Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

Stéphane TEYSSIER Linkedin personnel www.linkedin.com/in/stephaneteyssier InfraAsCode et multicloud à la sauce Kubernetes avec Crossplane SnowCamp - 04/02/2021 GitHub de la présentation https://github.com/yesteph/crossplane-demo WeScale Training training.wescale.fr Linkedin WeScale www.linkedin.com/company/wescale

Slide 3

Slide 3 text

Sondage

Slide 4

Slide 4 text

Kubernetes, un standard any cloud oui 88% Utilisez vous Kubernetes pour orchestrer vos conteneurs? source: redhat.com service managé hybride

Slide 5

Slide 5 text

Déployer son application avec Kubernetes D’autres outils pour l’infrastructure Terraform AWS cloud formation

Slide 6

Slide 6 text

Kubernetes est une boîte à outils ● Plugins et exécutables ● Service catalog ● Webhook ● Opérateurs

Slide 7

Slide 7 text

Pour résumer… Kubernetes, disponible partout standardise les pratiques, outils et concepts Standard Infra et application Déployer de la même manière son application et les ressources cloud associées pourrait simplifier des choses Extensible Kubernetes est une boîte à outils évolutive

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

Crossplane “Manage any infrastructure your applications need directly from Kubernetes” Licence Apache 2.0 v1.0 dec 2020 CNCF incubation SaaS (upbound.io) ou self-hosted

Slide 10

Slide 10 text

01 02 03 05 04 06 Vendredi Mise en production multicloud Mardi Gitops Mercredi RTT mais on peut philosopher “Hello World” Lundi Jeudi Abstractions d’infrastructure Conclusion Alors, Crossplane ? La suite de la présentation

Slide 11

Slide 11 text

Lundi “Hello World”

Slide 12

Slide 12 text

Installation de Crossplane “Core”

Slide 13

Slide 13 text

apiextensions.crossplane.io ● ProviderConfig ● ... pkg.crossplane.io ● Provider ● ... crossplane RBAC-manager watch crossplane-system Crossplane “core”

Slide 14

Slide 14 text

Providers Crossplane ● Ensemble de Custom Resource Definitions - CRD ● Contrôleur pour reconciliation ressources managées / ressource cloud providers officiels

Slide 15

Slide 15 text

apiextensions.crossplane.io ● ProviderConfig ● ... pkg.crossplane.io ● Provider ● ... crossplane RBAC-manager watch crossplane-system Provider AWS - installation kubectl apply -f aws-provider.yaml

Slide 16

Slide 16 text

ec2.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ s3.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ aws.crossplane.io ● ProviderConfig ● ... apiextensions.crossplane.io ● ProviderConfig ● ... pkg.crossplane.io ● Provider ● ... crossplane RBAC-manager watch provider-aws watch crossplane-provider-aws Type: provider.pkg.crossplane.io crossplane-system Provider AWS - installation

Slide 17

Slide 17 text

Provider AWS - configuration

Slide 18

Slide 18 text

ec2.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ s3.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ aws.crossplane.io ● ProviderConfig ● ... apiextensions.crossplane.io ● ProviderConfig ● ... pkg.crossplane.io ● Provider ● ... crossplane RBAC-manager watch provider-aws watch crossplane-provider-aws Type: provider.pkg.crossplane.io crossplane-system Provider AWS - configuration aws-creds

Slide 19

Slide 19 text

ec2.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ s3.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ aws.crossplane.io ● ProviderConfig ● ... apiextensions.crossplane.io ● ProviderConfig ● ... pkg.crossplane.io ● Provider ● ... crossplane RBAC-manager watch provider-aws watch aws-creds crossplane-provider-aws Type: provider.pkg.crossplane.io default Type: providerconfig.aws.crossplane.io s y n c crossplane-system Provider AWS - configuration

Slide 20

Slide 20 text

Une ressource managée https://doc.crds.dev/github.com/crossplane/provider-aws

Slide 21

Slide 21 text

Une ressource managée

Slide 22

Slide 22 text

ec2.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ s3.aws.crossplane.io ● CompositeResourceRevisio n ● Composition@ aws.crossplane.io ● ProviderConfig ● ... apiextensions.crossplane.io ● ProviderConfig ● ... pkg.crossplane.io ● Provider ● ... crossplane RBAC-manager watch provider-aws watch aws-creds crossplane-provider-aws Type: provider.pkg.crossplane.io default Type: providerconfig.aws.crossplane.io my-basic-crossplane-vpc Type: vpc.ec2.aws.crossplane.io vpc-097c39d01430 s y n c crossplane-system Une ressource managée

Slide 23

Slide 23 text

Liens entre ressources politique de labels!

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

Mardi Gitops

Slide 26

Slide 26 text

my-basic-crossplane-vpc my-private-crossplane-subnet1 my-crossplane-eip-2 my-crossplane-nat1 my-crossplane-nat2 my-private-crossplane-subnet2 my-public-crossplane-subnet1 my-public-crossplane-subnet2 my-crossplane-eip-1 my-basic-crossplane-igw my-public-crossplane-rt my-private-crossplane-rt-eu-west-3a my-private-crossplane-rt-eu-west-3a Un exemple plus poussé

Slide 27

Slide 27 text

Packager son infra as code https://github.com/yesteph/crossplane-demo/tree/main/tuesday/vpc

Slide 28

Slide 28 text

Gitops

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

VPC IGW EIP1 EIP2 priv subnet1 priv subnet2 pub subnet1 pub subnet2 NAT1 NAT2 pub RT priv RT1 priv RT2 apply:start apply:end temps Fini les “drifts” AWS Cloudformation

Slide 31

Slide 31 text

VPC IGW EIP1 EIP2 priv subnet1 priv subnet2 pub subnet1 pub subnet2 NAT1 NAT2 pub RT priv RT1 priv RT2 Fini les “drifts”

Slide 32

Slide 32 text

VPC IGW EIP1 EIP2 priv subnet1 priv subnet2 pub subnet1 pub subnet2 NAT1 NAT2 pub RT priv RT1 priv RT2 Fini les “drifts”

Slide 33

Slide 33 text

Fini les “drifts” VPC IGW EIP1 EIP2 priv subnet1 priv subnet2 pub subnet1 pub subnet2 NAT1 NAT2 pub RT priv RT1 priv RT2

Slide 34

Slide 34 text

Récupération de credentials depuis Vault provider-aws vault-injector 4) retrieve vault token for secret request 5) retrieve vault secret 6) format as file in mounted volume 1) deploy pod with service account token 2) authenticate using service account token 3) validate service account token with Kubernetes API Kubernetes Control plane

Slide 35

Slide 35 text

RBAC my-basic-crossplane-vpc Type: vpc.ec2.aws.crossplane.io kubectl apply -f vpc.yaml Authorized ?

Slide 36

Slide 36 text

RBAC kubectl apply -f vpc.yaml cluster-admin cluster-admin rules: - apiGroups: - '*' resources: - '*' verbs: - '*' - nonResourceURLs: - '*' verbs: - '*' system:masters

Slide 37

Slide 37 text

Mercredi RTT mais on peut philosopher

Slide 38

Slide 38 text

Le sens de la vie

Slide 39

Slide 39 text

Ou alors...

Slide 40

Slide 40 text

Jeudi Abstraire la complexité avec les Compositions

Slide 41

Slide 41 text

Les compositions Crossplane ● Abstractions sur des ressources managées ● Une interface mais plusieurs implémentations ● Séparation infra builder/app operator ● Différents provisionning ● NoCode

Slide 42

Slide 42 text

network Composition CompositeResource Definition interface Composition classe Claims instance vpc igw subnet subnet subnet subnet route table kind: Network metadata: name: demo-aws-network namespace: my-app spec: ... publish infra builder cluster scope app operator/dev namespace scope

Slide 43

Slide 43 text

Composite Resource Definition Une interface ClaimNames Kind/group of the XRD OpenAPI 3 spec Version of XRD

Slide 44

Slide 44 text

Composition Une implémentation Kind/group/version of the XRD Set of resources and applied patches Labels

Slide 45

Slide 45 text

Claim Une instance Kind/group/version of the XRD Namespace

Slide 46

Slide 46 text

CompositeResource Definition Composition Claims network vpc VPC kind: Network metadata: name: demo-aws-network namespace: ns1 spec: ... cluster eks.wescale services.wescale eks.wescale cluster.eks iam services.wescale helm/prometheus kind: Cluster metadata: name: demo-aws-cluster namespace: ns1 spec: ... Un exemple plus poussé - “cluster”

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

Vendredi Mise en production multicloud à 18H

Slide 49

Slide 49 text

network cluster eks.wescale services.wescale gke.wescale services.wescale eks.wescale cluster.eks iam VPC VPC Subnetwork Subnetwork gke.wescale gkecluster kind: Network metadata: name: aws-network namespace: ns1 spec: compositionSelector: matchLabels: provider: AWS kind: Network metadata: name: gcp-network namespace: ns2 spec: compositionSelector: matchLabels: provider: GCP Multicloud

Slide 50

Slide 50 text

SQLInstance Subnetwork Cloud SQL RDS RDS kind: SQLInstance metadata: name: aws-primary namespace: ns1 spec: compositionSelector: matchLabels: provider: AWS kind: SQLInstance metadata: name: gcp-secondary namespace: ns1 spec: compositionSelector: matchLabels: provider: GCP Et la data dans tout cela? Failover

Slide 51

Slide 51 text

Alors, crossplane ?

Slide 52

Slide 52 text

Nombre de ressources supportées

Slide 53

Slide 53 text

Au final ● Oui, pour mélanger InfraAsCode et déploiements applicatif k8s ● Une solution qui se stabilise ○ Stratégie de providers ○ Nombre de ressources des providers ○ De gros changements sur l’année écoulée ● Une vraie rupture avec l’InfraAsCode traditionnelle 😄 ○ Des patterns à construire! ○ Monitoring de son infraAsCode? ○ Scalabilité si > 1000 ressources

Slide 54

Slide 54 text

Merci