SlideShare a Scribd company logo

Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps

Sonja Schweigert
Sonja Schweigert

The document outlines the features and advantages of Weaveworks' Kubernetes platform, focusing on hybrid and multi-cloud strategies, GitOps methodologies, and the role of automation in managing production-ready Kubernetes environments. Key topics include addressing challenges in multi-cloud networking, identity management, and persistent data storage, as well as enhancing operational efficiency through standardized processes. It presents case studies demonstrating the benefits of adopting Weaveworks solutions for organizations like Deutsche Telekom, emphasizing a shift towards more agile, reliable, and scalable cloud-native infrastructures.

Software
1 of 37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Hybrid and Multi-Cloud Strategies for Kubernetes with 1 Weaveworks – https://weave.works – @weaveworks Paul Curtis – paul.curtis@weave.works – @pfcurtis_NY
Webinar Platform - FAQs Using Zoom Questions? • You are in listen only mode • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
Weaveworks Paul Curtis Principal Solutions Architect New York, US Paul is a Principal Solutions Architect at Weaveworks, where he provides pre- and post-sales technical expertise. Paul comes from the big data world and machine learning world, having spent seven years at MapR. Paul has served as Senior Operations Engineer for Unami, a startup founded to deliver on the promise of interactive TV for consumers, and was Systems Manager for Spiral Universe, a company providing school administration software as a service. He has also held senior support engineer positions at Sun Microsystems, as well as enterprise account technical management positions for both Netscape and FileNet. Earlier in his career, Paul worked in financial application development for Applix, IBM Service Bureau, and Ticketron. @pfcurtis_NY ✉ paulc@weave.works
About Weaveworks 4
Weaveworks ❤ GitOps Open Source Services Weave Kubernetes Platform Weaveworks enabling GitOps across the Kubernetes landscape • Key open source projects: flux, flagger, eksctl • Top 10 contributor to CNCF • GitOps thought leadership • Design, consulting and delivery of K8s • GitOps & Kubernetes training and quickstart • Helping teams optimise their platform • Manage 100’s of clusters with GitOps • Cloud and on-premise • Repeatability, flexibility and situational awareness 5
Educate Enable Platform Applications Weaveworks Consulting, Training and CRE Service  • Guided technology choices  • Cloud native reference architecture designs • Cloud native technology options and selection Weave Kubernetes Platform • Infrastructure of your choice: public cloud and on premise • Configuration management for the whole platform • Integrated security • 24/7 Support  DevOps • Automation, management  and Continuous Delivery • Prometheus monitoring and alerting • Training for cluster operators, application operators and developers • Delivery of POCs and experimental environments Accelerating the path to Cloud Native 6 GET STARTED FAST DESIGN AND BUILD DELIVER A PRODUCTION READY K8S PLATFORM ENABLE AN AGILE DELIVERY MODEL 1 2 3 4
A Quick GitOps Review 7
The entire system is described declaratively The canonical desired system state is versioned in git Approved changes an be automatically applied to the system Software agents ensure correctness and alert (diffs & actions) Principles of GitOps
GitOps for Kubernetes -- The Simplest Case 9 GitOps Tools Workload Workload Workload git registry
A View into Multi-Platform Kubernetes 10
Infrastructure vs. Platform vs. Applications Applications Kubernetes + Extensions Google – Amazon – Microsoft – On Premise CNCF Add-Ons Customer Platform components Developer Teams • Cluster operators • SRE teams • Platform teams DevX components Operations • Infrastructure teams
GitOps for the Multi-Cloud 12 1. Solve the Networking 2. Solve the Identity + Authentication + Authorization 3. Solve the Persistent Data Storage “Multi-Cloud Compute is Easy … Multi-Cloud Storage & Networking is Not.”
1. Solve the Networking 13 VPC to VPC (or to on-premise) Subnet to Subnet (availability zones) Cluster to Cluster (virtual Kubernetes networks) Mesh/Gateway to Mesh/Gateway (virtual meshes) “Multi-Cloud Won’t Work Unless Everyone Can Talk to Everyone”
2. Solve the Identity + Authentication + Authorization 14 “Multi-Cloud Won’t Work Unless Permissions Work Everywhere.” Centralized Authentication is a must have Users typically require certificates in Kubernetes, so … (cert management) Policy is easier using the central authorization
15 “Now We Can Start to Solve the Third Problem”
3. Solve the Persistent Data Storage 16 Can the Application Storage be Declarative? How? Who has access to the data? (RunAs, roles) How does the data get synchronized between different locations? (block vs. application vs. backups)
3. Solve the Persistent Data Storage 17 Make your storage and persistent applications Kubernetes aware and application environment independent ● Storage Classes (same names or defaults) ● Kubernetes Service Endpoints versus Direct Connects (Databases, for example) ● Cloud Managed Services: Kubernetes aware? (Endpoints/Controllers)
18 “But what about all the differences between platforms?”
Infrastructure Platform CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD Gitops -driven CD application configuration source code Kubernetes configuration component configuration Application GitOps for Kubernetes
CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD application configuration source code component configuration Application GitOps for Kubernetes -- Application
GitOps for Kubernetes -- Application 21 Image Registry git-url: “project2” git-path: ”/” git-branch: ”dev” Project 1 Project 2 2 1 2 1 git-url: “project1” git-path: ”/” git-branch: ”dev” git-url: “project2” git-path: ”/” git-branch: ”prod” git-url: “project1” git-path: ”/” git-branch: ”prod” Deployment Deployment
GitOps for Kubernetes -- Applications 22
Platform platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Platform ● Authorization: Centralized Auth Required. (IAM, AD, LDAP, Other) ● Storage: Ephemeral vs. Persistent. Application Storage Availability across Platforms ● Networking: CNI, CNI, CNI … Which one and why? ● Meshes, API Gateways: Deployments, Security, Policy, Delivery ● Policy: Containers, Network, Pods
GitOps for Kubernetes -- Platform 24
GitOps for Kubernetes -- Platform 25 kraan - Building platforms on top of K8s https://github.com/fidelity/kraan
Infrastructure platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Infrastructure Two Words: Cluster API apiVersion: cluster.x-k8s.io/v1alpha3 kind: Cluster metadata: name: "${CLUSTER_NAME}" spec: infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster name: "${CLUSTER_NAME}" controlPlaneRef: kind: KubeadmControlPlane apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 name: "${CLUSTER_NAME}-control-plane" --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster metadata: name: "${CLUSTER_NAME}" spec: region: "${AWS_REGION}" sshKeyName: "${AWS_SSH_KEY_NAME}" --- https://github.com/kubernetes-sigs/cluster-api-provider-aws/tree/master/templates
GitOps for Kubernetes -- Infrastructure 27 Management Cluster Mgmt UI Mgmt UI GitOps Tools Workload Mgmt UI GitOps Tools Workload git registry Mgmt UI GitOps Tools Workload Workload Workload ● Multi Tenant ● Multi Cloud ● GitOps Managed ● Alibaba Cloud ● AWS ● Azure ● Azure Stack HCI ● Baidu Cloud ● Metal3 ● DigitalOcean ● Exoscale ● GCP ● IBM Cloud ● OpenStack ● Packet ● Sidero ● Tencent Cloud ● vSphere https://github.com/kubernetes-sigs/cluster-api
GitOps for Kubernetes -- Infrastructure • Scale: How many clusters? 1,000s … essentially no limit • No Single Point of Failure: Git, by its nature, is distributed by design. Replicated repositories and clones provide disaster recovery • Authentication & Authorization: If you have policy for source code releases, then you have policy for deployment • Auditing for Compliance: git log, git diff, SHA digests. Most companies have already approved/certified Git for use in regulated environments. 28
What Weaveworks Built 29
DataScan 30 “We would recommend WKP which allowed us to own and manage our infrastructure while building a consistent technical bridge to a client-facing cloud presence. Having worked with the Weaveworks client success team for our cluster deployments, service testing, specific use cases to deploy configuration changes and management of in-place upgrades, we are genuinely impressed with their organizational dedication to our success.” ● Requiring on-premise Kubernetes solution for production workloads due to data privacy concerns ● But reducing infrastructure costs for test workloads through adopting elastic cloud computing resources ● Architecting a secure and consistent Kubernetes platforms for multi-cloud and on-premise ● Reducing operational complexity of Kubernetes across environments for end users Key Takeaways ● Higher utilization and improved capacity management through Kubernetes platforms servicing cloud and on-premise infrastructure ● GitOps workflows in WKP allows for a. 50% increase in deployment frequency b. 20% reduction in operational tasks c. MTTR reduced from days to hours
Deutsche Telekom ● DT are planning a new platform driven by the needs of 5G and an ongoing demand to become more efficient ● Most of the applications they deploy are written by third-parties so standardising the platform enables them to standardise the approach ● Need for on-premise but they want to take a ‘cloud aware’ approach where they could use the public clouds ● Focus has been on: ○ Building a reliable platform that can be deployed into multiple backends ○ Integrating with existing investments such as storage and virtualization vendors 31 Key Takeaways ● D-Telekom see GitOps as a way that can drive reliability and efficiency ● Would like to avoid building out their own unique platform - but need flexibility for some customisation ● Need a simplified platform that is easy for a variety of teams to use ● Predict they will have a large number of deployments at the edge of their networks.
● Kubernetes application platform ● Management of cluster and applications ● Builds on GitOps and adds enterprise features ● Define clusters and components using a model based system ● Deploy new clusters using those definitions: multiple back-ends ● Alerting and operations built-in Weave Kubernetes Platform (WKP) 32
Weave Kubernetes Platform Workload Workload Workload Workload Container Control Release Management Visualisation Monitoring & Metrics Alerting Cluster audits Deployment Policy Dashboards Kubernetes ● Add-ons are curated optional capabilities ● Prometheus monitoring, logging, Helm and others ● Customer created add-ons make the platform flexible ● Upstream Kubernetes tested and with secure defaults ● GitOps configuration management ● Models for multi-cluster management ● Same installation experience on all platforms ● Pre-scripting for platform automation ● Host aware operations (e.g. draining and upgrading) Infrastructure Core Platform Add-Ons Cluster configuration Fleet management Cluster components Logging and Tracing Networking Storage Infrastructure Automation Security
Runs Anywhere WKP provides an extensible capability and we provide a single configuration experience. The benefit is that the installation process is multi-cloud using a Kubernetes system called Cluster-API. With CAPI we can install WKP on-premise, on VMWare and in the Cloud. Scalability with GitOps models We define GitOps models which are individual components, teams and clusters. The benefit is you can use composition to automate creating thousands of applications and clusters with a complete picture of configuration. Modularity and flexibility through GitOps WKP defines standard cluster components that are installed by default. Customers can define their own - for example to define runtime security. The benefit is that you are not locked into a ‘one size fits all’ product, and can flex the platform to reflect existing needs and capabilities. Weave Kubernetes Platform Features and Advantages 34
Operations Reliability WKP defines the complete configuration of each Kubernetes cluster. The benefit is that workflows for promoting changes, end-to-end testing and disaster recovery are easy and help drive overall reliability. The advantage of WKP is that this can be applied to any Kubernetes. Security with GitOps GitOps turns the production platform into read-only, enabling enforcement of policy and alerts. The benefit is that changes can be checked against policy, and any alteration can be alerted and stopped. The benefit of this and the flexibility of the pipeline is that it can fit into existing security systems. Agility through One Platform The intent of K8s is to provide a platform that works for operations reliability and brings agility for application teams. WKP provides multi-tenancy, and deployment capabilities through GitOps which lets application teams deploy without risking the platform. The advantage is better deployments with reliability. Weave Kubernetes Platform Features and Advantages 35
36 Questions?
37 Next Steps Contact Paul paul.curtis@weave.works @pfcurtis_NY Our services weave.works/services sales@weave.works Our products weave.works sales@weave.works 👀 Sign up for a WKP demo + Q&A: http://bit.ly/demo-wkp 📚 GitOps with WKP: https://bit.ly/3qASKvY 🎧 The Art of Modern Ops (podcast): https://www.weave.works/podcast-the-art-of-modern-ops/

More Related Content

What's hot (20)

PDF
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Roberto Pérez Alcolea
 
PDF
High-Precision GPS Positioning for Spring Developers
VMware Tanzu
 
PDF
Kubernetes and CNCF Landscape 101
Giulio Roggero
 
PDF
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
PDF
GitOps & the deployment branching models - DevOps D-day Marseille 2021
SoKube
 
PPTX
[Rakuten Technology Conference 2019] Be the central on your field
Woohyeok Kim
 
PDF
Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
VMware Tanzu
 
PDF
Architecting for Continuous Delivery
Mohammad Bilal Wahla
 
PDF
Docker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Andrew Phillips
 
PDF
Optimize Your Enterprise Git Webinar
CollabNet
 
PPTX
Hitting the Enterprise Sweet Spot—A Real-World View of PKS Deployment and Suc...
VMware Tanzu
 
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
PPTX
CF Days 2017 - NYC - Keynote
Chip Childers
 
PDF
Flagger: Istio Progressive Delivery Operator
Weaveworks
 
PDF
PKS: The What and How of Enterprise-Grade Kubernetes
VMware Tanzu
 
PDF
Introducing CollabNet TeamForge® 8.0
CollabNet
 
PPTX
Pivotal Container Service Overview
VMware Tanzu
 
PPTX
CF Summit North America 2017 - Technical Keynote
Chip Childers
 
PPTX
DevOps and Git: Solving for CI/CD at Scale
Perforce
 
PDF
Spring and Pivotal Application Service - SpringOne Tour - Boston
VMware Tanzu
 
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Roberto Pérez Alcolea
 
High-Precision GPS Positioning for Spring Developers
VMware Tanzu
 
Kubernetes and CNCF Landscape 101
Giulio Roggero
 
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
GitOps & the deployment branching models - DevOps D-day Marseille 2021
SoKube
 
[Rakuten Technology Conference 2019] Be the central on your field
Woohyeok Kim
 
Cloud-Native Fundamentals: Accelerating Development with Continuous Integration
VMware Tanzu
 
Architecting for Continuous Delivery
Mohammad Bilal Wahla
 
Docker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Andrew Phillips
 
Optimize Your Enterprise Git Webinar
CollabNet
 
Hitting the Enterprise Sweet Spot—A Real-World View of PKS Deployment and Suc...
VMware Tanzu
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
CF Days 2017 - NYC - Keynote
Chip Childers
 
Flagger: Istio Progressive Delivery Operator
Weaveworks
 
PKS: The What and How of Enterprise-Grade Kubernetes
VMware Tanzu
 
Introducing CollabNet TeamForge® 8.0
CollabNet
 
Pivotal Container Service Overview
VMware Tanzu
 
CF Summit North America 2017 - Technical Keynote
Chip Childers
 
DevOps and Git: Solving for CI/CD at Scale
Perforce
 
Spring and Pivotal Application Service - SpringOne Tour - Boston
VMware Tanzu
 

Similar to Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps (20)

PDF
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
PDF
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
PDF
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
PDF
Free GitOps Workshop
Weaveworks
 
PDF
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
PDF
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
PDF
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
PDF
Efficient platform engineering with Microk8s & gopaddle.pdf
Vinothini Raju
 
PDF
Weave GitOps - continuous delivery for any Kubernetes
Weaveworks
 
PDF
Production-Ready Kubernetes: It's Not About Technology
Antoine Craske
 
PPTX
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
PDF
Pivotal Container Service : la nuova soluzione per gestire Kubernetes in azienda
VMware Tanzu
 
PDF
Plataforma DevOps en OpenShift
Juan Carlos García Peláez
 
PDF
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
Cloud Native NoVA
 
PDF
The rise of microservices
Cloud Technology Experts
 
PDF
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
PDF
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
PDF
Enterprise CI as-a-Service using Jenkins
CollabNet
 
PDF
Kubernetes Cheatsheet
Alex Hisaka
 
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Free GitOps Workshop
Weaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Efficient platform engineering with Microk8s & gopaddle.pdf
Vinothini Raju
 
Weave GitOps - continuous delivery for any Kubernetes
Weaveworks
 
Production-Ready Kubernetes: It's Not About Technology
Antoine Craske
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
Pivotal Container Service : la nuova soluzione per gestire Kubernetes in azienda
VMware Tanzu
 
Plataforma DevOps en OpenShift
Juan Carlos García Peláez
 
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
Cloud Native NoVA
 
The rise of microservices
Cloud Technology Experts
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Enterprise CI as-a-Service using Jenkins
CollabNet
 
Kubernetes Cheatsheet
Alex Hisaka
 
Ad

Recently uploaded (20)

PDF
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
PPTX
Equipment Management Software BIS Safety UK.pptx
BIS Safety Software
 
PPTX
Human Resources Information System (HRIS)
Amity University, Patna
 
PDF
GetOnCRM Speeds Up Agentforce 3 Deployment for Enterprise AI Wins.pdf
GetOnCRM Solutions
 
PDF
Alexander Marshalov - How to use AI Assistants with your Monitoring system Q2...
VictoriaMetrics
 
PPTX
The Role of a PHP Development Company in Modern Web Development
SEO Company for School in Delhi NCR
 
PPTX
Comprehensive Guide: Shoviv Exchange to Office 365 Migration Tool 2025
Shoviv Software
 
PPTX
MiniTool Power Data Recovery Full Crack Latest 2025
muhammadgurbazkhan
 
PPTX
Fundamentals_of_Microservices_Architecture.pptx
MuhammadUzair504018
 
PPTX
Migrating Millions of Users with Debezium, Apache Kafka, and an Acyclic Synch...
MD Sayem Ahmed
 
PPTX
Engineering the Java Web Application (MVC)
abhishekoza1981
 
PDF
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
PPTX
Tally software_Introduction_Presentation
AditiBansal54083
 
PPTX
An Introduction to ZAP by Checkmarx - Official Version
Simon Bennetts
 
PPTX
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PPT
MergeSortfbsjbjsfk sdfik k
RafishaikIT02044
 
PDF
Linux Certificate of Completion - LabEx Certificate
VICTOR MAESTRE RAMIREZ
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PDF
Mobile CMMS Solutions Empowering the Frontline Workforce
CryotosCMMSSoftware
 
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
Equipment Management Software BIS Safety UK.pptx
BIS Safety Software
 
Human Resources Information System (HRIS)
Amity University, Patna
 
GetOnCRM Speeds Up Agentforce 3 Deployment for Enterprise AI Wins.pdf
GetOnCRM Solutions
 
Alexander Marshalov - How to use AI Assistants with your Monitoring system Q2...
VictoriaMetrics
 
The Role of a PHP Development Company in Modern Web Development
SEO Company for School in Delhi NCR
 
Comprehensive Guide: Shoviv Exchange to Office 365 Migration Tool 2025
Shoviv Software
 
MiniTool Power Data Recovery Full Crack Latest 2025
muhammadgurbazkhan
 
Fundamentals_of_Microservices_Architecture.pptx
MuhammadUzair504018
 
Migrating Millions of Users with Debezium, Apache Kafka, and an Acyclic Synch...
MD Sayem Ahmed
 
Engineering the Java Web Application (MVC)
abhishekoza1981
 
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
Tally software_Introduction_Presentation
AditiBansal54083
 
An Introduction to ZAP by Checkmarx - Official Version
Simon Bennetts
 
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
MergeSortfbsjbjsfk sdfik k
RafishaikIT02044
 
Linux Certificate of Completion - LabEx Certificate
VICTOR MAESTRE RAMIREZ
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
Mobile CMMS Solutions Empowering the Frontline Workforce
CryotosCMMSSoftware
 
Ad

Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps

  • 1. Hybrid and Multi-Cloud Strategies for Kubernetes with 1 Weaveworks – https://weave.works – @weaveworks Paul Curtis – [email protected] – @pfcurtis_NY
  • 2. Webinar Platform - FAQs Using Zoom Questions? • You are in listen only mode • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
  • 3. Weaveworks Paul Curtis Principal Solutions Architect New York, US Paul is a Principal Solutions Architect at Weaveworks, where he provides pre- and post-sales technical expertise. Paul comes from the big data world and machine learning world, having spent seven years at MapR. Paul has served as Senior Operations Engineer for Unami, a startup founded to deliver on the promise of interactive TV for consumers, and was Systems Manager for Spiral Universe, a company providing school administration software as a service. He has also held senior support engineer positions at Sun Microsystems, as well as enterprise account technical management positions for both Netscape and FileNet. Earlier in his career, Paul worked in financial application development for Applix, IBM Service Bureau, and Ticketron. @pfcurtis_NY ✉ [email protected]
  • 5. Weaveworks ❤ GitOps Open Source Services Weave Kubernetes Platform Weaveworks enabling GitOps across the Kubernetes landscape • Key open source projects: flux, flagger, eksctl • Top 10 contributor to CNCF • GitOps thought leadership • Design, consulting and delivery of K8s • GitOps & Kubernetes training and quickstart • Helping teams optimise their platform • Manage 100’s of clusters with GitOps • Cloud and on-premise • Repeatability, flexibility and situational awareness 5
  • 6. Educate Enable Platform Applications Weaveworks Consulting, Training and CRE Service  • Guided technology choices  • Cloud native reference architecture designs • Cloud native technology options and selection Weave Kubernetes Platform • Infrastructure of your choice: public cloud and on premise • Configuration management for the whole platform • Integrated security • 24/7 Support  DevOps • Automation, management  and Continuous Delivery • Prometheus monitoring and alerting • Training for cluster operators, application operators and developers • Delivery of POCs and experimental environments Accelerating the path to Cloud Native 6 GET STARTED FAST DESIGN AND BUILD DELIVER A PRODUCTION READY K8S PLATFORM ENABLE AN AGILE DELIVERY MODEL 1 2 3 4
  • 7. A Quick GitOps Review 7
  • 8. The entire system is described declaratively The canonical desired system state is versioned in git Approved changes an be automatically applied to the system Software agents ensure correctness and alert (diffs & actions) Principles of GitOps
  • 9. GitOps for Kubernetes -- The Simplest Case 9 GitOps Tools Workload Workload Workload git registry
  • 10. A View into Multi-Platform Kubernetes 10
  • 11. Infrastructure vs. Platform vs. Applications Applications Kubernetes + Extensions Google – Amazon – Microsoft – On Premise CNCF Add-Ons Customer Platform components Developer Teams • Cluster operators • SRE teams • Platform teams DevX components Operations • Infrastructure teams
  • 12. GitOps for the Multi-Cloud 12 1. Solve the Networking 2. Solve the Identity + Authentication + Authorization 3. Solve the Persistent Data Storage “Multi-Cloud Compute is Easy … Multi-Cloud Storage & Networking is Not.”
  • 13. 1. Solve the Networking 13 VPC to VPC (or to on-premise) Subnet to Subnet (availability zones) Cluster to Cluster (virtual Kubernetes networks) Mesh/Gateway to Mesh/Gateway (virtual meshes) “Multi-Cloud Won’t Work Unless Everyone Can Talk to Everyone”
  • 14. 2. Solve the Identity + Authentication + Authorization 14 “Multi-Cloud Won’t Work Unless Permissions Work Everywhere.” Centralized Authentication is a must have Users typically require certificates in Kubernetes, so … (cert management) Policy is easier using the central authorization
  • 15. 15 “Now We Can Start to Solve the Third Problem”
  • 16. 3. Solve the Persistent Data Storage 16 Can the Application Storage be Declarative? How? Who has access to the data? (RunAs, roles) How does the data get synchronized between different locations? (block vs. application vs. backups)
  • 17. 3. Solve the Persistent Data Storage 17 Make your storage and persistent applications Kubernetes aware and application environment independent ● Storage Classes (same names or defaults) ● Kubernetes Service Endpoints versus Direct Connects (Databases, for example) ● Cloud Managed Services: Kubernetes aware? (Endpoints/Controllers)
  • 18. 18 “But what about all the differences between platforms?”
  • 19. Infrastructure Platform CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD Gitops -driven CD application configuration source code Kubernetes configuration component configuration Application GitOps for Kubernetes
  • 20. CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD application configuration source code component configuration Application GitOps for Kubernetes -- Application
  • 21. GitOps for Kubernetes -- Application 21 Image Registry git-url: “project2” git-path: ”/” git-branch: ”dev” Project 1 Project 2 2 1 2 1 git-url: “project1” git-path: ”/” git-branch: ”dev” git-url: “project2” git-path: ”/” git-branch: ”prod” git-url: “project1” git-path: ”/” git-branch: ”prod” Deployment Deployment
  • 22. GitOps for Kubernetes -- Applications 22
  • 23. Platform platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Platform ● Authorization: Centralized Auth Required. (IAM, AD, LDAP, Other) ● Storage: Ephemeral vs. Persistent. Application Storage Availability across Platforms ● Networking: CNI, CNI, CNI … Which one and why? ● Meshes, API Gateways: Deployments, Security, Policy, Delivery ● Policy: Containers, Network, Pods
  • 24. GitOps for Kubernetes -- Platform 24
  • 25. GitOps for Kubernetes -- Platform 25 kraan - Building platforms on top of K8s https://github.com/fidelity/kraan
  • 26. Infrastructure platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Infrastructure Two Words: Cluster API apiVersion: cluster.x-k8s.io/v1alpha3 kind: Cluster metadata: name: "${CLUSTER_NAME}" spec: infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster name: "${CLUSTER_NAME}" controlPlaneRef: kind: KubeadmControlPlane apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 name: "${CLUSTER_NAME}-control-plane" --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster metadata: name: "${CLUSTER_NAME}" spec: region: "${AWS_REGION}" sshKeyName: "${AWS_SSH_KEY_NAME}" --- https://github.com/kubernetes-sigs/cluster-api-provider-aws/tree/master/templates
  • 27. GitOps for Kubernetes -- Infrastructure 27 Management Cluster Mgmt UI Mgmt UI GitOps Tools Workload Mgmt UI GitOps Tools Workload git registry Mgmt UI GitOps Tools Workload Workload Workload ● Multi Tenant ● Multi Cloud ● GitOps Managed ● Alibaba Cloud ● AWS ● Azure ● Azure Stack HCI ● Baidu Cloud ● Metal3 ● DigitalOcean ● Exoscale ● GCP ● IBM Cloud ● OpenStack ● Packet ● Sidero ● Tencent Cloud ● vSphere https://github.com/kubernetes-sigs/cluster-api
  • 28. GitOps for Kubernetes -- Infrastructure • Scale: How many clusters? 1,000s … essentially no limit • No Single Point of Failure: Git, by its nature, is distributed by design. Replicated repositories and clones provide disaster recovery • Authentication & Authorization: If you have policy for source code releases, then you have policy for deployment • Auditing for Compliance: git log, git diff, SHA digests. Most companies have already approved/certified Git for use in regulated environments. 28
  • 30. DataScan 30 “We would recommend WKP which allowed us to own and manage our infrastructure while building a consistent technical bridge to a client-facing cloud presence. Having worked with the Weaveworks client success team for our cluster deployments, service testing, specific use cases to deploy configuration changes and management of in-place upgrades, we are genuinely impressed with their organizational dedication to our success.” ● Requiring on-premise Kubernetes solution for production workloads due to data privacy concerns ● But reducing infrastructure costs for test workloads through adopting elastic cloud computing resources ● Architecting a secure and consistent Kubernetes platforms for multi-cloud and on-premise ● Reducing operational complexity of Kubernetes across environments for end users Key Takeaways ● Higher utilization and improved capacity management through Kubernetes platforms servicing cloud and on-premise infrastructure ● GitOps workflows in WKP allows for a. 50% increase in deployment frequency b. 20% reduction in operational tasks c. MTTR reduced from days to hours
  • 31. Deutsche Telekom ● DT are planning a new platform driven by the needs of 5G and an ongoing demand to become more efficient ● Most of the applications they deploy are written by third-parties so standardising the platform enables them to standardise the approach ● Need for on-premise but they want to take a ‘cloud aware’ approach where they could use the public clouds ● Focus has been on: ○ Building a reliable platform that can be deployed into multiple backends ○ Integrating with existing investments such as storage and virtualization vendors 31 Key Takeaways ● D-Telekom see GitOps as a way that can drive reliability and efficiency ● Would like to avoid building out their own unique platform - but need flexibility for some customisation ● Need a simplified platform that is easy for a variety of teams to use ● Predict they will have a large number of deployments at the edge of their networks.
  • 32. ● Kubernetes application platform ● Management of cluster and applications ● Builds on GitOps and adds enterprise features ● Define clusters and components using a model based system ● Deploy new clusters using those definitions: multiple back-ends ● Alerting and operations built-in Weave Kubernetes Platform (WKP) 32
  • 33. Weave Kubernetes Platform Workload Workload Workload Workload Container Control Release Management Visualisation Monitoring & Metrics Alerting Cluster audits Deployment Policy Dashboards Kubernetes ● Add-ons are curated optional capabilities ● Prometheus monitoring, logging, Helm and others ● Customer created add-ons make the platform flexible ● Upstream Kubernetes tested and with secure defaults ● GitOps configuration management ● Models for multi-cluster management ● Same installation experience on all platforms ● Pre-scripting for platform automation ● Host aware operations (e.g. draining and upgrading) Infrastructure Core Platform Add-Ons Cluster configuration Fleet management Cluster components Logging and Tracing Networking Storage Infrastructure Automation Security
  • 34. Runs Anywhere WKP provides an extensible capability and we provide a single configuration experience. The benefit is that the installation process is multi-cloud using a Kubernetes system called Cluster-API. With CAPI we can install WKP on-premise, on VMWare and in the Cloud. Scalability with GitOps models We define GitOps models which are individual components, teams and clusters. The benefit is you can use composition to automate creating thousands of applications and clusters with a complete picture of configuration. Modularity and flexibility through GitOps WKP defines standard cluster components that are installed by default. Customers can define their own - for example to define runtime security. The benefit is that you are not locked into a ‘one size fits all’ product, and can flex the platform to reflect existing needs and capabilities. Weave Kubernetes Platform Features and Advantages 34
  • 35. Operations Reliability WKP defines the complete configuration of each Kubernetes cluster. The benefit is that workflows for promoting changes, end-to-end testing and disaster recovery are easy and help drive overall reliability. The advantage of WKP is that this can be applied to any Kubernetes. Security with GitOps GitOps turns the production platform into read-only, enabling enforcement of policy and alerts. The benefit is that changes can be checked against policy, and any alteration can be alerted and stopped. The benefit of this and the flexibility of the pipeline is that it can fit into existing security systems. Agility through One Platform The intent of K8s is to provide a platform that works for operations reliability and brings agility for application teams. WKP provides multi-tenancy, and deployment capabilities through GitOps which lets application teams deploy without risking the platform. The advantage is better deployments with reliability. Weave Kubernetes Platform Features and Advantages 35
  • 37. 37 Next Steps Contact Paul [email protected] @pfcurtis_NY Our services weave.works/services [email protected] Our products weave.works [email protected] 👀 Sign up for a WKP demo + Q&A: http://bit.ly/demo-wkp 📚 GitOps with WKP: https://bit.ly/3qASKvY 🎧 The Art of Modern Ops (podcast): https://www.weave.works/podcast-the-art-of-modern-ops/