Mastering Kubernetes, Juli 2022, Mario-Leander Reimer (@LeanderReimer, Principal Software Architect bei QAware). == Dokument bitte herunterladen, falls unscharf! Please download slides if blurred! == K8s-natives Infrastructure as Code: einfach, deklarativ, produktiv Die einfache und effiziente Bereitstellung der benötigten Cloud-Infrastruktur stellt viele Teams vor erhebliche Herausforderungen. Denn zusätzlich zur Umsetzung von fachlichen Features und Microservices sind Entwickler nun oft auch für den Aufbau der benötigten Services mit Infrastructure as Code à la Terraform mit verantwortlich. Diese hohe Cognitive Load führt leider schnell zu suboptimalen Lösungen und niedriger Produktivität. Doch es geht einfacher! Mittlerweile stehen zahlreiche K8s-native Ansätze zur Verfügung, mit denen Cloud-Infrastruktur bei den namhaften Providern vollständig deklarativ per YAML provisioniert werden kann. Dieser Vortrag demonstriert den praktischen Einsatz einiger vielversprechender Projekte wie Crossplane, ACK oder Pulumi sowie die nahtlose Integration mit einem GitOps-Ansatz für eine einfache und optimale Developer Experience.

1. 1
Mario-Leander Reimer
mario-leander.reimer@qaware.de
@LeanderReimer
qaware.de
Photo by CHUTTERSNAP on Unsplash
K8s-native Infrastructure as Code:
einfach, deklarativ, produktiv

2. 2
Mario-Leander Reimer
Principal Software Architect
@LeanderReimer
#cloudnativenerd #qaware
#gernperDude

3. What is your preferred
Infrastructure-as-code tool?
ⓘ Start presenting to display the poll results on this slide.

4. QAware | 4

5. So what's wrong with traditional
Infrastructure-as-code tools?

7. “Too much cognitive load will become a bottleneck for fast
flow and high productivity for many DevOps teams.”
QAware | 7
■ Intrinsic Cognitive Load
Relates to fundamental aspects and knowledge in the
problem space (e.g. used languages, APIs, frameworks)
■ Extraneous Cognitive Load
Relates to the environment (e.g. console
command, deployment, configuration)
■ Germane Cognitive Load
Relates to specific aspects of the business domain
(aka. „value added“ thinking)

8. The Platform team and engineers are a key enabler for high
productivity of stream-aligned DevOps teams.
QAware | 8
■ Responsible to build and operation a platform to
enable and support the teams in their day to day
development work.
■ The platform aims to hide the inherent complexity
to reduce the cognitive load for the other teams.
– Standardization
– Self-Service
■ Fully automated software delivery is the goal!
https://hennyportman.wordpress.com/2020/05/25/review-team-topologies/

9. Cloud-native
Application Engineering
Cloud-native
Platform Engineering
The 5 Layers of Cloud-native Software Engineering
QAware | 9
IaaS
Network, Compute, Storage
(VPC, EC2, NLB, ALB, ...)
CaaS
(Kubernetes Services)
PaaS
(Software Infrastructure Blueprints with Helm and
Continuous Delivery Toolchain)
Application-specific
Software Infrastructure
Cloud-friendly & cloud-native
Applications
Architect Build Run
Amazon SNS
AWS IAM
Amazon
EC2
Amazon EBS

10. The 5 Layers of Cloud-native Software Engineering
QAware | 10
IaaS
Network, Compute, Storage
(VPC, EC2, NLB, ALB, ...)
CaaS
(Kubernetes Services)
PaaS
(Software Infrastructure Blueprints with Helm and
Continuous Delivery Toolchain)
Application-specific
Software Infrastructure
Cloud-friendly & cloud-native
Applications
Architect Build Run
Amazon SNS
AWS IAM
Amazon
EC2
Amazon EBS
?

11. Why not model cloud infrastructure
as Kubernetes resources?

12. Custom Resource Definitions are user-defined, declarative
extensions of the Kubernetes API
QAware | 12
■ Abstraction of complex application constructs and concepts
■ Definition solely via CustomResourceDefinitions
■ Structure definition via OpenAPI v3.0 Validation Schema
■ Default Support for several API Features: CRUD, Watch, Discovery,
json-patch, merge-patch, Admission Webhooks, Metadata, RBAC, …
■ Versioning und Conversion supported via Webhooks

13. QAware | 13

14. QAware | 14
Operator.
- Do stuff with my CRDs.

15. Operators are codified Ops procedures!
QAware | 15
■ Operators are the path towards Zero-Ops. They enable
auto-updating, self-monitoring and self-healing infrastructure
and applications.
■ The concept was coined in the Kubernetes world. It’s now been
adopted and used widespread in the cloud native world.
■ Examples: OKD, Sealed Secrets, Kube Monkey, Weave Flux,
Crossplane, and many more …

16. Kubernetes Operators Explained
QAware | 16

17. Introducing the Operator SDK
QAware | 17

18. lreimer/aws-ecr-operator

19. QAware | 19
https://intl.startrek.com/sites/default/files/styles/amp_metadata_content_image_min_696px_wide/public/images/2020-05/memes_002.png
Are you serious?!

20. Conceptual Showcase Architecture
QAware | 20
Provision
GitOps
Cluster API
AWS Controllers
for Kubernetes

21. qaware/k8s-native-iac

22. Manage AWS services using the Amazon Controllers for
Kubernetes (ACK)
QAware | 22
■ Define and use AWS service resources directly from Kubernetes. No need to define
resources outside the cluster using traditional IaC tools.
■ Each ACK service controller is packaged into a separate container image and Helm chart
■ Uses IAM Roles for Service Accounts (IRSA) to automate the provisioning and rotation of
temporary IAM credentials
■ Currently 20 different controllers with RELEASED status available, however, most of these
are still in PREVIEW maintenance phase
■ https://aws-controllers-k8s.github.io/community/

23. Crossplane in a Nutshell
QAware | 23
■ Open Source Kubernetes Add-on. Universal Control Plane for Cloud Infrastructure.
■ Cloud Infrastructure Services can be defined declaratively by application teams
■ Platform teams can provide relevant cloud infrastructure services via high level
self-services APIs
■ Individual Provider bundle a set of Managed Resources with their controllers. All major
cloud providers are supported, e.g. AWS, GCP, Azure, Alibaba, …
■ Managed Resources are fine granular representations of external cloud resources
■ Composite Resource Definitions or XRDs enable the definition and creation of new
abstractions for composite managed resources
■ https://crossplane.io

24. Kubernetes Cluster API
QAware | 24
■ Official Kubernetes sub-project
■ Declarative APIs and tooling to
provision, upgrade, and operate
multiple Kubernetes clusters
■ Work in different environments, both
on-premises and in the cloud
■ Reuse and integrate existing ecosystem
components rather than duplicating

25. Cloud Engineering for Everyone. Modern Infrastructure as Code for
Developers and SREs.
QAware | 25
■ Tame overall complexity. One consistent approach to cloud engineering for
Docker, many cloud providers and Kubernetes.
■ No breach between application development and DevOps engineering.
■ Rich programmable cloud interfaces with abstractions and reusable packages.
■ Apply engineering practices to infrastructure code: automation, modularity,
testing, and Continuous Integration / Delivery
■ No intermediary formats. Direct usage of provided APIs.
■ Several converters available: arm2pulumi, crd2pulumi, kube2pulumi, tf2pulumi
■ Plenty of documentation and example resources available
■ Pulumi Operator enables users to create Stacks as a first-class API resource

26. qaware.de
QAware GmbH
Aschauer Straße 32
81549 München
Tel. +49 89 232315-0
info@qaware.de
twitter.com/qaware
linkedin.com/company/qaware-gmbh
xing.com/companies/qawaregmbh
slideshare.net/qaware
github.com/qaware