Vier Männer stehen lächelnd vor einer Wand mit dem Schriftzug „WECK DEN UNGEZÄHMEN“. Einer hält einen Stock in der Hand.

Auto-Update Service
Events & Meetups
OpenShift - Kubernetes

12.02.2025

Vienna DevOps Meetup 01/2025: Auto-Updating Dependencies & Building a Kubernetes Packet Manager

Rückblick auf unser ViennaDevOps Meetup vom 28.01.25.

Erstes Meetup im Jahr – und wir sind direkt mit voller Power gestartet! Dieses Mal durften wir das ViennaDevOps Meetup in unserer Wiener Steppe hosten. Über 60 Anmeldungen zeigen: Die Community ist hungrig auf spannende DevOps-Insights.

Better Ways To Pipeline Automation

Die Themen? Effiziente Software-Pipelines und Open-Source-Erfolgsgeschichten. Zwei Vorträge, zwei spannende Einblicke in die Praxis 👉

1 Year Building a Kubernetes Package Manager: Lessons learned

Philip Miglinci, Co-Founder of Glasskube

Ein Mann präsentiert vor einem Bildschirm mit QR-Codes und Informationen zu Glasscube und seinem LinkedIn-Profil.

Philip gab einen ehrlichen Einblick, wie aus der Idee für Glasskube ein Kubernetes-Package-Manager mit über 3.000 GitHub-Stars wurde – und welche Herausforderungen das mit sich brachte.

👉 Technische Stolpersteine auf dem Weg zur Skalierbarkeit
👉 Community-Building – wie man Entwickler:innen weltweit für ein Projekt begeistert
👉 Open Source vs. Enterprise – wie der Spagat zwischen freier Software und Business gelingt

🎥 Hier kannst du dir die Aufzeichnung ansehen 👉

Video-Transkript hier.

Simlify and Secure: Microservice Updates in Your CI/CD Pipeline

Christoph Ruhsam, Software Engineer @ Gepardec IT Services GmbH

Ein Mann steht neben einem Projektorbildschirm, auf dem Code angezeigt wird, während er etwas erklärt.

Wie hält man hunderte Microservices sicher, aktuell und wartungsarm, ohne den Überblick zu verlieren?

Unser Gepard Christoph Ruhsam zeigte in einer Live-Demo, wie sich mit OpenRewrite, Renovate und Auto-Update-Strategien Microservices effizient managen lassen – weniger manueller Aufwand, mehr Sicherheit.

🔥 Die größten Pain Points:
⚡ Sicherheitslücken und veraltete Dependencies
⚡ Hoher manueller Aufwand bei Updates
⚡ Die Herausforderung, Stabilität und Flexibilität in Einklang zu bringen

🔍 Mehr über unseren Auto-Update-Service? Klicke hier.

🎥 Die komplette Session gibt’s auf 👉 YouTube

Video-Transkript hier.

Mit diesem Event haben wir die erste Meetup-Runde des Jahres eingeläutet – und freuen uns auf viele weitere spannende Sessions! 🚀

Hast du näheres Interesse?

Wir freuen uns auf deine Kontaktaufnahme.

Bist du der Lese-Typ?

… dann haben wir die Talks für dich in Schriftform.

Thanks for hosting, and thanks to KECH for providing the venue.

My talk today is about one year of building a package manager for Kubernetes.

Before we dive in, a quick question—who here has either created an open-source project and maintains it actively or regularly contributes to one?

[A few hands go up]

Okay, cool. Nice! Now, let’s go over the story of how we created this open-source project and what we learned after a year of development.

[Background]

For those who don’t know me, my name is Philli. I’m one of the co-founders of Glass Cube, the company behind the open-source project I’ll be talking about today. I have a traditional background in computer science, having studied at the Vienna University of Technology. Before founding Glass Cube, I was the CEO of an alerting company that built systems for firefighter organizations and emergency alerting in enterprise environments.

Glass Cube started two years ago out of an interest in DevOps tooling and open-source projects. But before diving into Kubernetes and deployment challenges, let’s talk about Helm, the de facto package manager for Kubernetes. I think everyone here has used Helm at some point, right?

[Audience nods]

Great! Now, a little history of Helm that I found interesting:

Helm was created in 2015 by Deis Labs during a hackathon.
The original name had an alcohol theme, but they later changed it.
In 2016, Google’s Deis Deployment Manager merged with Helm, and Helm 2.0 was released with a server-side component.
In 2018, Helm 3.0 was released, removing the server-side component, citing security concerns and custom resource management issues.
In 2022, Helm started supporting OCI images.
Recently, I attended the Helm 4.0 kickoff at KubeCon in Salt Lake City, where the Helm community (led by enterprises like SUSE and Red Hat) discussed upcoming changes. However, they agreed not to introduce major breaking changes, which is great for stability but limits the ability to fix long-standing issues.

[Our Experience with Helm]

When we first started working with Helm charts, we assumed it would be straightforward. Instead, we found:

Go templating was overly complex.
Dependencies across multiple namespaces often failed.
Helm charts frequently got stuck in weird states.

Frustrated, we wrote a blog post about Helm’s pitfalls and published it on Hacker News. It received 133 upvotes and sparked a discussion with 180+ people commenting about Helm’s downsides.

We thought, wait a minute—we’re working on an app marketplace, but this package management problem is clearly something many people care about. So we made a bold decision:

💡 We decided to go all in on building a better package manager.

[Building Glass Cube]

When we started, we had some big challenges:

None of us had written Go code before.
We had no internal knowledge of Helm’s history or contributors.
We had never managed massive, multi-tenant, high-security Kubernetes clusters.

Still, we believed in our core ideas:

A better dependency system
A GUI for easier management
A centralized package repository

Six months later, we launched our first MVP. It had many limitations:

Only cluster-scoped packages
No multi-namespace support
No package configuration options

Despite this, we released it, and it gained traction fast. Glass Cube started trending on GitHub, people joined our Discord, and the community grew quickly.

[Lessons from Open Source]

One of the biggest takeaways from launching an open-source project is community engagement. To build momentum:

✅ Have good first issues for contributors. ✅ Write clear contribution guidelines. ✅ Organize community calls.

By doing this, we attracted contributors who helped improve Glass Cube.

[Technical Challenges & Solutions]

To solve dependency management and automated updates, we built an automated CI/CD workflow:

Glass Cube Scout: A CLI tool that scans for new package versions.
GitHub Actions for CI/CD: Runs Minikube tests before merging updates.
Renovate Integration: We contributed to Renovate so it natively supports Glass Cube packages.
Package Controller: Manages dependencies and reconciles installations in Kubernetes.

[Adoption and Challenges]

After a year, Glass Cube is running in major cloud providers and large enterprise clusters. However, open-source adoption is tricky:

Large enterprises fork the project for internal use but rarely contribute back.
Companies want package management + support, leading to business opportunities.

[The Future of Glass Cube]

Are we as big as Helm? Not yet.

A key realization: Kubernetes is no longer a greenfield technology. Most companies already have existing deployment pipelines. This makes it harder to introduce a completely new package manager.

However, for greenfield projects, Glass Cube is gaining traction. New Kubernetes users want a clean package management approach, and that’s where we fit in.

[Lessons for Open-Source Developers]

Make noise early – Generate interest and engagement.
Users ≠ Contributors – Some contribute for learning, but adoption requires enterprise features.
Open-source monetization is tricky – Multiple corporate sponsors are ideal for long-term sustainability.

We love developer tooling and open source, and we’re launching our next big tool tomorrow!

While Helm remains dominant, we believe there’s room for alternative solutions. Glass Cube isn’t replacing Helm—it complements it. The Kubernetes ecosystem is big enough for multiple package managers, and we’re excited about the future.

Thank you!

[Applause]

Welcome from my side. I’m Christoph Kofler, Mountain Guide for Software Modernization. If you’re wondering why I have a stick, this is why! But more to the point, before we begin, I want to share a few words before Christoph starts his talk.

At Gepardec IT Services, we focus on solving one major problem: keeping your software up to date. Maintaining custom software is not an easy task, but the benefits are clear. We do it for security reasons, compliance reasons, and to free up resources for development teams.

In this talk, you will see how software can be kept up to date in a highly automated way. Enjoy the presentation, and I look forward to your questions afterward.

[Presentation Start]

Hello and welcome to my presentation about updating custom software. My name is Christoph Ruhsam, and I have been working at Gepardec IT Services for over seven years. I have successfully implemented our update service for two customers, and I’m excited to introduce this innovative solution to you today.

At Gepardec, we specialize in developing custom software tailored to our clients’ needs. Many of our customers operate a large number of microservices that require frequent updates. However, manually updating these services costs time and money. Sometimes, management even refuses updates simply because “it works as it is.”

But what happens then? You fall behind.

Over time, this can lead to major version gaps, making it increasingly difficult to catch up. Developers then spend countless hours debugging errors, setting up test environments, and solving unexpected problems.

At Gepardec, we wanted to eliminate these version discrepancies for good. Our goal is to keep software:

Regularly updated

Seamlessly maintained

Reliably automated

So, how can we accelerate the update process and reduce errors? That’s where our update service comes in. It combines:

Renovate for automated version updates
OpenRewrite for necessary code changes
Build validation to ensure functionality

If a build fails, no problem! We automatically add a Dev Space link to the pull request. This fully configured environment allows developers to debug, fix, and test the update without checking out the code locally—an efficient, developer-friendly approach.

[Live Demo]

But does this really work as smoothly as it sounds? Let’s find out!

Here, we have a plain Quarkus service with an outdated version 2.6.12, while the current version is around 3.17.

Renovate scans the repository and creates pull requests not only for Maven dependencies but also for Dockerfile versions and other components.
However, updating Quarkus from 2.x to 3.x is not just a version bump. It also requires Java updates and a namespace migration from JavaX to Jakarta.
To handle this, we configured Renovate to execute an OpenRewrite recipe that applies these changes automatically.

The result? Not only does the pull request include the version update, but it also contains all necessary code modifications to ensure a successful migration.

[Handling Failed Builds with Dev Space]

To demonstrate how we handle failed builds, we created a failing test.

If the pipeline fails, a Dev Space link is automatically added to the pull request.
Clicking on the link launches a fully configured workspace, with the correct branch already checked out.
The developer has everything set up: Java, Maven, Docker, and pre-defined commands.
Running a simple command like clean install confirms the error.
The developer can then fix the test, re-run the build, and verify that the issue is resolved.
Finally, the developer commits the changes, triggers the pipeline, and merges the request—all without manually setting up a local environment!

[Benefits of the Automated Update Service]

Our update service offers several advantages:

Faster updates with fewer manual steps

Less error-prone processes

Developers focus on features, not updates

Seamless integration into CI/CD pipelines

Runs entirely within the customer’s environment

Unlike external services that require access to repositories, our solution runs inside your infrastructure, ensuring security and control.

[Challenges]

Of course, there are some challenges:

Initial setup can be complex since every customer’s CI/CD pipeline is different.
Test coverage is crucial, as automated updates rely on successful pipeline validation.

Our implementation process follows three key steps:

Analyze the current application landscape (e.g., framework versions, update history).
Perform an initial upgrade using Renovate and OpenRewrite.
Provide ongoing support to keep services up to date.

This allows customers to focus on feature development without worrying about maintenance.

[Conclusion]

Our Renovate demo is open source and available on GitHub—feel free to fork, try it out, and experiment!

[GitHub Repository Shared]

I’m looking forward to the networking session later, but for now—any questions?

[Q&A Begins]

geschrieben von:
Veronika

Vienna DevOps Meetup 01/2025: Auto-Updating Dependencies & Building a Kubernetes Packet Manager

Better Ways To Pipeline Automation

1 Year Building a Kubernetes Package Manager: Lessons learned

Simlify and Secure: Microservice Updates in Your CI/CD Pipeline

Hast du näheres Interesse?

Bist du der Lese-Typ?

Das könnte dich auch interessieren:

Seamless Quarkus Dependency Updates with Renovate, OpenRewrite & Red Hat DevSpaces

Alte Software, neue Haftung?

Software-Modernisierung im Fokus: Warum du jetzt aktiv werden solltest