SlideShare a Scribd company logo

Flux Beyond Git Harnessing the Power of OCI

C
CezzaineZaher1

In this KubeCon Europe 2023 talk, Stefan and Hidde will talk about the latest developments of Flux around the Open Container Initiative (OCI). The focus will be on how OCI can serve as the single source of truth for both application code (container images) and configuration (OCI artifacts). We will start by explaining how Flux can be used as a package manager for distributing Kubernetes configs and Terraform modules as OCI artifacts. Afterwards, we will demonstrate how to build a secure delivery pipeline that leverages Flux integrations with GitHub Actions and keyless signatures from Sigstore Cosign. Lastly, we will touch upon the upcoming plans for 2023 and the significance of OCI in the future of continuous delivery with Flux.

Technology
1 of 19
Download to read offline
Hidde Beydals (Flux core maintainer, Weaveworks) Stefan Prodan (Flux core maintainer, Weaveworks) Flux Beyond Git Harnessing the Power of OCI
Flux: Project overview The Flux project aims to provide a complete Continuous Delivery platform on top of Kubernetes, supporting all the common practices and tooling in the field. Flux v2 is powered by the GitOps Toolkit, a set of composable APIs and specialized tools for keeping Kubernetes clusters in sync with sources of configuration, and automating updates to configuration when there is new code to deploy. CLI - https://github.com/fluxcd/flux2 Controllers - https://github.com/fluxcd/source-controller - https://github.com/fluxcd/kustomize-controller - https://github.com/fluxcd/helm-controller - https://github.com/fluxcd/image-automation-controller - https://github.com/fluxcd/image-reflector-controller - https://github.com/fluxcd/notification-controller - https://github.com/fluxcd/flagger Terraform Provider - https://github.com/fluxcd/terraform- provider-flux Go SDK - https://github.com/fluxcd/pkg
Flux: Ecosystem News Adopters & Vendors GitLab joins Azure, AWS, VMware, D2IQ, Giant Swarm and other vendors that are relying on Flux to offer GitOps to their users. Orange joins Deutsche Telekom and other mobile carriers that have adopted Flux to accelerate the deployment of 5G infrastructure. Integrations & Extensions Weaveworks offers a free and open source distribution of Weave GitOps which includes a Web UI for Flux and a Terraform Controller that extends Flux’s capabiles beyond Kubernetes. AWS is developing a Cloud Formation Controller that enables Flux to manage cloud resources beyond EKS.
Open Container Initiative The Open Container Initiative (OCI) is an open governance structure under Linux Foundation, that defines the specifications and standards for container technologies (artifacts, distribution and runtimes). Unified Artifact Registry The OCI distribution is rapidly evolving into an universal solution for distributing not only container images but any other type of package. - All major Cloud and SaaS vendors offer support for OCI Artifacts - Popular package managers such as Homebrew and Helm make use of OCI artifacts for package distribution - Various cloud-native projects have adopted OCI for distributing configuration, policies, addons, WASM, SBOMs, signatures - Every organization that uses Kubernetes has the infrastructure needed to store and distribute OCI artifacts (you can’t run Kubernetes without a container registry).
Flux: GitOps Workflow In the typical GitOps workflow, the Kubernetes clusters must pull the configs from Git and the container images from a registry.
Flux: CI/CD Workflow for OCI artifacts Using a container registry for both app container images and deploy configs, simplifies the delivery pipeline.
Flux: Source APIs Flux offers interchangeable APIs for defining Git and OCI sources.
Flux: OCI support for Kubernetes configs $ flux push artifact oci://ghcr.io/org/my-app-config:1.0.0 --path ./deploy $ cosign sign ghcr.io/org/my-app-config@<digest> --key cosign.key
Flux: OCI support for Terraform modules $ flux push artifact oci://docker.io/org/my-app-infra:1.0.0 --path ./infra $ cosign sign docker.io/org/my-app-infra@<digest> --key cosign.key
Flux: Push changes to clusters from CI safely The Flux CLI can be used to implement a push-based workflow, where kubectl apply is replaced with flux push.
Flux: OCI custom media types The OCI artifacts produced by flux push are of type vnd.cncf.flux and they contain information about the origin Git repository and the Git commit SHA.
Flux: OCI support for Helm charts $ helm push my-app-1.0.0.tgz oci://<id>.dkr.ecr.amazonws.com/charts $ cosign sign oci://<id>.dkr.ecr.amazonws.com/charts/my-app@<digest>
Flux: Benefits of OCI compared to Git ● Images, configuration and signatures in one place ● Registries have (often) higher availability ● OCI registries are API based, Git not so much ● Regional traffic saves you 💰 ● Passwordless authentication ● Keyless integrity verification
Flux: (contextual) authentication towards registries Git - Secret with a SSH key or basic authentication token OCI - Kubernetes Workload Identity attached to controller’s Service Account - Image pull secrets attached to a referenced Service Account - Secret reference with a Docker config Easier to manage, fine-grain access control, better integrated with Kubernetes and cloud providers.
Flux: Integrity verification of (OCI) Sources Keyless verification, instead of hard to manage identities. Git - OpenPGP signatures - Eventually[1] : SSH signatures OCI - Sigstore Cosign (OpenSSF) - Soon[2] : Notation (CNCF) [1]: https://github.com/go-git/go-git/pull/705 [2]: https://github.com/fluxcd/source-controller/issues/1072
Flux: Scenarios where OCI may be a better fit than Git - When the Git repository does not contain the final Kubernetes manifests. For example, using CUE, Jsonnet or any other tool that generates YAML resources. - At the edge, due to reduced resource usage. - Isolated systems with limited network access. As images are in many cases easier to mirror than Git repositories. - Version based production systems. - Local development environments.
Flux: OCI resources - OCIRepository specification: https://fluxcd.io/flux/components/source/ocirepositories/ - HelmRepository OCI specification: https://fluxcd.io/flux/components/source/helmrepositories/#helm-oci-repository - OCI cheatsheet: https://fluxcd.io/flux/cheatsheets/oci-artifacts/ - flux-local-dev: https://github.com/stefanprodan/flux-local-dev - flux-aio: https://github.com/stefanprodan/flux-aio
Flux: Demo time 🎉 Spinning up a local dev environment for Flux using Kubernetes Kind and Docker OSS Registry https://github.com/stefanprodan/flux-local-dev
Closing and final questions Thank you for your time 🙇 We will be happy to answer any question you may have.

Recommended

Best Practices with Azure & Kubernetes
Best Practices with Azure & KubernetesBest Practices with Azure & Kubernetes
Best Practices with Azure & KubernetesMicrosoft Tech Community
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Cluster-as-code. The Many Ways towards Kubernetes
Cluster-as-code. The Many Ways towards KubernetesCluster-as-code. The Many Ways towards Kubernetes
Cluster-as-code. The Many Ways towards KubernetesQAware GmbH
 
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays
 
JHipster overview
JHipster overviewJHipster overview
JHipster overviewJulien Dubois
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
DevOps: Benefits & Future Trends
DevOps: Benefits & Future TrendsDevOps: Benefits & Future Trends
DevOps: Benefits & Future Trends9 series
 
9 steps to awesome with kubernetes
9 steps to awesome with kubernetes9 steps to awesome with kubernetes
9 steps to awesome with kubernetesBaraniBuuny
 

Recommended

Best Practices with Azure & Kubernetes
Best Practices with Azure & KubernetesBest Practices with Azure & Kubernetes
Best Practices with Azure & KubernetesMicrosoft Tech Community
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Cluster-as-code. The Many Ways towards Kubernetes
Cluster-as-code. The Many Ways towards KubernetesCluster-as-code. The Many Ways towards Kubernetes
Cluster-as-code. The Many Ways towards KubernetesQAware GmbH
 
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays
 
JHipster overview
JHipster overviewJHipster overview
JHipster overviewJulien Dubois
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
DevOps: Benefits & Future Trends
DevOps: Benefits & Future TrendsDevOps: Benefits & Future Trends
DevOps: Benefits & Future Trends9 series
 
9 steps to awesome with kubernetes
9 steps to awesome with kubernetes9 steps to awesome with kubernetes
9 steps to awesome with kubernetesBaraniBuuny
 
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Tin Linn Soe
 
ElasticSearch : Architecture et Développement
ElasticSearch : Architecture et DéveloppementElasticSearch : Architecture et Développement
ElasticSearch : Architecture et DéveloppementMohamed hedi Abidi
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfJuanSalinas593459
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Weaveworks
 
Azure DevOps Tests Plan
Azure DevOps Tests PlanAzure DevOps Tests Plan
Azure DevOps Tests PlanDenis Voituron
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ... Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...Principled Technologies
 
Kubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examKubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examAhmed AbouZaid
 
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...QAware GmbH
 
Kubernetes 101 for Beginners
Kubernetes 101 for BeginnersKubernetes 101 for Beginners
Kubernetes 101 for BeginnersOktay Esgul
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes waysparkfabrik
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Introduction to Tekton
Introduction to TektonIntroduction to Tekton
Introduction to TektonVictor Iglesias
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfWeaveworks
 
Working with kubernetes
Working with kubernetesWorking with kubernetes
Working with kubernetesNagaraj Shenoy
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxNebulaworks
 
Moby KubeCon 2017
Moby KubeCon 2017Moby KubeCon 2017
Moby KubeCon 2017Patrick Chanezon
 

More Related Content

What's hot

Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Tin Linn Soe
 
ElasticSearch : Architecture et Développement
ElasticSearch : Architecture et DéveloppementElasticSearch : Architecture et Développement
ElasticSearch : Architecture et DéveloppementMohamed hedi Abidi
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfJuanSalinas593459
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Weaveworks
 
Azure DevOps Tests Plan
Azure DevOps Tests PlanAzure DevOps Tests Plan
Azure DevOps Tests PlanDenis Voituron
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ... Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...Principled Technologies
 
Kubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examKubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examAhmed AbouZaid
 
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...QAware GmbH
 
Kubernetes 101 for Beginners
Kubernetes 101 for BeginnersKubernetes 101 for Beginners
Kubernetes 101 for BeginnersOktay Esgul
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes waysparkfabrik
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfWeaveworks
 
Working with kubernetes
Working with kubernetesWorking with kubernetes
Working with kubernetesNagaraj Shenoy
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 

What's hot (20)

Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
 
ElasticSearch : Architecture et Développement
ElasticSearch : Architecture et DéveloppementElasticSearch : Architecture et Développement
ElasticSearch : Architecture et Développement
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdf
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
Cloud Native Apps with GitOps
Cloud Native Apps with GitOps Cloud Native Apps with GitOps
Cloud Native Apps with GitOps
 
Azure DevOps Tests Plan
Azure DevOps Tests PlanAzure DevOps Tests Plan
Azure DevOps Tests Plan
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networking
 
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ... Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...
Pod density comparison: VMware vSphere with Tanzu vs. a bare-metal approach ...
 
Kubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examKubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS exam
 
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...
Anwendungsübergreifende Authentifizierung: Integrations-Pattern für OpenID Co...
 
Kubernetes 101 for Beginners
Kubernetes 101 for BeginnersKubernetes 101 for Beginners
Kubernetes 101 for Beginners
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOps
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
 
Introduction to Tekton
Introduction to TektonIntroduction to Tekton
Introduction to Tekton
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
 
Working with kubernetes
Working with kubernetesWorking with kubernetes
Working with kubernetes
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 

Similar to Flux Beyond Git Harnessing the Power of OCI

The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxNebulaworks
 
How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFWeaveworks
 
KubeCon 2022 EU Flux Security.pdf
KubeCon 2022 EU Flux Security.pdfKubeCon 2022 EU Flux Security.pdf
KubeCon 2022 EU Flux Security.pdfWeaveworks
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortGabriel Bechara
 
Flux is incubating + the road ahead
Flux is incubating + the road aheadFlux is incubating + the road ahead
Flux is incubating + the road aheadLibbySchulze
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayJohannes Brännström
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Patrick Chanezon
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibilityDocker, Inc.
 
DevOps Training institute in Ameerpet
DevOps Training institute in AmeerpetDevOps Training institute in Ameerpet
DevOps Training institute in AmeerpetVisualpath Training
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
 
Fabio Ferrari | particles.io | Presentation
Fabio Ferrari | particles.io | PresentationFabio Ferrari | particles.io | Presentation
Fabio Ferrari | particles.io | PresentationFabio Ferrari
 
Cloud Native Landscape (CNCF and OCI)
Cloud Native Landscape (CNCF and OCI)Cloud Native Landscape (CNCF and OCI)
Cloud Native Landscape (CNCF and OCI)Chris Aniszczyk
 
Kubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stackKubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stackJuraj Hantak
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Vietnam Open Infrastructure User Group
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environmentsalexandru giurgiu
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Microsoft
 

Similar to Flux Beyond Git Harnessing the Power of OCI (20)

The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes Toolbox
 
Moby KubeCon 2017
Moby KubeCon 2017Moby KubeCon 2017
Moby KubeCon 2017
 
How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCF
 
KubeCon 2022 EU Flux Security.pdf
KubeCon 2022 EU Flux Security.pdfKubeCon 2022 EU Flux Security.pdf
KubeCon 2022 EU Flux Security.pdf
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-short
 
Flux is incubating + the road ahead
Flux is incubating + the road aheadFlux is incubating + the road ahead
Flux is incubating + the road ahead
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your way
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
 
DevOps Training institute in Ameerpet
DevOps Training institute in AmeerpetDevOps Training institute in Ameerpet
DevOps Training institute in Ameerpet
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
 
Fabio Ferrari | particles.io | Presentation
Fabio Ferrari | particles.io | PresentationFabio Ferrari | particles.io | Presentation
Fabio Ferrari | particles.io | Presentation
 
Cloud Native Landscape (CNCF and OCI)
Cloud Native Landscape (CNCF and OCI)Cloud Native Landscape (CNCF and OCI)
Cloud Native Landscape (CNCF and OCI)
 
Kubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stackKubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stack
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environments
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Flux Beyond Git Harnessing the Power of OCI

  • 1. Hidde Beydals (Flux core maintainer, Weaveworks) Stefan Prodan (Flux core maintainer, Weaveworks) Flux Beyond Git Harnessing the Power of OCI
  • 2. Flux: Project overview The Flux project aims to provide a complete Continuous Delivery platform on top of Kubernetes, supporting all the common practices and tooling in the field. Flux v2 is powered by the GitOps Toolkit, a set of composable APIs and specialized tools for keeping Kubernetes clusters in sync with sources of configuration, and automating updates to configuration when there is new code to deploy. CLI - https://github.com/fluxcd/flux2 Controllers - https://github.com/fluxcd/source-controller - https://github.com/fluxcd/kustomize-controller - https://github.com/fluxcd/helm-controller - https://github.com/fluxcd/image-automation-controller - https://github.com/fluxcd/image-reflector-controller - https://github.com/fluxcd/notification-controller - https://github.com/fluxcd/flagger Terraform Provider - https://github.com/fluxcd/terraform- provider-flux Go SDK - https://github.com/fluxcd/pkg
  • 3. Flux: Ecosystem News Adopters & Vendors GitLab joins Azure, AWS, VMware, D2IQ, Giant Swarm and other vendors that are relying on Flux to offer GitOps to their users. Orange joins Deutsche Telekom and other mobile carriers that have adopted Flux to accelerate the deployment of 5G infrastructure. Integrations & Extensions Weaveworks offers a free and open source distribution of Weave GitOps which includes a Web UI for Flux and a Terraform Controller that extends Flux’s capabiles beyond Kubernetes. AWS is developing a Cloud Formation Controller that enables Flux to manage cloud resources beyond EKS.
  • 4. Open Container Initiative The Open Container Initiative (OCI) is an open governance structure under Linux Foundation, that defines the specifications and standards for container technologies (artifacts, distribution and runtimes). Unified Artifact Registry The OCI distribution is rapidly evolving into an universal solution for distributing not only container images but any other type of package. - All major Cloud and SaaS vendors offer support for OCI Artifacts - Popular package managers such as Homebrew and Helm make use of OCI artifacts for package distribution - Various cloud-native projects have adopted OCI for distributing configuration, policies, addons, WASM, SBOMs, signatures - Every organization that uses Kubernetes has the infrastructure needed to store and distribute OCI artifacts (you can’t run Kubernetes without a container registry).
  • 5. Flux: GitOps Workflow In the typical GitOps workflow, the Kubernetes clusters must pull the configs from Git and the container images from a registry.
  • 6. Flux: CI/CD Workflow for OCI artifacts Using a container registry for both app container images and deploy configs, simplifies the delivery pipeline.
  • 7. Flux: Source APIs Flux offers interchangeable APIs for defining Git and OCI sources.
  • 8. Flux: OCI support for Kubernetes configs $ flux push artifact oci://ghcr.io/org/my-app-config:1.0.0 --path ./deploy $ cosign sign ghcr.io/org/my-app-config@<digest> --key cosign.key
  • 9. Flux: OCI support for Terraform modules $ flux push artifact oci://docker.io/org/my-app-infra:1.0.0 --path ./infra $ cosign sign docker.io/org/my-app-infra@<digest> --key cosign.key
  • 10. Flux: Push changes to clusters from CI safely The Flux CLI can be used to implement a push-based workflow, where kubectl apply is replaced with flux push.
  • 11. Flux: OCI custom media types The OCI artifacts produced by flux push are of type vnd.cncf.flux and they contain information about the origin Git repository and the Git commit SHA.
  • 12. Flux: OCI support for Helm charts $ helm push my-app-1.0.0.tgz oci://<id>.dkr.ecr.amazonws.com/charts $ cosign sign oci://<id>.dkr.ecr.amazonws.com/charts/my-app@<digest>
  • 13. Flux: Benefits of OCI compared to Git ● Images, configuration and signatures in one place ● Registries have (often) higher availability ● OCI registries are API based, Git not so much ● Regional traffic saves you 💰 ● Passwordless authentication ● Keyless integrity verification
  • 14. Flux: (contextual) authentication towards registries Git - Secret with a SSH key or basic authentication token OCI - Kubernetes Workload Identity attached to controller’s Service Account - Image pull secrets attached to a referenced Service Account - Secret reference with a Docker config Easier to manage, fine-grain access control, better integrated with Kubernetes and cloud providers.
  • 15. Flux: Integrity verification of (OCI) Sources Keyless verification, instead of hard to manage identities. Git - OpenPGP signatures - Eventually[1] : SSH signatures OCI - Sigstore Cosign (OpenSSF) - Soon[2] : Notation (CNCF) [1]: https://github.com/go-git/go-git/pull/705 [2]: https://github.com/fluxcd/source-controller/issues/1072
  • 16. Flux: Scenarios where OCI may be a better fit than Git - When the Git repository does not contain the final Kubernetes manifests. For example, using CUE, Jsonnet or any other tool that generates YAML resources. - At the edge, due to reduced resource usage. - Isolated systems with limited network access. As images are in many cases easier to mirror than Git repositories. - Version based production systems. - Local development environments.
  • 17. Flux: OCI resources - OCIRepository specification: https://fluxcd.io/flux/components/source/ocirepositories/ - HelmRepository OCI specification: https://fluxcd.io/flux/components/source/helmrepositories/#helm-oci-repository - OCI cheatsheet: https://fluxcd.io/flux/cheatsheets/oci-artifacts/ - flux-local-dev: https://github.com/stefanprodan/flux-local-dev - flux-aio: https://github.com/stefanprodan/flux-aio
  • 18. Flux: Demo time 🎉 Spinning up a local dev environment for Flux using Kubernetes Kind and Docker OSS Registry https://github.com/stefanprodan/flux-local-dev
  • 19. Closing and final questions Thank you for your time 🙇 We will be happy to answer any question you may have.