kubectl apply -f cloud-Infrastructure.yaml with Crossplane et al.

Transcript

1. 1 Mario-Leander Reimer [email protected] @LeanderReimer #gernperDude #CloudNativeNerd #qaware qaware.de kubectl

   apply -f cloud-infrastructure.yaml with Crossplane et al.

2. 2 Mario-Leander Reimer Managing Director | CTO @LeanderReimer #cloudnativenerd #qaware

   #gernperDude

3. QAware | 3

4. The 5 Layers of Cloud-native Software Engineering QAware | 4

   Architect Build Run IaaS Network, Compute, Storage (VPC, EC2, NLB, ALB, ...) AWS IAM Amazon EC2 Amazon EBS Cloud-friendly & cloud-native Applications PaaS (CI/CD Toolchain, General Platform Components, Catalogs & Portals, Application Blueprints) CaaS (Managed Kubernetes Services) DevOps Team Application-specific Software Infrastructure Amazon SNS

5. “Too much cognitive load will become a bottleneck for fast

   flow and high productivity for many DevOps teams.” QAware | 5 ▪ Intrinsic Cognitive Load Relates to fundamental aspects and knowledge in the problem space (e.g. used languages, APIs, frameworks) ▪ Extraneous Cognitive Load Relates to the environment (e.g. console command, deployment, configuration) ▪ Germane Cognitive Load Relates to specific aspects of the business domain (aka. „value added“ thinking) https://hennyportman.wordpress.com/2020/05/25/review-team-topologies/

6. A Platform team and its engineers are a key enabler

   for high productivity of stream-aligned DevOps teams. QAware | 6 ▪ Responsible to build and operation a platform to enable and support the teams in their day to day development work. ▪ The platform aims to hide the inherent complexity to reduce the cognitive load for the other teams. – Standardization – Self-Service ▪ Fully automated software delivery is the goal! https://hennyportman.wordpress.com/2020/05/25/review-team-topologies/

7. Cloud-native Application Engineering Cloud-native Platform Engineering The 5 Layers of

   Cloud-native Software Engineering QAware | 7 IaaS Network, Compute, Storage (VPC, EC2, NLB, ALB, ...) CaaS (Managed Kubernetes Services) PaaS (CI/CD Toolchain, General Platform Components, Catalogs & Portals, Application Blueprints) Application-specific Software Infrastructure Cloud-friendly & cloud-native Applications Architect Build Run Amazon SNS AWS IAM Amazon EC2 Amazon EBS

8. The 5 Layers of Cloud-native Software Engineering QAware | 8

   IaaS Network, Compute, Storage (VPC, EC2, NLB, ALB, ...) CaaS (Managed Kubernetes Services) PaaS (CI/CD Toolchain, General Platform Components, Catalogs & Portals, Application Blueprints) Application-specific Software Infrastructure Cloud-friendly & cloud-native Applications Architect Build Run Amazon SNS AWS IAM Amazon EC2 Amazon EBS ?

9. Why not model cloud infrastructure as Kubernetes resources?

10. Custom Resource Definitions are user-defined, declarative extensions of the Kubernetes

    API QAware | 10 ▪ Abstraction of complex application constructs and concepts ▪ Definition solely via CustomResourceDefinitions ▪ Structure definition via OpenAPI v3.0 Validation Schema ▪ Default Support for several API Features: CRUD, Watch, Discovery, json-patch, merge-patch, Admission Webhooks, Metadata, RBAC, … ▪ Versioning und Conversion supported via Webhooks

11. QAware | 11

12. QAware | 12 Operator.

13. Kubernetes Operators Explained QAware | 13

14. Introducing the Operator SDK QAware | 14 ★ there is

    also a Java Operator SDK available

15. lreimer/aws-ecr-operator

16. QAware | 16 Are you serious?!

17. qaware/k8s-native-iac qaware/cloud-native-explab

18. Conceptual Demo Showcase Architecture QAware | 18 Provision GitOps Cluster

    API AWS Controllers for Kubernetes Config Connector

19. Config Connector Addon for Google Kubernetes Engine QAware | 19

    ▪ Define and use Google Cloud resources directly from Kubernetes. No need to define resources outside the cluster using traditional IaC tools. ▪ Config Connector can be added during GKE installation or later ▪ Some in-cluster configuration required after initial setup ▪ Requires a dedicated service account with suitable permissions ▪ Currently all major Google services and resources supported ▪ https://cloud.google.com/config-connector/docs/reference/overview

20. Examples for Config Connector Resources QAware | 20

21. Manage AWS services using the Amazon Controllers for Kubernetes (ACK)

    QAware | 21 ▪ Define and use AWS service resources directly from Kubernetes. No need to define resources outside the cluster using traditional IaC tools. ▪ Each ACK service controller is packaged into a separate container image and Helm chart ▪ Uses IAM Roles for Service Accounts (IRSA) to automate the provisioning and rotation of temporary IAM credentials ▪ Currently 20 different controllers with RELEASED status available, however, most of these are still in PREVIEW maintenance phase ▪ https://aws-controllers-k8s.github.io/community/

22. Examples for ACK Resources QAware | 22

23. Crossplane in a Nutshell QAware | 23 ▪ Open Source

    Kubernetes Add-on. Universal Control Plane for Cloud Infrastructure. ▪ Cloud Infrastructure Services can be defined declaratively by application teams ▪ Platform teams can provide relevant cloud infrastructure services via high level self-services APIs ▪ Individual Provider bundle a set of Managed Resources with their controllers. All major cloud providers are supported, e.g. AWS, GCP, Azure, Alibaba, … ▪ Managed Resources are fine granular representations of external cloud resources ▪ Composite Resource Definitions or XRDs enable the definition and creation of new abstractions for composite managed resources ▪ https://crossplane.io

24. Examples for Crossplane AWS Resources QAware | 24 apiVersion: sqs.aws.crossplane.io/v1beta1

    kind: Queue metadata: name: test-queue.fifo labels: region: eu-central-1 spec: deletionPolicy: Delete forProvider: region: eu-central-1 contentBasedDeduplication: true delaySeconds: 3 fifoQueue: true # 2 KB message size maximumMessageSize: 2048 # 5 minutes messageRetentionPeriod: 300 providerConfigRef: name: providerconfig-aws apiVersion: s3.aws.crossplane.io/v1beta1 kind: Bucket metadata: name: mastering-gitops annotations: crossplane.io/external-name: mastering-gitops-eu-central-1 labels: region: eu-central-1 spec: deletionPolicy: Delete forProvider: acl: private locationConstraint: eu-central-1 serverSideEncryptionConfiguration: rules: - applyServerSideEncryptionByDefault: sseAlgorithm: AES256 providerConfigRef: name: providerconfig-aws

25. Crossplane`s Composite Resources allow to define developer friendly abstractions the

    K8s-native way. QAware | 25 ▪ Composite Resource (XR) - represents a set of managed resources as a single K8s object for the developer ▪ Composite Resource Definition (XRD) - a custom API specification and schema ▪ Composition - a template to define how to compose managed resources together ▪ Claims (XRC) - like a Composite Resource, but with namespace scoping

26. qaware.de QAware GmbH Aschauer Straße 32 81549 München Tel. +49

    89 232315-0 [email protected] twitter.com/qaware linkedin.com/company/qaware-gmbh xing.com/companies/qawaregmbh slideshare.net/qaware github.com/qaware