Zero to Hero on Kubernetes With Devtron

One of the hot keywords in the DevOps space is AppOps. As the DevOps ecosystem matures, the focus is shifting from automation and continuous delivery to enriching the developer experience. AppOps takes an app-centric approach to enable developers with self-service tools to develop, deploy, and operate applications on modern, cloud-native platforms. While we have seen a proliferation of great open-source tools to achieve parts of this goal in recent years, creating a seamless experience that spans over CI/CD, security, cost management, and observability remains a challenging task.

Devtron is an open-source tool that pulls together a number of popular components such as ArgoCD, Clair, external secrets, and minio to bootstrap a fully managed application delivery platform on Kubernetes. Underneath the hood, it leverages GitOps principles to create sample CI/CD pipelines, integrated with security scanning and observability tools via a slick application dashboard. For teams looking to adopt Kubernetes at scale, Devtron offers a quick way to provide developers and platform teams a way to onboard their applications onto Kubernetes without having to fumble with various YAML files and piecing together complex tools.

Devtron Overview

Looking at the documentation for Devtron, it is clear that the creators of Devtron really wanted to create a no-code experience for deploying applications onto Kubernetes. After a simple installation via Helm 3 or kubectl with minimal setup instructions to configure a Git repository and container registry, users can access the main dashboard with information about the Kubernetes cluster and the deployed application.

To deploy an application onto Devtron, we need to first give Devtron access to the Git repository where the source code and the Dockerfile are stored. Then we need to configure where the containers will be published to.

Next, we can configure the deployment templates. For those familiar with Kubernetes manifest or Helm charts, the YAML file pre-generated by Devtron will look very similar. Even if you are not familiar with Kubernetes syntax, the template is divided into self-explanatory sections such as environment variables, secrets, and resources.

The full list of configurable sections is listed on the rollout deployment section of the documentation. For DevOps or platform teams with some Kubernetes knowledge, more advanced settings such as affinity, disruption budgets, and Prometheus rules can be configured. Note that even though our application did not explicitly specify an envoy or Prometheus exporter sidecar, Devtron is adding opinionated templates to build in best practices on collecting metrics and logs.

Next, we can use a drag-and-drop editor to create a CI/CD pipeline. Like popular CI tools such as Jenkins and CircleCI, Devtron can be configured to trigger off a branch, PR, or tags. The default template includes a Docker build step, but you can also add a pre-build step to run unit or component tests and post-build steps to run integration tests if desired.

The CD side is equally easy to configure. Click on the "+" button on the right side of the CI stages:

Like the CI side, CD setup is broken down into three stages: pre-deployment, deployment, and post-deployment stage. These hooks can be leveraged for activities like DB schema migrations or triggering notifications. Since Devtron uses ArgoCD and Argo Rollouts underneath the hood, it supports various deployment strategies including recreating, canary, blue-green, and rolling updates.

After configuring the Git repo, container registry, and the CI/CD pipeline template, we can trigger the build and check out the "App Details" or "Build History" tab to see the progress and the build logs:

If you have enabled Application Metrics in the deployment template, you can also see default values for deployment frequency, change failure rate, mean lead time, and mean time to recovery built into the dashboard. Other metrics such as CPU/memory usage as well as throughput/latency for applicable servers are automatically captured:

Finally, Devtron bakes in security scanning and policy enforcement to the pipeline. The default installation of Devtron ships with Clair to automate container vulnerability scanning and integrates with Kubernetes webhooks to control what level of severity of a vulnerability is acceptable to be deployed into the cluster.

Teams with existing DevOps tooling will notice that Devtron is heavily leveraging familiar open-source tools for each of these application delivery workflows. However, the power of Devtron isn't in any individual feature, but in how it packages the entire experience in a complete DevSecOps experience into a single platform. Instead of configuring CI on Gitlab/CircleCI, configuring scanning policies on Docker Hub or GCR, and deploying ArgoCD into the Kubernetes cluster, you can simply use Devtron's console to set up a GitOps-based delivery pipeline in one place.

This app-centric approach is better highlighted when you are trying to deploy an existing Helm chart. Devtron ships with popular Helm repositories (e.g., Bitnami, Elastic, Jetstack, etc.), and you can click on any of the Helm charts to bootstrap the GitOps pipelines. For example, if we want to deploy MySQL, Devtron will automatically configure your Git repo to work with ArgoCD format:

This is powerful for developers who want to simply deploy databases or Nginx/HAProxy to integrate with their application without having to learn about Helm or Kubernetes syntax.

Devtron Pros and Cons

Devtron makes some opinionated design choices about what a cloud-native, application delivery workflow should look like. It comes with pre-configured templates to automate the Docker build, publish, scan, and deploy process with some guardrails baked in. This makes for a great choice for teams struggling to manage all the Kubernetes tooling or looking to adopt Kubernetes workflows with minimal overhead. The console makes it easy for both developers and DevOps teams to onboard new applications in a repeatable manner.

The heavy focus on the console experience and the "no-code" approach, however, may not work for teams looking for a headless or terminal-based experience. If you are used to configuring pipelines via some YAML-based configuration file, using the console may feel limiting, especially if templating or bootstrapping tools are already built-in. However, as Devtron continues to mature, I expect the team to add better support for teams to easily migrate to Devtron without having to use the console for every operation.