Layered Governance for your Infrastructure with Kubernetes, OPA, and Terraform

Transcript

1. None

2. Layered Governance for your Infrastructure

3. Taylor Dolezal (He/Him) Developer Advocate at HashiCorp

4. @onlydole on GitHub and Twitter Developer Advocate at HashiCorp

5. Agenda

6. Agenda GitOps Cloud Native Continuous Deployment

7. Agenda GitOps Cloud Native Continuous Deployment Policy as Code Enforcing

   Policy Automatically

8. Agenda GitOps Cloud Native Continuous Deployment Policy as Code Enforcing

   Policy Automatically Live Demo Terraform, Flux, OPA, and Kubernetes

9. GitOps

10. None

11. GitOps ▪ Framework using DevOps best practices

12. GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration

13. GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration

    ▪ Helps Govern Access Control

14. GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration

    ▪ Helps Govern Access Control ▪ Less Risk, Less Error Prone

15. GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration

    ▪ Helps Govern Access Control ▪ Less Risk, Less Error Prone ▪ Acts as a Feedback Loop
16. None

17. Flux Concepts How Does One Use Flux?

18. Bootstrap

19. Bootstrap ▪ The process of installing the Flux components

20. Bootstrap ▪ The process of installing the Flux components ▪

    Manifests are applied to a cluster, a GitRepository and Kustomization are created for the Flux components, and the manifests are pushed to an existing Git repository (or a new one is created)

21. Bootstrap ▪ The process of installing the Flux components ▪

    Manifests are applied to a cluster, a GitRepository and Kustomization are created for the Flux components, and the manifests are pushed to an existing Git repository (or a new one is created) ▪ Flux can manage itself just as it manages other resources

22. Sources

23. Sources ▪ Defines the origin of a source and the

    requirements to obtain it

24. Sources ▪ Defines the origin of a source and the

    requirements to obtain it ▪ GitRepository

25. Sources ▪ Defines the origin of a source and the

    requirements to obtain it ▪ GitRepository ▪ HelmRepository

26. Sources ▪ Defines the origin of a source and the

    requirements to obtain it ▪ GitRepository ▪ HelmRepository ▪ Bucket

27. Kustomization

28. Kustomization ▪ Represents a local set of Kubernetes resources that

    Flux is supposed to reconcile within a Kubernetes cluster

29. Reconciliation

30. Reconciliation ▪ Ensuring that a given state matches a declarative

    desired state

31. Reconciliation ▪ Ensuring that a given state matches a declarative

    desired state ▪ HelmRelease reconciliation

32. Reconciliation ▪ Ensuring that a given state matches a declarative

    desired state ▪ HelmRelease reconciliation ▪ Bucket reconciliation

33. Reconciliation ▪ Ensuring that a given state matches a declarative

    desired state ▪ HelmRelease reconciliation ▪ Bucket reconciliation ▪ Kustomization reconciliation

34. Add podinfo repository to Flux TERMINAL $ flux create source

    git podinfo \ --url=https://github.com/stefanprodan/podinfo \ --branch=master \ --interval=30s \ --export > ./staging-cluster/podinfo-source.yaml

35. GitRepository Manifest CODE EDITOR apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: GitRepository metadata: name:

    podinfo namespace: flux-system spec: interval: 30s ref: branch: master url: https://github.com/stefanprodan/podinfo

36. Deploy podinfo application TERMINAL $ flux create kustomization podinfo \

    --source=podinfo \ --path="./kustomize" \ --prune=true \ --validation=client \ --interval=5m \ --export > ./staging-cluster/podinfo- kustomization.yaml

37. Kustomization Manifest CODE EDITOR apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: name:

    podinfo namespace: flux-system spec: interval: 5m0s path: ./kustomize prune: true sourceRef: kind: GitRepository name: podinfo validation: client

38. Policy as Code

39. None
40. None
41. None

42. Live Demo

43. Thank You [email protected]