DEV Community: Abhishek Korde

👉 🚀 GitOps in Action: Deploy Applications on Kubernetes using Argo CD

Abhishek Korde — Sun, 25 Jan 2026 20:28:13 +0000

🎤 INTRO
Hi everyone, welcome back to my channel!
Today we’re going to deploy an application using GitOps with Argo CD, one of the most popular continuous delivery tools for Kubernetes.

If you’re learning DevOps or Kubernetes, this is a must-have skill.

🧠 WHAT IS GITOPS?

GitOps is a deployment approach where Git is the single source of truth.
Whatever is written in Git is exactly what runs in the Kubernetes cluster.

Argo CD continuously watches your Git repository and automatically syncs changes to the cluster.

🧰 PREREQUISITES

Before starting, make sure you have:

Minikube running
kubectl installed
A Kubernetes cluster ready

I’m using Minikube on Windows for this demo.

🚀 STEP 1: VERIFY MINIKUBE

First, let’s check the Minikube status.

minikube status

As you can see, the control plane, kubelet, and API server are running.

🚀 STEP 2: INSTALL ARGO CD

Now we’ll install Argo CD in the Kubernetes cluster.

kubectl create namespace argocd

kubectl apply -n argocd \
-f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

This command installs all Argo CD components like the API server, controller, repo server, and Redis.

🚀 STEP 3: VERIFY ARGO CD PODS

kubectl get pods -n argocd

All pods should be in Running state before moving forward.
Note:Wait untill all pods should be running state..

🚀 STEP 4: EXPOSE ARGO CD UI
Argo CD runs internally by default, so we need to access it.
check all the service of ArgoCD using below command:

kubectl get svc -n argocd

As you seen in above snapshot, There is *argocd-server * change the service type to NodePort service of argocd-server.

kubectl edit svc argocd-server -n argocd

minikube service argocd-server -n argocd

This gives us the Argo CD UI URL.
But we need to do tunneling the get local ip address of argocd-server.
To do tunneling use below command:

minikube service argocd-server -n argocd

This will give you https and http ip address, using this ip you can use ArgoCD UI.

🚀 STEP 5: LOGIN TO ARGO CD
Username is admin.
To get the password:

kubectl get secret -n argocd

to get password, edit the argocd-initial-admin-secret.

kubectl edit secret argocd-initial-admin-secret -n argocd

copy the password.

but this password is encrypted so we need to decrypt it.

[System.Text.Encoding]::UTF8.GetString(

)

This command decrypt the password and give you password from that password we can log in ArgoCD.

🚀 STEP 6: DEPLOY APPLICATION USING GITOPS
Now comes the GitOps part.

I already have a Git repository containing Kubernetes manifests like:
**

Deployment
Service ** In Argo CD UI: **
Click New Application
Provide Git repo URL
Select branch and path
Choose destination cluster and namespace
Click Create **

Argo CD automatically syncs Git with the cluster 🎯

🔄 AUTO SYNC & DRIFT DETECTION
If someone changes resources manually in Kubernetes, Argo CD detects the drift.

Git always wins — that’s the power of GitOps.

✅ FINAL RESULT
Our application is now deployed successfully using Argo CD.

Any future change pushed to Git will automatically update the cluster.

🎯 CONCLUSION
Argo CD makes Kubernetes deployments:

**- Declarative

Version controlled
Secure
Fully automated**

This is how modern DevOps teams deploy to production.

🚀 Different Types of Deployment Strategies in DevOps

Abhishek Korde — Thu, 15 Jan 2026 08:22:44 +0000

When deploying applications to production, choosing the right deployment strategy is critical. A good strategy minimizes downtime, reduces risk, and ensures a smooth user experience.

In this blog, we’ll explore the most commonly used deployment strategies in DevOps, how they work, and when to use each one.

🔹 1. Recreate Deployment
📌 How it works

The old version of the application is stopped completely
The new version is deployed after shutdown
Causes downtime

✅ Pros

Simple and easy to implement
No additional infrastructure needed

❌ Cons

Application downtime
Not suitable for production-critical apps

🧠 Use case

Internal tools
Development or test environments

🔹 2. Rolling Deployment
📌 How it works

New version is deployed gradually
Instances are updated one by one
Old and new versions run together temporarily

✅ Pros

Zero or minimal downtime
Controlled rollout

❌ Cons

Harder to rollback
Mixed versions running simultaneously

🧠 Use case

Kubernetes Deployments
Microservices-based applications

🔹 3. Blue-Green Deployment
📌 How it works

Two environments: Blue (current) and Green (new)
New version is deployed to Green
Traffic is switched instantly after testing

✅ Pros

Zero downtime
Easy rollback

❌ Cons

Requires double infrastructure
Higher cost

🧠 Use case

Production systems
Applications requiring high availability

🔹 4. Canary Deployment
📌 How it works

New version is released to a small subset of users
Gradually increased if no issues are found

✅ Pros

Reduced risk
Real-user testing

❌ Cons

Complex monitoring setup
Slower full rollout

🧠 Use case

Large-scale systems
Feature validation in production

🔹 5. A/B Testing Deployment
📌 How it works

Two versions are deployed simultaneously
Traffic is split between versions
User behavior is analyzed

✅ Pros

Data-driven decisions
Great for UI/UX testing

❌ Cons

Complex routing logic
Not ideal for backend-heavy changes

🧠 Use case

Marketing experiments
UI/UX optimization

🔹 6. Shadow Deployment
📌 How it works

New version receives real traffic
Responses are ignored
Used only for testing performance

✅ Pros

Zero risk to users
Real-world testing

❌ Cons

High resource usage
No user-visible benefit

🧠 Use case

Performance benchmarking
Load testing new systems

🔹 7. Feature Toggle (Feature Flag)
📌 How it works

Code is deployed with features disabled
Features are enabled dynamically
No redeployment required

✅ Pros

Instant rollback
Safe feature releases

❌ Cons

Technical debt if flags aren’t cleaned
Added code complexity

🧠 Use case

Continuous delivery pipelines
SaaS platforms

📊 Comparison Table
| Strategy | Downtime | Rollback | Complexity |
| -------------- | -------- | -------- | ---------- |
| Recreate | Yes | Easy | Low |
| Rolling | No | Medium | Medium |
| Blue-Green | No | Easy | High |
| Canary | No | Easy | High |
| A/B Testing | No | Medium | High |
| Shadow | No | N/A | High |
| Feature Toggle | No | Easy | Medium |

🎯 Conclusion

There is no one-size-fits-all deployment strategy.
The best choice depends on:

Application criticality

Infrastructure cost

Risk tolerance

User impact

Modern DevOps teams often combine Canary + Feature Toggles or Blue-Green + Automation for safer deployments.

📊 AWS S3 + AWS Glue + Athena + Grafana — End-to-End Analytics Project

Abhishek Korde — Fri, 05 Dec 2025 20:26:08 +0000

🎯 Overview

In this project, I built a complete analytics pipeline using AWS services.
The goal was simple:

Read CSV files from S3 → Convert to tables using Glue → Query using Athena → Visualize in Grafana

This is a real-world data analytics workflow used widely in Cloud + DevOps environments.

🚀 Architecture Diagram

🏗️ Services Used
| Service | Purpose |
| --------------------- | ------------------------------------- |
| S3 | Stores raw CSV files |
| Glue Crawler | Detects schema & creates Athena table |
| Glue Data Catalog | Manages table metadata |
| Athena | SQL queries on S3 files |
| Grafana | Visualizes Athena queries |

🧩 Step 1 — Upload CSV Data to S3

I created a folder structure:
s3/
└── s3-athena-analytics-abhishek31/raw/
└── bd-dec22-births-deaths-natural-increase.csv
└── bd-dec22-deaths-by-sex-and-age.csv
└── electronic-card-transactions.csv

Upload using AWS CLI:
aws s3 cp your_file_name.csv s3-athena-analytics-abhishek31/raw/

🤖 Step 2 — Create AWS Glue Crawler

The crawler:

Points to S3 folder
Detects CSV schema
Creates a table inside AWS Data Catalog
Database name: s3_log_db
Table name: s3_athena_analytics_abhishek31 After running, I validated the schema.

🔍 Step 3 — Query Data in Athena

Athena reads the S3 data using SQL.

Example query:

SELECT 
    series_reference,
    period,
    series_title_2,
    value
FROM s3_log_db.s3_athena_analytics_abhishek31
ORDER BY series_title_2 ASC;

This verified the data is properly structured.
📊 Step 4 — Connect Grafana to Athena

In Grafana:

Add datasource → AWS Athena
Configure:
AWS Region
S3 query results bucket
Workgroup
Test connection → Success

📈 Step 5 — Build Dashboards in Grafana

I created multiple visualizations using raw queries (not JSON imports):

Bar chart for age-group distribution

Time series analysis

Gender-wise population trends

Total population per year

🗂️ Project Folder Structure
AWS-Athena-S3-Grafana-Analytics/
│── docs/
│ └── README.md
│── s3/
│ └── README.md
│── sql/
│ └── athena_queries.sql
│── grafana/
│ └── README.md
└── README.md

📌 Key Learnings

✔ How to automate schema detection with Glue
✔ How Athena queries S3 without a database server
✔ How to integrate AWS & Grafana
✔ How to visualize analytics with Live SQL

Great project for Cloud + DevOps profile! 💯

🔗 GitHub Repository:
https://github.com/abhikorde31/aws-s3-athena-grafana-analytics

🏁 Conclusion

This project shows how to build a production-grade analytics pipeline using AWS serverless services + Grafana.

If you want a visualization dashboard, real-time updates with Lambda, or Terraform automation — I can help you extend it.

🧩 Understanding Custom Resources in Kubernetes: Extending the Power of Your Cluster

Abhishek Korde — Wed, 29 Oct 2025 11:22:59 +0000

Kubernetes is incredibly powerful — it manages containers, networking, and scaling with ease. But what makes it truly flexible is its ability to go beyond built-in objects like Pods, Services, and Deployments.

That’s where Custom Resources (CRs) come in.

In this post, we’ll break down what custom resources are, why they exist, and how you can create one to extend Kubernetes just like a pro.

🔍 What Are Custom Resources?

In simple terms, a Custom Resource (CR) is a user-defined API object that extends the Kubernetes API.

By default, Kubernetes comes with built-in resource types like:

pods
deployments
services
configmaps

But what if you want Kubernetes to understand your own type of resource — say, Database, Cache, or CronJobTemplate?

That’s exactly what a Custom Resource Definition (CRD) allows you to do.

🧱 CustomResourceDefinition (CRD)

A CRD is a YAML definition that tells Kubernetes about your new resource type — its name, structure, and how it should behave.

Once a CRD is created, you can use kubectl commands to create, read, update, and delete your new resource — just like any built-in one.

Example CRD:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: crontabs.stable.example.com
spec:
  group: stable.example.com
  versions:
    - name: v1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                schedule:
                  type: string
                image:
                  type: string
                replicas:
                  type: integer
  scope: Namespaced
  names:
    plural: crontabs
    singular: crontab
    kind: CronTab
    shortNames:
      - ct

Once you apply this CRD:

kubectl apply -f crd-crontab.yaml

Kubernetes now understands a new object type called CronTab.

🚀 Creating a Custom Resource

After defining your CRD, you can create actual instances of that resource.

Here’s an example of a Custom Resource (CR):

apiVersion: stable.example.com/v1
kind: CronTab
metadata:
  name: my-cron
spec:
  schedule: "*/5 * * * *"
  image: my-cron-image
  replicas: 2

Apply it using:

kubectl apply -f my-cron.yaml

Now, try:

kubectl get crontabs

You’ll see:

NAME       AGE
my-cron    10s

Just like you would for pods or services — except this is your custom resource!

⚙️ How Custom Resources Work Behind the Scenes

When you create a CRD:

Kubernetes API server dynamically adds new REST endpoints (like /apis/stable.example.com/v1/crontabs).
The Kubernetes control plane starts accepting your new object type.
You can manage these objects just like native Kubernetes ones.

However, a CRD alone doesn’t perform any action.
If you want automation (like creating pods or databases when a CR is created), you need a **Controller or Operator **that watches your CRs and acts accordingly.

🤖 Custom Resources and Operators

Operators are like “smart agents” that extend Kubernetes behavior using CRDs.

For example:

Prometheus Operator → adds CRDs like ServiceMonitor, Alertmanager.
Cert-Manager → adds CRDs like Certificate and Issuer.
ArgoCD → uses CRDs like Application to manage GitOps workflows.

These operators continuously monitor custom resources and automatically take actions — just like Kubernetes manages pods.

🧠 Why Use Custom Resources?

Extensibility: Add new resource types without changing Kubernetes core code.
Automation :Combine with controllers to automate complex tasks.
Declarative Management: Use YAML manifests to define custom workflows.
Integration: Ideal for building Operators, CI/CD systems, or internal DevOps tools.

🧭 Conclusion
Custom Resources turn Kubernetes from just a container orchestrator into a powerful platform for automation.
They’re the foundation for Operators, GitOps, and advanced DevOps workflows.
If you understand how CRDs and CRs work, you can extend Kubernetes to manage almost anything — not just containers.

🚀 Quick Recap

CRD (CustomResourceDefinition): Defines your new resource type.
CR (Custom Resource): An instance of that type.
Controller/Operator: Automates behavior based on your CRs.

Mastering Kubernetes Services: ClusterIP, NodePort, and LoadBalancer Explained.

Abhishek Korde — Tue, 07 Oct 2025 17:12:37 +0000

🧩 Manage Kubernetes Services and Their Types

Kubernetes is a powerful container orchestration platform, but what truly makes it shine is how it manages networking and services. In Kubernetes, Services are responsible for enabling communication between components inside and outside the cluster.

This blog explains what Kubernetes Services are, the different types of Services, and how to manage them effectively.

🚀 What Is a Kubernetes Service?

In Kubernetes, a Service is an abstraction that defines a logical set of Pods and a policy to access them.

Why do we need it?
Because Pods are ephemeral — they can be created, destroyed, or replaced anytime. A Service provides a stable network endpoint (a fixed IP or DNS name) so other applications can reach the Pods reliably, even as Pods change.

🔧 Types of Kubernetes Services

Kubernetes supports different types of Services, depending on how you want your application to be accessed.

Let’s explore each one 👇

1️⃣ ClusterIP (Default)

Purpose:
Provides internal access between applications inside the cluster.

How it works:

Creates a virtual IP (ClusterIP) accessible only within the cluster.

Distributes traffic between multiple Pods using round-robin load balancing.

Example:

apiVersion: v1
kind: Service
metadata:
  name: backend-service
spec:
  selector:
    app: backend
  ports:
    - port: 80
      targetPort: 8080
  type: ClusterIP

Use Case:
Backend-to-database communication or internal microservice communication.

2️⃣ NodePort

Purpose:
Expose your application outside the cluster on a specific port.

How it works:

Opens a static port (between 30000–32767) on each Kubernetes node.

Redirects traffic from that port to your service.

Example:

apiVersion: v1
kind: Service
metadata:
  name: frontend-service
spec:
  type: NodePort
  selector:
    app: frontend
  ports:
    - port: 80
      targetPort: 3000
      nodePort: 30007

Access:
You can access the app using:

http://<NodeIP>:30007

Use Case:
Local testing and development setups (like Minikube).

3️⃣ LoadBalancer

Purpose:
Expose the application to the internet using a cloud load balancer.

How it works:

Works on top of NodePort and ClusterIP.

Automatically provisions a cloud provider’s external load balancer (e.g., AWS ELB, Azure LB, GCP LoadBalancer).

Example:

apiVersion: v1
kind: Service
metadata:
  name: web-service
spec:
  type: LoadBalancer
  selector:
    app: web
  ports:
    - port: 80
      targetPort: 8080

4️⃣ ExternalName (Special Case)

Purpose:
Map a Kubernetes service name to an external DNS name.

How it works:

No proxying or load balancing — it just returns a CNAME record.

Example:

apiVersion: v1
kind: Service
metadata:
  name: external-db
spec:
  type: ExternalName
  externalName: db.example.com

Use Case:
Connecting internal services to external resources (like managed databases or APIs).

🎯 Conclusion

Kubernetes Services simplify communication between Pods and make applications stable, scalable, and easy to manage.

Use ClusterIP for internal traffic.
Use NodePort for local or limited external access.
Use LoadBalancer for production environments.
Use ExternalName for connecting to external systems. With these, you can manage and expose any application confidently — from development to production.

Setting Up Kubernetes on Windows with Minikube (Step-by-Step Guide)

Abhishek Korde — Sat, 20 Sep 2025 22:00:25 +0000

🌀 Prerequisites: Kubernetes, Docker, Containers, Cloud
There are many tools for managing the cluster in kubernetes:

Minikube → Local dev cluster (single-node).
Kind (Kubernetes in Docker) → Lightweight, fast local clusters in Docker containers.
k3s → Lightweight Kubernetes distribution for edge/IoT.
Kops → Production cluster provisioning (mostly AWS).
Kubadm → Official tool to bootstrap a Kubernetes cluster (often used for bare-metal or custom setup).
Rancher → GUI and management for multiple Kubernetes clusters.
OpenShift → Red Hat’s enterprise Kubernetes platform.
Managed services → EKS (AWS), GKE (Google Cloud), AKS (Azure).

Some of them are used for production, while others are mainly for local development.
Today, we are using minikub(obviously) for our local development.

Step 1: Install Minikube
The first step is to install Minikube using the link below, or by searching “Minikube install” in your browser.
link of installing the minikube:Minikube Install

Step 2: Install kubectl
The next step is to install kubectl. kubectl is the command-line tool for Kubernetes, and it allows us to interact directly with the cluster.
To install kubectl you can use below link or directly search in browser as kubectl install.
link for installing the kubectl:Kubectl Install
Choose the installation instructions for your platform (Linux, macOS, or Windows).

Step 3: Install Docker Desktop

Minikube runs the Kubernetes cluster inside a Docker container (when you use the --driver=docker).
You can install Docker Desktop either from the official website (browser download) or from the Microsoft Store.
Docker Desktop is a free platform (but not fully open source).
If your system does not support Hyper-V, you can use WSL2 as the backend for Docker.
In Docker Desktop → Settings → Resources → WSL Integration → Clicking “Refetch distros” helps Docker detect available Linux distributions.
If no distro is listed, you need to install a Linux distro like Ubuntu from the Microsoft Store (or manually).

Step 4: Start Minikube
Now that the basic setup is complete, we can create the Kubernetes cluster using the command below:

minikube start

This creates a single-node Kubernetes cluster.
On Windows, instead of VirtualBox/Hyper-V, it runs inside Docker containers.

⚠️ Sometimes, Minikube fails because it pulls images from registry.k8s.io. Use a faster mirror:
In this case, use the following command:

minikube start --driver=docker --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers

This flag tells Minikube to use the Alibaba Cloud mirror instead, which is often faster and more reliable.

Step 5: Verify the Cluster
To list all Pods in the cluster (including system Pods), use the command:

kubectl get pods -A

It will show like this.

These are the default system pods that Minikube runs inside the kube-system namespace:

coredns → Handles DNS (service discovery inside the cluster).
etcd-minikube → Key-value database that stores the entire Kubernetes cluster state.
kube-apiserver-minikube → The main API server; all kubectl commands talk to this.
kube-controller-manager-minikube → Ensures desired state (like creating pods if one fails).
kube-proxy → Manages networking rules for pod-to-pod and pod-to-service communication.
kube-scheduler → Assigns new pods to nodes.
storage-provisioner → Automatically provisions storage volumes when needed.

✅ All are in Running status → means your Minikube cluster is healthy and ready to run workloads.

To get all the nodes in your cluster and their status using below command:

kubectl get nodes

The output of the above command looks like this:

NAME → minikube → This is your Kubernetes node (a VM/Container created by Minikube).
STATUS → Ready → The node is healthy and can run pods.
ROLES → control-plane → This node acts as the master/control plane (manages the cluster).
AGE → 5m3s → Node has been running for about 5 minutes.
VERSION → v1.34.0 → The Kubernetes version running on this node. ✅ In short → Your Minikube cluster has 1 control-plane node, it’s healthy, and ready to schedule pods. After confirming that our nodes are up and running.

Step 6: What is a Pod?
Now we have to install pod. Inside that pod our application will run.

First, let’s understand what a Pod is.?

A Pod is the smallest deployable unit in Kubernetes.
A Pod is essentially a definition of how to run one or more containers.
The specification is written in a YAML manifest (like pod.yml), similar to how you give instructions in docker run.
Most Pods contain a single container, but sometimes Pods have:
Sidecar containers (for logging, monitoring, etc.).
Init containers (run before the main container).
Kubernetes assigns an IP address to the Pod, not to each individual container. All containers in the Pod share the same Pod IP and network namespace.

Step 7: Deploy Your First Application (Nginx)
We will now deploy our first Nginx application. The first step is to create a Pod by writing a pod.yml file.
As I told earlier pod is basically yaml file so we will write first basic yaml file that will help to understand the structure.
If you are on Windows, use the following command and paste the given YAML script:

notepad pod.yml

because vi does not work on Windows (it is available only on Linux systems).

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80

🔎 In short:

You’re creating a Pod called nginx.
Inside it, you run 1 container using the image nginx:1.14.2.
That container exposes port 80 (default HTTP port).
✅ This YAML defines the smallest deployable unit in Kubernetes (a Pod) running Nginx.
After writing yml file we have to create application on pod using give command:

kubectl create -f pod.yml

After creating the application, check whether it is running using the following command:

kubectl get pods

and If we want to get entire details of pods with IP address of pod then use below command:

kubectl get pods -o wide

Step 8: Access the Minikube Cluster
If you want to log in to the cluster where the application is running, use the command:

minikube ssh

It opens an SSH session into the VM / Docker container that Minikube created to run your Kubernetes cluster.
This lets you log in directly inside the Minikube node (the machine acting as your Kubernetes cluster).

🛠 What you can do inside:

Run Linux commands (because Minikube runs on a Linux environment).
Check processes, logs, or system info.
Use tools like docker ps (to see the containers Kubernetes is running internally).
Troubleshoot networking or storage inside the cluster. After that, test if the Pod’s internal IP is reachable and serving traffic by using curl .

curl <POD_IP>

This ip address of pod where your application is running.

If you see the Nginx welcome page, 🎉 congratulations—your app is running successfully!

✅ Conclusion
You now have:

Minikube installed locally.
kubectl configured to interact with your cluster.
A working Nginx Pod running in Kubernetes. This setup is perfect for learning and local development before moving on to production tools like Kops, EKS, GKE, or AKS.

✨ Polished version:

To explore all commonly used kubectl commands, refer to the official Kubernetes cheatsheet:
Kubectl sheet sheet

🔎 Kubernetes Architecture Demystified: A Beginner-Friendly Guide

Abhishek Korde — Wed, 17 Sep 2025 20:49:14 +0000

Kubernetes has become the de facto standard for container orchestration. Whether you’re a DevOps engineer, cloud enthusiast, or software developer, understanding the Kubernetes architecture is crucial for deploying and managing containerized applications at scale.

🌐 What is Kubernetes?
Kubernetes (often abbreviated as K8s) is an open-source platform that automates the deployment, scaling, and management of containerized applications. It abstracts away the complexities of managing containers, allowing teams to focus on delivering applications faster and more reliably.

🚀 Kubernetes vs. Docker: What’s the Advantage?
Before comparing, let’s clarify:

Docker → A containerization platform (build, package, and run containers).
Kubernetes (K8s) → A container orchestration platform (manages and scales containers across clusters).

You often use them together: Docker to build/run containers, Kubernetes to orchestrate them.

🔑 Advantages of Kubernetes over Docker
1. Scalability

Docker alone can run containers, but scaling across multiple servers is manual and complex.
Kubernetes provides auto-scaling based on CPU, memory, or custom metrics.

👉 Example: If traffic spikes, Kubernetes automatically adds more Pods.

2. High Availability & Self-Healing

Docker: If a container crashes, you need manual intervention (or use Docker Swarm, but limited features).

- Kubernetes:

Restarts failed Pods automatically.
Re-schedules Pods on healthy nodes if one node fails.
Ensures the desired state (always keeps the right number of Pods running).

3. Load Balancing & Service Discovery

Docker: Requires manual setup for container-to-container networking.

- Kubernetes:

Provides built-in service discovery.
Automatically load-balances traffic between Pods.

4. Multi-Cloud & Hybrid Support

Docker: Mostly tied to the host machine or a single environment.

- Kubernetes:

Cloud-agnostic (works on AWS, Azure, GCP, on-premises).
Supports hybrid deployments and seamless migration.

5. Rolling Updates & Rollbacks

Docker: Updating containers without downtime is tricky.

- Kubernetes:

Handles zero-downtime deployments using rolling updates.
Can instantly rollback to a previous version if something breaks.

6. Infrastructure as Code & Automation

Docker: Focused on containers, not cluster-level automation.

- Kubernetes:

Full automation of deployments, scaling, and monitoring.
Integrates well with CI/CD pipelines.

📊 Kubernetes Architecture Diagram

⚙️ Components of Kubernetes Architecture
1. Control Plane Components

These components maintain the desired state of the cluster.

API Server (kube-apiserver):

The entry point for all Kubernetes commands (kubectl, UI, API calls).
Acts as a communication hub between components.

etcd:

A distributed key-value store.
Stores cluster state, configurations, secrets, and metadata.

Scheduler (kube-scheduler):

Decides which worker node should run a newly created Pod.
Scheduling decisions are based on resource availability, policies, and constraints.

Controller Manager (kube-controller-manager):
Runs controllers that handle routine tasks:

Node Controller (monitors nodes):
ReplicaSet Controller (ensures correct number of Pods)
Job Controller, etc.

Cloud Controller Manager

Integrates with cloud providers (AWS, GCP, Azure).
Manages cloud-specific resources like load balancers and storage.

2. Worker Node Components

Worker nodes run your application workloads.

Kubelet:

Agent running on each node.
Ensures containers are running as expected inside Pods.

Kube-proxy:

Handles networking inside the cluster.
Manages communication between Pods and Services.

Container Runtime (Docker, containerd, CRI-O)

The engine that actually runs containers.

Kubernetes Objects

These are the building blocks of Kubernetes deployments.

- Pod
→ The smallest deployable unit (one or more containers).

- Service
→ Exposes Pods to the network.

- Deployment
→ Ensures desired state of Pods.

- ConfigMap & Secret
→ Store configuration and sensitive data.

- Namespace
→ Logical separation within the cluster.

🔄** How Kubernetes Works (Step-by-Step Flow)**

You submit a deployment request using kubectl apply.
The API Server receives the request and stores the desired state in etcd.
The Scheduler assigns Pods to specific worker nodes.
The Kubelet on each node communicates with the control plane to run containers via the container runtime.
The Kube-proxy ensures networking and service discovery so Pods can talk to each other and external users.
Controllers continuously monitor and adjust the system to match the desired state.

🌟 Key Benefits of Kubernetes Architecture

Self-healing (auto-restarts failed Pods)
Auto-scaling based on load
Load balancing across nodes
Rolling updates and rollbacks
Cloud-agnostic (runs on any platform)

AWS Cost Optimization- Identify Stale Resources using Lambda Function.

Abhishek Korde — Tue, 01 Jul 2025 13:13:04 +0000

what is lambda function in AWS services?
AWS Lambda is a serverless compute service that allows you to run code without provisioning or managing servers. It executes code in response to events and automatically manages the computing resources. You upload your code as a Lambda function and it runs only when triggered by an event, scaling automatically.

Problem Statement:
When a user creates an EC2 instance, an associated EBS volume is also created. The user typically takes snapshots of this volume for backup purposes. However, after a few months, the user deletes the EC2 instance and the volume but forgets to delete the associated snapshot. As a result, the unused snapshots continue to incur storage costs, leading to unnecessary and increasing expenses over time. As DevOps engineer, It is essential to address this by implementing cost optimization strategies to identify and clean up unused snapshots to reduce AWS costs.

Solution:
To solve this problem statement we use Lambda funtion fetches all EBS snapshots owned by the same account and also retrieves a list of active EC2 instances. For each snapshot, It checks if the associated volume(if exists) is not associated with any active instance. If it finds a stale snapshots, it deletes it, effectively optimizing storage costs.

fetch all the EBS snapshots
filter out snapshots that are stale.
stale snapshot will be deleted

First step is to create the EC2 instance, while creating CE2 instance volume also created. In my case below is volume created.

After successfully created EC2 instance we have to manually create snapshot of volume.
Snapshot is nothing but copy of your volume.

Now first we create Lambda function

after creating lambda function, go to code section and write below code.

import boto3

def lambda_handler(event, context):
    ec2 = boto3.client('ec2')

    # Get all EBS snapshots
    response = ec2.describe_snapshots(OwnerIds=['self'])

    # Get all active EC2 instance IDs
    instances_response = ec2.describe_instances(Filters=[{'Name': 'instance-state-name', 'Values': ['running']}])
    active_instance_ids = set()

    for reservation in instances_response['Reservations']:
        for instance in reservation['Instances']:
            active_instance_ids.add(instance['InstanceId'])

    # Iterate through each snapshot and delete if it's not attached to any volume or the volume is not attached to a running instance
    for snapshot in response['Snapshots']:
        snapshot_id = snapshot['SnapshotId']
        volume_id = snapshot.get('VolumeId')

        if not volume_id:
            # Delete the snapshot if it's not attached to any volume
            ec2.delete_snapshot(SnapshotId=snapshot_id)
            print(f"Deleted EBS snapshot {snapshot_id} as it was not attached to any volume.")
        else:
            # Check if the volume still exists
            try:
                volume_response = ec2.describe_volumes(VolumeIds=[volume_id])
                if not volume_response['Volumes'][0]['Attachments']:
                    ec2.delete_snapshot(SnapshotId=snapshot_id)
                    print(f"Deleted EBS snapshot {snapshot_id} as it was taken from a volume not attached to any running instance.")
            except ec2.exceptions.ClientError as e:
                if e.response['Error']['Code'] == 'InvalidVolume.NotFound':
                    # The volume associated with the snapshot is not found (it might have been deleted)
                    ec2.delete_snapshot(SnapshotId=snapshot_id)
                    print(f"Deleted EBS snapshot {snapshot_id} as its associated volume was not found.")

after writing the above code click deploy. and create configure test event.
after this click test but it will fail as shown delow.

This is failing because of lambda execution time is by default 3 second and some permission error as well.
we will solve this issue one by one.
first go to configure tab and change lambda execution time upto 10 seconds
another one is go to attached IAM policy and attached below policy.

after attaching the policy come back and execute lambda function again
after execution we will see snapshot will not be deleted because snapshot attached to volume and volume attached to EC2.

manually delete the EC2 instance, that EC2 will delete volume as well.

Now I am executing the lambda function again.

Deleted EBS snapshot snap-02c1afa1d20b2c81b as its associated volume was not found. is shown in above screenshot.

as you see the snapshot also deleted if i delete EC2 instance.

Summary:
By using an AWS Lambda function, we can automate the identification and cleanup of stale EBS snapshots, helping to optimize AWS costs by eliminating unused resources. This is a practical DevOps automation use case to maintain clean, efficient cloud infrastructure.

Getting Started with AWS IAM: Managing Users, Groups, and Policies for Secure Access Control.

Abhishek Korde — Mon, 19 May 2025 17:46:36 +0000

AWS IAM (Identity and Access Management) is a service that helps you securely control access to your AWS resources. It allows you to manage users, their permissions, and how they interact with AWS services. Essentially, it's the foundation for security and access control within your AWS account.

Log in AWS console with your root username and password, after log in search IAM in search bar.

Basically IAM containing 3 different components as follows:

User
Policies
Group
Roles first we will go with Users, by creating user is nothing but authentication eg. entering any bank is means by authonticating user. user this user doesn't have any Authority for any servies so that Policies play big role in this. using Policies we can give any types of authorities to users. there are different already created by AWS to Help the Devops or cloud engineer. but we can customize our own policies by just writing json formating script. next is groups, If in your orginization thousand of employee and lots of employee leaves the organization and new employee are joining the organization in that cases its very difficult to manages every employee Policies and Efficiency also reduces so AWS introduce groups, instead of changing each and every employee policies, create group and add them in different groups as per their role so by changing only their groups policies it will applicable to all employee. eg. In your organization, we have 3 roles 1. deveoper 2. QA 3. DBAdmin. in this case you have to only changing the groups policies and each user on in their respective groups as per their roles. Now lets see how to create Users, policies and groups in AWS go to IAM section we will see below window: click the users section then click create users Note: always use Autogenerated password, it mean every log we have to create new password each time to more secure. while creating you can directly add policies or later you can apply policies after clicking next you can review and create the user by clicking create user after this you will feedback and your user is created for login with IAM user download .csv file in your local storage this .csv file contains below things use this information for login with IAM users. Now I am logout my root users and login with IAM users after login you have to reset password by changes autogenerated password. If you see carefully we will notice that left top corner your username is mentioned that means you login with your user. but till now we did add any policies so after login with user test-user-01 all the permision denied is showing. to give different types of permission to user to to user first with your root user by logout the user test-user-01. give the required permission then login with IAM user then you can access perticular service as per policies applied to your user. In my case I apply full_access_S3 policy to the user test-user-01 so test-user-01 can access my S3 bucker list.

In this blog, we explored the fundamentals of AWS Identity and Access Management (IAM), a powerful tool for managing access to AWS resources securely. We learned how to create users, assign permissions through policies, and organize users into groups for streamlined access control. IAM not only helps in maintaining security but also simplifies user management, especially in large organizations. By assigning the right permissions using predefined or custom policies, you ensure that users have exactly the access they need—no more, no less. Mastering IAM is essential for any DevOps or cloud engineer aiming to implement best security practices in AWS.

What is bind mount and volume in docker, Hands-On with Docker Storage: Volumes & Bind Mounts Demo

Abhishek Korde — Mon, 21 Apr 2025 11:10:30 +0000

Bind mounts may be stored anywhere on the host system. They may even be important system files or directories. Non-Docker processes on the Docker host or a Docker container can be modified at any time. You can create a file on the host system and attach it to the container where you want to maintain the state of the Docker. You can also use the bind mount for stateful applications.
Use of Bind Mounts:
Bind mounts are appropriate for the following types of use case:

Sharing source code or build artifacts between a development environment on the Docker host and a container.
When you want to create or generate files in a container and persist the files onto the host's filesystem.
Sharing configuration files from the host machine to containers. This is how Docker provides DNS resolution to containers by default, by mounting /etc/resolv.conf from the host machine into each container.

Bind mounts are also available for builds: you can bind mount source code from the host into the build container to test, lint, or compile a project.

What is Docker Volume?
Applications can be run independently using Docker containers. By default, when a container is deleted or recreated, all of the modifications (data) within it are lost. Docker volumes can be useful if we wish to save data in between runs. In order to protect data created by the running container, Docker volumes are file systems mounted on Docker containers.

Implimentation volume in container:
First step is to create the docker volume using following command:

after creating the volume, now we can dedicate this volume to one or multiple containers
to get the details information about volume, we can below command:

If you want to delete the volume which you created then run:

Docker volume rm abhishek

now I want to mount the volume on a container. so for that, Create the docker image to creating the docker image, we have to build docker file.
so first build docker file:

my docker file is in same directory so I use dot instead of filename, but If your docker file is in different directory then use filename instead of dot.
Now I mount volume in container

after mounting the volume, we have to check the running the containers using

docker ps

32a9d862a19a

after that check the container information, is volume is proporly mount on container or not, to check the use

docker inspect 32a9d862a19a

It will show the volume details in mount section using below.

*Note:To delete the volume we have to stop the running container then delete the container then we can delete the volume *

📝 Vlog Summary:
In this vlog, I’ll walk you through the concept of Docker Volumes — what they are, why they matter, and how to use them to persist data in Docker containers. We’ll start by creating a Docker volume, learn how to mount it to a container, and inspect the container to verify the mount. I’ll also demonstrate how to build a Docker image and run a container with volume mapping. Finally, we’ll cover how to properly clean up volumes and containers. If you’re new to Docker or want to manage data persistency better, this one’s for you!

what is jenkins and How to configure docker as agent on Jenkins.

Abhishek Korde — Sun, 13 Apr 2025 15:42:19 +0000

First we try to understand the what is jenkins and why jenkins is used in devops.
🚀 What is Jenkins?
Jenkins is an open-source automation server used primarily for Continuous Integration (CI) and Continuous Delivery (CD) in software development.
It helps automate the process of:

Building code

Testing applications

Deploying software

Monitoring pipelines

Jenkins is one of the most popular tools in the DevOps toolchain.
🛠️ Why is Jenkins Used in DevOps?
In DevOps, the goal is to:

Develop faster

Test more often

Deliver software reliably and continuously

Jenkins makes this possible by automating everything.
what is use of docker agent in Jenkins?
Old Jenkin Architecture:

if you refer the old jenkins architecture in organizationi, we created EC2 instance jenkin master but there are lots of devlops,devopments teams so jenkins gets lots of load so to offload this things so you should always use jenkin master only for the scheduling purposes. so in organization people create jenkin master and jenkin worker nodes, so different application run on different worker node. in past this architecture is well and good but advancement of microservices, we have lots of application os with this type of approach its difficult to build as well as some worker node sitting idle. so to solve this problems the new architecture came in the picture.
New Jenkin Architecture:

in latest approach, we are using Jenkins with docker as agent. so in latest approach we are trying to run jenkin pipeline on docker containers. as we know docker container is light in weight instead of virtual machines

Now you understood what is jenkin as well as docker as agent so we will try to configure the docker agent in Jenkins.
first login to EC2 instance using external terminal using below command:

Jenkins is java based application so first install the java as Pre-Requisites:

Java (JDK)

Run the below commands to install Java and Jenkins

Install Java

sudo apt update
sudo apt install openjdk-17-jre

Verify Java is Installed

java -version

Now, you can proceed with installing Jenkins
curl -fsSL https://pkg.jenkins.io/debian/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins
*Note: * By default, Jenkins will not be accessible to the external world due to the inbound traffic restriction by AWS. Open port 8080 in the inbound traffic rules as show below.

EC2 > Instances > Click on
In the bottom tabs -> Click on Security
Security groups
Add inbound traffic rules as shown in the image (you can just allow TCP 8080 as well, in my case, I allowed All traffic).

Login to Jenkins using the below URL:
http://:8080 [You can get the ec2-instance-public-ip-address from your AWS EC2 console page]

Note: If you are not interested in allowing All Traffic to your EC2 instance 1. Delete the inbound traffic rule for your instance 2. Edit the inbound traffic rule to only allow custom TCP port 8080

After you login to Jenkins, - Run the command to copy the Jenkins Admin Password - sudo cat /var/lib/jenkins/secrets/initialAdminPassword - Enter the Administrator password

Click on Install suggested plugins

Wait for the Jenkins to Install suggested plugins

Create First Admin User or Skip the step [If you want to use this Jenkins instance for future use-cases as well, better to create admin user]

Jenkins Installation is Successful. You can now starting using the Jenkins
Jenkins Installation is Successful. You can now starting using the Jenkins

Install the Docker Pipeline plugin in Jenkins:
Log in to Jenkins.
Go to Manage Jenkins > Manage Plugins.
In the Available tab, search for "Docker Pipeline".
Select the plugin and click the Install button.
Restart Jenkins after the plugin is installed.

Wait for the Jenkins to be restarted.

Docker Slave Configuration

Run the below command to Install Docker
sudo apt update
sudo apt install docker.io

Grant Jenkins user and Ubuntu user permission to docker deamon.
sudo su -
usermod -aG docker jenkins
usermod -aG docker ubuntu
systemctl restart docker

Once you are done with the above steps, it is better to restart Jenkins.
http://:8080/restart
The docker agent configuration is now successful.

configuration usng ansible

Abhishek Korde — Sat, 05 Apr 2025 10:54:19 +0000

Abhishek Korde

Apr 5 '25

How to configure passwordless authentication using Ansible

#devops #ansible #cloud #security

Comments

2 min read