I'm curious about how your team's access to Kubernetes clusters is managed. Do developers have direct access, or are all deployments handled through tools like Flux or Argo? If they don't have direct access, how do they interact with the system? Are they reliant on observability tools to access logs instead?
5 Answers
As a developer myself, I can say we don’t have direct access to the Kubernetes API. Our CI/CD processes are managed by Argo Workflows, and we only get read-only access to Argo CD and artifact repositories. For any manual intervention, we have break glass accounts ready to go.
We allow developers access to our playground and dev clusters, but they are encouraged to use Argo and Git tools as much as possible to keep things organized.
I believe having some access during development is crucial. It allows developers to test and verify their code in Kubernetes early on, which leads to better quality and satisfaction. A separate cluster for developers can make a real difference!
In our setup, developers have unrestricted access to development namespaces on non-prod clusters. For production, they usually have read-only access based on the need. Only a select few developers can access the namespaces that hold sensitive data, like PCI information. Most of the time, our deployment pipelines handle everything, so direct access isn’t really needed.
The level of access really varies; in our case, developers can freely access their own non-prod namespaces but only have read access in production. This way, they can deploy and test without impacting live environments.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures