sparkfabrik, profile picture
Uploaded bysparkfabrik
PDF, PPTX55 views

20231129 - Platform @ localhost 2023 - Application-driven infrastructure with Crossplane

This document discusses application-driven infrastructure using Crossplane. It introduces Crossplane as a Kubernetes-native framework that allows platform teams to assemble infrastructure from multiple vendors and expose higher-level APIs. This enables development teams to consume infrastructure services without having to write custom code. Crossplane uses the concepts of providers, managed resources, and composite resources to map external services to Kubernetes and provide opinionated APIs through self-service resources. It aims to simplify infrastructure provisioning and management for both platform and application teams.

Embed presentation

Download as PDF, PPTX
APPLICATION-DRIVEN INFRASTRUCTURE WITH CROSSPLANE
Daniele Monti ➔ GitHub: https://github.com/Monska85 ➔ Twitter: @danielemonti ➔ Linkedin: danielemonti1985 Platform Engineer @ SparkFabrik
DEVOPS AND SHIFT LEFT PRINCIPLES
“DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and to provide continuous delivery with high software quality.” https://www.dynatrace.com/news/blog/what-is-shift-left-and-what-is-shift-right/
“The shift left approach consists in pushing the beginning of the quality related tasks at earlier stages of the software lifecycle. Shift left as a principle was created thinking about testing, but now it involves also other disciplines such as security and deployment.”
SHIFT LEFT LIFECYCLE Quality related tasks ➔ This approach reduces risk since many issues are addressed long before the release ➔ Releases can be made more quickly and with better quality ➔ Earlier tests ensure most problems are caught much earlier, when they are easier to debug and fix (less problem detection, more problem prevention) ➔ More reliable estimations of effort and resources Software lifecycle
Security concepts must be introduced in the early stages, so the entire application development workflow will follow defined security standards. This prevents code rewritings close to the deployment and leaves only minor security fixes for the production checks. SHIFT LEFT SECURITY DevSecOps
The supply chain attack is the current challenge in the security industry. Introducing checks about the third party software in early stages prevents wrong assumptions on what our software can include or not. We can also automate the signing of our artifacts, the production of signed SBOMs and the execution of SAST checks to improve our security posture. SHIFT LEFT SECURITY Supply chain
SHIFT LEFT COSTS This graph is based on the data taken from The Economic Impacts of Inadequate Infrastructure for Software Testing, National Institute of Standards and Technology (NIST) report. Read the entire document here.
SHIFT RIGHT COMPLEMENTS TO SHIFT LEFT Shift right is not the opposite of shift left! It takes place in the production environment. The unexpected behaviour and the performance analysis will produce more value in the production environment. The continuous deployment of small changes and the monitoring of the system are the best practices used in this stage. The chaos engineering is the discipline of testing resilience of the system in the production environment.
➔ Shift left spreads the QA tests during the entire process ➔ Shift left is not only related to software testing: security aspects, for example, must be one of the pillars of your development ➔ The automation of these tasks is mandatory ➔ Having less problem detection and more problem prevention has an high impact on the costs ➔ Shift right complements the shift left TO SUM UP:
YOU BUILD IT, YOU RUN IT. 2006 - Werner Vogels, CTO and vice president of Amazon Web Services
Cloud native model “Giving developers operational responsibilities has greatly enhanced the quality of the services, both from a customer and a technology point of view.” - A conversation with Werner Vogels The old model of throwing the artifact over the wall of confusion1 and then forgetting about it is no more suitable in the cloud native model. 1. The “Wall of Confusion” is a DevOps term popularized by Andrew Clay Schafer (AgileRoots 2009 ~17:00 mark) and Lee Thompson (Dev2Ops Interview). It refers to the phenomena where one group in a value stream approaches their job as complete when they’ve passed it onto the next group. Ops for Dev
INFRASTRUCTURE AS CODE & PLATFORM ENGINEERING
INFRASTRUCTURE AS CODE ● Easier to read, maintain and distribute ● Consistent over time: each deployment has the same configuration ● Reusable code (modules) and cost efficient ● Automation (no human errors) ● Self documented ● Versioned
GCP Deployment Manager AWS CloudFormation AZURE Resource Manager ... INFRASTRUCTURE AS CODE
Foundations guarantee the highest value to open source projects
INFRASTRUCTURE AS CODE
IAC TERRAFORM EXAMPLES
IaC & PLATFORM ENGINEERING IAC TERRAFORM EXAMPLES
PLATFORM ENGINEERING Cloud Services Organization Best practices Policies Security models Platform Dev team Dev team Dev team
THE PLATFORM The scope of The Platform is to expose a simply way (API) to obtain a piece of infrastructure or a service encapsulating all the organization rules. The Platform offers a simple access to a complex set of resources.
THE PLATFORM INTERACTION MODES There are only three ways in which teams should interact: ➔ Collaboration: working together for a defined period of time to discover new things (APIs, practices, technologies, etc.) ➔ X-as-a-Service: one team provides and one team consumes something “as a Service” ➔ Facilitation: one team helps and mentors another team https://teamtopologies.com/key-concepts
THE PLATFORM API Development team needs: “Our new microservice needs a Postgresql database and an S3-like object storage bucket. The microservice will be deployed on K8S” K8S Deployment Bucket DB Instance Database
THE PLATFORM API K8S + TERRAFORM Bucket DB Instance Database K8S Deployment
THE PLATFORM API K8S + TERRAFORM Bucket DB Instance Database 🚨 COGNITIVE LOAD ALERT 🚨 A new tool to learn for the development team. Hard to integrate with a K8S CI/CD pipeline.
THE CLOUD NATIVE CONTROL PLANE FRAMEWORK
THE PLATFORM API THE KUBERNETES WAY Bucket DB Instance Database K8S Deployment
Crossplane is an incubating project in the CNCF landscape. Crossplane enables platform teams to assemble infrastructure from multiple vendors, and exposes higher level self-service APIs for application teams to consume, without having to write any code. Crossplane extends the Kubernetes cluster to support orchestrating any infrastructure or managed service. CROSSPLANE CNCF PROJECT
Providers are the core concept of Crossplane. Providers are Crossplane Packages that bundle a set of Managed Resources and their respective controllers to allow Crossplane to provision the respective infrastructure resources. Each Provider package has its own configuration type, the so colled ProviderConfig. This resource, for example, is used by the provider controller to get the API credentials. CROSSPLANE PROVIDERS
Managed Resources are the mapping between K8S and the external services. A Managed Resource is the Crossplane representation of a resource in an external system. Managed Resources are the building blocks of Crossplane. They are designed to be composed of higher level, opinionated Custom Resources that Crossplane calls Composite Resources or XRs. CROSSPLANE MANAGED RESOURCES
Crossplane is extensible, thanks to its provider model. Anything with an API could be connected to a Kubernetes cluster where Crossplane is running, giving you a CRD representing each resource. This model allows Crossplane to manage infrastructure pieces or services (or whatever) using a specific provider for those resources. https://blog.crossplane.io/providers-101-ordering-pizza-wit h-kubernetes-and-crossplane/ is an awesome example on how Crossplane could manage any API driven service. CROSSPLANE PROVIDER MODEL
THE PLATFORM API THE KUBERNETES WAY Bucket DB Instance Database K8S Deployment
THE PLATFORM API THE KUBERNETES WAY DB Instance Database K8S Deployment Bucket 🚨 COGNITIVE LOAD ALERT 🚨 There are a lot of moving parts and many things to configure, including some properties that should be opinionated by the platform.
Composite Resources are designed to build the platform with the opinionated concepts. The Composite Resources are the way to create the high level API and to leverage Crossplane to create your opinionated platform. With a single YAML manifest, with a small amount of configuration, Crossplane will be able to create all the needed managed resources. CROSSPLANE COMPOSITE RESOURCES
THE PLATFORM API COMPOSITE RESOURCE K8S Deployment External resources
Crossplane uses X as shorthand for Crossplane and Composite. This choice was made to avoid the confusion between the kubernetes resources and the crossplane ones. CROSSPLANE TERMINOLOGY Custom Resource Definition (CRD) Custom Resource (CR) Composite Resource Definition (XRD) Composite Resource (XR)
Composite Resource Definition (XRD) Composite Resource (XR) Define Composition Use Managed Resource Managed Resource Managed Resource Application Application team Platform team
CROSSPLANE K8S CLOSED BOX Crossplane can write all the connection reference as secrets inside the cluster. This is really useful to keep all the data inside the cluster which could be used as a kubernetes secret in the workloads.
➔ Consistency across resources ➔ Application and infrastructure are deployed at the same time ➔ Simple text file human and machine readable ➔ Versioned CROSSPLANE YAML FOR THE WIN
CROSSPLANE DEPLOYMENT STRATEGY
CROSSPLANE DRAWBACKS ➔ The providers are still in development version (0.x.y in semver) ➔ Another tool to maintain ➔ Another set of modules (XRD and Composition) to maintain ➔ Balance between complexity and advantages ➔ Static YAML
CROSSPLANE ALTERNATIVES ➔ Pulumi ➔ Serverless Framework ➔ Terraform ➔ Rancher terraform controller
➔ Offer the dev teams simple APIs to create opinionated services ➔ Platform Engineers should package the organization model into the Platform ➔ Crossplane is a framework to develop a custom platform in the kubernetes way TO SUM UP:
THANK YOU!

More Related Content

PDF
KCD Italy 2022 - Application driven infrastructure with Crossplane
bysparkfabrik
 
PDF
Crossplane Graduation Review related presentation
bykedofef453
 
PDF
Reinventando el CD_ Unificando Aplicaciones e Infraestructura con Crossplane-...
byAlberto Lorenzo
 
PDF
Platform Engineering: Manage your infrastructure using Kubernetes and Crossplane
byAhmed AbouZaid
 
PPTX
Cloud Native Summit 2019 Summary
byEverett Toews
 
PPTX
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
byJAXLondon_Conference
 
PPTX
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
byDaniel Bryant
 
PDF
KubeCon NA - 2021 Tools That I Wish Existed 3 Years Ago To Build a SaaS Offering
byMauricio (Salaboy) Salatino
 
KCD Italy 2022 - Application driven infrastructure with Crossplane
bysparkfabrik
 
Crossplane Graduation Review related presentation
bykedofef453
 
Reinventando el CD_ Unificando Aplicaciones e Infraestructura con Crossplane-...
byAlberto Lorenzo
 
Platform Engineering: Manage your infrastructure using Kubernetes and Crossplane
byAhmed AbouZaid
 
Cloud Native Summit 2019 Summary
byEverett Toews
 
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
byJAXLondon_Conference
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
byDaniel Bryant
 
KubeCon NA - 2021 Tools That I Wish Existed 3 Years Ago To Build a SaaS Offering
byMauricio (Salaboy) Salatino
 

Similar to 20231129 - Platform @ localhost 2023 - Application-driven infrastructure with Crossplane

PPTX
AWS Student Community Day 2025 - IaC -Platform Eng -AI.pptx
byAlejandro Velez
 
PDF
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
byDatabricks
 
PDF
DevOps Roadmap for freshers great guide.pdf
byDeepakD598039
 
PDF
Unlocking the Cloud Operating Model
byMitchell Pronschinske
 
PDF
DevOps-Roadmap
byBnhNguynHuy1
 
PPTX
The Journey of IT – Mainframe to Serverless
bysoumyapaul29
 
PPTX
Frequently Used Terms in Data Centers
byHTS Hosting
 
PDF
Getting Started with Infrastructure-as-Code
byAll Things Open
 
PPTX
Solution day : Running infrastructure like a cloud speed and agile
byPT Datacomm Diangraha
 
PDF
Presentation ING for ISC2 Secure Summits EMEA
byThijs Ebbers
 
PPTX
Crossplane – a new IaC c player with a GitOps approach
byVolodymyr Shynkar
 
PPTX
ThatConference 2016 - Highly Available Node.js
byBrad Williams
 
PDF
How to Design a Backend for IoT
byİbrahim Gürses
 
PDF
An agile approach to cloud infrastructure
byRichard Seroter
 
PDF
Meetup: Platform-as-a-Service / Cloud Foundry
byTipico / Booxware
 
PPTX
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
byDaniel Bryant
 
PDF
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
byAppDynamics
 
PPTX
Docker, Microservices, and the Service Mesh
byTony Pujals
 
PDF
Devopsdays State of the Union Amsterdam 2014
byJohn Willis
 
PDF
Leveraging Automation for a Disposable Infrastructure
byMike Fowler
 
AWS Student Community Day 2025 - IaC -Platform Eng -AI.pptx
byAlejandro Velez
 
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
byDatabricks
 
DevOps Roadmap for freshers great guide.pdf
byDeepakD598039
 
Unlocking the Cloud Operating Model
byMitchell Pronschinske
 
DevOps-Roadmap
byBnhNguynHuy1
 
The Journey of IT – Mainframe to Serverless
bysoumyapaul29
 
Frequently Used Terms in Data Centers
byHTS Hosting
 
Getting Started with Infrastructure-as-Code
byAll Things Open
 
Solution day : Running infrastructure like a cloud speed and agile
byPT Datacomm Diangraha
 
Presentation ING for ISC2 Secure Summits EMEA
byThijs Ebbers
 
Crossplane – a new IaC c player with a GitOps approach
byVolodymyr Shynkar
 
ThatConference 2016 - Highly Available Node.js
byBrad Williams
 
How to Design a Backend for IoT
byİbrahim Gürses
 
An agile approach to cloud infrastructure
byRichard Seroter
 
Meetup: Platform-as-a-Service / Cloud Foundry
byTipico / Booxware
 
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
byDaniel Bryant
 
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
byAppDynamics
 
Docker, Microservices, and the Service Mesh
byTony Pujals
 
Devopsdays State of the Union Amsterdam 2014
byJohn Willis
 
Leveraging Automation for a Disposable Infrastructure
byMike Fowler
 

More from sparkfabrik

PDF
Progettare e sviluppare soluzioni serverless con AWS
bysparkfabrik
 
PDF
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
bysparkfabrik
 
PDF
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
PDF
Talks on my machine: Drupal: AI e Typesense come integrare la ricerca semantica
bysparkfabrik
 
PDF
Drupal 10: un framework PHP di sviluppo Cloud Native moderno
bysparkfabrik
 
PPTX
From React to React Native - Things I wish I knew when I started
bysparkfabrik
 
PDF
Talks on my machine: Drupal CMS versus The Cool Kids
bysparkfabrik
 
PDF
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
bysparkfabrik
 
PDF
Talks on my machine: Drupal, Storybook e SDC
bysparkfabrik
 
PDF
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
bysparkfabrik
 
PPTX
Do you know what your Drupal is doing_ Observe it!
bysparkfabrik
 
PDF
Come Drupal costruisce le tue pagine
bysparkfabrik
 
PDF
Headless Drupal: A modern approach to (micro)services and APIs
bysparkfabrik
 
PDF
UX e Web sostenibile (UXday 2023).pdf
bysparkfabrik
 
PDF
2023 - TAC23 - Agile HR - Racconti dal fronte
bysparkfabrik
 
PDF
What is the Secure Supply Chain and the Current State of the PHP Ecosystem
bysparkfabrik
 
PDF
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
bysparkfabrik
 
PDF
Deep dive nella supply chain della nostra infrastruttura cloud
bysparkfabrik
 
PDF
2023 - Drupalcon - How Drupal builds your pages
bysparkfabrik
 
PDF
IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirt
bysparkfabrik
 
Progettare e sviluppare soluzioni serverless con AWS
bysparkfabrik
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
bysparkfabrik
 
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
Talks on my machine: Drupal: AI e Typesense come integrare la ricerca semantica
bysparkfabrik
 
Drupal 10: un framework PHP di sviluppo Cloud Native moderno
bysparkfabrik
 
From React to React Native - Things I wish I knew when I started
bysparkfabrik
 
Talks on my machine: Drupal CMS versus The Cool Kids
bysparkfabrik
 
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
bysparkfabrik
 
Talks on my machine: Drupal, Storybook e SDC
bysparkfabrik
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
bysparkfabrik
 
Do you know what your Drupal is doing_ Observe it!
bysparkfabrik
 
Come Drupal costruisce le tue pagine
bysparkfabrik
 
Headless Drupal: A modern approach to (micro)services and APIs
bysparkfabrik
 
UX e Web sostenibile (UXday 2023).pdf
bysparkfabrik
 
2023 - TAC23 - Agile HR - Racconti dal fronte
bysparkfabrik
 
What is the Secure Supply Chain and the Current State of the PHP Ecosystem
bysparkfabrik
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
bysparkfabrik
 
Deep dive nella supply chain della nostra infrastruttura cloud
bysparkfabrik
 
2023 - Drupalcon - How Drupal builds your pages
bysparkfabrik
 
IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirt
bysparkfabrik
 

Recently uploaded

PDF
One Agent to Rule Them All - The Fellowship of AI Agents
byIvo Andreev
 
PDF
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
PDF
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
PDF
Coding Assessment Tools .pdf
byCodexpro
 
PPTX
Code Assessment Tools .pptx
byCodexpro
 
PDF
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
PDF
Solved First Semester B.C.A. C Programming Question Paper – Jan/Feb 2025
byKuvempu University
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PDF
Using Agentic RAG for Research - Demonstration of NotebookLM
byRathish Chandra Gatti,Ph.D
 
PDF
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
PPTX
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
PPTX
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PDF
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
PPTX
Custom chat gpt integration services.pptx
byChetu
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PDF
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 
PPTX
Membershipanywhere - Digital Membership Card - USA , Canada, Australia.pptx
bymembershipanywhere
 
PPTX
List on Python Programming Language.pptx
byRICHARDALONSAGAY1
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
One Agent to Rule Them All - The Fellowship of AI Agents
byIvo Andreev
 
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
Coding Assessment Tools .pdf
byCodexpro
 
Code Assessment Tools .pptx
byCodexpro
 
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
Solved First Semester B.C.A. C Programming Question Paper – Jan/Feb 2025
byKuvempu University
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
Using Agentic RAG for Research - Demonstration of NotebookLM
byRathish Chandra Gatti,Ph.D
 
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
application security presentation 2 by harman
byharmanideapad
 
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
Custom chat gpt integration services.pptx
byChetu
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 
Membershipanywhere - Digital Membership Card - USA , Canada, Australia.pptx
bymembershipanywhere
 
List on Python Programming Language.pptx
byRICHARDALONSAGAY1
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 

20231129 - Platform @ localhost 2023 - Application-driven infrastructure with Crossplane

  • 1.
  • 2.
    Daniele Monti ➔ GitHub:https://github.com/Monska85 ➔ Twitter: @danielemonti ➔ Linkedin: danielemonti1985 Platform Engineer @ SparkFabrik
  • 3.
    DEVOPS AND SHIFTLEFT PRINCIPLES
  • 4.
    “DevOps is aset of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and to provide continuous delivery with high software quality.” https://www.dynatrace.com/news/blog/what-is-shift-left-and-what-is-shift-right/
  • 5.
    “The shift leftapproach consists in pushing the beginning of the quality related tasks at earlier stages of the software lifecycle. Shift left as a principle was created thinking about testing, but now it involves also other disciplines such as security and deployment.”
  • 6.
    SHIFT LEFT LIFECYCLE Quality relatedtasks ➔ This approach reduces risk since many issues are addressed long before the release ➔ Releases can be made more quickly and with better quality ➔ Earlier tests ensure most problems are caught much earlier, when they are easier to debug and fix (less problem detection, more problem prevention) ➔ More reliable estimations of effort and resources Software lifecycle
  • 7.
    Security concepts mustbe introduced in the early stages, so the entire application development workflow will follow defined security standards. This prevents code rewritings close to the deployment and leaves only minor security fixes for the production checks. SHIFT LEFT SECURITY DevSecOps
  • 8.
    The supply chainattack is the current challenge in the security industry. Introducing checks about the third party software in early stages prevents wrong assumptions on what our software can include or not. We can also automate the signing of our artifacts, the production of signed SBOMs and the execution of SAST checks to improve our security posture. SHIFT LEFT SECURITY Supply chain
  • 9.
    SHIFT LEFT COSTS This graphis based on the data taken from The Economic Impacts of Inadequate Infrastructure for Software Testing, National Institute of Standards and Technology (NIST) report. Read the entire document here.
  • 10.
    SHIFT RIGHT COMPLEMENTS TO SHIFTLEFT Shift right is not the opposite of shift left! It takes place in the production environment. The unexpected behaviour and the performance analysis will produce more value in the production environment. The continuous deployment of small changes and the monitoring of the system are the best practices used in this stage. The chaos engineering is the discipline of testing resilience of the system in the production environment.
  • 11.
    ➔ Shift leftspreads the QA tests during the entire process ➔ Shift left is not only related to software testing: security aspects, for example, must be one of the pillars of your development ➔ The automation of these tasks is mandatory ➔ Having less problem detection and more problem prevention has an high impact on the costs ➔ Shift right complements the shift left TO SUM UP:
  • 12.
    YOU BUILD IT,YOU RUN IT. 2006 - Werner Vogels, CTO and vice president of Amazon Web Services
  • 13.
    Cloud native model “Giving developersoperational responsibilities has greatly enhanced the quality of the services, both from a customer and a technology point of view.” - A conversation with Werner Vogels The old model of throwing the artifact over the wall of confusion1 and then forgetting about it is no more suitable in the cloud native model. 1. The “Wall of Confusion” is a DevOps term popularized by Andrew Clay Schafer (AgileRoots 2009 ~17:00 mark) and Lee Thompson (Dev2Ops Interview). It refers to the phenomena where one group in a value stream approaches their job as complete when they’ve passed it onto the next group. Ops for Dev
  • 14.
    INFRASTRUCTURE AS CODE& PLATFORM ENGINEERING
  • 15.
    INFRASTRUCTURE AS CODE ● Easierto read, maintain and distribute ● Consistent over time: each deployment has the same configuration ● Reusable code (modules) and cost efficient ● Automation (no human errors) ● Self documented ● Versioned
  • 16.
  • 17.
    Foundations guarantee the highestvalue to open source projects
  • 18.
  • 19.
  • 20.
    IaC & PLATFORMENGINEERING IAC TERRAFORM EXAMPLES
  • 21.
  • 22.
    THE PLATFORM The scopeof The Platform is to expose a simply way (API) to obtain a piece of infrastructure or a service encapsulating all the organization rules. The Platform offers a simple access to a complex set of resources.
  • 23.
    THE PLATFORM INTERACTION MODES There areonly three ways in which teams should interact: ➔ Collaboration: working together for a defined period of time to discover new things (APIs, practices, technologies, etc.) ➔ X-as-a-Service: one team provides and one team consumes something “as a Service” ➔ Facilitation: one team helps and mentors another team https://teamtopologies.com/key-concepts
  • 24.
    THE PLATFORM API Development team needs: “Ournew microservice needs a Postgresql database and an S3-like object storage bucket. The microservice will be deployed on K8S” K8S Deployment Bucket DB Instance Database
  • 25.
    THE PLATFORM API K8S + TERRAFORM Bucket DBInstance Database K8S Deployment
  • 26.
    THE PLATFORM API K8S + TERRAFORM Bucket DBInstance Database 🚨 COGNITIVE LOAD ALERT 🚨 A new tool to learn for the development team. Hard to integrate with a K8S CI/CD pipeline.
  • 27.
    THE CLOUD NATIVECONTROL PLANE FRAMEWORK
  • 29.
    THE PLATFORM API THE KUBERNETES WAY Bucket DBInstance Database K8S Deployment
  • 30.
    Crossplane is anincubating project in the CNCF landscape. Crossplane enables platform teams to assemble infrastructure from multiple vendors, and exposes higher level self-service APIs for application teams to consume, without having to write any code. Crossplane extends the Kubernetes cluster to support orchestrating any infrastructure or managed service. CROSSPLANE CNCF PROJECT
  • 31.
    Providers are thecore concept of Crossplane. Providers are Crossplane Packages that bundle a set of Managed Resources and their respective controllers to allow Crossplane to provision the respective infrastructure resources. Each Provider package has its own configuration type, the so colled ProviderConfig. This resource, for example, is used by the provider controller to get the API credentials. CROSSPLANE PROVIDERS
  • 32.
    Managed Resources arethe mapping between K8S and the external services. A Managed Resource is the Crossplane representation of a resource in an external system. Managed Resources are the building blocks of Crossplane. They are designed to be composed of higher level, opinionated Custom Resources that Crossplane calls Composite Resources or XRs. CROSSPLANE MANAGED RESOURCES
  • 33.
    Crossplane is extensible,thanks to its provider model. Anything with an API could be connected to a Kubernetes cluster where Crossplane is running, giving you a CRD representing each resource. This model allows Crossplane to manage infrastructure pieces or services (or whatever) using a specific provider for those resources. https://blog.crossplane.io/providers-101-ordering-pizza-wit h-kubernetes-and-crossplane/ is an awesome example on how Crossplane could manage any API driven service. CROSSPLANE PROVIDER MODEL
  • 34.
    THE PLATFORM API THE KUBERNETES WAY Bucket DBInstance Database K8S Deployment
  • 35.
    THE PLATFORM API THE KUBERNETES WAY DBInstance Database K8S Deployment Bucket 🚨 COGNITIVE LOAD ALERT 🚨 There are a lot of moving parts and many things to configure, including some properties that should be opinionated by the platform.
  • 36.
    Composite Resources aredesigned to build the platform with the opinionated concepts. The Composite Resources are the way to create the high level API and to leverage Crossplane to create your opinionated platform. With a single YAML manifest, with a small amount of configuration, Crossplane will be able to create all the needed managed resources. CROSSPLANE COMPOSITE RESOURCES
  • 37.
  • 38.
    Crossplane uses Xas shorthand for Crossplane and Composite. This choice was made to avoid the confusion between the kubernetes resources and the crossplane ones. CROSSPLANE TERMINOLOGY Custom Resource Definition (CRD) Custom Resource (CR) Composite Resource Definition (XRD) Composite Resource (XR)
  • 39.
    Composite Resource Definition (XRD) CompositeResource (XR) Define Composition Use Managed Resource Managed Resource Managed Resource Application Application team Platform team
  • 40.
    CROSSPLANE K8S CLOSED BOX Crossplanecan write all the connection reference as secrets inside the cluster. This is really useful to keep all the data inside the cluster which could be used as a kubernetes secret in the workloads.
  • 41.
    ➔ Consistency acrossresources ➔ Application and infrastructure are deployed at the same time ➔ Simple text file human and machine readable ➔ Versioned CROSSPLANE YAML FOR THE WIN
  • 42.
  • 43.
    CROSSPLANE DRAWBACKS ➔ The providersare still in development version (0.x.y in semver) ➔ Another tool to maintain ➔ Another set of modules (XRD and Composition) to maintain ➔ Balance between complexity and advantages ➔ Static YAML
  • 44.
    CROSSPLANE ALTERNATIVES ➔ Pulumi ➔ ServerlessFramework ➔ Terraform ➔ Rancher terraform controller
  • 45.
    ➔ Offer thedev teams simple APIs to create opinionated services ➔ Platform Engineers should package the organization model into the Platform ➔ Crossplane is a framework to develop a custom platform in the kubernetes way TO SUM UP:
  • 46.