Azure Citadel
  • Blogs
  • ARM
  • Azure Arc
    • Overview
    • Azure Arc-enabled Servers
      • Prereqs
      • Scenario
      • Hack Overview
      • Azure Landing Zone
      • Arc Pilot resource group
      • Azure Monitoring Agent
      • Additional policy assignments
      • Access your on prem VMs
      • Create onboarding scripts
      • Onboarding using scripts
      • Inventory
      • Monitoring
      • SSH
      • Windows Admin Center
      • Governance
      • Custom Script Extension
      • Key Vault Extension
      • Managed Identity
    • Azure Arc-enabled Kubernetes
      • Prereqs
      • Background
      • Deploy Cluster
      • Connect to Arc
      • Enable GitOps
      • Deploy Application
      • Enable Azure AD
      • Enforce Policy
      • Enable Monitoring
      • Enable Azure Defender
      • Enable Data Services
      • Enable Application Delivery
    • Useful Links
  • Azure CLI
    • Install
    • Get started
    • JMESPATH queries
    • Integrate with Bash
  • Azure Landing Zones
    • Prereqs
    • Day 1
      • Azure Baristas
      • Day 1 Challenge
    • Day 2
      • Example
      • Day 2 Challenge
    • Day 3
      • Day 3 Challenge
    • Useful Links
  • Azure Policy
    • Azure Policy Basics
      • Policy Basics in the Azure Portal
      • Creating Policy via the CLI
      • Deploy If Not Exists
      • Management Groups and Initiatives
    • Creating Custom Policies
      • Customer scenario
      • Policy Aliases
      • Determine the logic
      • Create the custom policy
      • Define, assign and test
  • Azure Stack HCI
    • Overview
    • Useful Links
    • Updates from Microsoft Ignite 2022
  • Marketplace
    • Introduction
      • Terminology
      • Offer Types
    • Partner Center
    • Offer Type
    • Publish a VM Offer HOL
      • Getting Started
      • Create VM Image
      • Test VM Image
      • VM Offer with SIG
      • VM Offer with SAS
      • Publish Offer
    • Other VM Resources
    • Publish a Solution Template HOL
      • Getting Started
      • Create ARM Template
      • Validate ARM Template
      • Create UI Definition
      • Package Assets
      • Publish Offer
    • Publish a Managed App HOL
      • Getting Started
      • Create ARM Template
      • Validate ARM Template
      • Create UI Definition
      • Package Assets
      • Publish Offer
    • Managed Apps with AKS HOL
    • Other Managed App Resources
    • SaaS Offer HOLs
    • SaaS Offer Video Series
      • Video 1 - SaaS Offer Overview
      • Video 2 - Purchasing a SaaS Offer
      • Video 3 - Purchasing a Private SaaS Plan
      • Video 4 - Publishing a SaaS Offer
      • Video 5 - Publishing a Private SaaS Plan
      • Video 6 - SaaS Offer Technical Overview
      • Video 7 - Azure AD Application Registrations
      • Video 8 - Using the SaaS Offer REST Fulfillment API
      • Video 9 - The SaaS Client Library for .NET
      • Video 10 - Building a Simple SaaS Landing Page in .NET
      • Video 11 - Building a Simple SaaS Publisher Portal in .NET
      • Video 12 - SaaS Webhook Overview
      • Video 13 - Implementing a Simple SaaS Webhook in .NET
      • Video 14 - Securing a Simple SaaS Webhook in .NET
      • Video 15 - SaaS Metered Billing Overview
      • Video 16 - The SaaS Metered Billing API with REST
  • Microsoft Fabric
    • Theory
    • Prereqs
    • Fabric Capacity
    • Set up a Remote State
    • Create a repo from a GitHub template
    • Configure an app reg for development
    • Initial Terraform workflow
    • Expanding your config
    • Configure a workload identity
    • GitHub Actions for Microsoft Fabric
    • GitLab pipeline for Microsoft Fabric
  • Packer & Ansible
    • Packer
    • Ansible
    • Dynamic Inventories
    • Playbooks & Roles
    • Custom Roles
    • Shared Image Gallery
  • Partner
    • Lighthouse and Partner Admin Link
      • Microsoft Cloud Partner Program
      • Combining Lighthouse and PAL
      • Minimal Lighthouse definition
      • Using service principals
      • Privileged Identity Management
    • Useful Links
  • REST API
    • REST API theory
    • Using az rest
  • Setup
  • Terraform
    • Fundamentals
      • Initialise
      • Format
      • Validate
      • Plan
      • Apply
      • Adding resources
      • Locals and outputs
      • Managing state
      • Importing resources
      • Destroy
    • Working Environments for Terraform
      • Cloud Shell
      • macOS
      • Windows with PowerShell
      • Windows with Ubuntu in WSL2
    • Using AzAPI
      • Using the REST API
      • azapi_resource
      • Removing azapi_resource
      • azapi_update_resource
      • Data sources and outputs
      • Removing azapi_update_resource
  • Virtual Machines
    • Azure Bastion with native tools & AAD
    • Managed Identities
  • About
  • Archive
  1. Home
  2. Azure Arc
  3. Azure Arc-enabled Kubernetes
  4. Enable GitOps

Table of Contents

  • Background
  • Challenge 3
    • Cluster Administrator
    • Developer
    • Together
  • Success Criteria
  • References

Enable GitOps

An operating model for building cloud native applications.

Background

Persona: Cluster Admin - Cluster Repository

Persona: Developer - Development Repository

GitOps works by using Git as a single source of truth for declarative infrastructure and applications.

Your cluster monitors and automatically updates itself to reconcile differences between current and desired state.

With Git at the center of your delivery pipelines, developers use familiar tools to make pull requests to accelerate and simplify both application deployments and operations tasks to Kubernetes.

This allows you to write once and deploy many times to identical clusters.

Challenge 3

Cluster Administrator

Create repositories for the cluster administrator and application developers.

You will have to set up namespaces before deploying the application. This should be done as the cluster administrator.

You should create a namespace called podinfo-app that podinfo can be deployed into but without running kubectl.

You can look at the sample cluster config as a baseline for cluster-wide components that are likely to be required for later challenges.

Developer

Deploy an application to your cluster(s) without running kubectl

A sample application - podinfo manifest has been provided that will show information and allow you to access certain functions. This manifest shouldn’t require any changes before being deployed.

Together

Discussion Point 1 Discuss the advantage and disadvantages of using a GitOps approach, you may want to touch on delivering updates, managing multiple clusters, secrets management, security and access management and the benefits of having multiple source code repositories.

Discussion Point 2 Discuss in your team other good practices you can use on the cluster administrator repository

Stretch Can you make connections to a private GitHub repositories?

Hint: Ensure you use SSH auth with a GitOps URL in the format git@github.com:<org>/<repo>.git and you can view error logs using kubectl logs -n <namespace> <pod>

Success Criteria

  • You have a repository owned and used for:
    • Cluster Administrators
    • Application Developers (either 1 repository per resource group or 1 folder per resource group)
  • Cluster-wide services are controlled by a GitHub repository (you could be running cert-manager, aad-pod-identity from the sample - or simply creating a namespace)
  • The sample application is running on your cluster and is publicly accessible
  • Discussion of using a GitOps approach and practices around repository management

References

  • What is GitOps - WeaveWorks?
  • podinfo
  • Enable GitOps
  • namespaces and RBAC
  • GitOps Operator Parameters
  • Sample Cluster Config
  • AAD Pod Identity
  • Cert Manager
Connect to Arc Enable GitOps Deploy Application