#kubernetes (2021-10)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2021-10-21

2021-10-14

sheldonh avatar
sheldonh

Team is new to K8s. Wondering a couple things from the pros here.

Would Pulumi be a good start for a team writing Go to learn K8 without doing the normal yaml approach, or is there any opinion on starting with the yaml and maturing to Pulumi later?

I’ve considered one approach with https://devspace.sh/ which seems to make this a nice smooth process, but was hoping to actually drive the config via code rather than piles of yaml if it made sense. Context:

• All the folks in my team are software engineering background with no/little infrastructure/terraform/k8 experience.

• I’m basically transferring services that would be normally in docker compose to k8.

• I want to focus on local development to minikube/kind or such first and then start pushing to our shared AKS cluster.

If I start with Pulumi considering the group I’m with, does that make sense or adds more complexity than it’s worth over just k8 yaml?

DevSpace - The Fastest Developer Tool for Kubernetes (open-source)

DevSpace is an open-source CLI tool that allows you to accelerate your development workflow when building applications on top of Kubernetes. It provides a powerful localhost UI and uses hot reloading to update containers while you are coding.

Antoine Taillefer avatar
Antoine Taillefer

HI, I’d say it really depends on what you want to deploy to your cluster: if it’s applications only, Pulumi might not be the best approach (and a bit “risky” in the sense that you could miss the fundamental concepts of Kubernetes by not taking this first YAML step), you might want to look first at YAML/Helm/Kustomize/… Yet, if you need to deploy infrastructure (create/configure the K8s cluster itself: control plane/node pools, DNS, ingress controller, certificate manager, etc. and also configure some cloud provider objects/services such as storage buckets), then Pulumi sounds nice as it’s advertised as infrastructure as code. There’s also cdk8s.

DevSpace - The Fastest Developer Tool for Kubernetes (open-source)

DevSpace is an open-source CLI tool that allows you to accelerate your development workflow when building applications on top of Kubernetes. It provides a powerful localhost UI and uses hot reloading to update containers while you are coding.

2
Kyle Johnson avatar
Kyle Johnson

the yaml for a Deployment and a Service pointing to the Deployment is really simple

same for cronjobs and configmaps

We have non-infra folks edit them all the time to tweak env vars, with minimal kubernetes knowledge; the patterns are often self-explanatory within a file. If they can understand a docker-compose file, they can understand the stuff above.

Where things got complicated was:

• Helm (finally moved this to terraform)

• Ingress (nginx and now istio)

• any sort of rbac / service account setup… but we handle that all via terraform and just tell folks “here’s your login details” and “here’s the service account too use for your app” The “complicated stuff” lives in Terraform and rarely changes at this point. Easy stuff is still yamls (deployments, etc) and we recently moved to kustomize to make it a bit simpler if you’re just bumping an image version

1
sheldonh avatar
sheldonh

So no one except me knows terraform on my team. We are consuming the cluster managed by cloud operations team so I’m focused on the namespace app definitions.

I’d love to use Pulumi in this scenario if it makes sense, but still not clear on how local development works if everyone wanted to deploy to minikube locally. Not sure if the state would be considered each as its own state remotely stored at that point or if local development testing is different.

I can use yaml but at this point I have folks who know Go more than DevOps tooling and was thinking this would be a good fit for pulumi.

I do not want a pile of terraform that only I know how to maintain

2021-10-13

paultath81 avatar
paultath81

can clusterrole/clusterrolebindings and role/rolebindings coexist if you’re defining access rules?

paultath81 avatar
paultath81

or is it one or the other?

2021-10-10

Brad McCoy avatar
Brad McCoy

Hello we did a talk last week on certificates in Kubernetes using cert-manager and letsencrypt if any is interested: https://www.youtube.com/watch?v=mqYP837jk6I

1
    keyboard_arrow_up