Partners, Dispatch

GitOps: Progressive Deployment and Security with D2iQ Dispatch and Alcide Advisor

The term GitOps for this operating model is now an industry standard  and has rapidly made a name for itself among the Kubernetes and cloud-native communities.

Jun 12, 2020

Seth Mason

D2iQ

GitOps has been around for quite some time now and continues to pique developer interest when it comes to driving operation tools. This technology-agnostic model embraces operations best practices, using Git as a single source of truth for declarative infrastructure and applications.The term GitOps for this operating model is now an industry standard  and has rapidly made a name for itself among the Kubernetes and cloud-native communities.

 

GitOps advocates for the well known “shift-left” practices, where developers test and validate both quality and security aspects with Git. The methodology focuses on the  type of things developers have been doing for years with their applications’ source code through the CI/CD pipeline. Now, however, using Git also extends to the realm of infrastructure operations in a Kubernetes context, defining artifacts as code and ultimately accelerating developer productivity.

Introducing D2iQ Dispatch

Among other cloud-native platforms, D2iQ stands out with its recently announced solution called Dispatch, a GitNative CI/CD platform. This solution is the latest addition to D2IQ’s Ksphere platform of products. Dispatch is tightly integrated with Konvoy, a Kubernetes distribution package offering additional operational services for organizations starting their containers and microservices journey.

 

Dispatch quickly stepped into the CI/CD space, doubling down on key features, most notably the diverse pipeline configuration languages it offers, providing the developer great flexibility, with options to use declarative languages rooted in popular software development languages  like CUE (JSON-like) and Starlark (Python-like), in addition to the industry standard JSON and YAML choices. 

 

D2iQ’s Dispatch also enables CI/CD pipelines to run in any environment, whether locally on a laptop, on-prem or on a public cloud service. Multi-tenancy for build pipelines enables teams to operate their pipelines in different Kubernetes namespaces too, creating secure separation between organizations and utilizing clear guardrails for both developers and operators.

 

Let’s Get Practical

Why should one choose to manage infrastructure operations with Git? Does it really matter?

 

Dispatch utilizes GitOps in two ways: one as an operating model for cloud-native Kubernetes deployments and the other, to offer a more centralized experience for developers responsible for managing their applications. 

By managing an entire system under version control meticulously from a single Git repository, organizations maintain clear visibility, secure separation and transparency into the requirements and state of their infrastructure. 

 

Using pull requests for operational changes simplifies the detection, alerting and resolution of deployed version discrepancies.

 

Engineering  teams can efficiently track and monitor all modifications and configurations by simply following the audit trail for each and every commit. This is extremely valuable in terms of security and compliance. Powerful capabilities such as reverts and rollbacks are easy, as they simply require reverting to the last known healthy Git state.

 

It is also worth mentioning that shifting to GitOps practices, reduces the use of kubectl when managing and updating your clusters. Such practices are also strongly supported by Kubernetes gurus such as Kelsey Hightower himself, who tweeted: “The fewer people using kubectl directly, the fewer people you need to create RBAC policies for”.

 

Adopting Dispatch and its GitOps methodologies at an early stage enables teams to navigate through their entire software lifecycle and manage deployments with ease, enforcing best practices like the ones mentioned above. 

 

Integrating with Alcide

The Alcide Advisor is a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes, Istio security best practices and compliance checks.

 

With the recent integration capabilities offered, you’ll be able to augment Dispatch's progressive delivery model leveraging ArgoCD, into the Alcide Advisor and provide out-of-the-box guidelines, adding an additional layer of detection for vulnerabilities, misconfigurations and security drifts.

 

The snippet below shows an example of Alcide’s Advisor integrated with ArgoCD Adding it into Dispatch is as easy as inserting it into your GitOps repo's application.yaml, where ArgoCD reads the deployment manifest. No other modifications are required to ArgoCD nor Dispatch.    

A full example of this integration can be found in Alcide’s GitHub repository. Given that the Alcide Advisor and ArgoCD configuration is stored in Git, tracking changes, and managing the lifecycle of this configuration is in-line with how the application's source code and pipeline are managed.


You can also read more about the integration in a recent blog on the subject.


To learn more about how Alcide Advisor and D2iQ Dispatch work better together, join us on June 16 at 9 AM (PDT) by registering at:  - GitOps Progressive Security with Alcide Advisor and D2iQ Dispatch

You can also sign up for a 90-day free trial of Dispatch bundled with D2iQ’s Kubernetes distribution, Konvoy, so you have everything you need for enterprise-grade GitOps including logging and monitoring.

Ready to get started?