K8s-natives Infrastructure as Code: einfach, deklarativ, produktiv @ Mastering Kubernetes '22

Transcript

1. 1 Mario-Leander Reimer [email protected] @LeanderReimer qaware.de Photo by CHUTTERSNAP on

   Unsplash K8s-native Infrastructure as Code: einfach, deklarativ, produktiv

2. 2 Mario-Leander Reimer Principal Software Architect @LeanderReimer #cloudnativenerd #qaware #gernperDude

3. What is your preferred Infrastructure-as-code tool? ⓘ Start presenting to

   display the poll results on this slide.

4. QAware | 4

5. So what's wrong with traditional Infrastructure-as-code tools?

6. None

7. “Too much cognitive load will become a bottleneck for fast

   flow and high productivity for many DevOps teams.” QAware | 7 ▪ Intrinsic Cognitive Load Relates to fundamental aspects and knowledge in the problem space (e.g. used languages, APIs, frameworks) ▪ Extraneous Cognitive Load Relates to the environment (e.g. console command, deployment, configuration) ▪ Germane Cognitive Load Relates to specific aspects of the business domain (aka. „value added“ thinking)

8. The Platform team and engineers are a key enabler for

   high productivity of stream-aligned DevOps teams. QAware | 8 ▪ Responsible to build and operation a platform to enable and support the teams in their day to day development work. ▪ The platform aims to hide the inherent complexity to reduce the cognitive load for the other teams. – Standardization – Self-Service ▪ Fully automated software delivery is the goal! https://hennyportman.wordpress.com/2020/05/25/review-team-topologies/

9. Cloud-native Application Engineering Cloud-native Platform Engineering The 5 Layers of

   Cloud-native Software Engineering QAware | 9 IaaS Network, Compute, Storage (VPC, EC2, NLB, ALB, ...) CaaS (Kubernetes Services) PaaS (Software Infrastructure Blueprints with Helm and Continuous Delivery Toolchain) Application-specific Software Infrastructure Cloud-friendly & cloud-native Applications Architect Build Run Amazon SNS AWS IAM Amazon EC2 Amazon EBS

10. The 5 Layers of Cloud-native Software Engineering QAware | 10

    IaaS Network, Compute, Storage (VPC, EC2, NLB, ALB, ...) CaaS (Kubernetes Services) PaaS (Software Infrastructure Blueprints with Helm and Continuous Delivery Toolchain) Application-specific Software Infrastructure Cloud-friendly & cloud-native Applications Architect Build Run Amazon SNS AWS IAM Amazon EC2 Amazon EBS ?

11. Why not model cloud infrastructure as Kubernetes resources?

12. Custom Resource Definitions are user-defined, declarative extensions of the Kubernetes

    API QAware | 12 ▪ Abstraction of complex application constructs and concepts ▪ Definition solely via CustomResourceDefinitions ▪ Structure definition via OpenAPI v3.0 Validation Schema ▪ Default Support for several API Features: CRUD, Watch, Discovery, json-patch, merge-patch, Admission Webhooks, Metadata, RBAC, … ▪ Versioning und Conversion supported via Webhooks

13. QAware | 13

14. QAware | 14 Operator. - Do stuff with my CRDs.

15. Operators are codified Ops procedures! QAware | 15 ▪ Operators

    are the path towards Zero-Ops. They enable auto-updating, self-monitoring and self-healing infrastructure and applications. ▪ The concept was coined in the Kubernetes world. It’s now been adopted and used widespread in the cloud native world. ▪ Examples: OKD, Sealed Secrets, Kube Monkey, Weave Flux, Crossplane, and many more …

16. Kubernetes Operators Explained QAware | 16

17. Introducing the Operator SDK QAware | 17

18. lreimer/aws-ecr-operator

19. QAware | 19 https://intl.startrek.com/sites/default/files/styles/amp_metadata_content_image_min_696px_wide/public/images/2020-05/memes_002.png Are you serious?!

20. Conceptual Showcase Architecture QAware | 20 Provision GitOps Cluster API

    AWS Controllers for Kubernetes

21. qaware/k8s-native-iac

22. Manage AWS services using the Amazon Controllers for Kubernetes (ACK)

    QAware | 22 ▪ Define and use AWS service resources directly from Kubernetes. No need to define resources outside the cluster using traditional IaC tools. ▪ Each ACK service controller is packaged into a separate container image and Helm chart ▪ Uses IAM Roles for Service Accounts (IRSA) to automate the provisioning and rotation of temporary IAM credentials ▪ Currently 20 different controllers with RELEASED status available, however, most of these are still in PREVIEW maintenance phase ▪ https://aws-controllers-k8s.github.io/community/

23. Crossplane in a Nutshell QAware | 23 ▪ Open Source

    Kubernetes Add-on. Universal Control Plane for Cloud Infrastructure. ▪ Cloud Infrastructure Services can be defined declaratively by application teams ▪ Platform teams can provide relevant cloud infrastructure services via high level self-services APIs ▪ Individual Provider bundle a set of Managed Resources with their controllers. All major cloud providers are supported, e.g. AWS, GCP, Azure, Alibaba, … ▪ Managed Resources are fine granular representations of external cloud resources ▪ Composite Resource Definitions or XRDs enable the definition and creation of new abstractions for composite managed resources ▪ https://crossplane.io

24. Kubernetes Cluster API QAware | 24 ▪ Official Kubernetes sub-project

    ▪ Declarative APIs and tooling to provision, upgrade, and operate multiple Kubernetes clusters ▪ Work in different environments, both on-premises and in the cloud ▪ Reuse and integrate existing ecosystem components rather than duplicating

25. Cloud Engineering for Everyone. Modern Infrastructure as Code for Developers

    and SREs. QAware | 25 ▪ Tame overall complexity. One consistent approach to cloud engineering for Docker, many cloud providers and Kubernetes. ▪ No breach between application development and DevOps engineering. ▪ Rich programmable cloud interfaces with abstractions and reusable packages. ▪ Apply engineering practices to infrastructure code: automation, modularity, testing, and Continuous Integration / Delivery ▪ No intermediary formats. Direct usage of provided APIs. ▪ Several converters available: arm2pulumi, crd2pulumi, kube2pulumi, tf2pulumi ▪ Plenty of documentation and example resources available ▪ Pulumi Operator enables users to create Stacks as a first-class API resource

26. qaware.de QAware GmbH Aschauer Straße 32 81549 München Tel. +49

    89 232315-0 [email protected] twitter.com/qaware linkedin.com/company/qaware-gmbh xing.com/companies/qawaregmbh slideshare.net/qaware github.com/qaware