TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities and articles.
Top engineers at Anthropic and OpenAI say AI now writes 100% of their code.
If you're not using AI, you're spending 40 hours doing what they do in 4.
These 100+ Claude Code hacks fix that and help you ship 10x faster.
Sign up for The Code and get:
100+ Claude Code hacks used by top engineers — free
The Code newsletter — learn the latest AI tools, tips, and skills to code faster with AI in 5 minutes a day
🛠 TOOL OF THE DAY
soci-snapshotter - A containerd snapshotter plugin which enables standard OCI images to be lazily loaded without requiring a build-time conversion step.
🧠 USE CASE
Using Kyverno policies with ArgoCD
In an ideal world of Kubernetes, we all wish for guardrails which:
✔️ add-network-policy
✔️ add-networkpolicy-dns
✔️ add-ns-quota
✔️ add-rolebinding
✔️ add-safe-to-evict
❌ disallow-cri-sock-mount
❌ disallow-default-namespace
❌ disallow-empty-ingress-host
❌ disallow-helm-tiller
❌ disallow-latest-tag
and so on…
As Kubernetes deployments grow more complex, keeping things governed and compliant starts to feel like a real challenge.
Kyverno, a Kubernetes-native policy engine, complements ArgoCD, the popular GitOps tool, to enforce policies across your deployment pipelines.
Rather than talking at 10,000 feet, let’s pick a real-world use case of ‘disallowing the latest tag in container images.’
Setting up Kyverno is already well-documented—refer to this guide to know more.
Stage 1: Organize Files and Folders for Policy-as-Code
Organizing files and folders is critical to managing policies effectively in a GitOps workflow.
Use the following structure:
manifests/: Contains application resources like Deployments, Services, and ConfigMaps managed by ArgoCD.
policies/: Contains Kyverno policies for version-controlled governance, applied during resource creation or updates.
Stage 2: Create a Kyverno Policy to Disallow the Latest Tag
Save the following policy as disallow-latest-tag.yaml:
Apply the policy:
kubectl apply -f disallow-latest-tag.yamlStage 3: Configure ArgoCD for Policy Management
To integrate Kyverno policies into your GitOps workflow, create an ArgoCD application for policies:
This ensures policies are deployed automatically and stay in sync with the repository.
Stage 4: Test the Integration
Deploy a non-compliant application (e.g., using
nginx:latest) and observe the policy violation.Sample Error Message:
Error: Using a mutable image tag e.g. 'latest' is not allowed.Fix the deployment to use a specific tag (e.g.,
nginx:1.21.0) and verify successful deployment.
You can replicate the same for other policies.
You may even like:
Looking to promote your company, product, service, or event to 47,000+ Cloud Native Professionals? Let's work together.
