DeltaDevOps

Executive Summary


Deltadata DeltaDevOps practices for implementing Continuous Integration / Continuous Delivery (CI / CD) for your Kubernetes based application. This is mechanism where each container image is scanned first to find out vulnerability and approved for use. This guarantees the security of your instances for containers whatever is subsequently used. DeltaDevOps is a fullcycle open-source platform  for DevOps starting from management of Source-Code application repository, automatically build containers, automate application testing containers
(CI / CD),deployment to container orchestration, operate and manage container cluster, monitoring performance of applications in the cluster to manage and secure flow and traffic between API service in container and micro-services.

Download Brochure

Continuous delivery process in the container world is complex, time-consuming and laborious as it involves manually writing scripts, docker files etc to generate the docker images with appropriate config and environment information. Also when deploying to a container runtime as kubernetes, the corresponding deployment script YAML File needs to be created and supplied along with the Images.It's easy to lose time working on your Kubernetes cluster instead of working with the applications running inside of it. With DeltaDevOps, you immediately realize the benefits of Kubernetes as you deploy services without writing YAML manifests. You can quickly launch applications, wire them together, and make them available for your users. Even if you're new to Kubernetes. DevOps is more a culture not a technology. Below is the DevOps best practices from our view.

Kubernetes image container and secure CI / CD pipelin

Kubernetes offers you the expansion of flexible applications using micro services, where each container becomes a certain part of an application. Number of containers can develop quickly and efficiently when your application expands and requires more lots of resources. Container images can come from various sources, some can verified, some don't. Therefore, it is very important for you to make a structure proper security and a very easy method of verifying the authenticity of a container image before use in production. Failure to do so can result serious security violations and / or application failures in your Kubernetes instant! Using the verification method such image containers must separate the container image which does not match the purpose, and ensures that only the container image is appropriate and can be verified used in your production environment. One of these methods is safe container image pipeline, Continuous Integration / Continuous Delivery (CI / CD). Pipeline detect any current or historical type of vulnerability, or exposure to each container image - all of which depend on the content of the container image, and accept or reject the image you use in production on that basis. In a scenario where your OS container image is not fully updated, the pipeline ensures that relevant updates are applied. Only image Your eligible containers for production that are pushed into the private image registries are used by your Kubernetes instance.

Use Pipeline

What is the definition of Kubernetes CI / CD container image pipe and how. how it works? Pipeline is a continuous evaluation of your container image contained in the private registry of your Kubernetes instance. Image in the registry it is scanned continuously and evaluated accordingly for production use. Image image container that is considered safe it remains in your registry, while the image image is considered unsafe deleted from your registry. Secure images can be reproduced in instances new container. In this way, only the safe image is used on a certain time by Kubernetes to instantiate a new container. Image Safe containers can also be automatically launched by Kubernetes to update the existing image container and its contents in your Kubernetes.

In the case of instant Kubernetes need to know access control / separation task paradigm, there must be at least people who have privileged access to any application image (for example, generating an image, spreading the image, or create an image library). In addition, access control must be configured so that anyone who makes a change cannot approve it. There should be "technical approvals," which are ideally partners work or team technical leads. This best practice prevents one person sabotage or damage all of your instances (for example, Make image and then spread it). If the size of your team is not enough to have separate individuals, then your virtual machine must have an official approves. How does the pipeline determine that the container image is safe? Detect CVEs that are circulating for the OS container image and for your container image resident application.

As a summary

  1. What happens when a container image is considered suitable for use
    production? • Image added to the registry private image that is appropriate for
    future use.
  2. What happens when the container image is deemed unsuitable for
    production use? • Image is not added to the private image registry
    or deleted from the registry.

The main CI / CD container pipeline stakeholder is the development team
(Developer), AppOps, and infrastructure.

Definition and role of the development team (Developer)
The development team developed the code for the containers used in
your Kubernetes instance.

The role of the development team (Developer) consists of:

• Instantiating a new Docker
• Identify container deployment requirements:
• File configuration, key stores, external authentication, etc.
• All new infrastructure:
• Shared disk (Shared Disk)
• Proxy, etc.
• Determine container requirements:
• RAM
• CPU
• Disk space (Disk Space)
• Design procedures for handling containers that are down or unresponsive
• Discard and restart the container
• Automatic cleaning
• Identify data streams for instant applications
• Identify explicit dependence on other services and data
Service definitions and the role of the App Ops team

Creating Kubernet manifests based on information including:

    • RAM
    • CPU
    • Disk space

    Create and manage asset placements:

    • File configuration, keystores, external authentication, etc.
    • Communicate with the infrastructure team.
    • Update the default UCD
    • Provide credentials for automation to access GitHub.
    • Make any additional automation specifically for the application:
    • Like the automatic version checks other applications because of dependencies.

    Definition and role of the infrastructure team. The infrastructure team handles any infrastructure problems that arise from the process of making and placing your container

    The role of the infrastructure team consists of:

    • Create an automation framework for Kubernetes, logging / monitoring stack, Ansible and UCD
    • Maintain and scale up infrastructure
    • Monitor infrastructure and general components
    • Updating networks to allow communication needed for all cluster applications
    • Help the AppOps team with automation

    High priority slert systems can be generated, through platforms such as Slack and PagerDuty, or
    robotic process automation or any platform that collects events from monitoring systems,
    determine what is important, and involve the right person for quick resolution if the process
    basic end-to-end users no longer function in your environment (for example the database is not available
    and user impacted).
    This end-to-end process must be individually and precisely configured for each application
    used. Continuous security and functional testing with all your containers
    use to ensure the integrity of your Kubernetes environment.

    Conclusion

    Overall, the CI / CD pipeline ensures the security and integrity of each Kubernetes container used in your Kubernetes instance. The security of your instances can be determined by determining who can approve each image before being submitted to the image registry, and who can make instantiating these images as direct containers. Separation of duties between ones approve the image, and who spread the image, is the key to ensuring that the container is unsuitable or dangerous never used. Development team, AppOps, and infrastructure work together smoothly in a process that ensures that each container is approved meet strict standards at all times. UCD (Spreading Urban Code) is used to move each container goes through each stage in this process, and also helps in configuring monitoring your container, so that the right individuals are notified if a container failure occurs. The combined structure and operation of the Kubernetes CI / CD pipeline and the accompanying best practices, ensure the operation of your Kubernetes instance is safe, reliable, and has trouble free. This is very important to be considered in the Kubernetes environment where availability is high, where containers and contents are it may be necessary to scale quickly at any time to meet demand.

    DeltaDevOps designs and simplified CI / CD pipelines

    Visit DeltaDevOps