Concepts : Pod = a group of one or more containers with shared storage/netweok and a specification of how to run the containers. Deployment = high-level configuration around a desired function, a deployment provides declarative for Pods and ReplicaSets . ReplicaSet = A ReplicaSet’s purpose is to maintain a stable set of replica Pods running at any given time . Service = Service it’s an “k8s as a service”, by the “kubectl expose” command you will expose your K8s cluster as a service, before running this command, containers inside the pod are able to communicate with each other, but there is no connection from outside . There are 3 services types : ClusterIP = the default type, opens the port on each node for Pod-to-Pod communication .NodePort = if we don’t specify NodePort, K8s randomly assigns a port .LoadBalancer = external IP which act as Load-balancer for the service ~/.kube/config = configuration file which used by Kubectl . Some useful Kubectl commands : Kubectl get nodes Kubectl get pods Kubectl create deployment Kubectl delete deployment Kubectl expose Kubectl run Kubectl scale deployment [DEPLOYMENT_NAME] —replicas=4 (Add pods, by this command our service will run on multiple pods & nodes).
A quick overview Kacidi is a tool which integrates with your Infrastructure-as-code and protects your infrastructure from human mistakes and security breaches. Kacidi detects issues in your infrastructure-as-code automatically before the deployment . What is Infrastructure as code ? Infrastructure as Code (IaC) is the management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model, using the same versioning as DevOps team uses for source code. Like the principle that the same source code generates the same binary, an IaC model generates the same environment every time it is applied. IaC is a key DevOps practice and is used in conjunction with continuous delivery . Infrastructure as Code evolved to solve the problem of environment drift in the release pipeline. Without IaC, teams must maintain the settings of individual deployment environments. Over time, each environment becomes a snowflake , that is, a unique configuration that cannot be reproduced automatically. Inconsistency among environments leads to issues during deployments. With snowflakes, administration and maintenance of infrastructure involves manual processes which were hard to track and contributed to errors. IaC is great, but can brings some issues to your organization … As the pace of changes and requirements for organisational agility just increases, and as DevOps practices like IaC and Immutable Infrastructure are being the new norm, it is crucial that we perform some critical thinking about our existing processes and how to better align security and DevOps. As more people get involved in maintaining and creating infrastructure, we need to keep malicious actors and simple human errors out of the cloud infrastructure somehow, automatically and enforce best practices in the infrastructure write from the beginning - before a breach or a disruption to service happens. Kacidi solves these issues and make IaC safest and fastest Which IaC platform supported by Kacidi ? Terraform CloudFormation K8S GCP Deployment Manager Azure Resource Manager Kacidi Key Features: Best-practices checks - perform best practices and security checks . Drift detection check - prevent conflicts in infrastructure by performing a drift detection before the Merge . Change-set check - summarize the infrastructure change that will be applied as a of result merging the branch. Personalized policy - set a policy per user or group in your Github organisation, Examples : - “Restrict developer to create instance t2.small only”.“ - "Only Admin can edit VPC details”. Automated workflow - create, update and destroy environments automatically according GitOps (Deploy on Merge). 🔹 Getting Started (5 min setu p ) 🔹 Sign-up : https://kacidi.com/sign-up . Integrate Kacidi with one of your DevOps tools (Github, Gitlab, Jenkins, CircleCI, etc). After the integration setup, Kacidi will notify inside your Pull-requests about best-practices issues and conflicts in your infrastructure. If you want to set personalised-policy, open Kacidi-editor and set policies per user / group . Using the personalized-policy you can avoid human errors that add up to unnecessary costs, security breaches and even achitecture changes. Start protect your cloud infrastructure today ⬇