Simplifying Hybrid EKS
0 likes180 views
This document summarizes a presentation about simplifying hybrid Kubernetes using Weaveworks and EKS. The presentation discusses GitOps principles of using declarative configuration stored in Git, continuous reconciliation to desired state, and how this increases reliability and aids disaster recovery. It presents how Weave GitOps applies these principles and allows consistent environments across infrastructure providers through abstraction. Immutable infrastructure and traceability through Git are discussed in relation to governance, risk and compliance. Finally, it ties these concepts together for delivering workloads to hybrid environments using EKS as a common Kubernetes platform.
Simplifying Hybrid EKS
- 1. 1 Confidential do not distribute 1 April 2022 Simplifying Hybrid Kubernetes with Weaveworks and EKS Leonardo Murillo Principal Partner Solutions Architect, Weaveworks @murillodigital ⬝ leonardo@weave.works
- 2. 2 Confidential do not distribute 2 Leo brings wide-ranging industry perspective, with over 20 years of experience building technology and leading teams all the way from Startups to Fortune 500s. He is passionate about cloud native technologies, organizational transformation and open source. As former CTO of Qwinix Technologies he lead worldwide teams building cloud native software for large enterprises. In his role as Principal Partner Solutions Architect at Weaveworks, he focuses on helping solve application and infrastructure delivery challenges on Kubernetes at scale. Leonardo Murillo Principal Partner Solutions Architect, Weaveworks @murillodigital ⬝ leonardo@weave.works
- 3. 3 Confidential do not distribute 3 What we’ll talk about today ● The GitOps Principles ● How GitOps helps with ○ Increasing Kubernetes reliability ○ Recovering EKS clusters in case of disaster ○ Governance, risk and compliance ● Hybrid Kubernetes simplified by GitOps ● EKS as foundation for Hybrid Solutions ● GitOps, development and the SDLC of containerized workloads on Kubernetes
- 4. 4 Confidential do not distribute 4 The GitOps Principles
- 5. 5 Confidential do not distribute 5 The GitOps Principles Declarative configuration only describes, it does not provide instructions the way imperative systems do. 1
- 6. 6 Confidential do not distribute 6 The GitOps Principles State does not change, it evolves. The only way to introduce changes to the description is creating a new version. 2
- 7. 7 Confidential do not distribute 7 The GitOps Principles Declared state is automatically pulled, there is no external push into the target system. 3
- 8. 8 Confidential do not distribute 8 The GitOps Principles State is maintained at all times, and all necessary actions are abstracted by the agents that interpret it. 4
- 9. 9 Confidential do not distribute 9 How does Weave GitOps apply these principles Kubernetes manifests as declarative configuration Weave GitOps Watches the repository and agents continuously introspect the runtime state and reconcile it with the described configuration Stored in Git, every change producing a new unique version that is immutable
- 10. 10 Confidential do not distribute 10 How does Weave GitOps apply these principles The same pattern applies for applications and infrastructure. You can create and operate many clusters from a management cluster using declarative configuration and Weave GitOps continuous reconciliation. “Leaf Clusters” can run EKS in AWS, or EKS Distro anywhere else!
- 11. 11 Confidential do not distribute 11 Declarative EKS Provisioning Cluster Provider Describes the configuration of the cluster, not the actions or resources specific to satisfy that desired state within a specific infrastructure provider Interprets the cluster configuration and takes the necessary, infrastructure specific actions, required to materialize that desired state. Provisioning complexity is abstracted away. Cluster configuration is generically applicable. Declare once, apply everywhere (see the value to hybrid?)
- 12. 12 Confidential do not distribute 12 Continuous Reconciliation towards Reliability Reliability: Probability that a system performs correctly during a specific time duration. Probability that a system performs correctly a user will receive the expected and acceptable experience during a specific time duration. (Think error budgets and site reliability engineering) What’s one of the easiest ways to guarantee low error budgets and satisfactory availability? Automate: deployment, scaling and recovery. An agent’s continuous reconciliation process does just that.
- 13. 13 Confidential do not distribute 13 Continuous Reconciliation towards Reliability Update Kubernetes Objects Pods Services Watch Watch Update Controller System Resources Containers Volume iptables rules
- 14. 14 Confidential do not distribute 14 GitOps and Disaster Recovery Your entire system is declared in a versioned and immutable source of truth. (Entire system = infrastructure, applications, cloud resources, everything) Using GitOps, disaster recovery means small configuration changes if necessary to apply the full desired state to a new provider or region. This may not even be necessary if disruption is not as vast that the recovery itself did not happen fully automatically by the GitOps Reconciliation Loop. 1 2
- 15. 15 Confidential do not distribute 15 GitOps and Disaster Recovery Pull makes it easier Since the target environments are pulling configuration from a source of truth, access controls and network permissions are dramatically simplified, no need to punch holes into new environments or handle ad-hoc credentials What about data? You will still need to apply best practices in terms of data backups and replication! 3 4
- 16. 16 Confidential do not distribute 16 Environment Consistency and HA The boundary between cluster and underlying provider allows you to create consistent environments in terms of configuration, while freely switching the underlying infrastructure provider. It also becomes simpler to establish redundancy and high availability, by applying the same configuration to multiple providers or across regions within the same infrastructure provider. Scalability becomes part of your described desired state, covering workloads (using Kubernetes native objects such as Deployments) as well as the clusters themselves (using Cluster Auto Scaler)
- 17. 17 Confidential do not distribute 17 Immutability and traceability towards compliance By using Git, every change applied to a system can be uniquely identified. Each identifier is tied to a specific user, and it represents the unique and immutable state at a point in time. This has worked wonderfully in application development and with GitOps it applies to entire systems.
- 18. 18 Confidential do not distribute 18 Immutability and traceability towards compliance What about compliance? Declarative policy will continuously inspect and validate runtime, and reject, notify or otherwise take actions to guarantee compliance.
- 19. 19 Confidential do not distribute 19 How does this all tie together for simple Hybrid EKS?
- 20. 20 Confidential do not distribute 20 The relevance of EKS (Managed, Distro, Anywhere) ● Observe ● Upgrade ● Patch ● Secure Kubernetes does around 3 releases a year, your chosen distro will need to track them. Picking a Kubernetes distribution is critical towards reducing complexity down the road. Once your cluster(s) are running, you will need to: EKS Distro gives you a common Kubernetes platform with secure opinions and built for scale, that you can run across any target environments
- 21. 21 Confidential do not distribute 21 Delivering Workloads to Hybrid Environments Development Team Autonomy Release Promotion Environment Security Advanced Delivery Pattern
- 22. 22 22 1. Whitepaper: Best Practices for Hybrid Cloud Kubernetes with EKS and Weave GitOps https://bit.ly/hybrid-EKS 2. Contact us for a demo: sales@weave.works 3. Join other events with us: www.weave.works/events Thank You
- 23. 23 Confidential do not distribute 2 3 www.weave.works Thanks