One of the biggest advantages Kubernetes has to offer is that it is agnostic to infrastructure and capable of managing diverse workloads running on different compute resources. This allows organizations to manage multiple developer platforms, who can operate across many environments such as on premise, hybrid and multiple clouds.
Streamlined processes and automation is pivotal for operations when managing clusters at scale and maintaining security and policy checks. Paul Curtis, Principal Solutions Architect will demonstrate GitOps and Weave Kubernetes Platform in a hybrid and multi-cloud setup.
Learn how to:
Use model-driven automation to increases reliability and stability across environments
Simplify multi-cluster management with GitOps
Enable developers to push code to production daily (self-service)
Improve utilization and capacity management through Kubernetes platforms on cloud and on-premise infrastructure
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
1. Hybrid and Multi-Cloud
Strategies for Kubernetes with
1
Weaveworks – https://weave.works – @weaveworks
Paul Curtis – paul.curtis@weave.works – @pfcurtis_NY
2. Webinar Platform - FAQs
Using Zoom
Questions?
• You are in listen only mode
• Q&A session will follow the presentation, please use the Q&A panel to
submit questions
• Hit escape to exit full screen
Technical Issues - please visit Zoom Help
https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
3. Weaveworks
Paul Curtis
Principal Solutions Architect
New York, US
Paul is a Principal Solutions Architect at Weaveworks, where he provides pre-
and post-sales technical expertise. Paul comes from the big data world and
machine learning world, having spent seven years at MapR. Paul has served
as Senior Operations Engineer for Unami, a startup founded to deliver on the
promise of interactive TV for consumers, and was Systems Manager for Spiral
Universe, a company providing school administration software as a service.
He has also held senior support engineer positions at Sun Microsystems, as
well as enterprise account technical management positions for both
Netscape and FileNet. Earlier in his career, Paul worked in financial
application development for Applix, IBM Service Bureau, and Ticketron.
@pfcurtis_NY
✉ paulc@weave.works
5. Weaveworks ❤ GitOps
Open
Source
Services
Weave
Kubernetes
Platform
Weaveworks enabling GitOps across the Kubernetes landscape
• Key open source projects:
flux, flagger, eksctl
• Top 10 contributor to
CNCF
• GitOps thought leadership
• Design, consulting and
delivery of K8s
• GitOps & Kubernetes
training and quickstart
• Helping teams optimise
their platform
• Manage 100’s of clusters
with GitOps
• Cloud and on-premise
• Repeatability, flexibility
and situational awareness
5
6. Educate Enable Platform Applications
Weaveworks Consulting, Training and CRE Service
• Guided technology choices
• Cloud native reference
architecture designs
• Cloud native technology
options and selection
Weave Kubernetes Platform
• Infrastructure of your choice:
public cloud and on premise
• Configuration management
for the whole platform
• Integrated security
• 24/7 Support
DevOps
• Automation, management
and Continuous Delivery
• Prometheus monitoring
and alerting
• Training for cluster
operators, application
operators and developers
• Delivery of POCs and
experimental environments
Accelerating the path to Cloud Native
6
GET STARTED FAST DESIGN AND BUILD
DELIVER A PRODUCTION
READY K8S PLATFORM
ENABLE AN AGILE
DELIVERY MODEL
1 2 3 4
8. The entire
system is
described
declaratively
The canonical
desired system
state is
versioned in git
Approved
changes an be
automatically
applied
to the system
Software agents
ensure
correctness and
alert (diffs &
actions)
Principles of GitOps
9. GitOps for Kubernetes -- The Simplest Case
9
GitOps Tools
Workload
Workload
Workload
git registry
11. Infrastructure vs. Platform vs. Applications
Applications
Kubernetes +
Extensions
Google – Amazon – Microsoft – On Premise
CNCF
Add-Ons
Customer
Platform
components
Developer Teams
• Cluster operators
• SRE teams
• Platform teams
DevX
components
Operations
• Infrastructure teams
12. GitOps for the Multi-Cloud
12
1. Solve the Networking
2. Solve the Identity + Authentication +
Authorization
3. Solve the Persistent Data Storage
“Multi-Cloud Compute is Easy … Multi-Cloud
Storage & Networking is Not.”
13. 1. Solve the Networking
13
VPC to VPC (or to on-premise)
Subnet to Subnet (availability zones)
Cluster to Cluster (virtual Kubernetes networks)
Mesh/Gateway to Mesh/Gateway (virtual meshes)
“Multi-Cloud Won’t Work Unless Everyone Can
Talk to Everyone”
14. 2. Solve the Identity + Authentication +
Authorization
14
“Multi-Cloud Won’t Work Unless Permissions
Work Everywhere.”
Centralized Authentication is a must have
Users typically require certificates in
Kubernetes, so … (cert management)
Policy is easier using the central authorization
16. 3. Solve the Persistent Data Storage
16
Can the Application Storage be Declarative?
How?
Who has access to the data? (RunAs, roles)
How does the data get synchronized
between different locations? (block vs.
application vs. backups)
17. 3. Solve the Persistent Data Storage
17
Make your storage and persistent applications
Kubernetes aware and application
environment independent
● Storage Classes (same names or defaults)
● Kubernetes Service Endpoints versus Direct
Connects (Databases, for example)
● Cloud Managed Services: Kubernetes
aware? (Endpoints/Controllers)
28. GitOps for Kubernetes -- Infrastructure
• Scale: How many clusters? 1,000s … essentially no limit
• No Single Point of Failure: Git, by its nature, is distributed by design.
Replicated repositories and clones provide disaster recovery
• Authentication & Authorization: If you have policy for source code
releases, then you have policy for deployment
• Auditing for Compliance: git log, git diff, SHA digests. Most companies
have already approved/certified Git for use in regulated environments.
28
30. DataScan
30
“We would recommend WKP which allowed us to
own and manage our infrastructure while building
a consistent technical bridge to a client-facing
cloud presence. Having worked with the
Weaveworks client success team for our cluster
deployments, service testing, specific use cases to
deploy configuration changes and management
of in-place upgrades, we are genuinely impressed
with their organizational dedication to our
success.”
● Requiring on-premise Kubernetes solution for production workloads due to data privacy concerns
● But reducing infrastructure costs for test workloads through adopting elastic cloud computing
resources
● Architecting a secure and consistent Kubernetes platforms for multi-cloud and on-premise
● Reducing operational complexity of Kubernetes across environments for end users
Key Takeaways
● Higher utilization and improved capacity management
through Kubernetes platforms servicing cloud and
on-premise infrastructure
● GitOps workflows in WKP allows for
a. 50% increase in deployment frequency
b. 20% reduction in operational tasks
c. MTTR reduced from days to hours
31. Deutsche Telekom
● DT are planning a new platform driven by the
needs of 5G and an ongoing demand to become
more efficient
● Most of the applications they deploy are written
by third-parties so standardising the platform
enables them to standardise the approach
● Need for on-premise but they want to take a
‘cloud aware’ approach where they could use
the public clouds
● Focus has been on:
○ Building a reliable platform that can be
deployed into multiple backends
○ Integrating with existing investments such
as storage and virtualization vendors
31
Key Takeaways
● D-Telekom see GitOps as a way that can
drive reliability and efficiency
● Would like to avoid building out their own
unique platform - but need flexibility for
some customisation
● Need a simplified platform that is easy for a
variety of teams to use
● Predict they will have a large number of
deployments at the edge of their networks.
32. ● Kubernetes application platform
● Management of cluster and
applications
● Builds on GitOps and adds
enterprise features
● Define clusters and components
using a model based system
● Deploy new clusters using those
definitions: multiple back-ends
● Alerting and operations built-in
Weave Kubernetes Platform (WKP)
32
33. Weave Kubernetes Platform
Workload Workload Workload Workload
Container
Control
Release
Management
Visualisation
Monitoring &
Metrics
Alerting
Cluster audits
Deployment
Policy
Dashboards
Kubernetes
● Add-ons are curated optional
capabilities
● Prometheus monitoring,
logging, Helm and others
● Customer created add-ons
make the platform flexible
● Upstream Kubernetes tested
and with secure defaults
● GitOps configuration
management
● Models for multi-cluster
management
● Same installation experience
on all platforms
● Pre-scripting for platform
automation
● Host aware operations (e.g.
draining and upgrading)
Infrastructure
Core
Platform
Add-Ons
Cluster
configuration
Fleet
management
Cluster
components
Logging and
Tracing
Networking Storage
Infrastructure
Automation
Security
34. Runs Anywhere
WKP provides an extensible capability and we provide a single configuration experience. The benefit is
that the installation process is multi-cloud using a Kubernetes system called Cluster-API. With CAPI we
can install WKP on-premise, on VMWare and in the Cloud.
Scalability with GitOps models
We define GitOps models which are individual components, teams and clusters. The benefit is you can
use composition to automate creating thousands of applications and clusters with a complete picture of
configuration.
Modularity and flexibility through GitOps
WKP defines standard cluster components that are installed by default. Customers can define their own
- for example to define runtime security. The benefit is that you are not locked into a ‘one size fits all’
product, and can flex the platform to reflect existing needs and capabilities.
Weave Kubernetes Platform Features and Advantages
34
35. Operations Reliability
WKP defines the complete configuration of each Kubernetes cluster. The benefit is that workflows for
promoting changes, end-to-end testing and disaster recovery are easy and help drive overall reliability.
The advantage of WKP is that this can be applied to any Kubernetes.
Security with GitOps
GitOps turns the production platform into read-only, enabling enforcement of policy and alerts. The
benefit is that changes can be checked against policy, and any alteration can be alerted and stopped.
The benefit of this and the flexibility of the pipeline is that it can fit into existing security systems.
Agility through One Platform
The intent of K8s is to provide a platform that works for operations reliability and brings agility for
application teams. WKP provides multi-tenancy, and deployment capabilities through GitOps which lets
application teams deploy without risking the platform. The advantage is better deployments with
reliability.
Weave Kubernetes Platform Features and Advantages
35
37. 37
Next Steps
Contact Paul
paul.curtis@weave.works
@pfcurtis_NY
Our services
weave.works/services
sales@weave.works
Our products
weave.works
sales@weave.works
👀 Sign up for a WKP demo + Q&A: http://bit.ly/demo-wkp
📚 GitOps with WKP: https://bit.ly/3qASKvY
🎧 The Art of Modern Ops (podcast):
https://www.weave.works/podcast-the-art-of-modern-ops/