![@bridgetkromhout #tcsw19
kubeval: find invalid deployments
$ helm kubeval stable/nginx-ingress --set
controller.replicaCount=two
[…]
The file nginx-ingress/templates/controller-
deployment.yaml contains an invalid Deployment
---> spec.replicas: Invalid type. Expected:
[integer,null], given: string
The file nginx-ingress/templates/default-backend-
deployment.yaml contains a valid Deployment
[…]
Error: plugin "kubeval" exited with error](https://image.slidesharecdn.com/join-our-party-tcsw-191016023232/85/Join-Our-Party-The-Cloud-Native-Adventure-Brigade-TCSW-2019-16-320.jpg)
![@bridgetkromhout #tcsw19
$ helm conftest stable/nginx-ingress
FAIL - nginx-ingress-controller in the Deployment
release-name-nginx-ingress-controller does not have
a memory limit set
FAIL - nginx-ingress-controller in the Deployment
release-name-nginx-ingress-controller does not have
a CPU limit set
[…]
Error: plugin "conftest" exited with error
conftest: fail if non-compliant with policy](https://image.slidesharecdn.com/join-our-party-tcsw-191016023232/85/Join-Our-Party-The-Cloud-Native-Adventure-Brigade-TCSW-2019-26-320.jpg)
Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)
- 1. @bridgetkromhout #tcsw19 Join Our Party! the Cloud Native Adventure Brigade
- 3. @bridgetkromhout #tcsw19 10 years of #devopsdays 2010 20112009 2012 2013 2014 2015 2016 2017 2018 2019
- 5. @bridgetkromhout #tcsw19 “Kubernetes is an open-source platform designed to automate deploying, scaling, and operating application containers." Initial release: 7 June 2014
- 8. @bridgetkromhout #tcsw19 cloud native trail map containerization CI/CD orchestration & application definition observability & analysis service proxy, discovery, & mesh networking & policy …and more at landscape.cncf.io
- 9. @bridgetkromhout #tcsw19 Deploy k8s clusters, pods, and services! Find modules: https://registry.terraform.io/ Providers include Azure & Azure Stack, as well as other clouds.
- 10. @bridgetkromhout #tcsw19 aka.ms/k8slearning Azure Kubernetes Service (AKS)
- 11. @bridgetkromhout #tcsw19 Image credit: James Ernest managing your apps
- 13. @bridgetkromhout #tcsw19 Find, share, and use software built for k8s Manage complexity Easy updates Simple sharing Rollbacks
- 14. @bridgetkromhout #tcsw19 invalid k8s resources $ helm install stable/nginx-ingress --set controller.replicaCount=two Error: release estranged-arachnid failed: Deployment in version "v1beta1" cannot be handled as a Deployment: v1beta1.Deployment.Spec: v1beta1.DeploymentSpec.Replicas: readUint32: unexpected character: , error found in #10 byte of ...|eplicas":"two","revi|..., bigger context ...|default"},"spec":{"minReadySeconds": 0,"replicas":"two","revisionHistoryLimit": 10,"strategy":{},"temp|...
- 15. @bridgetkromhout #tcsw19 $ helm plugin install https:// github.com/instrumenta/helm-kubeval kubeval: install as Helm plugin @garethr - kubeval.instrumenta.dev
- 16. @bridgetkromhout #tcsw19 kubeval: find invalid deployments $ helm kubeval stable/nginx-ingress --set controller.replicaCount=two […] The file nginx-ingress/templates/controller- deployment.yaml contains an invalid Deployment ---> spec.replicas: Invalid type. Expected: [integer,null], given: string The file nginx-ingress/templates/default-backend- deployment.yaml contains a valid Deployment […] Error: plugin "kubeval" exited with error
- 17. @bridgetkromhout #tcsw19 Simple app development and deployment – into any Kubernetes cluster Simplified development Using two simple commands, developers can now begin working on container-based applications without requiring Docker or even installing Kubernetes themselves Language support Draft detects which language your app is written in, and then uses packs to generate a Dockerfile and Helm Chart with the best practices for that language draft.sh
- 18. @bridgetkromhout #tcsw19 Run scriptable, automated tasks in the cloud — as part of your Kubernetes cluster Simple, powerful pipes Each project gets a brigade.js config file, which is where you can write dynamic, interwoven pipelines and tasks for your Kubernetes cluster Runs inside your cluster By running Brigade as a service inside your Kubernetes cluster, you can harness the power of millions of available Docker images brigade.sh
- 19. @bridgetkromhout #tcsw19 Spec for packaging distributed apps CNAB: package distributed apps CNABs facilitate the bundling, installing and managing of container-native apps — and their coupled services Cloud Native Application Bundle cnab.io
- 20. @bridgetkromhout #tcsw19 Duffle Install and manage distributed app bundles Duffle: install & manage distributed app bundles Simple CLI to interact with CNAB, for use with your clouds and services of choice duffle.sh
- 21. @bridgetkromhout #tcsw19 A friendlier cloud installer Install your app and its baggage Bundle up not just the app, but everything it needs to run in the cloud Build bundles smarter, not harder Use mixins for common tools and clouds, and depend on existing bundles. Surprise! It does package management too Package and version your bundle, then distribute it for others to use. porter.sh
- 22. @bridgetkromhout #tcsw19 Service Mesh Interface A Kubernetes interface that provides traffic routing, traffic telemetry, and traffic policy Apps Tooling Ecosystem Standardized Standard interface for service mesh on Kubernetes Simplified Basic feature set to address most common scenarios Extensible Support for new features as they become widely available …and more Service Mesh Interface smi-spec.io
- 23. @bridgetkromhout #tcsw19 openpolicyagent.org Policy-based control specified declaratively & enforced automatically Update without recompiling or redeploying Integrate as a sidecar, host- level daemon, or library. Open Policy Agent Improve consistency, security, compliance
- 25. @bridgetkromhout #tcsw19 conftest openpolicyagent.org Open Policy Agent https://garethr.dev/2019/06/introducing-conftest/ Policy-based control specified declaratively & enforced automatically Write policy in OPA native query language Rego test locally against structured configuration data (uses Rego) (enforced server-side: PodSecurityPolicy, Gatekeeper, etc)
- 26. @bridgetkromhout #tcsw19 $ helm conftest stable/nginx-ingress FAIL - nginx-ingress-controller in the Deployment release-name-nginx-ingress-controller does not have a memory limit set FAIL - nginx-ingress-controller in the Deployment release-name-nginx-ingress-controller does not have a CPU limit set […] Error: plugin "conftest" exited with error conftest: fail if non-compliant with policy
- 27. @bridgetkromhout #tcsw19 conftest: succeed when explicitly setting limits $ helm conftest stable/nginx-ingress/ —set controller.resources.limits.cpu=100m,controller .resources.limits.memory=64Mi $
- 28. @bridgetkromhout #tcsw19 •allows serverless resources to join a Kubernetes cluster •serverless cloud container services appear as virtual nodes via Virtual Kubelet providers •enables capacity on demand, without delays or pre-provisioning virtual-kubelet.io
- 29. @bridgetkromhout #tcsw19 - View & manage Kubernetes clusters - Build & run containers from Dockerfiles - Intellisense for Kubernetes & Helm resources - Works anywhere (Azure, Minikube, KIND, AWS, GCP, etc)
- 30. @bridgetkromhout #tcsw19 open source needs you! Join the Adventure!
- 32. To learn more… @bridgetkromhout #tcsw19 Cloud Native Tooling deislabs.io Container Training container.training What is Kubernetes? aka.ms/k8slearning VS Code extension for k8s azure.github.io/vscode-kubernetes-tools
- 33. @bridgetkromhout #tcsw19 Thanks! Cloud Native Tooling deislabs.io Container Training container.training What is Kubernetes? aka.ms/k8slearning VS Code extension for k8s azure.github.io/vscode-kubernetes-tools