Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps

Hybrid and Multi-Cloud
Strategies for Kubernetes with
1
Weaveworks – https://weave.works – @weaveworks
Paul Curtis – paul.curtis@weave.works – @pfcurtis_NY

Webinar Platform - FAQs
Using Zoom
Questions?
• You are in listen only mode
• Q&A session will follow the presentation, please use the Q&A panel to
submit questions
• Hit escape to exit full screen
Technical Issues - please visit Zoom Help
https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions

Weaveworks
Paul Curtis
Principal Solutions Architect
New York, US
Paul is a Principal Solutions Architect at Weaveworks, where he provides pre-
and post-sales technical expertise. Paul comes from the big data world and
machine learning world, having spent seven years at MapR. Paul has served
as Senior Operations Engineer for Unami, a startup founded to deliver on the
promise of interactive TV for consumers, and was Systems Manager for Spiral
Universe, a company providing school administration software as a service.
He has also held senior support engineer positions at Sun Microsystems, as
well as enterprise account technical management positions for both
Netscape and FileNet. Earlier in his career, Paul worked in ﬁnancial
application development for Applix, IBM Service Bureau, and Ticketron.
@pfcurtis_NY
✉ paulc@weave.works

Weaveworks ❤ GitOps
Open
Source
Services
Weave
Kubernetes
Platform
Weaveworks enabling GitOps across the Kubernetes landscape
• Key open source projects:
flux, flagger, eksctl
• Top 10 contributor to
CNCF
• GitOps thought leadership
• Design, consulting and
delivery of K8s
• GitOps & Kubernetes
training and quickstart
• Helping teams optimise
their platform
• Manage 100’s of clusters
with GitOps
• Cloud and on-premise
• Repeatability, flexibility
and situational awareness
5

Educate Enable Platform Applications
Weaveworks Consulting, Training and CRE Service
• Guided technology choices
• Cloud native reference
architecture designs
• Cloud native technology
options and selection
Weave Kubernetes Platform
• Infrastructure of your choice:
public cloud and on premise
• Conﬁguration management
for the whole platform
• Integrated security
• 24/7 Support
DevOps
• Automation, management
and Continuous Delivery
• Prometheus monitoring
and alerting
• Training for cluster
operators, application
operators and developers
• Delivery of POCs and
experimental environments
Accelerating the path to Cloud Native
6
GET STARTED FAST DESIGN AND BUILD
DELIVER A PRODUCTION
READY K8S PLATFORM
ENABLE AN AGILE
DELIVERY MODEL
1 2 3 4

The entire
system is
described
declaratively
The canonical
desired system
state is
versioned in git
Approved
changes an be
automatically
applied
to the system
Software agents
ensure
correctness and
alert (diﬀs &
actions)
Principles of GitOps

GitOps for Kubernetes -- The Simplest Case
9
GitOps Tools
Workload
Workload
Workload
git registry

A View into Multi-Platform Kubernetes
10

Infrastructure vs. Platform vs. Applications
Applications
Kubernetes +
Extensions
Google – Amazon – Microsoft – On Premise
CNCF
Add-Ons
Customer
Platform
components
Developer Teams
• Cluster operators
• SRE teams
• Platform teams
DevX
components
Operations
• Infrastructure teams

GitOps for the Multi-Cloud
12
1. Solve the Networking
2. Solve the Identity + Authentication +
Authorization
3. Solve the Persistent Data Storage
“Multi-Cloud Compute is Easy … Multi-Cloud
Storage & Networking is Not.”

1. Solve the Networking
13
VPC to VPC (or to on-premise)
Subnet to Subnet (availability zones)
Cluster to Cluster (virtual Kubernetes networks)
Mesh/Gateway to Mesh/Gateway (virtual meshes)
“Multi-Cloud Won’t Work Unless Everyone Can
Talk to Everyone”

2. Solve the Identity + Authentication +
Authorization
14
“Multi-Cloud Won’t Work Unless Permissions
Work Everywhere.”
Centralized Authentication is a must have
Users typically require certiﬁcates in
Kubernetes, so … (cert management)
Policy is easier using the central authorization

15
“Now We Can Start to Solve the Third Problem”

16
Can the Application Storage be Declarative?
How?
Who has access to the data? (RunAs, roles)
How does the data get synchronized
between different locations? (block vs.
application vs. backups)

17
Make your storage and persistent applications
Kubernetes aware and application
environment independent
● Storage Classes (same names or defaults)
● Kubernetes Service Endpoints versus Direct
Connects (Databases, for example)
● Cloud Managed Services: Kubernetes
aware? (Endpoints/Controllers)

18
“But what about all the differences between
platforms?”

Infrastructure
Platform
CI
Gitops
-driven
CD
developer
& devops
eng
component
developer
(i.e. prometheus,
grafana, flux,
weave cloud)
Release
Process
platform
engineer
Gitops
-driven
CD
Gitops
-driven
CD
application
configuration
source
code
Kubernetes
configuration
component
configuration
Application
GitOps for Kubernetes

CI
Gitops
-driven
CD
developer
& devops
eng
component
developer
(i.e. prometheus,
grafana, flux,
weave cloud)
Release
Process
platform
engineer
Gitops
-driven
CD
application
configuration
source
code
component
configuration
Application
GitOps for Kubernetes -- Application

GitOps for Kubernetes -- Application
21
Image
Registry
git-url: “project2”
git-path: ”/”
git-branch: ”dev”
Project 1
Project 2
2
1
2
1
git-path: ”/”
git-branch: ”dev”
git-path: ”/”
git-branch: ”prod”
git-path: ”/”
git-branch: ”prod”
Deployment
Deployment

GitOps for Kubernetes -- Applications
22

Platform platform
engineer
Gitops
-driven
CD
Kubernetes
conﬁguration
GitOps for Kubernetes -- Platform
● Authorization: Centralized Auth Required. (IAM, AD, LDAP, Other)
● Storage: Ephemeral vs. Persistent. Application Storage Availability
across Platforms
● Networking: CNI, CNI, CNI … Which one and why?
● Meshes, API Gateways: Deployments, Security, Policy, Delivery
● Policy: Containers, Network, Pods

24

25
kraan - Building platforms on top of K8s
https://github.com/fidelity/kraan

Infrastructure
platform
engineer
Gitops
-driven
CD
Kubernetes
conﬁguration
GitOps for Kubernetes -- Infrastructure
Two Words:
Cluster API
apiVersion: cluster.x-k8s.io/v1alpha3
kind: Cluster
metadata:
name: "${CLUSTER_NAME}"
spec:
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AWSCluster
controlPlaneRef:
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
name: "${CLUSTER_NAME}-control-plane"
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AWSCluster
metadata:
spec:
region: "${AWS_REGION}"
sshKeyName: "${AWS_SSH_KEY_NAME}"
---
https://github.com/kubernetes-sigs/cluster-api-provider-aws/tree/master/templates

27
Management Cluster
Mgmt UI
Mgmt UI
GitOps
Tools
Workload
Mgmt UI
GitOps
Tools
Workload
git registry
Mgmt UI
GitOps
Tools
Workload
Workload
Workload
● Multi Tenant
● Multi Cloud
● GitOps Managed
● Alibaba Cloud
● AWS
● Azure
● Azure Stack HCI
● Baidu Cloud
● Metal3
● DigitalOcean
● Exoscale
● GCP
● IBM Cloud
● OpenStack
● Packet
● Sidero
● Tencent Cloud
● vSphere
https://github.com/kubernetes-sigs/cluster-api

• Scale: How many clusters? 1,000s … essentially no limit
• No Single Point of Failure: Git, by its nature, is distributed by design.
Replicated repositories and clones provide disaster recovery
• Authentication & Authorization: If you have policy for source code
releases, then you have policy for deployment
• Auditing for Compliance: git log, git diff, SHA digests. Most companies
have already approved/certified Git for use in regulated environments.
28

DataScan
30
“We would recommend WKP which allowed us to
own and manage our infrastructure while building
a consistent technical bridge to a client-facing
cloud presence. Having worked with the
Weaveworks client success team for our cluster
deployments, service testing, specific use cases to
deploy configuration changes and management
of in-place upgrades, we are genuinely impressed
with their organizational dedication to our
success.”
● Requiring on-premise Kubernetes solution for production workloads due to data privacy concerns
● But reducing infrastructure costs for test workloads through adopting elastic cloud computing
resources
● Architecting a secure and consistent Kubernetes platforms for multi-cloud and on-premise
● Reducing operational complexity of Kubernetes across environments for end users
Key Takeaways
● Higher utilization and improved capacity management
through Kubernetes platforms servicing cloud and
on-premise infrastructure
● GitOps workflows in WKP allows for
a. 50% increase in deployment frequency
b. 20% reduction in operational tasks
c. MTTR reduced from days to hours

Deutsche Telekom
● DT are planning a new platform driven by the
needs of 5G and an ongoing demand to become
more efficient
● Most of the applications they deploy are written
by third-parties so standardising the platform
enables them to standardise the approach
● Need for on-premise but they want to take a
‘cloud aware’ approach where they could use
the public clouds
● Focus has been on:
○ Building a reliable platform that can be
deployed into multiple backends
○ Integrating with existing investments such
as storage and virtualization vendors
31
Key Takeaways
● D-Telekom see GitOps as a way that can
drive reliability and efficiency
● Would like to avoid building out their own
unique platform - but need flexibility for
some customisation
● Need a simplified platform that is easy for a
variety of teams to use
● Predict they will have a large number of
deployments at the edge of their networks.

● Kubernetes application platform
● Management of cluster and
applications
● Builds on GitOps and adds
enterprise features
● Deﬁne clusters and components
using a model based system
● Deploy new clusters using those
deﬁnitions: multiple back-ends
● Alerting and operations built-in
Weave Kubernetes Platform (WKP)
32

Weave Kubernetes Platform
Workload Workload Workload Workload
Container
Control
Release
Management
Visualisation
Monitoring &
Metrics
Alerting
Cluster audits
Deployment
Policy
Dashboards
Kubernetes
● Add-ons are curated optional
capabilities
● Prometheus monitoring,
logging, Helm and others
● Customer created add-ons
make the platform flexible
● Upstream Kubernetes tested
and with secure defaults
● GitOps configuration
management
● Models for multi-cluster
management
● Same installation experience
on all platforms
● Pre-scripting for platform
automation
● Host aware operations (e.g.
draining and upgrading)
Infrastructure
Core
Platform
Add-Ons
Cluster
configuration
Fleet
management
Cluster
components
Logging and
Tracing
Networking Storage
Infrastructure
Automation
Security

Runs Anywhere
WKP provides an extensible capability and we provide a single configuration experience. The benefit is
that the installation process is multi-cloud using a Kubernetes system called Cluster-API. With CAPI we
can install WKP on-premise, on VMWare and in the Cloud.
Scalability with GitOps models
We define GitOps models which are individual components, teams and clusters. The benefit is you can
use composition to automate creating thousands of applications and clusters with a complete picture of
configuration.
Modularity and flexibility through GitOps
WKP defines standard cluster components that are installed by default. Customers can define their own
- for example to define runtime security. The benefit is that you are not locked into a ‘one size fits all’
product, and can flex the platform to reflect existing needs and capabilities.
Weave Kubernetes Platform Features and Advantages
34

Operations Reliability
WKP defines the complete configuration of each Kubernetes cluster. The benefit is that workflows for
promoting changes, end-to-end testing and disaster recovery are easy and help drive overall reliability.
The advantage of WKP is that this can be applied to any Kubernetes.
Security with GitOps
GitOps turns the production platform into read-only, enabling enforcement of policy and alerts. The
benefit is that changes can be checked against policy, and any alteration can be alerted and stopped.
The benefit of this and the flexibility of the pipeline is that it can fit into existing security systems.
Agility through One Platform
The intent of K8s is to provide a platform that works for operations reliability and brings agility for
application teams. WKP provides multi-tenancy, and deployment capabilities through GitOps which lets
application teams deploy without risking the platform. The advantage is better deployments with
reliability.
Weave Kubernetes Platform Features and Advantages
35

37
Next Steps
Contact Paul
paul.curtis@weave.works
@pfcurtis_NY
Our services
weave.works/services
sales@weave.works
Our products
weave.works
sales@weave.works
👀 Sign up for a WKP demo + Q&A: http://bit.ly/demo-wkp
📚 GitOps with WKP: https://bit.ly/3qASKvY
🎧 The Art of Modern Ops (podcast):
https://www.weave.works/podcast-the-art-of-modern-ops/

Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps

More Related Content

What's hot (20)

Similar to Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps (20)

Recently uploaded (20)

Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps