SlideShare a Scribd company logo

Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf

Weaveworks
Weaveworks

Simplifying Hybrid Kubernetes with Weaveworks and EKS ppt. 09/15/2022 WWxAWS workshop

1 of 23
Download to read offline
1 Confidential do not distribute 1 September 2022 Simplifying Hybrid Kubernetes with Weaveworks and EKS Leonardo Murillo Principal Partner Solutions Architect, Weaveworks @murillodigital ⬝ leonardo@weave.works
2 Confidential do not distribute 2 Leo brings wide-ranging industry perspective, with over 20 years of experience building technology and leading teams all the way from Startups to Fortune 500s. He is passionate about cloud native technologies, organizational transformation and open source. As former CTO of Qwinix Technologies he led worldwide teams building cloud native software for large enterprises. In his role as Principal Partner Solutions Architect at Weaveworks, he focuses on helping solve application and infrastructure delivery challenges on Kubernetes at scale. Leonardo Murillo Principal Partner Solutions Architect, Weaveworks @murillodigital ⬝ leonardo@weave.works
3 Confidential do not distribute 3 What we’ll talk about today ● The GitOps Principles ● How GitOps helps with ○ Increasing Kubernetes reliability ○ Recovering EKS clusters in case of disaster ○ Governance, risk and compliance ● Hybrid Kubernetes simplified by GitOps ● EKS as foundation for Hybrid Solutions ● GitOps, development and the SDLC of containerized workloads on Kubernetes
4 Confidential do not distribute 4 The GitOps Principles
5 Confidential do not distribute 5 The GitOps Principles Declarative configuration only describes, it does not provide instructions the way imperative systems do. 1
6 Confidential do not distribute 6 The GitOps Principles State does not change, it evolves. The only way to introduce changes to the description is creating a new version. 2
7 Confidential do not distribute 7 The GitOps Principles Declared state is automatically pulled, there is no external push into the target system. 3
8 Confidential do not distribute 8 The GitOps Principles State is maintained at all times, and all necessary actions are abstracted by the agents that interpret it. 4
9 Confidential do not distribute 9 How does Weave GitOps apply these principles Kubernetes manifests as declarative configuration Weave GitOps Watches the repository and agents continuously introspect the runtime state and reconcile it with the described configuration Stored in Git, every change producing a new unique version that is immutable
10 Confidential do not distribute 10 How does Weave GitOps apply these principles The same pattern applies for applications and infrastructure. You can create and operate many clusters from a management cluster using declarative configuration and Weave GitOps continuous reconciliation. “Leaf Clusters” can run EKS in AWS, or EKS Distro anywhere else!
11 Confidential do not distribute 11 Declarative EKS Provisioning Cluster Provider Describes the configuration of the cluster, not the actions or resources specific to satisfy that desired state within a specific infrastructure provider Interprets the cluster configuration and takes the necessary, infrastructure specific actions, required to materialize that desired state. Provisioning complexity is abstracted away. Cluster configuration is generically applicable. Declare once, apply everywhere (see the value to hybrid?)
12 Confidential do not distribute 12 Continuous Reconciliation towards Reliability Reliability: Probability that a system performs correctly during a specific time duration. Probability that a system performs correctly a user will receive the expected and acceptable experience during a specific time duration. (Think error budgets and site reliability engineering) What’s one of the easiest ways to guarantee low error budgets and satisfactory availability? Automate: deployment, scaling and recovery. An agent’s continuous reconciliation process does just that.
13 Confidential do not distribute 13 Continuous Reconciliation towards Reliability Update Kubernetes Objects Pods Services Watch Watch Update Controller System Resources Containers Volume iptables rules
14 Confidential do not distribute 14 GitOps and Disaster Recovery Your entire system is declared in a versioned and immutable source of truth. (Entire system = infrastructure, applications, cloud resources, everything) Using GitOps, disaster recovery means small configuration changes if necessary to apply the full desired state to a new provider or region. This may not even be necessary if disruption is not as vast that the recovery itself did not happen fully automatically by the GitOps Reconciliation Loop. 1 2
15 Confidential do not distribute 15 GitOps and Disaster Recovery Pull makes it easier Since the target environments are pulling configuration from a source of truth, access controls and network permissions are dramatically simplified, no need to punch holes into new environments or handle ad-hoc credentials What about data? You will still need to apply best practices in terms of data backups and replication! 3 4
16 Confidential do not distribute 16 Environment Consistency and HA The boundary between cluster and underlying provider allows you to create consistent environments in terms of configuration, while freely switching the underlying infrastructure provider. It also becomes simpler to establish redundancy and high availability, by applying the same configuration to multiple providers or across regions within the same infrastructure provider. Scalability becomes part of your described desired state, covering workloads (using Kubernetes native objects such as Deployments) as well as the clusters themselves (using Cluster Auto Scaler)
17 Confidential do not distribute 17 Immutability and traceability towards compliance By using Git, every change applied to a system can be uniquely identified. Each identifier is tied to a specific user, and it represents the unique and immutable state at a point in time. This has worked wonderfully in application development and with GitOps it applies to entire systems.
18 Confidential do not distribute 18 Immutability and traceability towards compliance What about compliance? Declarative policy will continuously inspect and validate runtime, and reject, notify or otherwise take actions to guarantee compliance.
19 Confidential do not distribute 19 How does this all tie together for simple Hybrid EKS?
20 Confidential do not distribute 20 The relevance of EKS (Managed, Distro, Anywhere) ● Observe ● Upgrade ● Patch ● Secure Kubernetes does around 3 releases a year, your chosen distro will need to track them. Picking a Kubernetes distribution is critical towards reducing complexity down the road. Once your cluster(s) are running, you will need to: EKS Distro gives you a common Kubernetes platform with secure opinions and built for scale, that you can run across any target environments
21 Confidential do not distribute 21 Delivering Workloads to Hybrid Environments Development Team Autonomy Release Promotion Environment Security Advanced Delivery Pattern
22 22 1. Whitepaper: Best Practices for Hybrid Cloud Kubernetes with EKS and Weave GitOps https://bit.ly/hybrid-EKS 2. Contact us for a demo: sales@weave.works 3. Join other events with us: www.weave.works/events Thank You
23 Confidential do not distribute 2 3 www.weave.works Thanks
Ad

Recommended

Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Six Signs You Need Platform Engineering
Six Signs You Need Platform EngineeringSix Signs You Need Platform Engineering
Six Signs You Need Platform Engineering
Weaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdfSRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCIFlux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes ClustersAutomated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesHow to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyImplementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSAccelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdfFlux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsDeploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
Weaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
DevOps Automation with GitOps: Consistent and Secure End to End DeploymentsDevOps Automation with GitOps: Consistent and Secure End to End Deployments
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
Weaveworks
 
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityTrusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application StackTerraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 
Ad

More Related Content

More from Weaveworks (20)

How to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesHow to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyImplementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSAccelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdfFlux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsDeploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
Weaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
DevOps Automation with GitOps: Consistent and Secure End to End DeploymentsDevOps Automation with GitOps: Consistent and Secure End to End Deployments
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
Weaveworks
 
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityTrusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application StackTerraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesHow to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyImplementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSAccelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdfFlux’s Security & Scalability with OCI & Helm Slides.pdf
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsDeploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
Weaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
DevOps Automation with GitOps: Consistent and Secure End to End DeploymentsDevOps Automation with GitOps: Consistent and Secure End to End Deployments
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
Weaveworks
 
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityTrusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application StackTerraform and Weave GitOps: Build a Fully Automated Application Stack
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 

Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf

  • 1. 1 Confidential do not distribute 1 September 2022 Simplifying Hybrid Kubernetes with Weaveworks and EKS Leonardo Murillo Principal Partner Solutions Architect, Weaveworks @murillodigital ⬝ [email protected]
  • 2. 2 Confidential do not distribute 2 Leo brings wide-ranging industry perspective, with over 20 years of experience building technology and leading teams all the way from Startups to Fortune 500s. He is passionate about cloud native technologies, organizational transformation and open source. As former CTO of Qwinix Technologies he led worldwide teams building cloud native software for large enterprises. In his role as Principal Partner Solutions Architect at Weaveworks, he focuses on helping solve application and infrastructure delivery challenges on Kubernetes at scale. Leonardo Murillo Principal Partner Solutions Architect, Weaveworks @murillodigital ⬝ [email protected]
  • 3. 3 Confidential do not distribute 3 What we’ll talk about today ● The GitOps Principles ● How GitOps helps with ○ Increasing Kubernetes reliability ○ Recovering EKS clusters in case of disaster ○ Governance, risk and compliance ● Hybrid Kubernetes simplified by GitOps ● EKS as foundation for Hybrid Solutions ● GitOps, development and the SDLC of containerized workloads on Kubernetes
  • 4. 4 Confidential do not distribute 4 The GitOps Principles
  • 5. 5 Confidential do not distribute 5 The GitOps Principles Declarative configuration only describes, it does not provide instructions the way imperative systems do. 1
  • 6. 6 Confidential do not distribute 6 The GitOps Principles State does not change, it evolves. The only way to introduce changes to the description is creating a new version. 2
  • 7. 7 Confidential do not distribute 7 The GitOps Principles Declared state is automatically pulled, there is no external push into the target system. 3
  • 8. 8 Confidential do not distribute 8 The GitOps Principles State is maintained at all times, and all necessary actions are abstracted by the agents that interpret it. 4
  • 9. 9 Confidential do not distribute 9 How does Weave GitOps apply these principles Kubernetes manifests as declarative configuration Weave GitOps Watches the repository and agents continuously introspect the runtime state and reconcile it with the described configuration Stored in Git, every change producing a new unique version that is immutable
  • 10. 10 Confidential do not distribute 10 How does Weave GitOps apply these principles The same pattern applies for applications and infrastructure. You can create and operate many clusters from a management cluster using declarative configuration and Weave GitOps continuous reconciliation. “Leaf Clusters” can run EKS in AWS, or EKS Distro anywhere else!
  • 11. 11 Confidential do not distribute 11 Declarative EKS Provisioning Cluster Provider Describes the configuration of the cluster, not the actions or resources specific to satisfy that desired state within a specific infrastructure provider Interprets the cluster configuration and takes the necessary, infrastructure specific actions, required to materialize that desired state. Provisioning complexity is abstracted away. Cluster configuration is generically applicable. Declare once, apply everywhere (see the value to hybrid?)
  • 12. 12 Confidential do not distribute 12 Continuous Reconciliation towards Reliability Reliability: Probability that a system performs correctly during a specific time duration. Probability that a system performs correctly a user will receive the expected and acceptable experience during a specific time duration. (Think error budgets and site reliability engineering) What’s one of the easiest ways to guarantee low error budgets and satisfactory availability? Automate: deployment, scaling and recovery. An agent’s continuous reconciliation process does just that.
  • 13. 13 Confidential do not distribute 13 Continuous Reconciliation towards Reliability Update Kubernetes Objects Pods Services Watch Watch Update Controller System Resources Containers Volume iptables rules
  • 14. 14 Confidential do not distribute 14 GitOps and Disaster Recovery Your entire system is declared in a versioned and immutable source of truth. (Entire system = infrastructure, applications, cloud resources, everything) Using GitOps, disaster recovery means small configuration changes if necessary to apply the full desired state to a new provider or region. This may not even be necessary if disruption is not as vast that the recovery itself did not happen fully automatically by the GitOps Reconciliation Loop. 1 2
  • 15. 15 Confidential do not distribute 15 GitOps and Disaster Recovery Pull makes it easier Since the target environments are pulling configuration from a source of truth, access controls and network permissions are dramatically simplified, no need to punch holes into new environments or handle ad-hoc credentials What about data? You will still need to apply best practices in terms of data backups and replication! 3 4
  • 16. 16 Confidential do not distribute 16 Environment Consistency and HA The boundary between cluster and underlying provider allows you to create consistent environments in terms of configuration, while freely switching the underlying infrastructure provider. It also becomes simpler to establish redundancy and high availability, by applying the same configuration to multiple providers or across regions within the same infrastructure provider. Scalability becomes part of your described desired state, covering workloads (using Kubernetes native objects such as Deployments) as well as the clusters themselves (using Cluster Auto Scaler)
  • 17. 17 Confidential do not distribute 17 Immutability and traceability towards compliance By using Git, every change applied to a system can be uniquely identified. Each identifier is tied to a specific user, and it represents the unique and immutable state at a point in time. This has worked wonderfully in application development and with GitOps it applies to entire systems.
  • 18. 18 Confidential do not distribute 18 Immutability and traceability towards compliance What about compliance? Declarative policy will continuously inspect and validate runtime, and reject, notify or otherwise take actions to guarantee compliance.
  • 19. 19 Confidential do not distribute 19 How does this all tie together for simple Hybrid EKS?
  • 20. 20 Confidential do not distribute 20 The relevance of EKS (Managed, Distro, Anywhere) ● Observe ● Upgrade ● Patch ● Secure Kubernetes does around 3 releases a year, your chosen distro will need to track them. Picking a Kubernetes distribution is critical towards reducing complexity down the road. Once your cluster(s) are running, you will need to: EKS Distro gives you a common Kubernetes platform with secure opinions and built for scale, that you can run across any target environments
  • 21. 21 Confidential do not distribute 21 Delivering Workloads to Hybrid Environments Development Team Autonomy Release Promotion Environment Security Advanced Delivery Pattern
  • 22. 22 22 1. Whitepaper: Best Practices for Hybrid Cloud Kubernetes with EKS and Weave GitOps https://bit.ly/hybrid-EKS 2. Contact us for a demo: [email protected] 3. Join other events with us: www.weave.works/events Thank You
  • 23. 23 Confidential do not distribute 2 3 www.weave.works Thanks