Best technology I've discovered in 2020

Stepan Vrany Stepan Vrany

2020 was challenging, that's true. I've left the institute of employment and we have founded a consulting agency. And then ... well you know the story, SARS-CoV-2 has come. A lot of things have slowed down but one thing remained the same: discovering new technologies. So what have I discovered last year?

GitOps is not a buzzword anymore

And from my point of view, it's mostly caused by Argo CD. Hence, this paragraph is devoted to this amazing piece of technology. Argo CD is a modern CD tool that has the ability to open GitOps to the masses. It has brilliant web UI integrated, it supports a variety of configuration sources (pure YAML, Helm, Jsonnet, or Kustomize).

That's not only me, even in the Czech Republic there are a lot of Argo CD fans. I consider this a huge success, there's a bright future for this product.

YAML templating sucks (that's a fact) but there's a way out

Helm templating system makes me angry. I was digging in plenty of Helm charts last year and none of them changed my opinion. But there's one particular tool that can help you out: Jsonnet.

Jsonnet is a different kind of tool, it's data templating language that helps you to keep your configuration as a real code. Configuration can be altered by providing some inputs and the result is always translated to JSON. For instance, this is a complete Kubernetes Deployment object using this amazing Kubernetes library.

I'm not the only one who fell in love with Jsonnet. If you need more success stories just check some Grafana labs tweets. They use Jsonnet literally for everything. They even wrote their own library for the management of Kubernetes resources called Tanka.

Moreover, Jsonnet is fully supported by Argo CD so if you like my introduction to both technologies - go for it and build something beautiful.

And don't forget that I'm always here to help you

Secrets management does not have to be annoying

I've done terrible things in the past when it comes to secrets management. But this might be the way how to repay my debt. What if you use some secrets store managed by some cloud provider or some other trusted party and a simple Kubernetes operator just pulls those secrets for you and stores them as Kubernetes secrets?

This method gives you the following advantages:

  • You don't have to operate such an important piece of infrastructure
  • You don't store secrets in the repository
  • The deployment system does not need access to any cryptographic resources (this is the case while using encrypted secrets e.g. SOPS)
  • Secrets are "cached" as Kubernetes resources, small outage of the primary secrets store is OK

All described can be achieved with Kubernetes External Secrets originally developed by GoDaddy engineering. This project is more than alive, it works with major offerings for secrets management (AWS, Azure, Vault, ...) and it plays well with the GitOps approach!

And here's one side note if you are concerned about the Kubernetes secrets: Kubernetes RBAC is your friend.

Traefik Proxy is still the number one

I did not discover Traefik Proxy in 2020 but I need to put it on this list. I've been using a lot of different Ingress controllers this year but every encounter with Traefik Proxy was a huge relief.

Its Kubernetes implementation of CRDs has shown huge benefits over the "native" Ingress objects bloated with annotations. In comparison to some classic solutions, it has a limited set of features (that's good) and really really great documentation.

And last but not least, the community around Traefik is just awesome! Sometimes even the founder and CEO helps with certain topics. I love that.

In 2020 Traefiklabs also introduced Traefik Pilot which is SaaS solution for monitoring and management of your Traefik instances.

AWS Cloud Development Kit for easy and repeatable infrastructure

Infrastructure as Code is still a rapidly evolving area, you might know Terraform from Hashicorp or Pulumi. AWS CDK does the same thing. But it's not a completely new product, it's more like the next evolutional step for the existing IaC tool CloudFormation.

CDK allows you to describe the whole infrastructure in some general-purpose language, currently, it supports Python, JavaScript, Java, or, .NET. These libraries are however a bit opinionated, which means that you don't have to always fill in all the parameters required by API. For instance, this is a fully functional EKS cluster with IRSA enabled.

When you're done with edits, CDK can synthesize the code for you and the rest of the operations is driven by CloudFormation.

I did not discover all possible use cases of CDK but even this one is really stunning. Imagine that you're a software engineer without deep knowledge of AWS services and all you need to bootstrap the EKS cluster is one file with 20 lines of TypeScript. Mindblowing.

Wrap

In 2020 I've seen a lot of technology. I know this list seems to be a bit conservative but it's full of production-ready components! I naturally gravitate to stuff that I can potentially use so it is what it is.

My biggest takeaways from 2020 are related to GitOps concepts. I truly believe that 2021 will be the year of massive adoption and it will help us to stabilize wild clusters that use unpredictable deployment models nowadays.

This article was updated on January 8, 2021

Stepan Vrany

System Engineer, Cloud Native enthusiast, father and husband. Also, I'm taking some pictures of ugly things.