Join this talk to learn about Azure Service Operator v2. In the first part, we will introduce Azure technologies like Azure Service Operator v2, Azure Workload Identity, and GitOps for Azure Kubernetes Service. We will explain how they are linked together to provision Azure resources from Kubernetes. In the second part, we will then show step-by-step how to deploy an application to Kubernetes together with the needed Azure resources only using Git. So don't miss joining us!

1. YAMLize your infrastructure with the
Azure Service Operator and GitOps
Azure Developer Community Day 2022

2. Who we are
© white duck GmbH 2022
Philip Welz (Senior Kubernetes & DevOps Engineer,
GitLab Hero, CKA, CKAD & CKS)
Twitter: @philip_welz
LinkedIn: https://www.linkedin.com/in/philip-welz
Stefan Kürzeder (Software & DevOps Engineer)
Twitter: @stivik_
LinkedIn: https://www.linkedin.com/in/skuerzeder

3. Agenda
• Intro
• Azure Service Operator
• Azure AD Workload Identity
• GitOps on Azure
• Demo
© white duck GmbH 2022

4. Housekeeping
• we will only talk about ASO v2
• high level
• yes, K8s is involved :)
• Half talk, half demo
© white duck GmbH 2022

5. INTRO
© white duck GmbH 2022

6. Why YAMLize
• K8s native (YAML, Helm charts, Kustomize,…)
• deploy app & dependencies together
• tied lifecycle
• Git as source of truth aka GitOps
© white duck GmbH 2022

7. AZURE SERVICE OPERATOR
© white duck GmbH 2022

8. Azure Service Operator
• is an application-specific controller
• that uses the operator-pattern
• to extend the Kubernetes API
• with the goal to provision Azure resources
© white duck GmbH 2022

9. Azure Service Operator
• Custom Resources (CRDs)
© white duck GmbH 2022

10. Azure Service Operator
© white duck GmbH 2022

11. AZURE AD WORKLOAD IDENTITY
© white duck GmbH 2022

12. Azure AD Workload Identity
• Next iteration of AAD Pod Identity but preview
• enables AAD secured access to Cloud resources
• uses federated identity credentials
• implemented via OpenID Connect (OIDC) protocol
• not limited to Azure only
© white duck GmbH 2022

13. Azure AD Workload Identity
© white duck GmbH 2022

14. GITOPS ON AZURE
© white duck GmbH 2022

15. GitOps on Azure
• implemented via AKS cluster extensions
• basically a Helm Chart
• GA, but only in regions that supports Azure ARC-enabled Kubernetes
• West Europe - yes, Germany West Central - no
• based on Flux v2
• integrated into the Azure Portal
• Deep dive: Azure Rosenheim Meetup-2022-03
• https://youtu.be/QZtAIG9agHQ
© white duck GmbH 2022

16. GitOps principles
• a system managed by GitOps must have its desired state
expressed declaratively
• desired state is stored in a way that enforces immutability,
versioning and retains a complete version history
• software agents automatically pull the desired state declarations
from the source
• software agents continuously observe actual system state
and attempt to apply the desired state
• OpenGitOps (https://opengitops.dev)
© white duck GmbH 2022

17. GitOps principles
© white duck GmbH 2022

18. So far so good?
Let's start the fun part!
© white duck GmbH 2022

19. DEMO
© white duck GmbH 2022

20. Round up
© white duck GmbH 2022

21. Demo
• Pre-existing resources
• Azure Kubernetes Service Cluster
• Managed Identity for ASO
• federated identity credential set to the OICD issuer URL of the AKS
• Role Assignment to Subscription Owner
• GitOps Cluster extension enabled and pointed to the public GitHub demo repository
• Bootstraps Cert-manager, Workload Identity Webhook & Azure Service Operator
• Demo repo
• https://github.com/philwelz/aso-gitops
© white duck GmbH 2022

22. Questions?
© white duck GmbH 2022
Philip Welz (Senior Kubernetes & DevOps Engineer,
GitLab Hero, CKA, CKAD & CKS)
Twitter: @philip_welz
LinkedIn: https://www.linkedin.com/in/philip-welz
Slides: https://www.slideshare.net/PhilipWelz
Stefan Kürzeder (Software & DevOps Engineer)
Twitter: @stivik_
LinkedIn: https://www.linkedin.com/in/skuerzeder