Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossplane
0 likes169 views
The document details a webinar discussing the integration of Weave GitOps Enterprise and Upbound's Universal Crossplane to enhance security in application delivery. It addresses challenges in service and resource provisioning and proposes declarative provisioning as a solution, emphasizing automation and policy enforcement. The session features expert speakers and highlights the benefits of a unified GitOps approach for Kubernetes and cloud environments.
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossplane
- 1. Confidential do not distribute Successfully Shift Left Security in Application Delivery with Weave GitOps Enterprise and Upbound’s Universal Crossplane In partnership with:
- 2. 2 Webinar Platform - FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
- 3. 3 Dan Mangum Principal Software Engineer, Upbound Dan Mangum is a Principal Software Engineer at Upbound and a maintainer of the Crossplane project. In addition to his work in the Crossplane community, Dan has held technical leadership roles in the upstream Kubernetes community. Paul Curtis Principal Solutions Architect, Weaveworks Paul started as a developer working in financial institutions. Paul proceeded to take on technical account management at Netscape & Sun, along with system and dev operations at start ups. Paul now provides field enablement and engineering in the big data world. Speaker introductions
- 4. Confidential do not distribute 4 The problem: ● Service and resource provisioning slows development ● Resources are spread between different environments (Kubernetes, VMs, Provider Services) ● Managing current state, recovery, and rollbacks is difficult The solution: ● Declarative and auditable provisioning across all resources ● Application and resource lifecycle management with GitOps ● Policy enforcement across all resources Shifting Security Left in Application Delivery
- 5. Confidential do not distribute 5 Weave GitOps Enterprise with Upbound demo Weave GitOps Enterprise ● Policy guardrails for every declarative action ● Declarative deployment of applications and deployment pipelines across multiple clusters ● Declarative provisioning of Kubernetes clusters and bootstrapping services Upbound ● All the benefits of GitOps across any resource ● Declarative, audited, and observable ● Lifecycle management of resources external to Kubernetes
- 6. Confidential do not distribute Weaveworks is backed by solid investors Weaveworks is a key partner with all the major infrastructure and Kubernetes vendors Weaveworks: the GitOps company Weaveworks is deeply committed to the Open Source Community
- 7. Confidential do not distribute 7 Test IDE Build GitOps – An Operating Model for Cloud Native Unifying Deployment, Monitoring and Management. Git as the single source of truth of a system’s desired state ALL intended operations are committed by pull request ALL diffs between intended and observed state with automatic convergence ALL changes are observable, verifiable and auditable Kubernetes GitOps Continuous Integration GIT “Immutability Firewall” Deployment (clusters, apps) Monitoring Logging (Observability) Management (operations)
- 8. Confidential do not distribute 8 Continuous Application Delivery - use GitOps to deploy and operate applications. Automation increases deployment velocity and developer productivity. Weave GitOps - Use Cases Kubernetes Everywhere - in the cloud or the datacenter Kubernetes is a universal platform that’s easy to manage with GitOps. DevOps Automation - Lifecycle management of the entire platform. All clusters and services, using automation and policy. 1 4 2 5 3 6 Self-Service Platforms - a complete platform giving developers autonomy while ensuring consistency and manageability. Trusted Delivery - shift policy and security left - governance, risk, and compliance are non-negotiable. Progressive Delivery - deploy services across many environments and regions reliably using GitOps
- 9. 9 ● Built on OPA standard - Rego ● Curated library of 100+ policies ● SOC II, PCI-DSS, GDPR, HIPAA, MITRE ATTACK ● Security, resilience and coding standards ● Validation throughout SDLC ○ Commit, Pull Request ○ Build ○ Deploy ○ Runtime ● Automatic remediation via pull request Weave GitOps PaC
- 11. Control Plane Revolution 11 🔥 3,000+ Companies in Production 🔥 7,000+ Slack channel members 🔥 6,000+ GitHub stars 🔥 40M+ Pulls on Docker Hub 🔥 Open Source and CNCF project Scripting • Legacy • Imperative Configuration Infrastructure As Code (Terraform, Ansible, Chef) • Declarative Configuration • Configuration Management • Provisioning Management • Sprawling Complexity Control Planes The Crossplane Revolution • Compliment IaC • Declarative API • Self-Service • Full Automation 2020s 1990s Who is
- 12. ● Founders of ● Growing 700% YoY ● Commercial, Open-Core Company ○ Ease-of-Use: UX, Marketplace ○ Enterprise-Grade: Scalable, Secure, Controlled ○ Solution-Agnostic: Any cloud, Any environment, Any service ● Complement, rather than compete Who is
- 13. Why Now Enterprises are Re-Platforming - Again! Security Cost Multiple Vendors Developer Productivity Standardization Enforcing best-practices and controls consistently across the entire organization Future Proofing
- 14. Standardizing on Kubernetes API Abstractions Interfaces Control Plane Infrastructure
- 15. Standardizing on Kubernetes + Crossplane API Abstractions Interfaces Control Plane A B Infrastructure
- 16. Standardizing on Crossplane Interfaces API Abstractions Control Plane A B C D Infrastructure
- 17. Standardizing Existing Processes Interfaces API Abstractions Infrastructure Control Plane A B C D IaC Vendors
- 18. An Extension of Kubernetes Uniform Declarative Metadata Asynchronous Controllers Authorization Policy Admission Control Audit Logging Composition - Low Code Controllers External Naming and Identity Cross Resource References Connection Secrets Package Manager KRM XRM
- 19. 19 Confidential do not distribute Demo Architecture
- 20. 1. Configure management cluster with UXP and the Crossplane package for Discourse on AWS 2. Create a pull request to a repository added as a Weaveworks GitOps source 3. Observe policy violation 4. Fix policy violation 5. Weaveworks GitOps syncs manifest to cluster 6. UXP provisions infrastructure and application, providing the necessary connection data
- 21. 21 Confidential do not distribute Questions? (Please use the Q&A panel in your Zoom menu)
- 22. 22 Whitepaper: Shifting Security Left with GitOps and Trusted Delivery https://bit.ly/3MvzXgQ Learn more about Weave GitOps www.weave.works/enterprise Request a personal demo www.weave.works/contact Thank You
- 23. Next Steps Sign Up Create a Free Account Learn More About UXP Universal Crossplane Visit the Marketplace https://marketplace.upbound.io