Slide 1

Slide 1 text

1 Mario-Leander Reimer [email protected] @LeanderReimer #gernperDude #CloudNativeNerd #qaware qaware.de Photo by CHUTTERSNAP on Unsplash kubectl apply -f cloud-Infrastructure.yaml mit Crossplane et al.

Slide 2

Slide 2 text

2 Mario-Leander Reimer Principal Software Architect @LeanderReimer #cloudnativenerd #qaware #gernperDude

Slide 3

Slide 3 text

“Too much cognitive load will become a bottleneck for fast flow and high productivity for many DevOps teams.” QAware | 3 ■ Intrinsic Cognitive Load Relates to fundamental aspects and knowledge in the problem space (e.g. used languages, APIs, frameworks) ■ Extraneous Cognitive Load Relates to the environment (e.g. console command, deployment, configuration) ■ Germane Cognitive Load Relates to specific aspects of the business domain (aka. „value added“ thinking)

Slide 4

Slide 4 text

A Platform team and its engineers are a key enabler for high productivity of stream-aligned DevOps teams. QAware | 4 ■ Responsible to build and operation a platform to enable and support the teams in their day to day development work. ■ The platform aims to hide the inherent complexity to reduce the cognitive load for the other teams. – Standardization – Self-Service ■ Fully automated software delivery is the goal! https://hennyportman.wordpress.com/2020/05/25/review-team-topologies/

Slide 5

Slide 5 text

QAware | 5 You have to work in layers!

Slide 6

Slide 6 text

Cloud-native Application Engineering Cloud-native Platform Engineering The 5 Layers of Cloud-native Software Engineering QAware | 6 IaaS Network, Compute, Storage (VPC, EC2, NLB, ALB, ...) CaaS (Kubernetes Services) PaaS (Software Infrastructure Blueprints with Helm and Continuous Delivery Toolchain) Application-specific Software Infrastructure Cloud-friendly & cloud-native Applications Architect Build Run Amazon SNS AWS IAM Amazon EC2 Amazon EBS

Slide 7

Slide 7 text

The 5 Layers of Cloud-native Software Engineering QAware | 7 IaaS Network, Compute, Storage (VPC, EC2, NLB, ALB, ...) CaaS (Kubernetes Services) PaaS (Software Infrastructure Blueprints with Helm and Continuous Delivery Toolchain) Application-specific Software Infrastructure Cloud-friendly & cloud-native Applications Architect Build Run Amazon SNS AWS IAM Amazon EC2 Amazon EBS ?

Slide 8

Slide 8 text

Why not model cloud infrastructure as Kubernetes resources?

Slide 9

Slide 9 text

Custom Resource Definitions are user-defined, declarative extensions of the Kubernetes API QAware | 9 ■ Abstraction of complex application constructs and concepts ■ Definition solely via CustomResourceDefinitions ■ Structure definition via OpenAPI v3.0 Validation Schema ■ Default Support for several API Features: CRUD, Watch, Discovery, json-patch, merge-patch, Admission Webhooks, Metadata, RBAC, … ■ Versioning und Conversion supported via Webhooks

Slide 10

Slide 10 text

QAware | 10

Slide 11

Slide 11 text

QAware | 11 Operator. - Do stuff with my CRDs.

Slide 12

Slide 12 text

Operators are codified Ops procedures! QAware | 12 ■ Operators are the path towards Zero-Ops. They enable auto-updating, self-monitoring and self-healing infrastructure and applications. ■ The concept was coined in the Kubernetes world. It’s now been adopted and used widespread in the cloud native world. ■ Examples: OKD, Sealed Secrets, Kube Monkey, Weave Flux, Crossplane, and many more …

Slide 13

Slide 13 text

Kubernetes Operators Explained QAware | 13

Slide 14

Slide 14 text

Introducing the Operator SDK QAware | 14

Slide 15

Slide 15 text

lreimer/aws-ecr-operator

Slide 16

Slide 16 text

QAware | 16 https://intl.startrek.com/sites/default/files/styles/amp_metadata_content_image_min_696px_wide/public/images/2020-05/memes_002.png Are you serious?!

Slide 17

Slide 17 text

qaware/k8s-native-iac qaware/cloud-native-explab

Slide 18

Slide 18 text

Conceptual Showcase Architecture QAware | 18 Provision GitOps Cluster API AWS Controllers for Kubernetes Config Connector

Slide 19

Slide 19 text

Config Connector Addon for Google Kubernetes Engine QAware | 19 ■ Define and use Google Cloud resources directly from Kubernetes. No need to define resources outside the cluster using traditional IaC tools. ■ Config Connector can be added during GKE installation or later ■ Some in-cluster configuration required after initial setup ■ Requires a dedicated service account with suitable permissions ■ Currently all major Google services and resources supported ■ https://cloud.google.com/config-connector/docs/reference/overview

Slide 20

Slide 20 text

Examples for Config Connector Resources QAware | 20

Slide 21

Slide 21 text

Manage AWS services using the Amazon Controllers for Kubernetes (ACK) QAware | 21 ■ Define and use AWS service resources directly from Kubernetes. No need to define resources outside the cluster using traditional IaC tools. ■ Each ACK service controller is packaged into a separate container image and Helm chart ■ Uses IAM Roles for Service Accounts (IRSA) to automate the provisioning and rotation of temporary IAM credentials ■ Currently 20 different controllers with RELEASED status available, however, most of these are still in PREVIEW maintenance phase ■ https://aws-controllers-k8s.github.io/community/

Slide 22

Slide 22 text

Examples for ACK Resources QAware | 22

Slide 23

Slide 23 text

Crossplane in a Nutshell QAware | 23 ■ Open Source Kubernetes Add-on. Universal Control Plane for Cloud Infrastructure. ■ Cloud Infrastructure Services can be defined declaratively by application teams ■ Platform teams can provide relevant cloud infrastructure services via high level self-services APIs ■ Individual Provider bundle a set of Managed Resources with their controllers. All major cloud providers are supported, e.g. AWS, GCP, Azure, Alibaba, … ■ Managed Resources are fine granular representations of external cloud resources ■ Composite Resource Definitions or XRDs enable the definition and creation of new abstractions for composite managed resources ■ https://crossplane.io

Slide 24

Slide 24 text

Examples for Crossplane AWS Resources QAware | 24 apiVersion: sqs.aws.crossplane.io/v1beta1 kind: Queue metadata: name: test-queue.fifo labels: region: eu-central-1 spec: deletionPolicy: Delete forProvider: region: eu-central-1 contentBasedDeduplication: true delaySeconds: 3 fifoQueue: true # 2 KB message size maximumMessageSize: 2048 # 5 minutes messageRetentionPeriod: 300 providerConfigRef: name: providerconfig-aws apiVersion: s3.aws.crossplane.io/v1beta1 kind: Bucket metadata: name: mastering-gitops annotations: crossplane.io/external-name: mastering-gitops-eu-central-1 labels: region: eu-central-1 spec: deletionPolicy: Delete forProvider: acl: private locationConstraint: eu-central-1 serverSideEncryptionConfiguration: rules: - applyServerSideEncryptionByDefault: sseAlgorithm: AES256 providerConfigRef: name: providerconfig-aws

Slide 25

Slide 25 text

Kubernetes Cluster API QAware | 25 ■ Official Kubernetes sub-project ■ Declarative APIs and tooling to provision, upgrade, and operate multiple Kubernetes clusters ■ Work in different environments, both on-premises and in the cloud ■ Reuse and integrate existing ecosystem components rather than duplicating

Slide 26

Slide 26 text

More Talks to come … QAware | 26 6.12. online!

Slide 27

Slide 27 text

qaware.de QAware GmbH Aschauer Straße 32 81549 München Tel. +49 89 232315-0 [email protected] twitter.com/qaware linkedin.com/company/qaware-gmbh xing.com/companies/qawaregmbh slideshare.net/qaware github.com/qaware