SlideShare a Scribd company logo

Rejekts 24 EU No GitOps Pain, No Platform Gain

Ł
Łukasz Piątkowski

Presentation about challenges with building a GitOps managed kubernetes platform for fleets of clusters.

Software
1 of 32
Download to read offline
No GitOps Pain, No Platform Gain: Day 2 Challenges of Managing Kubernetes Fleets with GitOps Cloud Native Rejekts March 18th 2024
About me Hi, I’m Łukasz Piątkowski, PhD ● Working as Platform Architect at https://giantswarm.io ● 7+ years with Kubernetes in production ● Working with a team responsible for Developer Experience and internal application management platform ● Heavy GitOps user ● Tinkering with everything: electronics, home automation, coffee machines and woodworking Find me here (very limited ‘social media’ activity): ● https://tailored.cloud/ ● https://twitter.com/piontec
Intro Platform GitOps Fleet You are here
Intro Platform GitOps Fleet You are here PAIN
GitOps driven platform GitOps Everything (configuration, deployments, environments, …) has to come from a repository. Platform Make Dev and Ops folks lives easier by providing a set of tools that allow them to build, configure, deploy and manage applications easily™. Focus on this
Fleet management
Fleet management
Git is cool
Not this. Let’s keep it out of scope…
What’s hard? And why? Day 2 problems ● Repository layout ○ Security ○ Isolation ○ Extensibility - your customers want it too ○ DRY ● Migrations - moving stuff around ● Honorable mention ○ Automated upgrades ○ Understanding an impact of your change ○ Performance ○ Complexity Core of your setup - has to be future-proof
How do we deal with it?
How do we deal with it?
Repository layout Three main approaches to configuration structure (for example: ‘dev’, ‘staging’, ‘prod’) ● By directory ○ Good: 1 branch, consistent global changes ○ Bad: permissions, sharing with multiple tenants ● By branch ○ Good: the ‘dev’ branch is exactly what you have in your ‘dev’ environment ○ Bad: permissions, doing the same change for different environments (branches), change propagation can be tricky ● By repo ○ Good: permissions, isolation ○ Bad: consistent changes
What’s our choice?
What’s our choice?
Why all? Our opinionated approach ● Multiple repos - to isolate tenants and to share a common base (DRY) ● Multiple branches - to provide stuff like a feature freeze ● Multiple directories - to manage clusters
Repos Structure Can be public*
Benefits ● For us ○ DRY configuration ○ Isolation of customers’ installations ○ Exposing extension points ● For platform teams ○ Bases to start the platform with ○ Flexibility to add/modify/enforce own bases ● For developers ○ Easy onboarding and configuration of projects across multiple clusters - the platform! We can’t satisfy all the needs - customers’ platform team’s knowledge is essential! No need to start the platform from scratch
Tools Why we chose Flux? ● Solves some issues right away ○ Helps with security (secrets encryption) ○ Has auto update strategies ● Full native API ● Very well-designed ● Offers tools useful in structuring your repositories ○ Using remote repos But let’s not focus on tools.
Example apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://github.com/giantswarm/management-cluster-bases/bases/provider/capa/flux-v2?ref=main - https://github.com/giantswarm/management-cluster-bases/bases/provider/eks/helmrelease/?ref=main - configmap-management-cluster-metadata.yaml - age-secret-keys.yaml patches: - path: https://raw.githubusercontent.com/giantswarm/management-cluster-bases/main/extras/vaultless/patch.yaml - target: { kind: Kustomization, name: collection, namespace: flux-giantswarm } path: ../../bases/patches/collection-patch-for-aac.yaml - target: { kind: GitRepository, name: management-clusters-fleet } patch: |- - op: add path: /metadata/annotations/repo-source value: https://github.com/giantswarm/mcs Repo: mcs; Branch: main; Path: management_clusters -> mc1 -> kustomization.yaml
What’s hard? And why? Day 2 problems ● Repository layout ○ Security ○ Isolation ○ Extensibility - your customers want it too ○ DRY ● Migrations - moving stuff around ● Honorable mention ○ Automated upgrades ○ Understanding an impact of your change ○ Performance ○ Complexity Core of your setup - has to be future-proof
More problems ● Refactoring and migrations ○ General approach ■ suspend target objects ■ if needed, suspend gitops controller ■ move stuff (across dirs, repos, branches) ■ resume everything in reverse order ○ Worked for us on multiple occasions
More problems ● Refactoring and migrations ○ General approach ■ suspend target objects ■ if needed, suspend gitops controller ■ move stuff (across dirs, repos, branches) ■ resume everything in reverse order ○ Worked for us on multiple occasions ● Pruning ○ Flux allows setting prune: True for K8s objects it manages
Pruning ● Commit-1 ● Commit-2 apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yaml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml - ../bases/apps/external-secrets/operator apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml
Pruning
Pruning ● Commit-1 ● Commit-2 apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yaml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml - ../bases/apps/external-secrets/operator apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml
Actual footage of our test cluster named ‘grizzly’
What’s hard? And why? Day 2 problems ● Repository layout ○ Security ○ Isolation ○ Extensibility - your customers want it too ○ DRY ● Migrations - moving stuff around ● Honorable mention ○ Automated upgrades ○ Understanding an impact of your change ○ Performance ○ Complexity Core of your setup - has to be future-proof
Other problems ● It’s hard to tell what impact will a change in one of the repositories have on the final configuration ○ You can render kustomizations locally ■ But remote references are a problem ○ We need better tools to preview and evaluate a change ● Complexity can build up quickly: layers of configuration, YAML over YAML patched with YAML ● Performance: think twice before you set a really low reconciliation period for hundreds of resources ○ Overall, Flux’s performance is great, just don’t overdo it
Summary ● Platforms are big and can be complex, but remember: the end goal is to make (Dev)Ops faster and happier ● GitOps is great ○ Your configuration git repo is your core: plan carefully, think about your use cases ○ It’s easier to get started with a future-proof structure than to do migrations on live production systems ● Know your tools inside-out, so you know what’s possible, what’s not, and how they really work
Links ● https://fluxcd.io/ ● A set of examples for structuring more complex GitOps repositories ○ https://github.com/giantswarm/gitops-template ● Our real bases used for managing the platform ○ https://github.com/giantswarm/management-clust er-bases/ ● Completely free Kubernetes cluster with flux to get started with GitOps ○ https://github.com/piontec/free-oci-kubernetes
Any questions?

Recommended

Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
My "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsMy "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails Projects
GR8Conf
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?
Weaveworks
 
WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?
All Things Open
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Flux is incubating + the road ahead
Flux is incubating + the road aheadFlux is incubating + the road ahead
Flux is incubating + the road ahead
LibbySchulze
 
gitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdfgitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdf
saraichiba2
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
sparkfabrik
 

Recommended

Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
My "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsMy "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails Projects
GR8Conf
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?
Weaveworks
 
WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?
All Things Open
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Flux is incubating + the road ahead
Flux is incubating + the road aheadFlux is incubating + the road ahead
Flux is incubating + the road ahead
LibbySchulze
 
gitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdfgitopsthekubernetesway-201026090439.pdf
gitopsthekubernetesway-201026090439.pdf
saraichiba2
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
sparkfabrik
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
Jérémy Wimsingues
 
Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023
Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023
Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023
Prasta Maha
 
GitOps Core Concepts & Ways of Structuring Your Repos
GitOps Core Concepts & Ways of Structuring Your ReposGitOps Core Concepts & Ways of Structuring Your Repos
GitOps Core Concepts & Ways of Structuring Your Repos
Weaveworks
 
Integrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsIntegrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperations
Luca Mazzaferro
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
Weaveworks
 
Configuration Management for the Cloud Native world with GitOps and Helm - To...
Configuration Management for the Cloud Native world with GitOps and Helm - To...Configuration Management for the Cloud Native world with GitOps and Helm - To...
Configuration Management for the Cloud Native world with GitOps and Helm - To...
PROIDEA
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)
Joel W. King
 
Microservices development at scale
Microservices development at scaleMicroservices development at scale
Microservices development at scale
Vishal Banthia
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and flux
LibbySchulze1
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps Workshop
Weaveworks
 
Config management for kubernetes: GitOps + Helm
Config management for kubernetes: GitOps + HelmConfig management for kubernetes: GitOps + Helm
Config management for kubernetes: GitOps + Helm
Tomasz Tarczyński
 
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Cloud Native Day Tel Aviv
 
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
Reconcile Terraform Resources the GitOps Way with Priyanka RaviReconcile Terraform Resources the GitOps Way with Priyanka Ravi
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
Weaveworks
 
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
Cloud Native NoVA
 
Microservices Development Process at Predix.io
Microservices Development Process at Predix.ioMicroservices Development Process at Predix.io
Microservices Development Process at Predix.io
Constantine Grigel
 
GitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka RaviGitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka Ravi
Weaveworks
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
Gitlab ci e kubernetes, build test and deploy your projects like a pro
Gitlab ci e kubernetes, build test and deploy your projects like a proGitlab ci e kubernetes, build test and deploy your projects like a pro
Gitlab ci e kubernetes, build test and deploy your projects like a pro
sparkfabrik
 
How to build a tool for operating Flink on Kubernetes
How to build a tool for operating Flink on KubernetesHow to build a tool for operating Flink on Kubernetes
How to build a tool for operating Flink on Kubernetes
AndreaMedeghini
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
SelfMade bd
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2
 

More Related Content

Similar to Rejekts 24 EU No GitOps Pain, No Platform Gain

GitOps Core Concepts & Ways of Structuring Your Repos
GitOps Core Concepts & Ways of Structuring Your ReposGitOps Core Concepts & Ways of Structuring Your Repos
GitOps Core Concepts & Ways of Structuring Your Repos
Weaveworks
 
Configuration Management for the Cloud Native world with GitOps and Helm - To...
Configuration Management for the Cloud Native world with GitOps and Helm - To...Configuration Management for the Cloud Native world with GitOps and Helm - To...
Configuration Management for the Cloud Native world with GitOps and Helm - To...
PROIDEA
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps Workshop
Weaveworks
 
Config management for kubernetes: GitOps + Helm
Config management for kubernetes: GitOps + HelmConfig management for kubernetes: GitOps + Helm
Config management for kubernetes: GitOps + Helm
Tomasz Tarczyński
 
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Cloud Native Day Tel Aviv
 
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
Reconcile Terraform Resources the GitOps Way with Priyanka RaviReconcile Terraform Resources the GitOps Way with Priyanka Ravi
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
Weaveworks
 
GitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka RaviGitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka Ravi
Weaveworks
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
Weaveworks
 

Similar to Rejekts 24 EU No GitOps Pain, No Platform Gain (20)

Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023
Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023
Kubernetes & Cloud Native Indonesia X BukaMeetup - Feb 2023
 
GitOps Core Concepts & Ways of Structuring Your Repos
GitOps Core Concepts & Ways of Structuring Your ReposGitOps Core Concepts & Ways of Structuring Your Repos
GitOps Core Concepts & Ways of Structuring Your Repos
 
Integrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsIntegrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperations
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
 
Configuration Management for the Cloud Native world with GitOps and Helm - To...
Configuration Management for the Cloud Native world with GitOps and Helm - To...Configuration Management for the Cloud Native world with GitOps and Helm - To...
Configuration Management for the Cloud Native world with GitOps and Helm - To...
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
 
Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)
 
Microservices development at scale
Microservices development at scaleMicroservices development at scale
Microservices development at scale
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and flux
 
Free GitOps Workshop
Free GitOps WorkshopFree GitOps Workshop
Free GitOps Workshop
 
Config management for kubernetes: GitOps + Helm
Config management for kubernetes: GitOps + HelmConfig management for kubernetes: GitOps + Helm
Config management for kubernetes: GitOps + Helm
 
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
 
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
Reconcile Terraform Resources the GitOps Way with Priyanka RaviReconcile Terraform Resources the GitOps Way with Priyanka Ravi
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
 
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
 
Microservices Development Process at Predix.io
Microservices Development Process at Predix.ioMicroservices Development Process at Predix.io
Microservices Development Process at Predix.io
 
GitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka RaviGitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka Ravi
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
Gitlab ci e kubernetes, build test and deploy your projects like a pro
Gitlab ci e kubernetes, build test and deploy your projects like a proGitlab ci e kubernetes, build test and deploy your projects like a pro
Gitlab ci e kubernetes, build test and deploy your projects like a pro
 
How to build a tool for operating Flink on Kubernetes
How to build a tool for operating Flink on KubernetesHow to build a tool for operating Flink on Kubernetes
How to build a tool for operating Flink on Kubernetes
 

Recently uploaded

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Recently uploaded (20)

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 

Rejekts 24 EU No GitOps Pain, No Platform Gain

  • 1. No GitOps Pain, No Platform Gain: Day 2 Challenges of Managing Kubernetes Fleets with GitOps Cloud Native Rejekts March 18th 2024
  • 2. About me Hi, I’m Łukasz Piątkowski, PhD ● Working as Platform Architect at https://giantswarm.io ● 7+ years with Kubernetes in production ● Working with a team responsible for Developer Experience and internal application management platform ● Heavy GitOps user ● Tinkering with everything: electronics, home automation, coffee machines and woodworking Find me here (very limited ‘social media’ activity): ● https://tailored.cloud/ ● https://twitter.com/piontec
  • 5. GitOps driven platform GitOps Everything (configuration, deployments, environments, …) has to come from a repository. Platform Make Dev and Ops folks lives easier by providing a set of tools that allow them to build, configure, deploy and manage applications easily™. Focus on this
  • 9. Not this. Let’s keep it out of scope…
  • 10. What’s hard? And why? Day 2 problems ● Repository layout ○ Security ○ Isolation ○ Extensibility - your customers want it too ○ DRY ● Migrations - moving stuff around ● Honorable mention ○ Automated upgrades ○ Understanding an impact of your change ○ Performance ○ Complexity Core of your setup - has to be future-proof
  • 11. How do we deal with it?
  • 12. How do we deal with it?
  • 13. Repository layout Three main approaches to configuration structure (for example: ‘dev’, ‘staging’, ‘prod’) ● By directory ○ Good: 1 branch, consistent global changes ○ Bad: permissions, sharing with multiple tenants ● By branch ○ Good: the ‘dev’ branch is exactly what you have in your ‘dev’ environment ○ Bad: permissions, doing the same change for different environments (branches), change propagation can be tricky ● By repo ○ Good: permissions, isolation ○ Bad: consistent changes
  • 16. Why all? Our opinionated approach ● Multiple repos - to isolate tenants and to share a common base (DRY) ● Multiple branches - to provide stuff like a feature freeze ● Multiple directories - to manage clusters
  • 18. Benefits ● For us ○ DRY configuration ○ Isolation of customers’ installations ○ Exposing extension points ● For platform teams ○ Bases to start the platform with ○ Flexibility to add/modify/enforce own bases ● For developers ○ Easy onboarding and configuration of projects across multiple clusters - the platform! We can’t satisfy all the needs - customers’ platform team’s knowledge is essential! No need to start the platform from scratch
  • 19. Tools Why we chose Flux? ● Solves some issues right away ○ Helps with security (secrets encryption) ○ Has auto update strategies ● Full native API ● Very well-designed ● Offers tools useful in structuring your repositories ○ Using remote repos But let’s not focus on tools.
  • 20. Example apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://github.com/giantswarm/management-cluster-bases/bases/provider/capa/flux-v2?ref=main - https://github.com/giantswarm/management-cluster-bases/bases/provider/eks/helmrelease/?ref=main - configmap-management-cluster-metadata.yaml - age-secret-keys.yaml patches: - path: https://raw.githubusercontent.com/giantswarm/management-cluster-bases/main/extras/vaultless/patch.yaml - target: { kind: Kustomization, name: collection, namespace: flux-giantswarm } path: ../../bases/patches/collection-patch-for-aac.yaml - target: { kind: GitRepository, name: management-clusters-fleet } patch: |- - op: add path: /metadata/annotations/repo-source value: https://github.com/giantswarm/mcs Repo: mcs; Branch: main; Path: management_clusters -> mc1 -> kustomization.yaml
  • 21. What’s hard? And why? Day 2 problems ● Repository layout ○ Security ○ Isolation ○ Extensibility - your customers want it too ○ DRY ● Migrations - moving stuff around ● Honorable mention ○ Automated upgrades ○ Understanding an impact of your change ○ Performance ○ Complexity Core of your setup - has to be future-proof
  • 22. More problems ● Refactoring and migrations ○ General approach ■ suspend target objects ■ if needed, suspend gitops controller ■ move stuff (across dirs, repos, branches) ■ resume everything in reverse order ○ Worked for us on multiple occasions
  • 23. More problems ● Refactoring and migrations ○ General approach ■ suspend target objects ■ if needed, suspend gitops controller ■ move stuff (across dirs, repos, branches) ■ resume everything in reverse order ○ Worked for us on multiple occasions ● Pruning ○ Flux allows setting prune: True for K8s objects it manages
  • 24. Pruning ● Commit-1 ● Commit-2 apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yaml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml - ../bases/apps/external-secrets/operator apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml
  • 26. Pruning ● Commit-1 ● Commit-2 apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yaml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml - ../bases/apps/external-secrets/operator apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://myrepo.github.com/awesome/bases/capi-cluster/capi-cluster.yml - https://myrepo.github.com/awesome/bases/apps/grafana.yaml
  • 27. Actual footage of our test cluster named ‘grizzly’
  • 28. What’s hard? And why? Day 2 problems ● Repository layout ○ Security ○ Isolation ○ Extensibility - your customers want it too ○ DRY ● Migrations - moving stuff around ● Honorable mention ○ Automated upgrades ○ Understanding an impact of your change ○ Performance ○ Complexity Core of your setup - has to be future-proof
  • 29. Other problems ● It’s hard to tell what impact will a change in one of the repositories have on the final configuration ○ You can render kustomizations locally ■ But remote references are a problem ○ We need better tools to preview and evaluate a change ● Complexity can build up quickly: layers of configuration, YAML over YAML patched with YAML ● Performance: think twice before you set a really low reconciliation period for hundreds of resources ○ Overall, Flux’s performance is great, just don’t overdo it
  • 30. Summary ● Platforms are big and can be complex, but remember: the end goal is to make (Dev)Ops faster and happier ● GitOps is great ○ Your configuration git repo is your core: plan carefully, think about your use cases ○ It’s easier to get started with a future-proof structure than to do migrations on live production systems ● Know your tools inside-out, so you know what’s possible, what’s not, and how they really work
  • 31. Links ● https://fluxcd.io/ ● A set of examples for structuring more complex GitOps repositories ○ https://github.com/giantswarm/gitops-template ● Our real bases used for managing the platform ○ https://github.com/giantswarm/management-clust er-bases/ ● Completely free Kubernetes cluster with flux to get started with GitOps ○ https://github.com/piontec/free-oci-kubernetes