GitOps - The way of the Kubernetes professional
by Dennis Tyresson, on Dec 21, 2023 1:25:32 PM
DevOps Insights with Dennis
Did you know about the Opslogix DevOps Upskill Program? Through the program, skillful IT consultants improve their DevOps knowledge through a combination of theoretical and practical training.
In this blog series, our DevOps consultant Dennis will share some of the insights he has gained through the program. This is the second blog post in the series, click here to read the first post about Kubernetes cluster orchestration with Ansible and Terraform on Proxmox VE.
In this post, you will learn more about Dennis' insights on GitOps - the way of the Kubernetes professional.
Introduction
In the world of Kubernetes orchestration, the GitOps methodology has emerged as a powerful paradigm for managing and automating deployments.
This blog post will delve into the seamless integration of GitLab, ArgoCD, and Istio, showcasing a practical example of deploying Vaultwarden, an alternative implementation of the self-hosted password manager Bitwarden, using Helm charts.
Additionally, we'll explore how to enhance the deployment by adding Istio Gateway and Virtual Service directly from a GitLab repository, creating a streamlined GitOps workflow.
GitOps Essentials
GitOps revolves around the principle of declarative infrastructure and continuous delivery through version-controlled repositories.
GitLab serves as the command center for version control and CI/CD, while ArgoCD automates the deployment process by syncing the desired state defined in Git repositories with the actual state of the Kubernetes cluster.
It is my belief that every DevOps professional would sooner or later find GitOps as the natural way of application and infrastructure deployment.
GitLab: Version Control and CI/CD Powerhouse
GitLab serves as the central hub for version control and continuous integration/continuous deployment (CI/CD) processes.
With GitLab, developers can manage source code repositories, collaborate on projects, and automate the building and testing of applications through robust CI/CD pipelines.
ArgoCD: Declarative GitOps for Kubernetes
ArgoCD extends the GitOps philosophy to Kubernetes, enabling declarative, version-controlled configuration management.
It continuously monitors Git repositories for changes and automatically applies updates to the Kubernetes cluster.
ArgoCD simplifies the deployment process by ensuring the desired state of applications is defined in Git repositories.
Deploying Vaultwarden with Helm
1. ArgoCD New App General options
The first thing to do is to define the general configuration of the new app in ArgoCD. The application needs a name, a project, and a sync policy.
Here I have also checked the box for self-heal, which will force the app to the state defined in our repository if a deviation is detected. E.g. if someone tries to change our application by running kubectl -f somefile.yaml.
2. Helm Chart Configuration
Utilizing Helm, a package manager for Kubernetes, a Helm chart for Vaultwarden is configured to specify the necessary resources, environment variables, and dependencies.
The chart would come with predefined variables, so we only need to specify the repository URL, chart, and chart version. If we want to, we can override the default parameters in the box below the destination.
If all is well, ArgoCD should load the available parameters automatically. In the destination box, we specify which cluster and in which namespace the application should be deployed. The namespace needs to be created beforehand by applying kubectl create ns vaultwarden.
Adding Istio Gateway and Virtual Service
1. Istio Configuration
The Istio Gateway and Virtual Service configurations define how external traffic is routed to the Vaultwarden service within the Kubernetes cluster. The configuration files are maintained in a Gitlab repository and deployed in their on ArgoCD application.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: vaultwarden-gw
namespace: vaultwarden
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http-vaultwarden
protocol: HTTP
hosts:
- vaultwarden.example.com
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: vaultwarden-vs
namespace: vaultwarden
spec:
hosts:
- vaultwarden.example.com
gateways:
- vaultwarden-gw
http:
- route:
- destination:
host: vaultwarden-svc
port:
number: 80
2. GitLab CI/CD for Istio Configuration
The GitLab CI/CD pipeline can be extended to manage Istio configuration. This includes deploying the Istio Gateway and Virtual Service directly from the GitLab repository to ensure that networking and routing are version-controlled.
Benefits of the Integration:
- GitOps Principles: The GitOps approach ensures that the entire application deployment process is version-controlled and follows a declarative configuration, enhancing traceability and auditability.
- Automated Continuous Deployment: ArgoCD automates the deployment process, reducing manual intervention and ensuring that the Kubernetes cluster always reflects the desired application state stored in Git repositories.
- Service Mesh Capabilities: Istio enhances microservices communication by providing features such as traffic management, security, and observability. This results in improved resilience and performance for containerized applications.
- Collaborative Development: GitLab serves as a collaborative platform where development teams can easily manage source code, collaborate on projects, and seamlessly integrate CI/CD pipelines into their workflows.
Conclusion
The integration of GitLab, ArgoCD, and Istio offers a powerful GitOps workflow for deploying applications on Kubernetes.
Using Vaultwarden as an example, we've seen how Helm charts simplify application deployment, GitLab automates CI/CD pipelines, and ArgoCD ensures the desired state in Git or Helm repositories is reflected in the Kubernetes cluster.
Taking it a step further, the addition of Istio Gateway and Virtual Service, managed through the GitLab repository, enhances the application deployment by providing advanced routing and networking capabilities.
This example serves as a practical guide for establishing a robust GitOps pipeline, illustrating the synergy between GitLab and ArgoCD in orchestrating Kubernetes deployments.
This powerful combination is a testament to the evolving landscape of DevOps tools working together to meet the challenges of modern application deployment.
Do you want to learn more about the Opslogix DevOps Upskill Program?