OPENING KEYNOTE:
The Cloud Native Computing Foundation (CNCF) is an open source software foundation dedicated to making cloud native computing universal and sustainable. With over 300 members including the world’s largest public cloud and enterprise software companies, Alexis Richardson, CEO of Weaveworks and chair of the CNCF Technical Oversight Committee will walk you through some success stories, and why cloud native is the way forward. You’ll learn why Kubernetes and other CNCF projects have some of the fastest adoption rates in the history of open source, and how this is only the beginning.
Alexis will then show how you can increase speed and reliability in your development workflows even further by using the GitOps model, which has been developed at Weaveworks. You’ll learn about the core concepts of GitOps, including customer success stories, and how you can benefit from using this model.
4. Agenda
What is CNCF
Why does cloud native matter
Cloud led us to Devops – cloud native leads us to Gitops
http://cncf.io
https://www.weave.works/blog/what-is-gitops-really
4
5. About Weaveworks
● Founded in 2014, backed by Google Ventures &
Accel Partners
● Mission: help software teams go faster by
providing technologies that support cloud native
development
16. If we want to introduce digital solutions into the business environment
then we need to stop writing infrastructure and focus on applications
We need
● A common cloud platform & toolkit for the next generation of applications
● Makes it much easier to run and scale apps in the cloud – or anywhere!
● Accelerate adoption of modern architectures for the interesting new opportunities
in analysis, machine learning, drones, cars, IoT, medicine, communications …
Why this matters
25. CNCF is building a cloud platform
● Goal of a Cloud Platform for era of ubiquitous services
a bigger deal than the Web
open like Linux
everyone is on board this time
● Business Peeps TLDR Cloud Native is Cloud
● Outcome: Innovation and new Business Models for make profit
33. Velocity is a key metric in Continuous Delivery
High-performing teams deploy
more frequently and have
much faster lead times
They make changes with fewer
failures, and recover faster
from failures
200x more frequent
deployments
2,555x shorter lead
times
3x lower
change failure rate
24x faster
recovery from failures
200x
2,555x 3x
24x
Source: 2016 State of DevOps Report (Puppet Labs)
34. Make me a Velocity
Developers write code
that powers Applications
and integrates Services
deployed to a Cloud Platform that is easy, stable & operable
using best practices for Continuous Delivery at high velocity
35. New Cloud Platform
“Just run my code”
Kubernetes
Infra - Cloud & DCs & Edge
Other CNCF
Projects
Local Services &
Data
Code >>
Containers >>
36. 1000s of ways to “Just Run My Code”
● Serverless: Openfaas, Kubeless, OpenEvents, AWS Lambda….
● PaaS (Openshift, Cloud Foundry..), MBaaS, KMaaS, ..
● Kubeflow, Istio, Pachyderm and other k8s native app f/works
● Declarative app def eg compose, ksonnet, ballerina
● Native general frameworks: metaparticle
● Ports: Laravel (PHP!) and other app frameworks to Kube
● Tools: Cert-manager, ChaosIQ, ..
● Explosion of higher order systems is caused by platform
37. Getting to a Cloud Platform
2017 2018-20 2020+
Core Platform
- Kubernetes & containers
Observability / Operability
- monitoring (prom.)
- logging (fluentd)
- tracing (jaeger, OT)
Routing
- mesh (envoy, linkerd)
- messaging (nats)
Security:
Spiffe, OPA, SAFE
Storage:
- orchestration
- CSI
- other
Interfaces:
- OpenMetrics
- OpenEvents
Developer On Ramp:
CICD, Helm packaging, &c
Marketplace of Services
and other Add-ons
“Just run my code” user
experiences for 1000s of
different use cases
>> Towards Ubiquity
40. New ways of working
cloud led us to devops
cloud native leads to gitops
“push code not containers”
“operations by pull request”
41. Summary
● Cloud Platform powered by CNCF tools, Kubernetes at the core
● Multi Cloud support: Amazon, Azure, OSS
● Explosion of higher order tools and services
● GitOps is best practice
42. “The world is envisioned
as a repo and not as a
kubernetes installation"
- Kelsey Hightower
Kubernetes ❤️ GitOps
43. What is GitOps
● K8S is GR8 but how do I operate apps and services using it
● GitOps is an Operating Model for Kubernetes
● Best practices for the whole stack
To me, [GitOps is] the holy grail of software and infrastructure
management. I make this change, I push it, and off it goes
Chris Short, THENEWSTACK, May 2018
45. Meet Qordoba
● Mid size SF co use machine learning
to create ”localized” marketing UX for
big brands
● Rapid iteration is essential
● SOC2 compliance
● Using Jenkins & Cloud
● Adopted GitOps
46. Start using GitOps
All Four Teams using
GitOps
Trend before GitOps
Customer
Features
Bugs +
Customer
Features
47. Over 30 releases per day per team, up from 1-2 per week across all teams
1) Estimated time needed to fix prod software bugs ~60% less time
2) Estimated time to respond to customer requests ~43% less time
3) Uptime 99% 100% (so far…!)
Impact
48. Who is talking about or doing GitOps?
Weaveworks
Chick-fil-A
Intuit
Cloudbees
Bitnami
OpenFaaS
Hasura
Ocado
Financial Times
Datree & more…
49. GitOps is Automation
for Cloud Native
We can only automate
and control what we
can describe and
observe
50. • Config is code
• Code must be version controlled
• Config must be version controlled too
GitOps follows the Logic of DevOps
51. GitOps follows the Logic of DevOps
• Config is code
• Code must be version controlled
• Config must be version controlled too
• What can be described can be automated
• Describe everything: code, config,
monitoring & policy; and then keep it in
version control
52. GitOps
• Git as a source of truth for desired state of whole system yes really
the whole system
• Control loop compares desired with actual state to pull changes,
enforce convergent atomic updates and writeback to log in Git
• Diff alerts, eg.:
53. What this gets us
• Any developer can use GitHub
• Anyone can join team and ship a new
app or make changes easily
• All changes can be triggered, stored,
audited and validated in Git
And we didn’t have to do anything very
new or clever ☺
54. Kubernetes lets you describe systems
This is YAML
Think of it as
a protocol for
specifying
infrastructure
55. We want everything to be described
Customer Cloud Native Applications
Kubernetes +
Extensions
Google – Amazon – Microsoft – On Premise
Core CNCF
Add-Ons &
Services
Customer
Add-Ons &
Services
57. • We use declarative infrastructure ie.
Kubernetes, Docker, Terraform, … and we
“diff all the things”
• Our entire system including code, config,
monitoring rules, dashboards, is described
in GitHub with full audit trail
• We roll out major or minor changes as pull
requests for any updates, outages and D/R
GitOps at Weaveworks
58. 58
Canonical
source of truth
Clear model with strong separations of concerns
(safety)
Easy rollbacks and reverts (velocity)
Tapping into existing code review tools and
processes
Great compliance tool
Collaboration point between software and
humans
64. GitOps separation of concerns
CI tooling
Scope: test, build, publish artifacts
● Runs outside the production cluster
● Read access to code repo
● Read/Write access to image repo
● Read/Write access to integration env
● “Push” based
CD tooling
Scope: reconciliation between git and the cluster
● Runs inside the production cluster
● Read/Write access to config repo
● Read access to image repo
● Read/Write access to production cluster
● “Pull” based
65. Security
● The CI tooling can be push based but has no production system access
● The CD tooling is pull based and retains the production credentials inside
the cluster
● Developers can’t push directly to image registry
● Cluster API & credentials are never exposed/cross boundary
● Encrypted API keys and data storage credentials can be stored in Git and
decrypted at deploy time inside the cluster
66. Summary
Deployment
(clusters, apps)
Monitoring
Tracing
Logging
(Observability)
Management
(operations)
Git
Build / CI Servers
GIT
Test / CI Servers
IDE
Unifies Continuous Deployment,
Monitoring and Management.
Git as the single source of truth of a system’s
desired state
GitOps Diffs compare desired state with
observed state
ALL intended operations are committed by
pull request, for all environments & for any CI
ALL diffs between GIT and observed state
lead to (auto) convergence using tools like
K8s
ALL changes are observable, verifiable and
audited indisputably, with rollback & D/R
‘immutability firewall’
Kubernetes
GitOps
Continuous
Integration
https://www.weave.works/blog/what-is-gitops-really