BoxBoat Blog

Service updates, customer stories, and tips and tricks for effective DevOps

GitOps Kubernetes Rolling Update when ConfigMaps and Secrets Change

GitOps Kubernetes Rolling Update when ConfigMaps and Secrets Change

by Caleb Lloyd | Thursday, Jul 5, 2018 | Kubernetes

The Kubernetes ConfigMap resource is used to mount configuration files into pods. The Kubernetes Secret resource is used to mount secret files into pods. Both of these resources are commonly used when deploying a GitOps Configuration as Code workflow.

ConfigMap and Secret files inside of containers are updated automatically when the underlying ConfigMap or Secret is updated. If an application reads a ConfigMap or Secret value on startup, it may have a stale configuration after a ConfigMap or Secret is updated.

One approach for dealing with this is to add application logic to watch ConfigMap and Secret files for changes, and reconfigure the application on the fly. This can lead to complicated logic since objects using the old configuration will need to be detected and recreated.

Another approach is to trigger a rolling update of the Deployment when it’s dependent ConfigMaps and Secrets are updated. This blog post describes a solution that creates ConfigMaps and Secrets alongside a Deployment, and uses a hash of these resources to automatically trigger a rolling update if they have changed.

Kubernetes NGINX Ingress TLS Secrets in All Namespaces

Kubernetes NGINX Ingress TLS Secrets in All Namespaces

by Caleb Lloyd | Monday, Jul 2, 2018 | Kubernetes

Kubernetes Ingress is a powerful resource that can automate load balancing and SSL/TLS termination. The NGINX Ingress Controller is currently the only supported cloud-agnostic ingress controller for Kubernetes. A single ingress controller can be deployed to the cluster and service requests for all namespaces in a cluster. There is currently an outstanding issue where Ingress resources can only reference TLS secrets within their own namespace:

This can be a problem when a cluster has a wildcard certificate that needs to be used across multiple ingress resources in different namespaces. A prime example is a cluster that is setup to automatically request Let’s Encrypt wildcard certificates. In this blog post, we explain an approach for automatically reflecting TLS secrets to every namespace in the cluster.

Kubernetes Ingress Automatic Let's Encrypt Certificates

Kubernetes Ingress Automatic Let's Encrypt Certificates

by Caleb Lloyd | Tuesday, Jun 12, 2018 | Kubernetes

Kubernetes Ingress is a powerful resource that can automate load balancing and SSL/TLS termination. Let’s Encrypt is a fantastic service that provides free SSL/TLS certificates. This is a comprehensive guide to provision automated Let’s Encrypt certificates for your Kubernetes Ingress using Kubernetes Jobs to generate and Cron Jobs to renew Let’s Encrypt certificates.

Tracing Containerized Processes with Sysdig

Tracing Containerized Processes with Sysdig

by Leon Castellanos | Thursday, Apr 19, 2018 | Education

Everyone is jumping on the bandwagon when it comes to adopting containerization and CI/CD technologies. The power and flexibility provided by containerization is undeniable, but due to the isolated nature of Linux Control Groups, Namespaces, and Security Modules, it becomes difficult to get adequate visibility into what is actually happening within containers.

Welcome our new Docker Captain!

Welcome our new Docker Captain!

by Will Kinard | Monday, Apr 9, 2018 | Docker News

Brandon Mitchell, BoxBoat Solutions Architect, has been accepted into the Docker Captains Program! https://www.docker.com/captains/brandon-mitchell Brandon Mitchell is a Solutions Architect for BoxBoat. He started with Linux when Slackware was shipped on floppy disks and has been hooked ever since. In his day job, he helps clients deploying docker CE, EE, Swarm, and CI/CD pipelines. In his spare time, he’s answering questions on StackOverflow as BMitch or Tweeting under @sudo_bmitch. For a break from the keyboard, he enjoys biking and backpacking, not at the same time.

  Page 1 of 10   Older Posts