Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Supercharge your Kubernetes Platform with Carvel

Supercharge your Kubernetes Platform with Carvel

Working with Kubernetes and building a secure platform on top of it is challenging. First, you’ll need a way to group Kubernetes resources and apply changes predictably. Are you sure you approved all the changes reconciled by Kubernetes? I’ll demonstrate how that’s often not true. Your apps will require a different configuration across environments. Wouldn’t it be great to have a way to use both templating and overlays that is also maintainable and YAML-native? What about air-gapped environments? You’ll need to distribute and relocate manifests and OCI artifacts safely. And when building an internal platform, you’ll need to package all the different capabilities in an efficient and composable API, supporting GitOps and providing extensibility. This session will present a modular strategy with Carvel to solve those issues and help you improve your cloud native strategy on Kubernetes.

Thomas Vitale

February 22, 2024
Tweet

More Decks by Thomas Vitale

Other Decks in Technology

Transcript

  1. Thomas Vitale Cloud Native Copenhagen Feb 21st, 2024 Supercharge Your

    Kubernetes Platform With Carvel @vitalethomas
  2. Cloud Native Platform Enabling product teams to deliver software better,

    faster, safer @vitalethomas End-User PLATFORM API PLATFORM BACKEND Certi fi cate Management Continuous Deployment Serverless Runtime Supply Chain Choreographer Ingress and Load Balancing … Continuous Deployment
  3. Systematic • Software Engineer and CNCF Ambassador. • Author of

    “Cloud Native Spring in Action” (Manning). • OSS contributor (Java, Spring, Cloud Native Technologies) Thomas Vitale thomasvitale.com @vitalethomas
  4. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  5. vendir Upstream dependencies @vitalethomas apiVersion: vendir.k14s.io/v1alpha1 kind: Config directories: -

    contents: - git: ref: v2.7.7 url: https://github.com/argoproj/argo-cd includePaths: - manifests/install.yaml newRootPath: manifests path: . path: config/upstream vendir.yml $ vendir sync
  6. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  7. kapp Deployments Group resources as “application” Predictable and safe deployments

    Wait for reconciliation @vitalethomas Order resources based on dependencies Record application deployment history
  8. @vitalethomas apiVersion: kapp.k14s.io/v1alpha1 kind: Config rebaseRules: - path: [data] type:

    copy sources: [new, existing] resourceMatchers: - kindNamespaceNameMatcher: kind: Secret namespace: argocd name: argocd-secret kapp-con fi g.yml $ kapp deploy -a argo-cd -f install.yml -f kapp-config.yml kapp Deployments
  9. @vitalethomas $ kapp deploy -a argo-cd -f install.yml -f kapp-config.yml

    kapp Deployments $ kapp list -A $ kapp inspect -a argo-cd $ kapp delete -a argo-cd
  10. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  11. ytt Con fi guration Con fi guration via templates Structure-oriented

    Con fi guration via overlays @vitalethomas Schema validation Any YAML
  12. @vitalethomas $ ytt -f config ytt Con fi guration #@

    load("@ytt:data", "data") --- apiVersion: v1 kind: ConfigMap metadata: name: argo-demo-info namespace: argocd data: conference: #@ data.values.conference_name template.yml
  13. @vitalethomas #@ load("@ytt:data", "data") #@ load("@ytt:overlay", "overlay") #@ def argo_service():

    kind: Service metadata: name: argocd-server #@ end #@overlay/match by=overlay.subset(argo_service()) --- spec: #@overlay/match missing_ok=True type: #@ data.values.service_type overlay.yml $ ytt -f config ytt Con fi guration
  14. @vitalethomas $ ytt -f config ytt Con fi guration #@data/values-schema

    --- conference_name: “Cloud Native Aarhus” #@schema/desc "The service type for the ArgoCD Server." #@schema/validation one_of=["ClusterIP", "LoadBalancer", "NodePort"] service_type: ClusterIP schema.yml
  15. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  16. @vitalethomas apiVersion: kbld.k14s.io/v1alpha1 kind: Config overrides: - image: ghcr.io/dexidp/dex:v2.37.0 newImage:

    ghcr.io/dexidp/dex@sha256:f579d00721… preresolved: true - image: quay.io/argoproj/argocd:v2.7.7 newImage: quay.io/argoproj/argocd@sha256:6a5d0e909b… preresolved: true - image: redis:7.0.11-alpine newImage: index.docker.io/library/redis@sha256:121bac949f… preresolved: true kbld.lock.yml $ kbld -f config --lock-output kbld.lock.yml kbld Image resolution
  17. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  18. imgpkg Artifact bundles @vitalethomas Bundle con fi g as OCI

    artifacts Uni fi ed distribution for apps+con fi g Support air-gapped environments
  19. @vitalethomas $ kbld -f config --imgpkg-lock-output .imgpkg/images.yml $ imgpkg push

    -b <registry-url>:argo-cd-bundle:v2.7.7 -f config imgpkg Artifact bundles $ imgpkg pull -b <registry-url>:argo-cd-bundle:v2.7.7 -o pulled-config $ imgpkg copy -b <registry-url>:argo-cd-bundle:v2.7.7 \ --to-repo <air-gapped-registry-url>:argo-cd-bundle
  20. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  21. Working with Packages Kubernetes-native implementation with Carvel @vitalethomas Transform Apply

    templates and overlays (ytt and kbld). 2 Deploy Deploy the resulting application (kapp). 3 Fetch Fetch con fi guration bundle and OCI images (vendir). 1
  22. @vitalethomas apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: argo-cd.thomasvitale.dev.2.9.3 spec: refName:

    argo-cd.thomasvitale.dev template: spec: fetch: - imgpkgBundle: image: ghcr.io/thomasvitale/argo-cd-package-demo@sha256:600b566703… template: - ytt: paths: - config - kbld: paths: - '-' - .imgpkg/images.yml deploy: - kapp: {} version: 2.9.3 1 Fetch 2 Transform 3 Deploy
  23. kapp-controller Package management @vitalethomas Continuous deployment via GitOps Automated work

    fl ow to build packages Kubernetes-native package management Package and distribute platforms Support multiple sources and con fi guration tools
  24. Implement and release a package Kubernetes-native implementation with Carvel @vitalethomas

    $ kctrl package init $ kctrl package release Bootstrap package Release package Package Metadata Non version-speci fi c attributes describing a package. CRD Package Versioned combination of con fi guration and OCI images. CRD
  25. Release a package repository Kubernetes-native implementation with Carvel @vitalethomas $

    kctrl package repo release Release package repository Package Repository A collection of packages and their metadata. CRD
  26. Install a package in a cluster Kubernetes-native implementation with Carvel

    @vitalethomas $ kctrl package repo add Add package repository to cluster $ kctrl package install Install package in a cluster Package Install Installation of a package instance in a cluster. CRD
  27. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  28. Cloud Native Platform in 3 Steps Composable platform with Carvel

    @vitalethomas $ kapp deploy -a kapp-controller -y \ -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml 1. Deploy kapp-controller $ kctrl package repository add -r kadras-packages \ --url ghcr.io/kadras-io/kadras-packages:0.14.2 \ -n kadras-packages --create-namespace 2. Add package repository $ kctrl package install -i engineering-platform \ -p engineering-platform.packages.kadras.io \ -v 0.12.2 \ -n kadras-packages \ --values-file values.yml 3. Install platform
  29. secretgen-controller Secrets management @vitalethomas Generate credentials and keys Automated distribution

    of image pull Secrets across namespaces Export and import Secrets across namespaces
  30. @vitalethomas 1 Upstream Dependencies 3 Con fi guration 2 Deployment

    5 Artifact Bundles 4 Image Resolution 7 Platform 6 Package Management The Journey
  31. Resources Source code on GitHub • Carvel 101 - Streamline

    Your Kubernetes Work fl ows • Enlightning: Carvel Tools and kapp-controller • Stop forking Helm charts and use Carvel ytt • Carvel kapp: kubectl on steroids • Kubernetes package management with Carvel • Carvel as a uni fi ed package manager for Kubernetes • Kadras: Cloud Native Platforms Toolkit @vitalethomas
  32. Thomas Vitale Cloud Native Copenhagen Feb 21st, 2024 Supercharge Your

    Kubernetes Platform With Carvel @vitalethomas