app.pluralsight.com/library/courses/gitops-the-big-picture

“Getting Started with Argo CD“:

https://app.pluralsight.com/library/courses/argo-cd-getting-started

And here is the link to my Pluralsight profile to follow me for future GitOps, Kubernetes, Cloud, and DevOps content: https://app.pluralsight.com/profile/author/steve-buchanan

Watch Learn Live Episode 7 – Introduction to Azure Arc enabled Kubernetes

May 6, 2022May 6, 2022 by sbuchanan

Today Pierre Roman (@wiredcanuck) Senior Cloud Advocate of Microsoft & myself (@buchatech) streamed “Introduction to Azure Arc enabled Kubernetes” on Learn Live. Here is what we covered in this session:

In this session, showed you how Azure Arc enabled Kubernetes clusters can help customers like Contoso to optimize and simplify their operations. Here are the Learning objectives we covered:

Describe Kubernetes, Azure Arc, and Azure Arc-enabled Kubernetes.
Connect Kubernetes clusters to Azure Arc.
Manage Azure Arc enabled Kubernetes clusters by using GitOps.
Integrate Azure Arc enabled Kubernetes cluster with Azure services like Azure Monitor and Azure Policy.

If you missed it don’t worry. 🙂 You can watch the playback on the Microsoft Developer YouTube channel here:

You can check out more Learn Live episodes on the:

Learn Live: Azure Hybrid Cloud Study Hall YouTube Playlist: https://www.youtube.com/watch?v=Oxwn8112loo&list=PLlrxD0HtieHiOKfpI9oWUQ051MLO-BzEt

Learn Live Channel (all learn live videos are here): https://aka.ms/LearnLive

Tech Talk with Kazeem – Azure Arc Enabled Kubernetes for Beginners

March 17, 2022 by sbuchanan

I was a guest on Tech Talk with Kazeem again! The topic of discussion was Azure Arc Enabled Kubernetes for Beginners.

This image has an empty alt attribute; its file name is TechTalk-w-Kazeem-2022-ArcK8s-2.png

This image has an empty alt attribute; its file name is TechTalk-w-Kazeem-2022-ArcK8s-1.png

In the discussion with me and Microsoft MVP Kazeem Adegboyega, we talked about Azure Stack, AKS, Azure Arc: K8s, and GitOps! We talked about each technology and when to use them for what purpose and more.

You can check it out here:

Cloudbusting Podcast Guest EP130 – Diving into Jucy Lucy, & Root Canal’s with a little Kubernetes, Azure Arc, & GitOps on the side

February 22, 2022 by sbuchanan

This was a fun podcast with Jez Ward, and Dave Chapman of Cloudreach. They run a podcast called Cloudbusting. On the podcast they focus on transformation, leadership, ways of working and emerging technology they explore the significant impact that cloud is having on people and businesses.

On this podcast episode, we set out to answer very important questions such as what are Jucy Lucy’s?, what are root Canals like today? oh, and yeah we also spend some time talking about what Containers, Kubernetes, & GitOps are and how they fit in the cloud.

Check out the podcast episode here:

https://www.cloudreach.com/en/podcasts/diving-into-kubernetes-azure-arc-gitops-episode-130

Registering an Azure Kubernetes Service Cluster with Argo CD

December 7, 2021December 3, 2021 by sbuchanan

Argo CD is a GitOps operator and the goal of it is to be able to deploy apps to Kubernetes. In the majority of cases, we want to use Argo CD to deploy apps to many clusters.

Argo CD itself is deployed as a set of pods on a Kubernetes cluster. By default with an Argo CD deployment, the cluster it is running on is set as “in-cluster” (https://kubernetes.default.svc). When apps are configured for deployment a Kubernetes Cluster under Destination is required. They can be deployed to either the “in-cluster” K8s cluster or an external K8s cluster.

In order to deploy apps to an external Kubernetes cluster, you will need to register an external K8s cluster with Argo CD.

If you want to see the clusters you have registered with your Argo CD one way is through the web UI. Once you log in navigate to Settings and then Clusters to see them.

You can also see the clusters you have in the Argo CD CLI. To use the Argo CD CLI you need to log into the Argo CD API Server as shown in the following screenshot.

To see what clusters are registered from the CLI you can run

argocd cluster list

You will notice that you will only see the In-Cluster K8s cluster until you add an external one. Also, note that you are not able to register a new K8 cluster in the Argo CD web UI. You can only register a new K8s cluster from the Argo CD CLI. Within the Argo CD web UI you can delete the default in-cluster K8s cluster. This is not recommended.

If you click on the In-Cluster K8s cluster you can modify some settings of the in-cluster K8s cluster in the Argo CD web UI such as the name of it and its namespace. Not useful when you want to have more control over the settings around the K8s cluster you will be deploying apps to.

In my example, my Azure subscription has two AKS clusters. You can see this in the following screenshot. The arriving-gelding-k8s cluster is my In-Cluster object in Argo CD. The selected-worm-k8s is not my In-Cluster so I want to add this one to my Argo CD.

To add the new external cluster run use the following steps.

Step 1: Add your target K8s cluster to ArgoCD via the context in your kubectl config.

-For AKS you can simply log into your Azure subscription from VS Code on your computer and then run

az aks get-credentials –resource-group RGNAME –name AKSCLUSTERNAME

This will add the context for your AKS cluster to your kubeconfig file.

-For the process on your setup refer to the following link as it may differ: https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters

Step 2: List the K8 cluster contexts in your current kubeconfig file to ensure your target cluster has been added. Do this by locally running:

kubectl config get-contexts -o name

Step 3: Install a Service Account (argocd-manager), into the kube-system namespace of your kubeconfig file context:

argocd cluster add CONTEXTNAME

It will look like this:

After completing the previous steps you can run argocd cluster list again or go into the portal. You will see your new cluster added.

That wraps up this blog post. Now you should be able to deploy to more than just your In-Cluster Kubernetes cluster. Check back soon for more posts on Argo CD, GitOps, Kubernetes, and Azure topics.


@KazeemCanTeach & @buchatech	@buchatech Azure Arc K8s book with O’Reilly