SlideShare a Scribd company logo

Scaling production grade EKS Multi-Cluster environments using GitOps

Download as PPTX, PDF
Carlos Santana
Carlos Santana

Learn how to manage and scale productive ArgoCD deployments in a multi cluster environment easily and securely using GitOps patterns. We will present the deployment of applications across multiple Kubernetes clusters on various public, private, on-premises and explore the best practices for scaling and managing highly available, reliable and secure applications. We will also demonstrate how you can structure your Git repositories to share and scale within your teams and organization in order to deploy your cloud native deployments in an automatic and predictive way.

Technology
1 of 45
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling production grade Kubernetes Multi-Cluster environments using GitOps Rodrigo Bersa EKS Specialist Solutions Architect AWS Carlos Santana EKS Specialist Solutions Architect AWS KCD Washington, DC
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. I have chosen to use Kubernetes – now what?
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What customers are building Apps and services Mobile IoT Static websites Complex web apps .NET apps Legacy homegrown Linux apps Monoliths Autonomous vehicles (object tracking, sensor fusion) Robotics (vision, grasping, motion control) Modeling, training, and inference Real-time MapReduce Batch
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enforce security standards and best practices across clusters to automate deployments Define boundaries between multiple teams Provision multiple workloads at scale Cluster management Team management Workload management Install add-ons and their dependencies Add-on management Configuration management Automate configuration and upgrade lifecycle from a single source of truth Challenges and Goals
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. CNCF Cloud Map “There is no shortage of amazing tooling in the K8s ecosystem, but there is no guide for how to put all the tools together”
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Decisions
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Data Plane Compute Decisions
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Data Plane Compute Cluster Addons Decisions
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Data Plane Compute Cluster Addons Decisions Day 2 Operations
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cluster add-ons Security Cilium Gatekeeper Kyverno Observability Prometheus Fluent Bit OTEL Reliability Karpenter Autoscaler Keda Delivery ArgoCD Flux Crossplane Other
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Principle of GitOps A system managed by GitOps must have its desired state expressed declaratively Desired state is stored in a way that enforces immutability, versioning and retains a complete version history Software agents continuously observe actual system state and attempt to apply the desired state Software agents automatically pull the desired state declarations from the source Enforces Consistency Reduces Business Risk Enhances Auditability Boosts Security
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Continuously Reconcile Build Test Scan Operate/Fix Deploy/Verify Observe/Alert Immutability Firewall Git becomes the single source of truth for the system’s desired state, enabling reproducible automated deployments, cluster management, and monitoring.
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure environments
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private environments Corporate datacenter Kubernetes Cluster Build Infrastructure deployment Corporate Network
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public repositories Corporate datacenter Kubernetes Cluster Build Deploy Corporate Network Infrastructure deployment
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private repositories Corporate datacenter Kubernetes Cluster Repository Scan Scan Store Deploy Corporate Network Build Pull Grype Clair Infrastructure deployment
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Trusted repositories Corporate datacenter Kubernetes Cluster Repository Scan Scan Store Deploy Corporate Network Build Grype Clair Infrastructure deployment Pull Image replication
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud environment AWS Cloud Amazon Inspector Amazon EKS Amazon ECR VPC Private subnet VPN connection Scan Deploy AWS Direct Connect Secured Network Endpoints AWS PrivateLink Store Build Infrastructure deployment Image replication AWS CodeCommit
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Team management
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity & Access Management Policy Management Namespace as a Service Multi-team considerations
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Separation of concerns Platform engineers Platform builders – build and integrate tools that provision, manage and secure the cloud computing infrastructure Software engineers Application builders – free to focus on building applications that deliver business value to customers
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Teams management (k8s) Dev Team A Dev Team B Platform Team Audit Team Kubernetes Cluster Control Plane Data Plane Instances Instances Developer RBAC Temp RBAC Admin RBAC
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Teams management (cloud) Developer Role Admin Role Dev Team A Dev Team B Platform Team Audit Team Temporary Role VPC Availability Zone 1 Availability Zone 2 Managed Node Group Karpenter “Groupless” Amazon EKS AWS Cloud
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dev/Test Cluster Teams management (ArgoCD) Dev Team A Dev Team B Platform Team Audit Team Apps ArgoCD Projects Apps Repository Audit ArgoCD Project Policy Repository Platform ArgoCD Project Platform Repository Production Cluster workloads policies addons
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated cluster deployment
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated deployment (k8s) Build Git push IaC repository Trigger IaC Pipeline Control Plane Data Plane Instances Instances Dev/Test Cluster Control Plane Data Plane Instances Instances Production Cluster Dev Team A Dev Team B Platform Team Audit Team Corporate datacenter Teams Repository Scanning Pull Corporate Network Push
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated deployment (Cloud) Build Git push IaC repository Trigger Dev Team A Dev Team B Platform Team Audit Team Teams Scan Pull Push IaC Pipeline AWS Cloud Production account Dev/Test account Availability Zone 2 Availability Zone 2 Amazon EKS Managed Node Group Karpenter “Groupless” Amazon EKS Managed Node Group Karpenter “Groupless” Amazon EKS VPC VPC Availability Zone 2 Availability Zone 2 VPC Managed Node Group Karpenter “Groupless” Development tools Secured Network
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure as Code with Terraform and CDK Based on AWS best practices and recommendations Integrated with popular K8s tools and services Fully extensible and customizable Amazon EKS Blueprints An open-source framework that allows you to configure and deploy complete Amazon EKS clusters across accounts and Regions
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cluster creation with Amazon EKS Blueprints • Infrastructure as Code (IaC) • AWS CDK • HashiCorp Terraform • Addons • OSS • AWS • Partner • GitOps • ArgoCD - (New GitOps-Bridge) EKS Blueprints
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Cluster Management with GitOps (Topologies)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Standalone/distributed GitOps Namespace Tenant AWS account Amazon EKS Tenant AWS account Amazon EKS Namespace On premises Kubernetes Namespace On premises Kubernetes Namespace Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centralized/Hub-Spoke (Push) Central Amazon EKS cluster Central AWS account Namespace Tenant AWS account On premises Amazon EKS Tenant AWS account Kubernetes On premises Kubernetes Amazon EKS Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centralized/Hub-Spoke (Shared) Central Amazon EKS cluster Central AWS account Namespace Tenant AWS account On premises Amazon EKS Tenant AWS account Kubernetes On premises Kubernetes Amazon EKS App-2 repo App-1 repo App-4 repo Platform Config App-3 repo Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centralized/Hub-Spoke (Agent) Central Amazon EKS cluster Central AWS account Namespace Tenant AWS account On premises Amazon EKS Tenant AWS account Kubernetes On premises Kubernetes Amazon EKS App-2 repo App-1 repo App-4 repo Platform Config App-3 repo Core ArgoCD UI/CLI API Server Redis Server Repo Controllers https://argo-cd.readthedocs.io/en/stable/operator-manual/core https://akuity.io/blog/reducing-argocd-operational-burden https://github.com/open-cluster-management-io/argocd-pull-integration Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Reliability and Performance
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. ArgoCD Scaling Challenges 37 Image: https://colocatedeventseu2023.sched.com/event/1JoAP/scaling-argo-security-and-multi-tenancy-in-aws-eks-at-the-new-york-times-david-grizzanti-luke-philips-the-new-york-times
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling ArgoCD 38 • Enable HPA (API, Repo, Redis) • Controller Replica shards (random, round-robin) • Tunning (timeouts, processors queues) • Reconcile Optimization  ignoreResourceUpdates vs. ignoreDifferences https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability https://argo-cd.readthedocs.io/en/stable/operator-manual/reconcile
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring ArgoCD 39 Prometheus Use Operator or Setup service labels OpenTelemetry/ADOT Alerts AMP (Amazon Managed Service for Prometheus) Grafana ArgoCD Dashboard (tweak) Sync time Work queue AMG (Amazon Managed Grafana) Logging Find k8s resources properties to ignore
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge: IaC and Addons https://github.com/gitops-bridge-dev ack terraform kops ansible pulumi cdk capa crossplane IaC Virtual private cloud (VPC) Subnet Kubernetes Amazon EKS IAM Role NAT gateway Instances Infrastructure Kubernetes CR (ArgoCD Cluster) metadata: annotations: aws_alb_role_arn: arn…. labels: enable_aws_alb: true 1 2 3 ./aws/aws-cloudwatch-metrics-appset.yaml ./aws/aws-csi-ebs-resources-appset.yaml ./aws/aws-csi-efs-driver-appset.yaml ./aws/aws-csi-fsx-driver-appset.yaml ./aws/aws-fluentbit-appset.yaml ./aws/aws-gateway-api-controller-appset.yaml ./aws/aws-load-balancer-controller-appset.yaml ./aws/aws-node-termination-handler-appset.yaml ./aws/aws-oss-cert-manager-appset.yaml ./aws/aws-oss-cluster-autoscaler-appset.yaml ./aws/aws-oss-crossplane-providers-appset.yaml ./aws/aws-oss-external-dns-appset.yaml ./aws/aws-oss-external-secrets-appset.yaml ./aws/aws-oss-karpenter-appset.yaml ./aws/aws-oss-privateca-issuer-appset.yaml ./aws/aws-oss-velero-appset.yaml ./aws/aws-secrets-store-csi-appset.yaml ./oss/argo-cd-appset.yaml ./oss/argo-events-appset.yaml ./oss/argo-rollouts-appset.yaml ./oss/argo-workflows-appset.yaml GitOps
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge: ApplicationSet (Addon versions) version in dev is 1.6.0 version in staging is 1.5.5 version in production is 1.5.4 Cluster opt-in for the addon Chart name and repo in a single place Merge generator Prevent Outages
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge: ApplicationSet (overrides) Metadata based on IaC Namespace based on IaC Override values files Value files in git
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge Configuration Platform team Platform Repo Region Kubernetes Account Control Plane Addons App Of AppSet Addon-1 charts/ environments/ Addon-2 App Of ApplicationSets Addon-1 ApplicationSet Addon-3 ApplicationSet Addon-2 ApplicationSet clusters/ Kubernetes CR (ArgoCD Cluste) metadata: annotations: aws_alb_role_arn: arn…. labels: enable_aws_alb: true Addon-1 Application Addon-3 Application Addon-2 Application
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Carlos Santana carrlos@amazon.com Rodrigo Bersa bersr@amazon.com @csantanapr csantanapr bersa

Recommended

Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeCarlos Santana
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
CI/CD for Modern Applications
CI/CD for Modern ApplicationsCI/CD for Modern Applications
CI/CD for Modern ApplicationsAmazon Web Services
 
EKS Workshop
EKS Workshop EKS Workshop
EKS WorkshopAWS Germany
 
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Amazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 

Recommended

Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeCarlos Santana
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
CI/CD for Modern Applications
CI/CD for Modern ApplicationsCI/CD for Modern Applications
CI/CD for Modern ApplicationsAmazon Web Services
 
EKS Workshop
EKS Workshop EKS Workshop
EKS WorkshopAWS Germany
 
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Amazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Building Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyBuilding Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaCodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaEdureka!
 
Deep Dive - CI/CD on AWS
Deep Dive - CI/CD on AWSDeep Dive - CI/CD on AWS
Deep Dive - CI/CD on AWSAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zoneIgor Ivanovic
 
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxDevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxTurja Narayan Chaudhuri
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSBhargav Amin
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAmazon Web Services
 
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...Amazon Web Services
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
Azure container instances
Azure container instancesAzure container instances
Azure container instancesKarthikeyan VK
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsShiva Narayanaswamy
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 
Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationCarlos Santana
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
 

More Related Content

What's hot

Building Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyBuilding Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyAmazon Web Services
 
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaCodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaEdureka!
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxDevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxTurja Narayan Chaudhuri
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAmazon Web Services
 
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...Amazon Web Services
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 
Azure container instances
Azure container instancesAzure container instances
Azure container instancesKarthikeyan VK
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsShiva Narayanaswamy
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020Michael Nichols
 

What's hot (20)

Building Mobile Apps with AWS Amplify
Building Mobile Apps with AWS AmplifyBuilding Mobile Apps with AWS Amplify
Building Mobile Apps with AWS Amplify
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaCodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
 
Deep Dive - CI/CD on AWS
Deep Dive - CI/CD on AWSDeep Dive - CI/CD on AWS
Deep Dive - CI/CD on AWS
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKS
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
 
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxDevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
 
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
 
Azure container instances
Azure container instancesAzure container instances
Azure container instances
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
 
CAF presentation 09 16-2020
CAF presentation 09 16-2020CAF presentation 09 16-2020
CAF presentation 09 16-2020
 

Similar to Scaling production grade EKS Multi-Cluster environments using GitOps

Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationCarlos Santana
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
 
From Zero to Production with Amazon EKS Blueprints for Terraform
From Zero to Production with Amazon EKS Blueprints for Terraform From Zero to Production with Amazon EKS Blueprints for Terraform
From Zero to Production with Amazon EKS Blueprints for TerraformTal Hibner
 
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...kreuzwerker GmbH
 
AWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfAWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfHeitor Lessa
 
AWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkataAWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkataAritra Nag
 
AWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckAWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckSammy Cheung
 
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018Amazon Web Services
 
Göteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptxGöteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptxAritra Nag
 
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityTrusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityWeaveworks
 
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Amazon Web Services
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019AWS Summits
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Amazon Web Services
 
Keynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless ArchitecturesKeynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless ArchitecturesBATbern
 
5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network 5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit NetworkAmazon Web Services
 
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...Amazon Web Services
 
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...Amazon Web Services
 
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018Amazon Web Services
 
Building Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxBuilding Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxNelson Kimathi
 

Similar to Scaling production grade EKS Multi-Cluster environments using GitOps (20)

Control Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy ValidationControl Planes on Kubernetes and Policy Validation
Control Planes on Kubernetes and Policy Validation
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
 
From Zero to Production with Amazon EKS Blueprints for Terraform
From Zero to Production with Amazon EKS Blueprints for Terraform From Zero to Production with Amazon EKS Blueprints for Terraform
From Zero to Production with Amazon EKS Blueprints for Terraform
 
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
 
AWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfAWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdf
 
AWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkataAWS ReInvent 2023 Recap: AWS User GroupKolkata
AWS ReInvent 2023 Recap: AWS User GroupKolkata
 
AWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckAWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deck
 
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
 
Göteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptxGöteborg Reinvent 2023_Aritra_updated.pptx
Göteborg Reinvent 2023_Aritra_updated.pptx
 
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityTrusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
 
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
Keynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless ArchitecturesKeynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless Architectures
 
5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network 5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network
 
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
 
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
 
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
 
Building Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxBuilding Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptx
 

More from Carlos Santana

Building a Bridge between Terraform and ArgoCD
Building a Bridge between Terraform and ArgoCDBuilding a Bridge between Terraform and ArgoCD
Building a Bridge between Terraform and ArgoCDCarlos Santana
 
Navigating Disaster Recovery in Kubernetes and CNCF Crossplane
Navigating Disaster Recovery in Kubernetes and CNCF Crossplane Navigating Disaster Recovery in Kubernetes and CNCF Crossplane
Navigating Disaster Recovery in Kubernetes and CNCF Crossplane Carlos Santana
 
NodeJS Serverless backends for your frontends
NodeJS Serverless backends for your frontendsNodeJS Serverless backends for your frontends
NodeJS Serverless backends for your frontendsCarlos Santana
 
OpenWhisk Meetup - Austin, TX 07/2017
OpenWhisk Meetup - Austin, TX 07/2017OpenWhisk Meetup - Austin, TX 07/2017
OpenWhisk Meetup - Austin, TX 07/2017Carlos Santana
 
Shark Tank OpenWhisk Incubating at ApacheCon 2017
Shark Tank OpenWhisk Incubating at ApacheCon 2017Shark Tank OpenWhisk Incubating at ApacheCon 2017
Shark Tank OpenWhisk Incubating at ApacheCon 2017Carlos Santana
 
OpenWhisk: Where Did My Servers Go?
OpenWhisk: Where Did My Servers Go?OpenWhisk: Where Did My Servers Go?
OpenWhisk: Where Did My Servers Go?Carlos Santana
 
How to contribute to Serverless Apache OpenWhisk OpenSource101 NCSU
How to contribute to Serverless Apache OpenWhisk OpenSource101 NCSUHow to contribute to Serverless Apache OpenWhisk OpenSource101 NCSU
How to contribute to Serverless Apache OpenWhisk OpenSource101 NCSUCarlos Santana
 

More from Carlos Santana (7)

Building a Bridge between Terraform and ArgoCD
Building a Bridge between Terraform and ArgoCDBuilding a Bridge between Terraform and ArgoCD
Building a Bridge between Terraform and ArgoCD
 
Navigating Disaster Recovery in Kubernetes and CNCF Crossplane
Navigating Disaster Recovery in Kubernetes and CNCF Crossplane Navigating Disaster Recovery in Kubernetes and CNCF Crossplane
Navigating Disaster Recovery in Kubernetes and CNCF Crossplane
 
NodeJS Serverless backends for your frontends
NodeJS Serverless backends for your frontendsNodeJS Serverless backends for your frontends
NodeJS Serverless backends for your frontends
 
OpenWhisk Meetup - Austin, TX 07/2017
OpenWhisk Meetup - Austin, TX 07/2017OpenWhisk Meetup - Austin, TX 07/2017
OpenWhisk Meetup - Austin, TX 07/2017
 
Shark Tank OpenWhisk Incubating at ApacheCon 2017
Shark Tank OpenWhisk Incubating at ApacheCon 2017Shark Tank OpenWhisk Incubating at ApacheCon 2017
Shark Tank OpenWhisk Incubating at ApacheCon 2017
 
OpenWhisk: Where Did My Servers Go?
OpenWhisk: Where Did My Servers Go?OpenWhisk: Where Did My Servers Go?
OpenWhisk: Where Did My Servers Go?
 
How to contribute to Serverless Apache OpenWhisk OpenSource101 NCSU
How to contribute to Serverless Apache OpenWhisk OpenSource101 NCSUHow to contribute to Serverless Apache OpenWhisk OpenSource101 NCSU
How to contribute to Serverless Apache OpenWhisk OpenSource101 NCSU
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

Scaling production grade EKS Multi-Cluster environments using GitOps

  • 1. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling production grade Kubernetes Multi-Cluster environments using GitOps Rodrigo Bersa EKS Specialist Solutions Architect AWS Carlos Santana EKS Specialist Solutions Architect AWS KCD Washington, DC
  • 2. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. I have chosen to use Kubernetes – now what?
  • 3. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. What customers are building Apps and services Mobile IoT Static websites Complex web apps .NET apps Legacy homegrown Linux apps Monoliths Autonomous vehicles (object tracking, sensor fusion) Robotics (vision, grasping, motion control) Modeling, training, and inference Real-time MapReduce Batch
  • 4. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enforce security standards and best practices across clusters to automate deployments Define boundaries between multiple teams Provision multiple workloads at scale Cluster management Team management Workload management Install add-ons and their dependencies Add-on management Configuration management Automate configuration and upgrade lifecycle from a single source of truth Challenges and Goals
  • 5. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. CNCF Cloud Map “There is no shortage of amazing tooling in the K8s ecosystem, but there is no guide for how to put all the tools together”
  • 6. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Decisions
  • 7. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Data Plane Compute Decisions
  • 8. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Data Plane Compute Cluster Addons Decisions
  • 9. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Journey Choose an orchestrator Data Plane Compute Cluster Addons Decisions Day 2 Operations
  • 10. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cluster add-ons Security Cilium Gatekeeper Kyverno Observability Prometheus Fluent Bit OTEL Reliability Karpenter Autoscaler Keda Delivery ArgoCD Flux Crossplane Other
  • 11. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Principle of GitOps A system managed by GitOps must have its desired state expressed declaratively Desired state is stored in a way that enforces immutability, versioning and retains a complete version history Software agents continuously observe actual system state and attempt to apply the desired state Software agents automatically pull the desired state declarations from the source Enforces Consistency Reduces Business Risk Enhances Auditability Boosts Security
  • 12. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Continuously Reconcile Build Test Scan Operate/Fix Deploy/Verify Observe/Alert Immutability Firewall Git becomes the single source of truth for the system’s desired state, enabling reproducible automated deployments, cluster management, and monitoring.
  • 13. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure environments
  • 14. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private environments Corporate datacenter Kubernetes Cluster Build Infrastructure deployment Corporate Network
  • 15. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public repositories Corporate datacenter Kubernetes Cluster Build Deploy Corporate Network Infrastructure deployment
  • 16. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private repositories Corporate datacenter Kubernetes Cluster Repository Scan Scan Store Deploy Corporate Network Build Pull Grype Clair Infrastructure deployment
  • 17. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Trusted repositories Corporate datacenter Kubernetes Cluster Repository Scan Scan Store Deploy Corporate Network Build Grype Clair Infrastructure deployment Pull Image replication
  • 18. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 19. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud environment AWS Cloud Amazon Inspector Amazon EKS Amazon ECR VPC Private subnet VPN connection Scan Deploy AWS Direct Connect Secured Network Endpoints AWS PrivateLink Store Build Infrastructure deployment Image replication AWS CodeCommit
  • 20. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Team management
  • 21. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity & Access Management Policy Management Namespace as a Service Multi-team considerations
  • 22. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Separation of concerns Platform engineers Platform builders – build and integrate tools that provision, manage and secure the cloud computing infrastructure Software engineers Application builders – free to focus on building applications that deliver business value to customers
  • 23. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Teams management (k8s) Dev Team A Dev Team B Platform Team Audit Team Kubernetes Cluster Control Plane Data Plane Instances Instances Developer RBAC Temp RBAC Admin RBAC
  • 24. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Teams management (cloud) Developer Role Admin Role Dev Team A Dev Team B Platform Team Audit Team Temporary Role VPC Availability Zone 1 Availability Zone 2 Managed Node Group Karpenter “Groupless” Amazon EKS AWS Cloud
  • 25. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dev/Test Cluster Teams management (ArgoCD) Dev Team A Dev Team B Platform Team Audit Team Apps ArgoCD Projects Apps Repository Audit ArgoCD Project Policy Repository Platform ArgoCD Project Platform Repository Production Cluster workloads policies addons
  • 26. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated cluster deployment
  • 27. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated deployment (k8s) Build Git push IaC repository Trigger IaC Pipeline Control Plane Data Plane Instances Instances Dev/Test Cluster Control Plane Data Plane Instances Instances Production Cluster Dev Team A Dev Team B Platform Team Audit Team Corporate datacenter Teams Repository Scanning Pull Corporate Network Push
  • 28. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated deployment (Cloud) Build Git push IaC repository Trigger Dev Team A Dev Team B Platform Team Audit Team Teams Scan Pull Push IaC Pipeline AWS Cloud Production account Dev/Test account Availability Zone 2 Availability Zone 2 Amazon EKS Managed Node Group Karpenter “Groupless” Amazon EKS Managed Node Group Karpenter “Groupless” Amazon EKS VPC VPC Availability Zone 2 Availability Zone 2 VPC Managed Node Group Karpenter “Groupless” Development tools Secured Network
  • 29. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure as Code with Terraform and CDK Based on AWS best practices and recommendations Integrated with popular K8s tools and services Fully extensible and customizable Amazon EKS Blueprints An open-source framework that allows you to configure and deploy complete Amazon EKS clusters across accounts and Regions
  • 30. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cluster creation with Amazon EKS Blueprints • Infrastructure as Code (IaC) • AWS CDK • HashiCorp Terraform • Addons • OSS • AWS • Partner • GitOps • ArgoCD - (New GitOps-Bridge) EKS Blueprints
  • 31. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-Cluster Management with GitOps (Topologies)
  • 32. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Standalone/distributed GitOps Namespace Tenant AWS account Amazon EKS Tenant AWS account Amazon EKS Namespace On premises Kubernetes Namespace On premises Kubernetes Namespace Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
  • 33. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centralized/Hub-Spoke (Push) Central Amazon EKS cluster Central AWS account Namespace Tenant AWS account On premises Amazon EKS Tenant AWS account Kubernetes On premises Kubernetes Amazon EKS Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
  • 34. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centralized/Hub-Spoke (Shared) Central Amazon EKS cluster Central AWS account Namespace Tenant AWS account On premises Amazon EKS Tenant AWS account Kubernetes On premises Kubernetes Amazon EKS App-2 repo App-1 repo App-4 repo Platform Config App-3 repo Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
  • 35. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centralized/Hub-Spoke (Agent) Central Amazon EKS cluster Central AWS account Namespace Tenant AWS account On premises Amazon EKS Tenant AWS account Kubernetes On premises Kubernetes Amazon EKS App-2 repo App-1 repo App-4 repo Platform Config App-3 repo Core ArgoCD UI/CLI API Server Redis Server Repo Controllers https://argo-cd.readthedocs.io/en/stable/operator-manual/core https://akuity.io/blog/reducing-argocd-operational-burden https://github.com/open-cluster-management-io/argocd-pull-integration Full ArgoCD UI/CLI API Server Redis Server Repo Controllers
  • 36. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Reliability and Performance
  • 37. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. ArgoCD Scaling Challenges 37 Image: https://colocatedeventseu2023.sched.com/event/1JoAP/scaling-argo-security-and-multi-tenancy-in-aws-eks-at-the-new-york-times-david-grizzanti-luke-philips-the-new-york-times
  • 38. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scaling ArgoCD 38 • Enable HPA (API, Repo, Redis) • Controller Replica shards (random, round-robin) • Tunning (timeouts, processors queues) • Reconcile Optimization  ignoreResourceUpdates vs. ignoreDifferences https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability https://argo-cd.readthedocs.io/en/stable/operator-manual/reconcile
  • 39. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring ArgoCD 39 Prometheus Use Operator or Setup service labels OpenTelemetry/ADOT Alerts AMP (Amazon Managed Service for Prometheus) Grafana ArgoCD Dashboard (tweak) Sync time Work queue AMG (Amazon Managed Grafana) Logging Find k8s resources properties to ignore
  • 40. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge
  • 41. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge: IaC and Addons https://github.com/gitops-bridge-dev ack terraform kops ansible pulumi cdk capa crossplane IaC Virtual private cloud (VPC) Subnet Kubernetes Amazon EKS IAM Role NAT gateway Instances Infrastructure Kubernetes CR (ArgoCD Cluster) metadata: annotations: aws_alb_role_arn: arn…. labels: enable_aws_alb: true 1 2 3 ./aws/aws-cloudwatch-metrics-appset.yaml ./aws/aws-csi-ebs-resources-appset.yaml ./aws/aws-csi-efs-driver-appset.yaml ./aws/aws-csi-fsx-driver-appset.yaml ./aws/aws-fluentbit-appset.yaml ./aws/aws-gateway-api-controller-appset.yaml ./aws/aws-load-balancer-controller-appset.yaml ./aws/aws-node-termination-handler-appset.yaml ./aws/aws-oss-cert-manager-appset.yaml ./aws/aws-oss-cluster-autoscaler-appset.yaml ./aws/aws-oss-crossplane-providers-appset.yaml ./aws/aws-oss-external-dns-appset.yaml ./aws/aws-oss-external-secrets-appset.yaml ./aws/aws-oss-karpenter-appset.yaml ./aws/aws-oss-privateca-issuer-appset.yaml ./aws/aws-oss-velero-appset.yaml ./aws/aws-secrets-store-csi-appset.yaml ./oss/argo-cd-appset.yaml ./oss/argo-events-appset.yaml ./oss/argo-rollouts-appset.yaml ./oss/argo-workflows-appset.yaml GitOps
  • 42. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge: ApplicationSet (Addon versions) version in dev is 1.6.0 version in staging is 1.5.5 version in production is 1.5.4 Cluster opt-in for the addon Chart name and repo in a single place Merge generator Prevent Outages
  • 43. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge: ApplicationSet (overrides) Metadata based on IaC Namespace based on IaC Override values files Value files in git
  • 44. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. GitOps Bridge Configuration Platform team Platform Repo Region Kubernetes Account Control Plane Addons App Of AppSet Addon-1 charts/ environments/ Addon-2 App Of ApplicationSets Addon-1 ApplicationSet Addon-3 ApplicationSet Addon-2 ApplicationSet clusters/ Kubernetes CR (ArgoCD Cluste) metadata: annotations: aws_alb_role_arn: arn…. labels: enable_aws_alb: true Addon-1 Application Addon-3 Application Addon-2 Application
  • 45. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Carlos Santana carrlos@amazon.com Rodrigo Bersa bersr@amazon.com @csantanapr csantanapr bersa