SlideShare a Scribd company logo

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Delivery with Weave GitOps & Traefik Labs

Weaveworks, profile picture
Weaveworks

This document outlines a webinar discussing secure application deployments using GitOps, tunneling, OIDC, RBAC, and Traefik Labs in partnership with Weaveworks. It introduces key participants, addresses current challenges in deployment, and highlights GitOps as a model for cloud-native operations that enables efficient deployment and management. Additionally, it covers the significance of security components in publishing services, including access control and automated TLS management.

Technology
1 of 27
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Securing your App Deployments with tunnels, OIDC, RBAC, and progressive delivery with Weave GitOps and Traefik Labs In partnership with:
2 Webinar Platform - FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
3 Manuel Zapf Product Manager, Traefik Manuel creates and helps enact the vision for Traefik Labs products and roadmaps. With nearly a decade in product development and management, Manuel understands what will help make the jobs of engineers a little bit easier. Steve Fraser Consulting Reliability Engineer, Weaveworks Steve is passionate about delivering quality resilient software with as little friction as possible. He likes to spend his time thinking about how to deliver flawless deployments allowing his customers to increase their application and infrastructure deployment velocity. Steve has extensive knowledge in containerization technologies in supporting, maintaining, and architecting. Speaker introductions
Weaveworks is backed by solid investors Weaveworks is a key partner with all the major infrastructure and Kubernetes vendors Weaveworks: the GitOps company Weaveworks is deeply committed to the Open Source Community
5 Traefik Labs, an OSS Leader 3 Billion+ Downloads 35K+ Stars on Github 600+ Contributors 100,000s Nodes in Production Trusted by leading enterprises worldwide
6 Agenda Deployment ● Understanding GitOps ● Existing Solutions ● Today’s Emerging Challenges ● GitOps for Multi-Cluster Publishing ● Publishing Services Traditionally ● Secure Publishing Done Right ● Key Security Components (Tunneling, Access Control, & Certificate Management) Demo
7 Git as the single source of truth for Desired State ALL intended operations are committed by pull request ALL diffs between intended and observed state with automatic and continuous reconciliation ALL changes are observable, verifiable and auditable Test IDE Build Kubernetes GitOps Continuous Integration GIT “Immutability Firewall” Deployment (clusters, apps) Monitoring Logging (Observability) Management (operations) GitOps - The Operating Model for Cloud Native Unifies Deployment, Monitoring and Management
8 Test IDE Build Provides Separation of Concerns between the Development process and the Deployment process Transparency and Auditability at All Levels is Automatic Authentication & Authorization Isolated Between Concerns Risk Reduction: Complete Application Rollback and Logging Security Policy: enforced through code Kubernetes GitOps Continuous Integration GIT “Immutability Firewall” Deployment (clusters, apps) Monitoring Logging (Observability) Management (operations) GitOps - The Operating Model for Cloud Native
9 + flux flagger
Confidential do not distribute 10 ● Implements a control loop that continuously applies the desired state to your cluster, offering protection against harmful actions like deployments deletion or network policies altering. ● Implements a declarative APIs installations for your favorite installations types flux
● Shifts and routes traffic between app versions using service mesh (Such as Traefik Mesh) and ingress controllers (Such as Traefik) ● Reduces the risk of introducing a bad software change by continuously measuring performance and reverting with user defined gates flagger
12 Canary Deployment with Flagger + Traefik
13 Today’s emerging new challenges ● Creating prototype quickly in an isolated environment ● Promoting applications across multiple clusters ● Configuration sprawl ● The need for real time deployment feedback – at scale ● Lack of time for developing features
14 + flux flagger + Weave GitOps
Confidential do not distribute 15 ● Provides a single workflow for rapid prototypes and production environments ● Provides modern promotion across multi-region clusters with Canary deployments ● Ensures development occurs under organizational security policies ● Self-service pull based infrastructure and application deployment Weave GitOps
16 Battle Tested Weaveworks Approach Process Technical support Customer Reliability Engineering (CRE) ● Weaveworks approved expertise in Gitops, kubernetes & cloud native ● “Virtual” SRE ● Traditionally embeds in customers team ● Long term technical resourcing (6 month or 12 Months) Weave GitOps Services Weave GitOps Enterprise ● Curated platform- Clusters on-demand & Application Deployment ● Run Anywhere on any K8 platform ● Integrated security & Policy & Governance ● 24/7 Support Consulting, Professional Services, Training ● Workshops ○ Design, build, operate and Optimize ● POC Delivery ● Training ○ Skills Development ● Time and materials ○ Day Rate CAPABILITIES Reconciliation loop Monitor specific events in Git – repos, branches and/or folders Simple profile bootstrap Setup, provision and operate a custom, production-ready cluster Application management UI immediately detect drift between states as well as cluster health problems. Cluster fleet management Reuse cluster templates easily from git Team Management & Governance Segment responsibilities and enforce change control policies Advanced Security RBAC, Single Sign On (SSO)
17 Demo Use Case - Create a sandbox environment - Install Traefik Hub and Proxy - Create a GitOps Pipeline - Install my new prototype application - Share my prototype application with a colleague - Promote to production with canary
18 Agenda Deployment ● Understanding GitOps ● Existing Solutions ● Today’s Emerging Challenges ● GitOps for Multi-Cluster Publishing ● Publishing Services Traditionally ● Secure Publishing Done Right ● Key Security Components (Tunneling, Access Control, & Certificate Management) Demo
19 How to publish services traditionally ● Deploy Service on a Cluster ● For local development: Port-Forward ● For external Access: Install / Configure Ingress Controller ● Setup Networking, TLS et. all k apply my-app/ k port-forward svc/my-app 8000:80
20 Introducing Traefik Hub Publish and secure containers at the edge instantly. Traefik Hub provides a gateway to your services running on Kubernetes or other orchestrators.
21 What about security? ● Security is crucial when publishing services ● Consists of multiple pillars ○ Encryption of the connection ○ State of the Art and battle proven access Control ○ Minimal Attack Surface ● Ideally, in a central place and not distributed amongst different places
22 Secure tunnels and encryption ● Foundation for minimal attack footprint ● Encrypted connection between Cluster and the Edge ● Automated TLS Certificate Management to encrypt HTTP Traffic
23 Battle proven access control ● Access Control: Manage who can access a given application ● Should be flexible and simple / quick to add ● Most common once these days ○ OpenID Connect ○ JWT ● Dream case: Leverage access control without having to redeploy an entire stack / architecture
24 Agenda Deployment ● Understanding GitOps ● Existing Solutions ● Today’s Emerging Challenges ● GitOps for Multi-Cluster Publishing ● Publishing Services Traditionally ● Secure Publishing Done Right ● Key Security Components (Tunneling, Access Control, & Certificate Management) Demo
25 Q&A
26 Whitepaper: Progressive Delivery https://bit.ly/3K8oZwU Learn more about Weave GitOps www.weave.works/enterprise Join us for more webinars www.weave.works/events Thank You
Explore Learn More: Sign Up Free: Get Technical: traefik.io/traefik-hub/ hub.traefik.io doc.traefik.io/traefik-hub/

More Related Content

PDF
Monitoring and observability
Theo Schlossnagle
 
PDF
Istio on Kubernetes
Daneyon Hansen
 
PDF
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Simform
 
PPTX
Introduction To Streaming Data and Stream Processing with Apache Kafka
confluent
 
PDF
CI:CD in Lightspeed with kubernetes and argo cd
Billy Yuen
 
PDF
Data integration with Apache Kafka
confluent
 
PDF
Introducing Confluent Cloud: Apache Kafka as a Service
confluent
 
PDF
LKCE14 Kanban at Scale, Scaling Kanban
Klaus Leopold
 
Monitoring and observability
Theo Schlossnagle
 
Istio on Kubernetes
Daneyon Hansen
 
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Simform
 
Introduction To Streaming Data and Stream Processing with Apache Kafka
confluent
 
CI:CD in Lightspeed with kubernetes and argo cd
Billy Yuen
 
Data integration with Apache Kafka
confluent
 
Introducing Confluent Cloud: Apache Kafka as a Service
confluent
 
LKCE14 Kanban at Scale, Scaling Kanban
Klaus Leopold
 

What's hot (20)

PDF
Common Patterns of Multi Data-Center Architectures with Apache Kafka
confluent
 
PDF
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
PDF
Confluent Startup Webinar Series
confluent
 
PPTX
CQRS & EVS with MongoDb
Lluis Fernandez
 
PDF
Gestion des drifts Terraform avec la méthode GitOps
Katia HIMEUR TALHI
 
PPTX
Fundamentals of DevOps and CI/CD
Batyr Nuryyev
 
PPTX
Spring Boot+Kafka: the New Enterprise Platform
VMware Tanzu
 
PDF
Cloud-Native Observability
Tyler Treat
 
PDF
Building Microservices with Apache Kafka
confluent
 
PDF
Improve monitoring and observability for kubernetes with oss tools
Nilesh Gule
 
PDF
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
PDF
Messaging queue - Kafka
Mayank Bansal
 
PDF
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
Julian Mazzitelli
 
PDF
SOA, Microservices and Event Driven Architecture
Jeppe Cramon
 
PPTX
Jenkins CI presentation
Jonathan Holloway
 
PPTX
Trunk based vs git flow
Hanokh Aloni
 
PDF
DevSecOps What Why and How
NotSoSecure Global Services
 
PDF
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
PDF
Workflow Engines & Event Streaming Brokers - Can they work together? [Current...
Natan Silnitsky
 
PPTX
Kubernetes #2 monitoring
Terry Cho
 
Common Patterns of Multi Data-Center Architectures with Apache Kafka
confluent
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
Confluent Startup Webinar Series
confluent
 
CQRS & EVS with MongoDb
Lluis Fernandez
 
Gestion des drifts Terraform avec la méthode GitOps
Katia HIMEUR TALHI
 
Fundamentals of DevOps and CI/CD
Batyr Nuryyev
 
Spring Boot+Kafka: the New Enterprise Platform
VMware Tanzu
 
Cloud-Native Observability
Tyler Treat
 
Building Microservices with Apache Kafka
confluent
 
Improve monitoring and observability for kubernetes with oss tools
Nilesh Gule
 
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
Messaging queue - Kafka
Mayank Bansal
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
Julian Mazzitelli
 
SOA, Microservices and Event Driven Architecture
Jeppe Cramon
 
Jenkins CI presentation
Jonathan Holloway
 
Trunk based vs git flow
Hanokh Aloni
 
DevSecOps What Why and How
NotSoSecure Global Services
 
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
Workflow Engines & Event Streaming Brokers - Can they work together? [Current...
Natan Silnitsky
 
Kubernetes #2 monitoring
Terry Cho
 
Ad

Similar to Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Delivery with Weave GitOps & Traefik Labs (20)

PDF
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
PDF
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
PDF
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
PDF
Api gitlab: configurazione dei progetti as a service
Emerasoft, solutions to collaborate
 
PPTX
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and Jenkins
CollabNet
 
PDF
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
PPTX
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
PDF
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
 
PPTX
AzureDay Kyiv 2016 Release Management
Sergii Kryshtop
 
PDF
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
PDF
DX, Guardrails, Golden Paths & Policy in Kubernetes
Weaveworks
 
PDF
CI/CD on Google Cloud Platform
DevOps Indonesia
 
PDF
Free GitOps Workshop
Weaveworks
 
PDF
Cncf checkov and bridgecrew
LibbySchulze
 
PDF
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
PDF
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
PDF
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
PDF
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
PDF
Weave GitOps - continuous delivery for any Kubernetes
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
Api gitlab: configurazione dei progetti as a service
Emerasoft, solutions to collaborate
 
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and Jenkins
CollabNet
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Vietnam Open Infrastructure User Group
 
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
 
AzureDay Kyiv 2016 Release Management
Sergii Kryshtop
 
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
DX, Guardrails, Golden Paths & Policy in Kubernetes
Weaveworks
 
CI/CD on Google Cloud Platform
DevOps Indonesia
 
Free GitOps Workshop
Weaveworks
 
Cncf checkov and bridgecrew
LibbySchulze
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
Observe and command your fleets across any kubernetes with weave git ops
Weaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
Weave GitOps - continuous delivery for any Kubernetes
Weaveworks
 
Ad

More from Weaveworks (20)

PDF
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
PDF
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
PDF
Six Signs You Need Platform Engineering
Weaveworks
 
PDF
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
PDF
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
PDF
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
PDF
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
PDF
Building internal developer platform with EKS and GitOps
Weaveworks
 
PDF
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
PDF
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
PDF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
PDF
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
PDF
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
PDF
Intro to GitOps & Flux.pdf
Weaveworks
 
PDF
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Weaveworks
 
PDF
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
PDF
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
PDF
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
Weaveworks
 
PDF
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
PPTX
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Six Signs You Need Platform Engineering
Weaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
Weaveworks
 
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Intro to GitOps & Flux.pdf
Weaveworks
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Weaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Weaveworks
 
DevOps Automation with GitOps: Consistent and Secure End to End Deployments
Weaveworks
 
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
Terraform and Weave GitOps: Build a Fully Automated Application Stack
Weaveworks
 

Recently uploaded (20)

PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Cloud computing and distributed systems.
kkkkkhan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Encapsulation theory and applications.pdf
gurumoop
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Approach and Philosophy of On baking technology
30anthuong17
 

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Delivery with Weave GitOps & Traefik Labs

  • 1. Securing your App Deployments with tunnels, OIDC, RBAC, and progressive delivery with Weave GitOps and Traefik Labs In partnership with:
  • 2. 2 Webinar Platform - FAQs Using Zoom • You are in listen only mode • This webinar is being recorded • Q&A session will follow the presentation, please use the Q&A panel to submit questions • Hit escape to exit full screen • Slides and recording will be shared after the webinar Technical Issues - please visit Zoom Help https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
  • 3. 3 Manuel Zapf Product Manager, Traefik Manuel creates and helps enact the vision for Traefik Labs products and roadmaps. With nearly a decade in product development and management, Manuel understands what will help make the jobs of engineers a little bit easier. Steve Fraser Consulting Reliability Engineer, Weaveworks Steve is passionate about delivering quality resilient software with as little friction as possible. He likes to spend his time thinking about how to deliver flawless deployments allowing his customers to increase their application and infrastructure deployment velocity. Steve has extensive knowledge in containerization technologies in supporting, maintaining, and architecting. Speaker introductions
  • 4. Weaveworks is backed by solid investors Weaveworks is a key partner with all the major infrastructure and Kubernetes vendors Weaveworks: the GitOps company Weaveworks is deeply committed to the Open Source Community
  • 5. 5 Traefik Labs, an OSS Leader 3 Billion+ Downloads 35K+ Stars on Github 600+ Contributors 100,000s Nodes in Production Trusted by leading enterprises worldwide
  • 6. 6 Agenda Deployment ● Understanding GitOps ● Existing Solutions ● Today’s Emerging Challenges ● GitOps for Multi-Cluster Publishing ● Publishing Services Traditionally ● Secure Publishing Done Right ● Key Security Components (Tunneling, Access Control, & Certificate Management) Demo
  • 7. 7 Git as the single source of truth for Desired State ALL intended operations are committed by pull request ALL diffs between intended and observed state with automatic and continuous reconciliation ALL changes are observable, verifiable and auditable Test IDE Build Kubernetes GitOps Continuous Integration GIT “Immutability Firewall” Deployment (clusters, apps) Monitoring Logging (Observability) Management (operations) GitOps - The Operating Model for Cloud Native Unifies Deployment, Monitoring and Management
  • 8. 8 Test IDE Build Provides Separation of Concerns between the Development process and the Deployment process Transparency and Auditability at All Levels is Automatic Authentication & Authorization Isolated Between Concerns Risk Reduction: Complete Application Rollback and Logging Security Policy: enforced through code Kubernetes GitOps Continuous Integration GIT “Immutability Firewall” Deployment (clusters, apps) Monitoring Logging (Observability) Management (operations) GitOps - The Operating Model for Cloud Native
  • 10. Confidential do not distribute 10 ● Implements a control loop that continuously applies the desired state to your cluster, offering protection against harmful actions like deployments deletion or network policies altering. ● Implements a declarative APIs installations for your favorite installations types flux
  • 11. ● Shifts and routes traffic between app versions using service mesh (Such as Traefik Mesh) and ingress controllers (Such as Traefik) ● Reduces the risk of introducing a bad software change by continuously measuring performance and reverting with user defined gates flagger
  • 12. 12 Canary Deployment with Flagger + Traefik
  • 13. 13 Today’s emerging new challenges ● Creating prototype quickly in an isolated environment ● Promoting applications across multiple clusters ● Configuration sprawl ● The need for real time deployment feedback – at scale ● Lack of time for developing features
  • 15. Confidential do not distribute 15 ● Provides a single workflow for rapid prototypes and production environments ● Provides modern promotion across multi-region clusters with Canary deployments ● Ensures development occurs under organizational security policies ● Self-service pull based infrastructure and application deployment Weave GitOps
  • 16. 16 Battle Tested Weaveworks Approach Process Technical support Customer Reliability Engineering (CRE) ● Weaveworks approved expertise in Gitops, kubernetes & cloud native ● “Virtual” SRE ● Traditionally embeds in customers team ● Long term technical resourcing (6 month or 12 Months) Weave GitOps Services Weave GitOps Enterprise ● Curated platform- Clusters on-demand & Application Deployment ● Run Anywhere on any K8 platform ● Integrated security & Policy & Governance ● 24/7 Support Consulting, Professional Services, Training ● Workshops ○ Design, build, operate and Optimize ● POC Delivery ● Training ○ Skills Development ● Time and materials ○ Day Rate CAPABILITIES Reconciliation loop Monitor specific events in Git – repos, branches and/or folders Simple profile bootstrap Setup, provision and operate a custom, production-ready cluster Application management UI immediately detect drift between states as well as cluster health problems. Cluster fleet management Reuse cluster templates easily from git Team Management & Governance Segment responsibilities and enforce change control policies Advanced Security RBAC, Single Sign On (SSO)
  • 17. 17 Demo Use Case - Create a sandbox environment - Install Traefik Hub and Proxy - Create a GitOps Pipeline - Install my new prototype application - Share my prototype application with a colleague - Promote to production with canary
  • 18. 18 Agenda Deployment ● Understanding GitOps ● Existing Solutions ● Today’s Emerging Challenges ● GitOps for Multi-Cluster Publishing ● Publishing Services Traditionally ● Secure Publishing Done Right ● Key Security Components (Tunneling, Access Control, & Certificate Management) Demo
  • 19. 19 How to publish services traditionally ● Deploy Service on a Cluster ● For local development: Port-Forward ● For external Access: Install / Configure Ingress Controller ● Setup Networking, TLS et. all k apply my-app/ k port-forward svc/my-app 8000:80
  • 20. 20 Introducing Traefik Hub Publish and secure containers at the edge instantly. Traefik Hub provides a gateway to your services running on Kubernetes or other orchestrators.
  • 21. 21 What about security? ● Security is crucial when publishing services ● Consists of multiple pillars ○ Encryption of the connection ○ State of the Art and battle proven access Control ○ Minimal Attack Surface ● Ideally, in a central place and not distributed amongst different places
  • 22. 22 Secure tunnels and encryption ● Foundation for minimal attack footprint ● Encrypted connection between Cluster and the Edge ● Automated TLS Certificate Management to encrypt HTTP Traffic
  • 23. 23 Battle proven access control ● Access Control: Manage who can access a given application ● Should be flexible and simple / quick to add ● Most common once these days ○ OpenID Connect ○ JWT ● Dream case: Leverage access control without having to redeploy an entire stack / architecture
  • 24. 24 Agenda Deployment ● Understanding GitOps ● Existing Solutions ● Today’s Emerging Challenges ● GitOps for Multi-Cluster Publishing ● Publishing Services Traditionally ● Secure Publishing Done Right ● Key Security Components (Tunneling, Access Control, & Certificate Management) Demo
  • 26. 26 Whitepaper: Progressive Delivery https://bit.ly/3K8oZwU Learn more about Weave GitOps www.weave.works/enterprise Join us for more webinars www.weave.works/events Thank You
  • 27. Explore Learn More: Sign Up Free: Get Technical: traefik.io/traefik-hub/ hub.traefik.io doc.traefik.io/traefik-hub/