Tweet
Tweet

Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

Layered Governance for your Infrastructure

Slide 3

Slide 3 text

Taylor Dolezal (He/Him) Developer Advocate at HashiCorp

Slide 4

Slide 4 text

@onlydole on GitHub and Twitter Developer Advocate at HashiCorp

Slide 5

Slide 5 text

Agenda

Slide 6

Slide 6 text

Agenda GitOps Cloud Native Continuous Deployment

Slide 7

Slide 7 text

Agenda GitOps Cloud Native Continuous Deployment Policy as Code Enforcing Policy Automatically

Slide 8

Slide 8 text

Agenda GitOps Cloud Native Continuous Deployment Policy as Code Enforcing Policy Automatically Live Demo Terraform, Flux, OPA, and Kubernetes

Slide 9

Slide 9 text

GitOps

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

GitOps ▪ Framework using DevOps best practices

Slide 12

Slide 12 text

GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration

Slide 13

Slide 13 text

GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration ▪ Helps Govern Access Control

Slide 14

Slide 14 text

GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration ▪ Helps Govern Access Control ▪ Less Risk, Less Error Prone

Slide 15

Slide 15 text

GitOps ▪ Framework using DevOps best practices ▪ Enables Collaboration ▪ Helps Govern Access Control ▪ Less Risk, Less Error Prone ▪ Acts as a Feedback Loop

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

Flux Concepts How Does One Use Flux?

Slide 18

Slide 18 text

Bootstrap

Slide 19

Slide 19 text

Bootstrap ▪ The process of installing the Flux components

Slide 20

Slide 20 text

Bootstrap ▪ The process of installing the Flux components ▪ Manifests are applied to a cluster, a GitRepository and Kustomization are created for the Flux components, and the manifests are pushed to an existing Git repository (or a new one is created)

Slide 21

Slide 21 text

Bootstrap ▪ The process of installing the Flux components ▪ Manifests are applied to a cluster, a GitRepository and Kustomization are created for the Flux components, and the manifests are pushed to an existing Git repository (or a new one is created) ▪ Flux can manage itself just as it manages other resources

Slide 22

Slide 22 text

Sources

Slide 23

Slide 23 text

Sources ▪ Defines the origin of a source and the requirements to obtain it

Slide 24

Slide 24 text

Sources ▪ Defines the origin of a source and the requirements to obtain it ▪ GitRepository

Slide 25

Slide 25 text

Sources ▪ Defines the origin of a source and the requirements to obtain it ▪ GitRepository ▪ HelmRepository

Slide 26

Slide 26 text

Sources ▪ Defines the origin of a source and the requirements to obtain it ▪ GitRepository ▪ HelmRepository ▪ Bucket

Slide 27

Slide 27 text

Kustomization

Slide 28

Slide 28 text

Kustomization ▪ Represents a local set of Kubernetes resources that Flux is supposed to reconcile within a Kubernetes cluster

Slide 29

Slide 29 text

Reconciliation

Slide 30

Slide 30 text

Reconciliation ▪ Ensuring that a given state matches a declarative desired state

Slide 31

Slide 31 text

Reconciliation ▪ Ensuring that a given state matches a declarative desired state ▪ HelmRelease reconciliation

Slide 32

Slide 32 text

Reconciliation ▪ Ensuring that a given state matches a declarative desired state ▪ HelmRelease reconciliation ▪ Bucket reconciliation

Slide 33

Slide 33 text

Reconciliation ▪ Ensuring that a given state matches a declarative desired state ▪ HelmRelease reconciliation ▪ Bucket reconciliation ▪ Kustomization reconciliation

Slide 34

Slide 34 text

Add podinfo repository to Flux TERMINAL $ flux create source git podinfo \ --url=https://github.com/stefanprodan/podinfo \ --branch=master \ --interval=30s \ --export > ./staging-cluster/podinfo-source.yaml

Slide 35

Slide 35 text

GitRepository Manifest CODE EDITOR apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: GitRepository metadata: name: podinfo namespace: flux-system spec: interval: 30s ref: branch: master url: https://github.com/stefanprodan/podinfo

Slide 36

Slide 36 text

Deploy podinfo application TERMINAL $ flux create kustomization podinfo \ --source=podinfo \ --path="./kustomize" \ --prune=true \ --validation=client \ --interval=5m \ --export > ./staging-cluster/podinfo- kustomization.yaml

Slide 37

Slide 37 text

Kustomization Manifest CODE EDITOR apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: name: podinfo namespace: flux-system spec: interval: 5m0s path: ./kustomize prune: true sourceRef: kind: GitRepository name: podinfo validation: client

Slide 38

Slide 38 text

Policy as Code

Slide 39

Slide 39 text

No content

Slide 40

Slide 40 text

No content

Slide 41

Slide 41 text

No content

Slide 42

Slide 42 text

Live Demo

Slide 43

Slide 43 text

Thank You [email protected]