GitOps Kubernetes Rolling Update when ConfigMaps and Secrets Change
by Caleb Lloyd
| Thursday, Jul 5, 2018
The Kubernetes ConfigMap resource is used to mount configuration files into pods. The Kubernetes Secret resource is used to mount secret files into pods. Both of these resources are commonly used when deploying a GitOps Configuration as Code workflow.
ConfigMap and Secret files inside of containers are updated automatically when the underlying ConfigMap or Secret is updated. If an application reads a ConfigMap or Secret value on startup, it may have a stale configuration after a ConfigMap or Secret is updated.
One approach for dealing with this is to add application logic to watch ConfigMap and Secret files for changes, and reconfigure the application on the fly. This can lead to complicated logic since objects using the old configuration will need to be detected and recreated.
Another approach is to trigger a rolling update of the Deployment when it’s dependent ConfigMaps and Secrets are updated. This blog post describes a solution that creates ConfigMaps and Secrets alongside a Deployment, and uses a hash of these resources to automatically trigger a rolling update if they have changed.
Kubernetes NGINX Ingress TLS Secrets in All Namespaces
by Caleb Lloyd
| Monday, Jul 2, 2018
Kubernetes Ingress is a powerful resource that can automate load balancing and SSL/TLS termination. The NGINX Ingress Controller is currently the only supported cloud-agnostic ingress controller for Kubernetes. A single ingress controller can be deployed to the cluster and service requests for all namespaces in a cluster. There is currently an outstanding issue where Ingress resources can only reference TLS secrets within their own namespace:
This can be a problem when a cluster has a wildcard certificate that needs to be used across multiple ingress resources in different namespaces. A prime example is a cluster that is setup to automatically request Let’s Encrypt wildcard certificates. In this blog post, we explain an approach for automatically reflecting TLS secrets to every namespace in the cluster.
Tracing Containerized Processes with Sysdig
by Leon Castellanos
| Thursday, Apr 19, 2018
Everyone is jumping on the bandwagon when it comes to adopting containerization and CI/CD technologies. The power and flexibility provided by containerization is undeniable, but due to the isolated nature of Linux Control Groups, Namespaces, and Security Modules, it becomes difficult to get adequate visibility into what is actually happening within containers.
Welcome our new Docker Captain!
by Will Kinard
| Monday, Apr 9, 2018
| Docker News
Brandon Mitchell, BoxBoat Solutions Architect, has been accepted into the Docker Captains Program!
Brandon Mitchell is a Solutions Architect for BoxBoat. He started with Linux when Slackware was shipped on floppy disks and has been hooked ever since. In his day job, he helps clients deploying docker CE, EE, Swarm, and CI/CD pipelines. In his spare time, he’s answering questions on StackOverflow as BMitch or Tweeting under @sudo_bmitch. For a break from the keyboard, he enjoys biking and backpacking, not at the same time.