Achieving CI Velocity at Tigera using Semaphore

Tigera serves the networking and policy enforcement needs of more than 150,000 Kubernetes clusters across the globe and supports two product lines: open source Calico, and Calico Enterprise. Our development team is constantly running smoke, system, unit, and functional verification tests, as well as all our E2Es for these products. Our CI pipelines form an extremely important aspect of the overall IT infrastructure and enable us to test our products and catch bugs before release.

We eventually reached a point where we needed to adopt a complete continuous integration and delivery architecture to maintain our development velocity, from code push to Kubernetes. We decided to adopt the hosted CI solution from Semaphore as an integral part of our workflow. Our test rigs on Semaphore ensure that the product is tested on three Kubernetes versions on seven different platforms, including Kubeadm, GKE, EKS, AKS, OpenShift, Rancher, and Kops. As a result, a typical pipeline can have up to 100 jobs distributed over various stages. We also have different pipelines to test our code and build Docker images for it.

Here’s a run for one of the components of our open source offering: All the Continue reading

Deploying to Kubernetes: The GitOps Way

Kubernetes adoption comes with a lot of challenges. One of them is consistently deploying applications to the platform. GitOps is a strategy which solves this problem and solves it at scale. In this blog, we will share how to leverage TravisCI and ArgoCD to design a highly scalable production-ready CI/CD workflow. 

Deployment Workflow

GitOps follows one simple principle “Git is the Source of Truth”. The entire pipeline can be divided into two broad categories. (1) Continuous Integration, where we enable our developers to develop new features, test the code and merge it into a master. (2) Continuous Delivery, where we release new versions of the code for our customers.

Repo Structure

The application and the Kubernetes manifests/helm chart both reside in a git repository. The application source code’s git repo consists of various branches. Following the same principle, we also keep the helm charts for our microservices in a git repo itself. For the sake of this blog we will assume that each source code repository will have at least three (3) branches.

1. Dev Branch: This gets deployed to the Dev Kubernetes Environment
2. Staging Branch: This gets deployed to the Staging Kubernetes Environment
3. Master Branch Continue reading

Supercharging Workload Security in Your K8s Cluster

Introduction

2019 was a big year for Kubernetes adoption, and 2020 is sure to exceed that pace. Already, we have seen a large number of organizations migrating their workloads to Kubernetes (k8s) both in public and private clouds as they embrace a hybrid cloud strategy. With so much at stake, what are you currently using for network security inside your k8s cluster?

Quick Retro

Let’s take a step back to a time when you were deploying applications to VMs in AWS, GCP or Azure (in the case of public clouds) or vSphere, etc. in private clouds. One of the most important tasks before provisioning infrastructure and deploying applications was to chalk out firewall considerations. These requirements were fulfilled using security group rules in the case of AWS or firewall rules in GCP. We all understand their importance. But doing the same involving Kubernetes was extremely challenging. Today, we can solve those problems for you with just a few clicks.

Present Scenario – What If?

Most recently with the increase in k8s adoption we have seen operations and platform teams hustling to implement a plethora of monitoring tools, logging backends and CI/CD tools. While all of this is Continue reading