Harness U: Zero to Hero Kubernetes Deployments
This week held two virtual Harness University events. It was great to be able to interact with every attendee despite having to host the event interactions virtually. I attribute the successful interactions to the wonderful hosts of the event. I also think that hosting the event live contributes significantly to any virtual event’s success. This is a theory, for now, I’m looking forward to attending my first virtual conference featuring pre-recorded sessions/components later in the month.
Anyway, for these Harness U events this week, I mostly served as a shadow, chiming in with interactions from attendees and moderating the chat window. We try to keep the events relatively scaled so that everyone gets to ask their questions and interact with the hosts of the event. I’m fairly certain this works well — we get to adjust the pacing of the lecture content based on the interactions of the audience. If we’re getting questions from someone about additional best practices for a certain topic, we’re able to pivot the conversations. One of the things I enjoy about the event is that we’re very honest about the answers. We also take the time to address all our questions and comments. That doesn’t always happen in larger events, even if you are there physically.
I believe the interaction fed into our retrospection of the event. We didn’t have to meet to revise. Everyone was able to quickly iterate on adjustments and improvements in their roles for the next event. One quality I think many organizers and hosts of events need to have is this awareness to attendees. This was something we were discussing when we were deciding to move the physical Harness U events to a virtual platform.
Tuesday’s events informed us where we needed to provide additional context. One of the things I enjoyed seeing, as someone behind the scenes, is how we made changes for the next event come Thursday.
Lastly, I wanted to share some of those questions asked this week during our Harness U events. Q&As are a large part of the interaction we expect in our Harness U events. I think this section may be helpful to teams looking to improve their Kubernetes and continuous delivery experiences.
What are the best practices around Kubernetes security and container tagging?
When setting up resources in Kubernetes it’s important to determine a schema that works for your use cases and security needs. The worst-case scenario is that your resources are all in a single namespace and had no annotations or labels on your Kubernetes resources or infrastructure. You should have some schema determined with your teams to provide a granular and specific structure around naming and tagging your resources.
“Properly done Namespace and labeling schemas can bring some of the standards and control of traditional zone-based security to any Kubernetes cluster,” says Drew Oetzel. Drew is one of the hosts of Harness U. He shares a whitepaper from Tigera, called Five Best Practices for Kubernetes Network Security and Compliance, which you can find here. Tools built on top of Kubernetes to enhance its native security also depend on these annotations and labels to provide and perform security functions.
Can I deploy a Selenium Grid docker image to Kubernetes?
I think of this question as to what can I containerize and have within a Kubernetes environment? The straightforward answer is you can spin up any docker image as a container. It doesn’t matter if it’s an application server or a database. It’s actually fairly common to see organizations containerize their application servers so that Kubernetes can automatically scale up the resources needed to perform optimally to respond to heavy traffic or intensive computing.
Can pipelines be shared as a library? Does Harness have RBAC?
Yes, Harness has RBAC support and it’s a good idea to share your pipelines with your dev or team members. One of the nice features of the Harness platform is the flexibility you have to define the steps of your pipelines, so you can build fairly generic pipelines that can work across multiple dev teams and services and you can templatize them by leveraging variables to gain those customizations where you need it most. You can also export your pipelines as code if you want
Can you share some thoughts on constant database schema changes?
You should consider a database versioning system, like Liquibase or Flyway, if you often have relational database schema changes. It can help you keep track of changes and hopefully avoid any failures caused by changes in the schema. We have a Data Versioning post that shares some details around this on the Harness Blog.
In terms of how CI/CD can help you with your database, it’s pretty similar to how CI/CD works for regular applications. Keep your database code changes in a version control system, trigger your pipelines to build, test, and deploy your database. And then consider how to provide verification rules and visibility into your database.
Thoughts around how to detect and execute a K8s deployment rollback?
To execute a rollback you need to define some rollback behavior. Sometimes you can’t afford to take any downtime when performing a rollback, so you need to ensure you have the structure to support having the old code and new code running at the same time. I would consider having a deployment plan that includes a section on how to rollback and verify said rollback success. Detecting a rollback is easy if you can define triggers. Sometimes your deployment needs to be rollbacked purely based on non-functional requirements or changes.
This week Harness held two Harness U events, a free event for attendees to learn how to deploy applications to Kubernetes quickly. This post shares some of my thoughts and findings from our first two virtual events. We’ve had to adapt to quite a few changes the past month, so I hope it serves a great reference to anyone in the midst of navigating changes in technology or events.