Core Exercises (Required)
To internalize the guardrails and the importance of change isolation, complete the following tasks:
- Split a Mixed PR: Take a hypothetical mixed PR (e.g., changing an image tag and a service port) and split it into two separate, clean pull requests.
- Trigger a Guardrail Failure: Intentionally run
guard-terraform-plan.sh applywithout a planfile and capture the failure output. Explain why the script stopped you. - Verify Context: Switch your
kubectlcontext to a non-existent namespace and runscripts/guard-kube-context.sh. Document the error message.
Challenge Exercise (Optional)
Blast Radius Detection Hook: Write a pre-commit hook script that detects when a single PR touches files in both flux/apps/ and flux/infrastructure/ directories. Explain why this pattern represents a correlated blast radius risk.
Rollback Checklist
Before finishing this chapter, ensure you know how to undo changes:
- Deployment Change: Use
kubectl -n <ns> rollout undo deployment/<name>. - Ingress Change: Revert the commit in Git and let Flux reconcile.
- Infrastructure Change: Create a new reviewed Terraform plan for the rollback.
Done When
You have completed this chapter when:
- You can explain why “small but mixed” changes are high risk.
- You have successfully demonstrated the use of
guard-kube-context.sh. - You have successfully demonstrated the use of
guard-terraform-plan.sh. - You can distinguish between investigation, containment, and rollback phases.
Knowledge Check
Before finishing this chapter, complete the Quiz to verify your understanding of the guardrail principles.