Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Supercharge Your Kubernetes Platform With Carve...

Supercharge Your Kubernetes Platform With Carvel (KCD Munich 2023)

Working with Kubernetes and building a secure platform on top of it is challenging. First, you’ll need a way to group Kubernetes resources and apply changes predictably. Are you sure you approved all the changes reconciled by Kubernetes? I’ll demonstrate how that’s often not true.

Your apps will require a different configuration across environments. Wouldn’t it be great to have a way to use both templating and overlays that is also maintainable and YAML-native? What about air-gapped environments? You’ll need to distribute and relocate manifests and OCI artifacts safely.

And when building an internal platform, you’ll need to package all the different capabilities in an efficient and composable API, supporting GitOps and providing extensibility. This session will present a modular strategy with Carvel to solve those issues and help you improve your cloud native strategy on Kubernetes.

Thomas Vitale

July 18, 2023
Tweet

More Decks by Thomas Vitale

Other Decks in Technology

Transcript

  1. Systematic • Software Engineer and Cloud Architect. • Author of

    “Cloud Native Spring in Action” (Manning). • OSS contributor (Java, Spring, Cloud Native Technologies) Thomas Vitale thomasvitale.com @vitalethomas
  2. Cloud Native Platform Enabling product teams to deliver software better,

    faster, safer @vitalethomas End-User PLATFORM API PLATFORM BACKEND Certi fi cate Management Continuous Deployment Serverless Runtime Supply Chain Choreographer Ingress and Load Balancing … Continuous Deployment
  3. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  4. vendir Upstream dependencies @vitalethomas apiVersion: vendir.k14s.io/v1alpha1 kind: Config directories: -

    contents: - git: ref: v2.7.7 url: https://github.com/argoproj/argo-cd includePaths: - manifests/install.yaml newRootPath: manifests path: . path: config/upstream vendir.yml $ vendir sync
  5. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  6. kapp Deployments Group resources as “application” Predictable and safe deployments

    Wait for reconciliation @vitalethomas Order resources based on dependencies Record application deployment history
  7. @vitalethomas apiVersion: kapp.k14s.io/v1alpha1 kind: Config rebaseRules: - path: [data] type:

    copy sources: [new, existing] resourceMatchers: - kindNamespaceNameMatcher: kind: Secret namespace: argocd name: argocd-secret kapp-con fi g.yml $ kapp deploy -a argo-cd -f install.yml -f kapp-config.yml kapp Deployments
  8. @vitalethomas $ kapp deploy -a argo-cd -f install.yml -f kapp-config.yml

    kapp Deployments $ kapp list -A $ kapp inspect -a argo-cd $ kapp delete -a argo-cd
  9. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  10. ytt Con fi guration Con fi guration via templates Structure-oriented

    Con fi guration via overlays @vitalethomas Schema validation Any YAML
  11. @vitalethomas $ ytt -f config ytt Con fi guration #@

    load("@ytt:data", "data") --- apiVersion: v1 kind: ConfigMap metadata: name: argo-demo-info namespace: argocd data: conference: #@ data.values.conference_name template.yml
  12. @vitalethomas #@ load("@ytt:data", "data") #@ load("@ytt:overlay", "overlay") #@ def argo_service():

    kind: Service metadata: name: argocd-server #@ end #@overlay/match by=overlay.subset(argo_service()) --- spec: #@overlay/match missing_ok=True type: #@ data.values.service_type overlay.yml $ ytt -f config ytt Con fi guration
  13. @vitalethomas $ ytt -f config ytt Con fi guration #@data/values-schema

    --- conference_name: “KCD Munich” #@schema/desc "The service type for the ArgoCD Server." #@schema/validation one_of=["ClusterIP", "LoadBalancer", "NodePort"] service_type: ClusterIP schema.yml
  14. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  15. @vitalethomas apiVersion: kbld.k14s.io/v1alpha1 kind: Config overrides: - image: ghcr.io/dexidp/dex:v2.37.0 newImage:

    ghcr.io/dexidp/dex@sha256:f579d00721… preresolved: true - image: quay.io/argoproj/argocd:v2.7.7 newImage: quay.io/argoproj/argocd@sha256:6a5d0e909b… preresolved: true - image: redis:7.0.11-alpine newImage: index.docker.io/library/redis@sha256:121bac949f… preresolved: true kbld.lock.yml $ kbld -f config --lock-output kbld.lock.yml kbld Image resolution
  16. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  17. imgpkg Artifact bundles @vitalethomas Bundle con fi g as OCI

    artifacts Uni fi ed distribution for apps+con fi g Support air-gapped environments
  18. @vitalethomas $ kbld -f config --imgpkg-lock-output .imgpkg/images.yml $ imgpkg push

    -b <registry-url>:argo-cd-bundle:v2.7.7 -f config imgpkg Artifact bundles $ imgpkg pull -b <registry-url>:argo-cd-bundle:v2.7.7 -o pulled-config $ imgpkg copy -b <registry-url>:argo-cd-bundle:v2.7.7 \ --to-repo <air-gapped-registry-url>:argo-cd-bundle
  19. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  20. Working with Packages Kubernetes-native implementation with Carvel @vitalethomas Template/Patch Apply

    templates and overlays (ytt and kbld). 2 Deploy Deploy the resulting application (kapp). 3 Fetch Fetch con fi guration bundle and OCI images (vendir). 1
  21. @vitalethomas apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: argo-cd.thomasvitale.dev.2.7.7 spec: refName:

    argo-cd.thomasvitale.dev template: spec: deploy: - kapp: {} fetch: - imgpkgBundle: image: ghcr.io/thomasvitale/argo-cd-package-demo@sha256:600b566703… template: - ytt: paths: - config - kbld: paths: - '-' - .imgpkg/images.yml version: 2.7.7 1 2 3
  22. kapp-controller Package management @vitalethomas Continuous deployment via GitOps Automated work

    fl ow to build packages Kubernetes-native package management Package and distribute platforms Support multiple sources and con fi guration tools
  23. Implement and release a package Kubernetes-native implementation with Carvel @vitalethomas

    $ kctrl package init $ kctrl package release Bootstrap package Release package Package Metadata Non version-speci fi c attributes describing a package. CRD Package Versioned combination of con fi guration and OCI images. CRD
  24. Release a package repository Kubernetes-native implementation with Carvel @vitalethomas $

    kctrl package repo release Release package repository Package Repository A collection of packages and their metadata. CRD
  25. Install a package in a cluster Kubernetes-native implementation with Carvel

    @vitalethomas $ kctrl package repo add Add package repository to cluster $ kctrl package install Install package in a cluster Package Install Installation of a package instance in a cluster. CRD
  26. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  27. Cloud Native Platform in 3 Steps Composable platform with Carvel

    @vitalethomas $ kapp deploy -a kapp-controller -y \ -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml 1. Deploy kapp-controller $ kctrl package repository add -r kadras-packages \ --url ghcr.io/kadras-io/kadras-packages:0.12.0 \ -n kadras-packages --create-namespace 2. Add package repository $ kctrl package install -i engineering-platform \ -p engineering-platform.packages.kadras.io \ -v 0.10.0 \ -n kadras-packages \ --values-file values.yml 3. Install platform
  28. secretgen-controller Secrets management @vitalethomas Generate credentials and keys Automated distribution

    of image pull Secrets across namespaces Export and import Secrets across namespaces
  29. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  30. Resources Source code on GitHub • Carvel 101 - Streamline

    Your Kubernetes Work fl ows • Enlightning: Carvel Tools and kapp-controller • Stop forking Helm charts and use Carvel ytt • Carvel kapp: kubectl on steroids • Kubernetes package management with Carvel • Carvel as a uni fi ed package manager for Kubernetes • Kadras: Cloud Native Platforms Toolkit @vitalethomas