Tweet
Tweet

Slide 1

Slide 1 text

jetstack.io Jetstack A Cloud Native Journey At Scale Mattias Gees Director of Tech Cloud Native Bristol

Slide 2

Slide 2 text

jetstack.io Mattias Gees Director of Tech βœ‰ [email protected] 🐦 @MattiasGees

Slide 3

Slide 3 text

jetstack.io Training Strategic Advisory Consulting Workshops and Discovery

Slide 4

Slide 4 text

jetstack.io jetstack.io Agenda

Slide 5

Slide 5 text

jetstack.io ● Problem Statement ● Decisions ● Architecture ● Journey ● Challenges ● Lessons learned

Slide 6

Slide 6 text

jetstack.io Disclaimer: Jetstack is consulting for a global bank, unfortunately I can’t disclose the customer

Slide 7

Slide 7 text

jetstack.io jetstack.io Problem Statement

Slide 8

Slide 8 text

jetstack.io ● Sprawl of non-compliant GKE clusters ● Meeting compliance of all layers of Kubernetes is hard ● Weeks of engineering to create a compliant application on GKE ● Maintenance burden on the application teams ● Developer experience is bad ● Portability between different Kubernetes clusters is non-existent Problem Statement

Slide 9

Slide 9 text

jetstack.io Decisions

Slide 10

Slide 10 text

jetstack.io Single Tenant vs Multi Tenant

Slide 11

Slide 11 text

jetstack.io Self Hosted vs Managed Service

Slide 12

Slide 12 text

jetstack.io Architecture

Slide 13

Slide 13 text

jetstack.io Customer Infrastructure Architecture Region Shared VPC Private VPC Ingress Proxies Compute Engine Egress Proxies Compute Engine Google Kubernetes Engine IAM Key Management Service Cloud Load Balancing Cloud Load Balancing Cloud Firewall Rules Cloud Router Cluster Add On Tooling Customer Applications

Slide 14

Slide 14 text

jetstack.io Cluster Add Ons

Slide 15

Slide 15 text

jetstack.io Cluster Add Ons

Slide 16

Slide 16 text

jetstack.io Cluster Add Ons

Slide 17

Slide 17 text

jetstack.io Cluster Add Ons

Slide 18

Slide 18 text

jetstack.io jetstack.io Journey

Slide 19

Slide 19 text

jetstack.io POC January 2021 - March 2021

Slide 20

Slide 20 text

jetstack.io Provisioning Architecture

Slide 21

Slide 21 text

jetstack.io { "name": "dev", "machine_type": "n1-standard-4", "region": "europ-west2", "egress_service": { "tags": [ "fwtag-external-service1", "fwtag-cloudsql", ] } } Customer Configuration

Slide 22

Slide 22 text

jetstack.io MVP April 2021 - November 2021

Slide 23

Slide 23 text

jetstack.io Provisioning Architecture

Slide 24

Slide 24 text

jetstack.io Productionisation December 2021 - March 2022

Slide 25

Slide 25 text

jetstack.io ● Improving observability layer ● Documenting Operating Model ● Automation of recurring problems ● Automation of processes Productionisation

Slide 26

Slide 26 text

jetstack.io Live March 2022 - Now

Slide 27

Slide 27 text

jetstack.io ● Implemented testing framework ● Improvements to reliability, security and scalability ● Overhaul of the RBAC system ● Small cost optimizations ● Launch extra features β—‹ Istio β—‹ CSI Secret Store Driver β—‹ Enablement of native GKE features Live

Slide 28

Slide 28 text

jetstack.io jetstack.io Challenges

Slide 29

Slide 29 text

jetstack.io ● Kubernetes Cluster Resources ● Backwards compatibility β—‹ CRDs β—‹ Images β—‹ Changing behaviour of features ● Licenses (AGPLv2) ● Additional processes of a big enterprise ● Processes not adapted to Cloud Native Challenges

Slide 30

Slide 30 text

jetstack.io jetstack.io Lessons Learned

Slide 31

Slide 31 text

jetstack.io ● Early feedback from stakeholders was key ● Product management helps with prioritizing ● Healthy (engineering) culture is everything ● Move fast and fix later (until production) ● You can still be innovative in a regulated environment ● Provide self-service to application teams Lessons Learned

Slide 32

Slide 32 text

jetstack.io Thank you! πŸš€ Q&A Mattias Gees Director of Tech Cloud Native Bristol