Abstract image of a woman sitting on books and studying on a laptop

Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps

Weaveworks, profile picture
Weaveworks

The document discusses hybrid and multi-cloud strategies for Kubernetes, emphasizing the use of GitOps to enhance deployment efficiency and operational reliability across various platforms. It highlights Weaveworks' offerings, including their Kubernetes platform and consulting services, which aim to simplify cloud-native architecture and promote best practices. Key challenges addressed include networking, identity management, and persistent data storage in multi-cloud environments.

Software
1 of 37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Hybrid and Multi-Cloud Strategies for Kubernetes with 1 Weaveworks – https://weave.works – @weaveworks Paul Curtis – paul.curtis@weave.works – @pfcurtis_NY
Webinar Platform - FAQs Using Zoom Questions? • You are in listen only mode • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
Weaveworks Paul Curtis Principal Solutions Architect New York, US Paul is a Principal Solutions Architect at Weaveworks, where he provides pre- and post-sales technical expertise. Paul comes from the big data world and machine learning world, having spent seven years at MapR. Paul has served as Senior Operations Engineer for Unami, a startup founded to deliver on the promise of interactive TV for consumers, and was Systems Manager for Spiral Universe, a company providing school administration software as a service. He has also held senior support engineer positions at Sun Microsystems, as well as enterprise account technical management positions for both Netscape and FileNet. Earlier in his career, Paul worked in financial application development for Applix, IBM Service Bureau, and Ticketron. @pfcurtis_NY ✉ paulc@weave.works
About Weaveworks 4
Weaveworks ❤ GitOps Open Source Services Weave Kubernetes Platform Weaveworks enabling GitOps across the Kubernetes landscape • Key open source projects: flux, flagger, eksctl • Top 10 contributor to CNCF • GitOps thought leadership • Design, consulting and delivery of K8s • GitOps & Kubernetes training and quickstart • Helping teams optimise their platform • Manage 100’s of clusters with GitOps • Cloud and on-premise • Repeatability, flexibility and situational awareness 5
Educate Enable Platform Applications Weaveworks Consulting, Training and CRE Service  • Guided technology choices  • Cloud native reference architecture designs • Cloud native technology options and selection Weave Kubernetes Platform • Infrastructure of your choice: public cloud and on premise • Configuration management for the whole platform • Integrated security • 24/7 Support  DevOps • Automation, management  and Continuous Delivery • Prometheus monitoring and alerting • Training for cluster operators, application operators and developers • Delivery of POCs and experimental environments Accelerating the path to Cloud Native 6 GET STARTED FAST DESIGN AND BUILD DELIVER A PRODUCTION READY K8S PLATFORM ENABLE AN AGILE DELIVERY MODEL 1 2 3 4
A Quick GitOps Review 7
The entire system is described declaratively The canonical desired system state is versioned in git Approved changes an be automatically applied to the system Software agents ensure correctness and alert (diffs & actions) Principles of GitOps
GitOps for Kubernetes -- The Simplest Case 9 GitOps Tools Workload Workload Workload git registry
A View into Multi-Platform Kubernetes 10
Infrastructure vs. Platform vs. Applications Applications Kubernetes + Extensions Google – Amazon – Microsoft – On Premise CNCF Add-Ons Customer Platform components Developer Teams • Cluster operators • SRE teams • Platform teams DevX components Operations • Infrastructure teams
GitOps for the Multi-Cloud 12 1. Solve the Networking 2. Solve the Identity + Authentication + Authorization 3. Solve the Persistent Data Storage “Multi-Cloud Compute is Easy … Multi-Cloud Storage & Networking is Not.”
1. Solve the Networking 13 VPC to VPC (or to on-premise) Subnet to Subnet (availability zones) Cluster to Cluster (virtual Kubernetes networks) Mesh/Gateway to Mesh/Gateway (virtual meshes) “Multi-Cloud Won’t Work Unless Everyone Can Talk to Everyone”
2. Solve the Identity + Authentication + Authorization 14 “Multi-Cloud Won’t Work Unless Permissions Work Everywhere.” Centralized Authentication is a must have Users typically require certificates in Kubernetes, so … (cert management) Policy is easier using the central authorization
15 “Now We Can Start to Solve the Third Problem”
3. Solve the Persistent Data Storage 16 Can the Application Storage be Declarative? How? Who has access to the data? (RunAs, roles) How does the data get synchronized between different locations? (block vs. application vs. backups)
3. Solve the Persistent Data Storage 17 Make your storage and persistent applications Kubernetes aware and application environment independent ● Storage Classes (same names or defaults) ● Kubernetes Service Endpoints versus Direct Connects (Databases, for example) ● Cloud Managed Services: Kubernetes aware? (Endpoints/Controllers)
18 “But what about all the differences between platforms?”
Infrastructure Platform CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD Gitops -driven CD application configuration source code Kubernetes configuration component configuration Application GitOps for Kubernetes
CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD application configuration source code component configuration Application GitOps for Kubernetes -- Application
GitOps for Kubernetes -- Application 21 Image Registry git-url: “project2” git-path: ”/” git-branch: ”dev” Project 1 Project 2 2 1 2 1 git-url: “project1” git-path: ”/” git-branch: ”dev” git-url: “project2” git-path: ”/” git-branch: ”prod” git-url: “project1” git-path: ”/” git-branch: ”prod” Deployment Deployment
GitOps for Kubernetes -- Applications 22
Platform platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Platform ● Authorization: Centralized Auth Required. (IAM, AD, LDAP, Other) ● Storage: Ephemeral vs. Persistent. Application Storage Availability across Platforms ● Networking: CNI, CNI, CNI … Which one and why? ● Meshes, API Gateways: Deployments, Security, Policy, Delivery ● Policy: Containers, Network, Pods
GitOps for Kubernetes -- Platform 24
GitOps for Kubernetes -- Platform 25 kraan - Building platforms on top of K8s https://github.com/fidelity/kraan
Infrastructure platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Infrastructure Two Words: Cluster API apiVersion: cluster.x-k8s.io/v1alpha3 kind: Cluster metadata: name: "${CLUSTER_NAME}" spec: infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster name: "${CLUSTER_NAME}" controlPlaneRef: kind: KubeadmControlPlane apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 name: "${CLUSTER_NAME}-control-plane" --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster metadata: name: "${CLUSTER_NAME}" spec: region: "${AWS_REGION}" sshKeyName: "${AWS_SSH_KEY_NAME}" --- https://github.com/kubernetes-sigs/cluster-api-provider-aws/tree/master/templates
GitOps for Kubernetes -- Infrastructure 27 Management Cluster Mgmt UI Mgmt UI GitOps Tools Workload Mgmt UI GitOps Tools Workload git registry Mgmt UI GitOps Tools Workload Workload Workload ● Multi Tenant ● Multi Cloud ● GitOps Managed ● Alibaba Cloud ● AWS ● Azure ● Azure Stack HCI ● Baidu Cloud ● Metal3 ● DigitalOcean ● Exoscale ● GCP ● IBM Cloud ● OpenStack ● Packet ● Sidero ● Tencent Cloud ● vSphere https://github.com/kubernetes-sigs/cluster-api
GitOps for Kubernetes -- Infrastructure • Scale: How many clusters? 1,000s … essentially no limit • No Single Point of Failure: Git, by its nature, is distributed by design. Replicated repositories and clones provide disaster recovery • Authentication & Authorization: If you have policy for source code releases, then you have policy for deployment • Auditing for Compliance: git log, git diff, SHA digests. Most companies have already approved/certified Git for use in regulated environments. 28
What Weaveworks Built 29
DataScan 30 “We would recommend WKP which allowed us to own and manage our infrastructure while building a consistent technical bridge to a client-facing cloud presence. Having worked with the Weaveworks client success team for our cluster deployments, service testing, specific use cases to deploy configuration changes and management of in-place upgrades, we are genuinely impressed with their organizational dedication to our success.” ● Requiring on-premise Kubernetes solution for production workloads due to data privacy concerns ● But reducing infrastructure costs for test workloads through adopting elastic cloud computing resources ● Architecting a secure and consistent Kubernetes platforms for multi-cloud and on-premise ● Reducing operational complexity of Kubernetes across environments for end users Key Takeaways ● Higher utilization and improved capacity management through Kubernetes platforms servicing cloud and on-premise infrastructure ● GitOps workflows in WKP allows for a. 50% increase in deployment frequency b. 20% reduction in operational tasks c. MTTR reduced from days to hours
Deutsche Telekom ● DT are planning a new platform driven by the needs of 5G and an ongoing demand to become more efficient ● Most of the applications they deploy are written by third-parties so standardising the platform enables them to standardise the approach ● Need for on-premise but they want to take a ‘cloud aware’ approach where they could use the public clouds ● Focus has been on: ○ Building a reliable platform that can be deployed into multiple backends ○ Integrating with existing investments such as storage and virtualization vendors 31 Key Takeaways ● D-Telekom see GitOps as a way that can drive reliability and efficiency ● Would like to avoid building out their own unique platform - but need flexibility for some customisation ● Need a simplified platform that is easy for a variety of teams to use ● Predict they will have a large number of deployments at the edge of their networks.
● Kubernetes application platform ● Management of cluster and applications ● Builds on GitOps and adds enterprise features ● Define clusters and components using a model based system ● Deploy new clusters using those definitions: multiple back-ends ● Alerting and operations built-in Weave Kubernetes Platform (WKP) 32
Weave Kubernetes Platform Workload Workload Workload Workload Container Control Release Management Visualisation Monitoring & Metrics Alerting Cluster audits Deployment Policy Dashboards Kubernetes ● Add-ons are curated optional capabilities ● Prometheus monitoring, logging, Helm and others ● Customer created add-ons make the platform flexible ● Upstream Kubernetes tested and with secure defaults ● GitOps configuration management ● Models for multi-cluster management ● Same installation experience on all platforms ● Pre-scripting for platform automation ● Host aware operations (e.g. draining and upgrading) Infrastructure Core Platform Add-Ons Cluster configuration Fleet management Cluster components Logging and Tracing Networking Storage Infrastructure Automation Security
Runs Anywhere WKP provides an extensible capability and we provide a single configuration experience. The benefit is that the installation process is multi-cloud using a Kubernetes system called Cluster-API. With CAPI we can install WKP on-premise, on VMWare and in the Cloud. Scalability with GitOps models We define GitOps models which are individual components, teams and clusters. The benefit is you can use composition to automate creating thousands of applications and clusters with a complete picture of configuration. Modularity and flexibility through GitOps WKP defines standard cluster components that are installed by default. Customers can define their own - for example to define runtime security. The benefit is that you are not locked into a ‘one size fits all’ product, and can flex the platform to reflect existing needs and capabilities. Weave Kubernetes Platform Features and Advantages 34
Operations Reliability WKP defines the complete configuration of each Kubernetes cluster. The benefit is that workflows for promoting changes, end-to-end testing and disaster recovery are easy and help drive overall reliability. The advantage of WKP is that this can be applied to any Kubernetes. Security with GitOps GitOps turns the production platform into read-only, enabling enforcement of policy and alerts. The benefit is that changes can be checked against policy, and any alteration can be alerted and stopped. The benefit of this and the flexibility of the pipeline is that it can fit into existing security systems. Agility through One Platform The intent of K8s is to provide a platform that works for operations reliability and brings agility for application teams. WKP provides multi-tenancy, and deployment capabilities through GitOps which lets application teams deploy without risking the platform. The advantage is better deployments with reliability. Weave Kubernetes Platform Features and Advantages 35
36 Questions?
37 Next Steps Contact Paul paul.curtis@weave.works @pfcurtis_NY Our services weave.works/services sales@weave.works Our products weave.works sales@weave.works 👀 Sign up for a WKP demo + Q&A: http://bit.ly/demo-wkp 📚 GitOps with WKP: https://bit.ly/3qASKvY 🎧 The Art of Modern Ops (podcast): https://www.weave.works/podcast-the-art-of-modern-ops/

More Related Content

PDF
WKP Team Workspaces Webinar
Weaveworks
 
PDF
WKP 2.4 Delivers GitOps Anywhere
Weaveworks
 
PDF
GitOps for Helm Users by Scott Rigby
Weaveworks
 
PDF
Gitops Hands On
Brice Fernandes
 
PDF
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
PPTX
GitOps - Modern best practices for high velocity app dev using cloud native t...
Weaveworks
 
PDF
Docker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Andrew Phillips
 
PDF
The journey to GitOps
Nicola Baldi
 
WKP Team Workspaces Webinar
Weaveworks
 
WKP 2.4 Delivers GitOps Anywhere
Weaveworks
 
GitOps for Helm Users by Scott Rigby
Weaveworks
 
Gitops Hands On
Brice Fernandes
 
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
GitOps - Modern best practices for high velocity app dev using cloud native t...
Weaveworks
 
Docker New York City: From GitOps to a scalable CI/CD Pattern for Kubernetes
Andrew Phillips
 
The journey to GitOps
Nicola Baldi
 

What's hot (20)

PDF
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
William Caban
 
PDF
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
PDF
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Weaveworks
 
PDF
Gitops: the kubernetes way
sparkfabrik
 
PPTX
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Vietnam Open Infrastructure User Group
 
PDF
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
PDF
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
PDF
Secure GitOps pipelines for Kubernetes with Snyk & Weaveworks
Weaveworks
 
PDF
Security: The Value of SBOMs
Weaveworks
 
PDF
GitOps Toolkit (Cloud Native Nordics Tech Talk)
Weaveworks
 
PDF
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
PDF
Speeding up your team with GitOps
Brice Fernandes
 
PPTX
Why observability matters - now and in the future (w/guest Grafana)
Weaveworks
 
PDF
Continuous Security for GitOps
Weaveworks
 
PDF
Managing serverless workloads with knative
GDG Cloud Bengaluru
 
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
PDF
GitOps - Operation By Pull Request
Kasper Nissen
 
PPTX
[Konveyor] migrate and modernize your application portfolio to kubernetes wit...
Konveyor Community
 
PDF
E bpf and profilers
LibbySchulze
 
PDF
APIOps: Automated Processes for Even Better APIs
OlyaSurits
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
William Caban
 
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Weaveworks
 
Gitops: the kubernetes way
sparkfabrik
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Vietnam Open Infrastructure User Group
 
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
Secure GitOps pipelines for Kubernetes with Snyk & Weaveworks
Weaveworks
 
Security: The Value of SBOMs
Weaveworks
 
GitOps Toolkit (Cloud Native Nordics Tech Talk)
Weaveworks
 
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
Speeding up your team with GitOps
Brice Fernandes
 
Why observability matters - now and in the future (w/guest Grafana)
Weaveworks
 
Continuous Security for GitOps
Weaveworks
 
Managing serverless workloads with knative
GDG Cloud Bengaluru
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
GitOps - Operation By Pull Request
Kasper Nissen
 
[Konveyor] migrate and modernize your application portfolio to kubernetes wit...
Konveyor Community
 
E bpf and profilers
LibbySchulze
 
APIOps: Automated Processes for Even Better APIs
OlyaSurits
 
Ad

Similar to Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps (20)

PDF
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Weaveworks
 
PDF
Free GitOps Workshop
Weaveworks
 
PDF
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
PDF
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
PDF
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
PDF
Achieve Data & Operational Sovereignty: Managing Hybrid & Edge EKS Deployment...
Weaveworks
 
PDF
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Weaveworks
 
PDF
A GitOps model for High Availability and Disaster Recovery on EKS
Weaveworks
 
PPTX
Cloud Native Apps with GitOps
Weaveworks
 
PDF
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
PDF
Whitepaper automating kuberneteswithgitops 1
Kenneth Nnadikwe
 
PDF
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
PDF
Cloud native development without the toil
Ambassador Labs
 
PDF
GitOps and Kubernetes 1st Edition Billy Yuen Alexander Matyushentsev Jesse Su...
alanebrodixm
 
PDF
GitOps and Kubernetes 1st Edition Billy Yuen Alexander Matyushentsev Jesse Su...
ptrkbxhxe670
 
PDF
Future of Kubernetes and its Impact on Technology Industry.pdf
Urolime Technologies
 
PDF
Delivering Quality at Speed with GitOps
Weaveworks
 
PDF
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
PPTX
Scaling production grade EKS Multi-Cluster environments using GitOps
Carlos Santana
 
PDF
Kubecon seattle 2018 workshop slides
Weaveworks
 
Overcoming Regulatory & Compliance Hurdles with Hybrid Cloud EKS and Weave Gi...
Weaveworks
 
Free GitOps Workshop
Weaveworks
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
Achieve Data & Operational Sovereignty: Managing Hybrid & Edge EKS Deployment...
Weaveworks
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Weaveworks
 
A GitOps model for High Availability and Disaster Recovery on EKS
Weaveworks
 
Cloud Native Apps with GitOps
Weaveworks
 
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
Whitepaper automating kuberneteswithgitops 1
Kenneth Nnadikwe
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
Cloud native development without the toil
Ambassador Labs
 
GitOps and Kubernetes 1st Edition Billy Yuen Alexander Matyushentsev Jesse Su...
alanebrodixm
 
GitOps and Kubernetes 1st Edition Billy Yuen Alexander Matyushentsev Jesse Su...
ptrkbxhxe670
 
Future of Kubernetes and its Impact on Technology Industry.pdf
Urolime Technologies
 
Delivering Quality at Speed with GitOps
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Carlos Santana
 
Kubecon seattle 2018 workshop slides
Weaveworks
 
Ad

More from Weaveworks (20)

PDF
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
PDF
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
PDF
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
PDF
Six Signs You Need Platform Engineering
Weaveworks
 
PDF
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
PDF
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
PDF
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
PDF
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
PDF
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
PDF
Building internal developer platform with EKS and GitOps
Weaveworks
 
PDF
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
PDF
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
PDF
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
PDF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
PDF
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
PDF
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
PDF
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
PDF
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
PDF
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Six Signs You Need Platform Engineering
Weaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 

Recently uploaded (20)

PDF
Odoo Construction Management System by CandidRoot
CandidRoot Solutions Private Limited
 
PDF
Top 10 Project Management Software for Small Teams in 2025.pdf
Tech Qafila
 
PPTX
Swiggy API Scraping A Comprehensive Guide on Data Sets and Applications.pptx
FoodData Scrape
 
PPT
3.Software Design for software engineering
anant5150ca6
 
PPTX
ESDS_SAP Application Cloud Offerings.pptx
AAlam20
 
PPTX
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
 
PDF
Sanket Mhaiskar Resume - Senior Software Engineer (Backend, AI)
Sanket Mhaiskar
 
PPTX
Why 2025 Is the Best Year to Hire Software Developers in India
Milan H
 
PPTX
Folder Lock 10.1.9 Crack With Serial Key
alishamir792
 
PDF
solman-7.0-ehp1-sp21-incident-management
Giuseppe Caselli
 
PDF
infoteam HELLAS company profile 2025 presentation
alexispapadimitriou
 
PPTX
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
PDF
Engineering Document Management System (EDMS)
smartprojectwrench
 
PDF
Cloud Native Aachen Meetup - Aug 21, 2025
roehlclemens
 
PPTX
SAP Business AI_L1 Overview_EXTERNAL.pptx
AAlam20
 
PPTX
UNIT II: Software design, software .pptx
SriSamyukthaSethuram
 
PPTX
Post-Migration Optimization Playbook: Getting the Most Out of Your New Adobe ...
bbedford2
 
PDF
Multiverse AI Review 2025_ The Ultimate All-in-One AI Platform.pdf
THEMESMO
 
PPTX
Independent Consultants’ Biggest Challenges in ERP Projects – and How Apagen ...
SatishKumar2651
 
PDF
Crypto Loss And Recovery Guide By Expert Recovery Agency.
DRA | Trusted Crypto Recovery Expert |
 
Odoo Construction Management System by CandidRoot
CandidRoot Solutions Private Limited
 
Top 10 Project Management Software for Small Teams in 2025.pdf
Tech Qafila
 
Swiggy API Scraping A Comprehensive Guide on Data Sets and Applications.pptx
FoodData Scrape
 
3.Software Design for software engineering
anant5150ca6
 
ESDS_SAP Application Cloud Offerings.pptx
AAlam20
 
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
 
Sanket Mhaiskar Resume - Senior Software Engineer (Backend, AI)
Sanket Mhaiskar
 
Why 2025 Is the Best Year to Hire Software Developers in India
Milan H
 
Folder Lock 10.1.9 Crack With Serial Key
alishamir792
 
solman-7.0-ehp1-sp21-incident-management
Giuseppe Caselli
 
infoteam HELLAS company profile 2025 presentation
alexispapadimitriou
 
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
Engineering Document Management System (EDMS)
smartprojectwrench
 
Cloud Native Aachen Meetup - Aug 21, 2025
roehlclemens
 
SAP Business AI_L1 Overview_EXTERNAL.pptx
AAlam20
 
UNIT II: Software design, software .pptx
SriSamyukthaSethuram
 
Post-Migration Optimization Playbook: Getting the Most Out of Your New Adobe ...
bbedford2
 
Multiverse AI Review 2025_ The Ultimate All-in-One AI Platform.pdf
THEMESMO
 
Independent Consultants’ Biggest Challenges in ERP Projects – and How Apagen ...
SatishKumar2651
 
Crypto Loss And Recovery Guide By Expert Recovery Agency.
DRA | Trusted Crypto Recovery Expert |
 

Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps

  • 1. Hybrid and Multi-Cloud Strategies for Kubernetes with 1 Weaveworks – https://weave.works – @weaveworks Paul Curtis – [email protected] – @pfcurtis_NY
  • 2. Webinar Platform - FAQs Using Zoom Questions? • You are in listen only mode • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
  • 3. Weaveworks Paul Curtis Principal Solutions Architect New York, US Paul is a Principal Solutions Architect at Weaveworks, where he provides pre- and post-sales technical expertise. Paul comes from the big data world and machine learning world, having spent seven years at MapR. Paul has served as Senior Operations Engineer for Unami, a startup founded to deliver on the promise of interactive TV for consumers, and was Systems Manager for Spiral Universe, a company providing school administration software as a service. He has also held senior support engineer positions at Sun Microsystems, as well as enterprise account technical management positions for both Netscape and FileNet. Earlier in his career, Paul worked in financial application development for Applix, IBM Service Bureau, and Ticketron. @pfcurtis_NY ✉ [email protected]
  • 5. Weaveworks ❤ GitOps Open Source Services Weave Kubernetes Platform Weaveworks enabling GitOps across the Kubernetes landscape • Key open source projects: flux, flagger, eksctl • Top 10 contributor to CNCF • GitOps thought leadership • Design, consulting and delivery of K8s • GitOps & Kubernetes training and quickstart • Helping teams optimise their platform • Manage 100’s of clusters with GitOps • Cloud and on-premise • Repeatability, flexibility and situational awareness 5
  • 6. Educate Enable Platform Applications Weaveworks Consulting, Training and CRE Service  • Guided technology choices  • Cloud native reference architecture designs • Cloud native technology options and selection Weave Kubernetes Platform • Infrastructure of your choice: public cloud and on premise • Configuration management for the whole platform • Integrated security • 24/7 Support  DevOps • Automation, management  and Continuous Delivery • Prometheus monitoring and alerting • Training for cluster operators, application operators and developers • Delivery of POCs and experimental environments Accelerating the path to Cloud Native 6 GET STARTED FAST DESIGN AND BUILD DELIVER A PRODUCTION READY K8S PLATFORM ENABLE AN AGILE DELIVERY MODEL 1 2 3 4
  • 7. A Quick GitOps Review 7
  • 8. The entire system is described declaratively The canonical desired system state is versioned in git Approved changes an be automatically applied to the system Software agents ensure correctness and alert (diffs & actions) Principles of GitOps
  • 9. GitOps for Kubernetes -- The Simplest Case 9 GitOps Tools Workload Workload Workload git registry
  • 10. A View into Multi-Platform Kubernetes 10
  • 11. Infrastructure vs. Platform vs. Applications Applications Kubernetes + Extensions Google – Amazon – Microsoft – On Premise CNCF Add-Ons Customer Platform components Developer Teams • Cluster operators • SRE teams • Platform teams DevX components Operations • Infrastructure teams
  • 12. GitOps for the Multi-Cloud 12 1. Solve the Networking 2. Solve the Identity + Authentication + Authorization 3. Solve the Persistent Data Storage “Multi-Cloud Compute is Easy … Multi-Cloud Storage & Networking is Not.”
  • 13. 1. Solve the Networking 13 VPC to VPC (or to on-premise) Subnet to Subnet (availability zones) Cluster to Cluster (virtual Kubernetes networks) Mesh/Gateway to Mesh/Gateway (virtual meshes) “Multi-Cloud Won’t Work Unless Everyone Can Talk to Everyone”
  • 14. 2. Solve the Identity + Authentication + Authorization 14 “Multi-Cloud Won’t Work Unless Permissions Work Everywhere.” Centralized Authentication is a must have Users typically require certificates in Kubernetes, so … (cert management) Policy is easier using the central authorization
  • 15. 15 “Now We Can Start to Solve the Third Problem”
  • 16. 3. Solve the Persistent Data Storage 16 Can the Application Storage be Declarative? How? Who has access to the data? (RunAs, roles) How does the data get synchronized between different locations? (block vs. application vs. backups)
  • 17. 3. Solve the Persistent Data Storage 17 Make your storage and persistent applications Kubernetes aware and application environment independent ● Storage Classes (same names or defaults) ● Kubernetes Service Endpoints versus Direct Connects (Databases, for example) ● Cloud Managed Services: Kubernetes aware? (Endpoints/Controllers)
  • 18. 18 “But what about all the differences between platforms?”
  • 19. Infrastructure Platform CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD Gitops -driven CD application configuration source code Kubernetes configuration component configuration Application GitOps for Kubernetes
  • 20. CI Gitops -driven CD developer & devops eng component developer (i.e. prometheus, grafana, flux, weave cloud) Release Process platform engineer Gitops -driven CD application configuration source code component configuration Application GitOps for Kubernetes -- Application
  • 21. GitOps for Kubernetes -- Application 21 Image Registry git-url: “project2” git-path: ”/” git-branch: ”dev” Project 1 Project 2 2 1 2 1 git-url: “project1” git-path: ”/” git-branch: ”dev” git-url: “project2” git-path: ”/” git-branch: ”prod” git-url: “project1” git-path: ”/” git-branch: ”prod” Deployment Deployment
  • 22. GitOps for Kubernetes -- Applications 22
  • 23. Platform platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Platform ● Authorization: Centralized Auth Required. (IAM, AD, LDAP, Other) ● Storage: Ephemeral vs. Persistent. Application Storage Availability across Platforms ● Networking: CNI, CNI, CNI … Which one and why? ● Meshes, API Gateways: Deployments, Security, Policy, Delivery ● Policy: Containers, Network, Pods
  • 24. GitOps for Kubernetes -- Platform 24
  • 25. GitOps for Kubernetes -- Platform 25 kraan - Building platforms on top of K8s https://github.com/fidelity/kraan
  • 26. Infrastructure platform engineer Gitops -driven CD Kubernetes configuration GitOps for Kubernetes -- Infrastructure Two Words: Cluster API apiVersion: cluster.x-k8s.io/v1alpha3 kind: Cluster metadata: name: "${CLUSTER_NAME}" spec: infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster name: "${CLUSTER_NAME}" controlPlaneRef: kind: KubeadmControlPlane apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 name: "${CLUSTER_NAME}-control-plane" --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 kind: AWSCluster metadata: name: "${CLUSTER_NAME}" spec: region: "${AWS_REGION}" sshKeyName: "${AWS_SSH_KEY_NAME}" --- https://github.com/kubernetes-sigs/cluster-api-provider-aws/tree/master/templates
  • 27. GitOps for Kubernetes -- Infrastructure 27 Management Cluster Mgmt UI Mgmt UI GitOps Tools Workload Mgmt UI GitOps Tools Workload git registry Mgmt UI GitOps Tools Workload Workload Workload ● Multi Tenant ● Multi Cloud ● GitOps Managed ● Alibaba Cloud ● AWS ● Azure ● Azure Stack HCI ● Baidu Cloud ● Metal3 ● DigitalOcean ● Exoscale ● GCP ● IBM Cloud ● OpenStack ● Packet ● Sidero ● Tencent Cloud ● vSphere https://github.com/kubernetes-sigs/cluster-api
  • 28. GitOps for Kubernetes -- Infrastructure • Scale: How many clusters? 1,000s … essentially no limit • No Single Point of Failure: Git, by its nature, is distributed by design. Replicated repositories and clones provide disaster recovery • Authentication & Authorization: If you have policy for source code releases, then you have policy for deployment • Auditing for Compliance: git log, git diff, SHA digests. Most companies have already approved/certified Git for use in regulated environments. 28
  • 30. DataScan 30 “We would recommend WKP which allowed us to own and manage our infrastructure while building a consistent technical bridge to a client-facing cloud presence. Having worked with the Weaveworks client success team for our cluster deployments, service testing, specific use cases to deploy configuration changes and management of in-place upgrades, we are genuinely impressed with their organizational dedication to our success.” ● Requiring on-premise Kubernetes solution for production workloads due to data privacy concerns ● But reducing infrastructure costs for test workloads through adopting elastic cloud computing resources ● Architecting a secure and consistent Kubernetes platforms for multi-cloud and on-premise ● Reducing operational complexity of Kubernetes across environments for end users Key Takeaways ● Higher utilization and improved capacity management through Kubernetes platforms servicing cloud and on-premise infrastructure ● GitOps workflows in WKP allows for a. 50% increase in deployment frequency b. 20% reduction in operational tasks c. MTTR reduced from days to hours
  • 31. Deutsche Telekom ● DT are planning a new platform driven by the needs of 5G and an ongoing demand to become more efficient ● Most of the applications they deploy are written by third-parties so standardising the platform enables them to standardise the approach ● Need for on-premise but they want to take a ‘cloud aware’ approach where they could use the public clouds ● Focus has been on: ○ Building a reliable platform that can be deployed into multiple backends ○ Integrating with existing investments such as storage and virtualization vendors 31 Key Takeaways ● D-Telekom see GitOps as a way that can drive reliability and efficiency ● Would like to avoid building out their own unique platform - but need flexibility for some customisation ● Need a simplified platform that is easy for a variety of teams to use ● Predict they will have a large number of deployments at the edge of their networks.
  • 32. ● Kubernetes application platform ● Management of cluster and applications ● Builds on GitOps and adds enterprise features ● Define clusters and components using a model based system ● Deploy new clusters using those definitions: multiple back-ends ● Alerting and operations built-in Weave Kubernetes Platform (WKP) 32
  • 33. Weave Kubernetes Platform Workload Workload Workload Workload Container Control Release Management Visualisation Monitoring & Metrics Alerting Cluster audits Deployment Policy Dashboards Kubernetes ● Add-ons are curated optional capabilities ● Prometheus monitoring, logging, Helm and others ● Customer created add-ons make the platform flexible ● Upstream Kubernetes tested and with secure defaults ● GitOps configuration management ● Models for multi-cluster management ● Same installation experience on all platforms ● Pre-scripting for platform automation ● Host aware operations (e.g. draining and upgrading) Infrastructure Core Platform Add-Ons Cluster configuration Fleet management Cluster components Logging and Tracing Networking Storage Infrastructure Automation Security
  • 34. Runs Anywhere WKP provides an extensible capability and we provide a single configuration experience. The benefit is that the installation process is multi-cloud using a Kubernetes system called Cluster-API. With CAPI we can install WKP on-premise, on VMWare and in the Cloud. Scalability with GitOps models We define GitOps models which are individual components, teams and clusters. The benefit is you can use composition to automate creating thousands of applications and clusters with a complete picture of configuration. Modularity and flexibility through GitOps WKP defines standard cluster components that are installed by default. Customers can define their own - for example to define runtime security. The benefit is that you are not locked into a ‘one size fits all’ product, and can flex the platform to reflect existing needs and capabilities. Weave Kubernetes Platform Features and Advantages 34
  • 35. Operations Reliability WKP defines the complete configuration of each Kubernetes cluster. The benefit is that workflows for promoting changes, end-to-end testing and disaster recovery are easy and help drive overall reliability. The advantage of WKP is that this can be applied to any Kubernetes. Security with GitOps GitOps turns the production platform into read-only, enabling enforcement of policy and alerts. The benefit is that changes can be checked against policy, and any alteration can be alerted and stopped. The benefit of this and the flexibility of the pipeline is that it can fit into existing security systems. Agility through One Platform The intent of K8s is to provide a platform that works for operations reliability and brings agility for application teams. WKP provides multi-tenancy, and deployment capabilities through GitOps which lets application teams deploy without risking the platform. The advantage is better deployments with reliability. Weave Kubernetes Platform Features and Advantages 35
  • 37. 37 Next Steps Contact Paul [email protected] @pfcurtis_NY Our services weave.works/services [email protected] Our products weave.works [email protected] 👀 Sign up for a WKP demo + Q&A: http://bit.ly/demo-wkp 📚 GitOps with WKP: https://bit.ly/3qASKvY 🎧 The Art of Modern Ops (podcast): https://www.weave.works/podcast-the-art-of-modern-ops/