KCD Italy 2022 - Application driven infrastructure with Crossplane

sparkfabrik
sparkfabrik
Application-driven infrastructure with Crossplane 17/11/2022
IMAGE GOES OVER HERE Daniele Monti ● Platform Engineer @ SparkFabrik ● GitHub: https://github.com/Monska85 Twitter: @danielemonti Linkedin: https://www.linkedin.com/in/danielemonti1985/
DEVOPS AND SHIFT LEFT PRINCIPLES
“DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and to provide continuous delivery with high software quality.” https://www.dynatrace.com/news/blog/what-is-shift-left-and-what-is-shift-right/
“The shift left approach consists in pushing the beginning of the quality related tasks at earlier stages of the software lifecycle. Shift left as a principle was created thinking about testing, but now it involves also other disciplines such as security and deployment.”
Shift left Lifecycle SHIFT LEFT & CLOUD NATIVE Quality related tasks Software lifecycle ● This approach reduces risk since many issues are addressed long before the release ● Releases can be made more quickly and with better quality ● Earlier tests ensure most problems are caught much earlier, when they are easier to debug and fix (less problem detection, more problem prevention) ● More reliable estimations of effort and resources
SHIFT LEFT & CLOUD NATIVE Security concepts must be introduced in the early stages, so the entire application development workflow will follow defined security standards. This prevents code rewritings close to the deployment and leaves only minor security fixes for the production checks. Shift left Security DevSecOps
SHIFT LEFT & CLOUD NATIVE Shift left Costs This graph is based on the data taken from The Economic Impacts of Inadequate Infrastructure for Software Testing, National Institute of Standards and Technology (NIST) report. Read the entire document here.
SHIFT LEFT & CLOUD NATIVE Shift right Complements to shift left Shift right is not the opposite of shift left It takes place in the production environment. The unexpected behaviour and the performance analysis will produce more value in the production environment. The continuous deployment of small changes and the monitoring of the system are the best practices used in this stage. The chaos engineering is the discipline of testing resilience of the system in the production environment.
TO SUM UP: ● Shift left spreads the QA tests during the entire process ● Shift left is not only related to the software testing ● The automation of these tasks is mandatory ● Having less problem detection and more problem prevention has an high impact on the costs ● Shift right complements the shift left SHIFT LEFT & CLOUD NATIVE
SHIFT LEFT & CLOUD NATIVE You build it, you run it. 2006 - Werner Vogels, CTO and vice president of Amazon
SHIFT LEFT & CLOUD NATIVE Cloud native model Ops for Dev “Giving developers operational responsibilities has greatly enhanced the quality of the services, both from a customer and a technology point of view.” - A conversation with Werner Vogels The old model of throwing the artifact over the wall of confusion1 and then forgetting about it is no more suitable in the cloud native model. 1. The “Wall of Confusion” is a DevOps term popularized by Andrew Clay Schafer (AgileRoots 2009 ~17:00 mark) and Lee Thompson (Dev2Ops Interview). It refers to the phenomena where one group in a value stream approaches their job as complete when they’ve passed it onto the next group.
INFRASTRUCTURE AS CODE & PLATFORM ENGINEERING
Infrastructure as Code IaC & PLATFORM ENGINEERING ● Easier to read, maintain and distribute ● Consistent over time: each deployment has the same configuration ● Reusable code (modules) and cost efficient ● Automation (no human errors) ● Self documented ● Versioned
Infrastructure as Code IaC & PLATFORM ENGINEERING GCP Deployment Manager AWS CloudFormation AZURE Resource Manager ...
IaC Terraform Examples IaC & PLATFORM ENGINEERING
IaC Terraform Examples IaC & PLATFORM ENGINEERING
IaC & PLATFORM ENGINEERING Platform Engineering Cloud Services Organization Best practices Policies Security models Platform Dev team Dev team Dev team
IaC & PLATFORM ENGINEERING The Platform The Platform offers a simple access to a complex set of resources The scope of The Platform is to expose a simply way (API) to obtain a piece of infrastructure or a service encapsulating all the organization rules.
IaC & PLATFORM ENGINEERING The Platform Interaction modes There are only three ways in which teams should interact: ● Collaboration: working together for a defined period of time to discover new things (APIs, practices, technologies, etc.) ● X-as-a-Service: one team provides and one team consumes something “as a Service” ● Facilitation: one team helps and mentors another team The team interaction modes https://teamtopologies.com/key-concepts
IaC & PLATFORM ENGINEERING The Platform API Development team needs: “Our new microservice needs a Postgresql database and an S3-like object storage bucket. The microservice will be deployed on K8S”
IaC & PLATFORM ENGINEERING The Platform API K8S + Terraform
IaC & PLATFORM ENGINEERING The Platform API K8S + Terraform 🚨 COGNITIVE LOAD ALERT 🚨 A new tool to learn for the development team. Hard to integrate with a K8S CI/CD pipeline.
THE CLOUD NATIVE CONTROL PLANE FRAMEWORK
CROSSPLANE
CROSSPLANE The Platform API The Kubernetes way
CROSSPLANE Crossplane enables platform teams to assemble infrastructure from multiple vendors, and exposes higher level self-service APIs for application teams to consume, without having to write any code. Crossplane extends the Kubernetes cluster to support orchestrating any infrastructure or managed service. Crossplane is an incubating project in the CNCF landscape Crossplane CNCF Project
CROSSPLANE Providers are Crossplane Packages that bundle a set of Managed Resources and their respective controllers to allow Crossplane to provision the respective infrastructure resources. Each Provider package has its own configuration type, the so colled ProviderConfig. This resource, for example, is used by the provider controller to get the API credentials. Providers are the core concept of Crossplane Crossplane Providers
CROSSPLANE Managed resource is the Crossplane representation of a resource in an external system. Managed Resources are the building blocks of Crossplane. They are designed to be composed of higher level, opinionated Custom Resources that Crossplane calls Composite Resources or XRs. Managed resources are the mapping between K8S and the external services Crossplane Managed resources
CROSSPLANE Anything with an API could be connected to a Kubernetes cluster where Crossplane is running, giving you a CRD representing each resource. This model allows Crossplane to manage infrastructure pieces or services (or whatever) using a specific provider for those resources. https://blog.crossplane.io/providers-101-ordering-pizza-with- kubernetes-and-crossplane/ this is an awesome example on how Crossplane could manage any API driven service. Crossplane is extensible, thanks to its provider model Crossplane Provider model
CROSSPLANE The Platform API The Kubernetes way
CROSSPLANE The Platform API The Kubernetes way 🚨 COGNITIVE LOAD ALERT 🚨 There are a lot of moving parts and many things to configure, including some properties that should be opinionated by the platform.
CROSSPLANE The composite resources are the way to create the high level API and to leverage Crossplane to create your opinionated platform. With a single YAML manifest, with a small amount of configuration, Crossplane will be able to create all the needed managed resources. Composite Resources are designed to build the platform with the opinionated concepts Crossplane Composite resources
CROSSPLANE The Platform API Composite Resource
CROSSPLANE Crossplane uses X as shorthand for Crossplane and Composite. This choice was made to avoid the confusion between the kubernetes resources and the crossplane ones. Crossplane Terminology Custom Resource Definition (CRD) Custom Resource (CR) Composite Resource Definition (XRD) Composite Resource (XR)
CROSSPLANE Composite Resource Definition (XRD) Composite Resource (XR) Define Composition Use Managed Resource Managed Resource Managed Resource Application Application team Platform team
CROSSPLANE Crossplane K8S closed box Crossplane can write all the connection reference as secrets inside the cluster. This is really useful to keep all the data inside the cluster which could be used as a kubernetes secret in the workloads.
CROSSPLANE Crossplane YAML for the win ● Consistency across resources ● Application and infrastructure are deployed at the same time ● Simple text file human and machine readable ● Versioned
CROSSPLANE Crossplane Deployment strategy
CROSSPLANE Crossplane Drawbacks ● The providers are still in development version (0.x.y in semver) ● Another tool to maintain ● Another set of modules (XRD and Composition) to maintain ● Balance between complexity and advantages ● Static YAML
CROSSPLANE Crossplane Alternatives ● Pulumi ● Serverless Framework ● Terraform ● Rancher terraform controller
TO SUM UP: ● Offer the dev teams simple APIs to create opinionated services ● Platform Engineers should package the organization model into the Platform ● Crossplane is a framework to develop a custom platform in the kubernetes way CROSSPLANE
THANK YOU!
1 de 43

KCD Italy 2022 - Application driven infrastructure with Crossplane

Descargar para leer sin conexión
Tecnología

Crossplane allows users to extend their Kubernetes clusters using CRDs. The CRDs map any infrastructure or managed service, ensuring that the creation process for the users is as simple as the Kubernetes resources creation. Using a collection of YAML manifests, the development teams can assemble the needed cloud services for their applications removing this duty from the operation teams: this is "shift left" at its best. All this powerfulness comes with a cost in terms of security, governance, cognitive load and maintenance. In this talk we'll discuss strategies and techniques to better map the complexity of this infrastructure.

sparkfabrik
sparkfabrik

Recomendados

Crossplane @ Mastering GitOps.pdf por
Crossplane @ Mastering GitOps.pdfCrossplane @ Mastering GitOps.pdf
Crossplane @ Mastering GitOps.pdfQAware GmbH
545 vistas15 diapositivas
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp... por
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Weaveworks
116 vistas23 diapositivas
How to test infrastructure code: automated testing for Terraform, Kubernetes,... por
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
33.8K vistas200 diapositivas
Istio : Service Mesh por
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
319 vistas23 diapositivas
Platform Engineering por
Platform EngineeringPlatform Engineering
Platform EngineeringOpsta
1.9K vistas50 diapositivas
Kubernetes Security Best Practices - With tips for the CKS exam por
Kubernetes Security Best Practices - With tips for the CKS examKubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examAhmed AbouZaid
773 vistas23 diapositivas

Más contenido relacionado

La actualidad más candente

Cloud Native: what is it? Why? por
Cloud Native: what is it? Why?Cloud Native: what is it? Why?
Cloud Native: what is it? Why?Juan Pablo Genovese
1.4K vistas21 diapositivas
Platform engineering por
Platform engineeringPlatform engineering
Platform engineeringPrasanna Venkatesan
688 vistas12 diapositivas
Kubernetes security por
Kubernetes securityKubernetes security
Kubernetes securityThomas Fricke
919 vistas75 diapositivas
Repository Management with JFrog Artifactory por
Repository Management with JFrog ArtifactoryRepository Management with JFrog Artifactory
Repository Management with JFrog ArtifactoryStephen Chin
11.4K vistas29 diapositivas
Deploy 22 microservices from scratch in 30 mins with GitOps por
Deploy 22 microservices from scratch in 30 mins with GitOpsDeploy 22 microservices from scratch in 30 mins with GitOps
Deploy 22 microservices from scratch in 30 mins with GitOpsOpsta
205 vistas46 diapositivas
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD por
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
461 vistas34 diapositivas

La actualidad más candente(20)

Cloud Native: what is it? Why? por Juan Pablo Genovese
Cloud Native: what is it? Why?Cloud Native: what is it? Why?
Cloud Native: what is it? Why?
Juan Pablo Genovese1.4K vistas
Platform engineering por Prasanna Venkatesan
Platform engineeringPlatform engineering
Platform engineering
Prasanna Venkatesan688 vistas
Kubernetes security por Thomas Fricke
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke919 vistas
Repository Management with JFrog Artifactory por Stephen Chin
Repository Management with JFrog ArtifactoryRepository Management with JFrog Artifactory
Repository Management with JFrog Artifactory
Stephen Chin11.4K vistas
Deploy 22 microservices from scratch in 30 mins with GitOps por Opsta
Deploy 22 microservices from scratch in 30 mins with GitOpsDeploy 22 microservices from scratch in 30 mins with GitOps
Deploy 22 microservices from scratch in 30 mins with GitOps
Opsta205 vistas
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD por Sunnyvale
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale461 vistas
DevSecOps reference architectures 2018 por Sonatype
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype 10.1K vistas
Kubernetes Introduction por Martin Danielsson
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Martin Danielsson10.6K vistas
GitOps with ArgoCD por CloudOps2005
GitOps with ArgoCDGitOps with ArgoCD
GitOps with ArgoCD
CloudOps20053.3K vistas
Hexagonal Architecture por Marcelo Cure
Hexagonal ArchitectureHexagonal Architecture
Hexagonal Architecture
Marcelo Cure1.2K vistas
OpenShift 4 installation por Robert Bohne
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
Robert Bohne989 vistas
Artifactory Essentials Workshop on August 27, 2020 by JFrog por Cloud Study Network
Artifactory Essentials Workshop on August 27, 2020 by JFrogArtifactory Essentials Workshop on August 27, 2020 by JFrog
Artifactory Essentials Workshop on August 27, 2020 by JFrog
Cloud Study Network242 vistas
Azure DevOps CI/CD For Beginners por Rahul Nath
Azure DevOps CI/CD For BeginnersAzure DevOps CI/CD For Beginners
Azure DevOps CI/CD For Beginners
Rahul Nath465 vistas
Developer Experience (DX) as a Fitness Function for Platform Teams por Andy Marks
Developer Experience (DX) as a Fitness Function for Platform TeamsDeveloper Experience (DX) as a Fitness Function for Platform Teams
Developer Experience (DX) as a Fitness Function for Platform Teams
Andy Marks531 vistas
Free GitOps Workshop + Intro to Kubernetes & GitOps por Weaveworks
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks178 vistas
Terraform 101 por Pradeep Loganathan
Terraform 101Terraform 101
Terraform 101
Pradeep Loganathan2.1K vistas
Open shift 4 infra deep dive por Winton Winton
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton16.3K vistas
DevSecOps and the CI/CD Pipeline por James Wickett
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett4.4K vistas
DevOps vs. Site Reliability Engineering (SRE) in Age of Kubernetes por DevOps.com
DevOps vs. Site Reliability Engineering (SRE) in Age of KubernetesDevOps vs. Site Reliability Engineering (SRE) in Age of Kubernetes
DevOps vs. Site Reliability Engineering (SRE) in Age of Kubernetes
DevOps.com1K vistas
Building infrastructure as code using Terraform - DevOps Krakow por Anton Babenko
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
Anton Babenko1.8K vistas

Similar a KCD Italy 2022 - Application driven infrastructure with Crossplane

20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... por
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...sparkfabrik
8 vistas46 diapositivas
DevOps and BigData Analytics por
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics sbbabu
332 vistas46 diapositivas
Cloud Native Application Development por
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application DevelopmentSiva Rama Krishna Chunduru
1.1K vistas40 diapositivas
The DevOps paradigm - the evolution of IT professionals and opensource toolkit por
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitMarco Ferrigno
186 vistas24 diapositivas
The DevOps Paradigm por
The DevOps ParadigmThe DevOps Paradigm
The DevOps ParadigmNaLUG
210 vistas24 diapositivas
OCP Datacomm RedHat - Kubernetes Launch por
OCP Datacomm RedHat - Kubernetes LaunchOCP Datacomm RedHat - Kubernetes Launch
OCP Datacomm RedHat - Kubernetes LaunchPT Datacomm Diangraha
311 vistas14 diapositivas

Similar a KCD Italy 2022 - Application driven infrastructure with Crossplane(20)

20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... por sparkfabrik
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
sparkfabrik8 vistas
DevOps and BigData Analytics por sbbabu
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
sbbabu332 vistas
Cloud Native Application Development por Siva Rama Krishna Chunduru
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
Siva Rama Krishna Chunduru1.1K vistas
The DevOps paradigm - the evolution of IT professionals and opensource toolkit por Marco Ferrigno
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
Marco Ferrigno186 vistas
The DevOps Paradigm por NaLUG
The DevOps ParadigmThe DevOps Paradigm
The DevOps Paradigm
NaLUG210 vistas
OCP Datacomm RedHat - Kubernetes Launch por PT Datacomm Diangraha
OCP Datacomm RedHat - Kubernetes LaunchOCP Datacomm RedHat - Kubernetes Launch
OCP Datacomm RedHat - Kubernetes Launch
PT Datacomm Diangraha311 vistas
Which Application Modernization Pattern Is Right For You? por Apigee | Google Cloud
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud8K vistas
8 - OpenShift - A look at a container platform: what's in the box por Kangaroot
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
Kangaroot1.3K vistas
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup por cornelia davis
Pivotal Container Service (PKS) at SF Cloud Foundry MeetupPivotal Container Service (PKS) at SF Cloud Foundry Meetup
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
cornelia davis2.6K vistas
The Future of Cloud Innovation, featuring Adrian Cockcroft por Dun & Bradstreet Cloud Innovation Center
The Future of Cloud Innovation, featuring Adrian CockcroftThe Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian Cockcroft
Dun & Bradstreet Cloud Innovation Center1.6K vistas
Platform Engineering: Manage your infrastructure using Kubernetes and Crossplane por Ahmed AbouZaid
Platform Engineering: Manage your infrastructure using Kubernetes and CrossplanePlatform Engineering: Manage your infrastructure using Kubernetes and Crossplane
Platform Engineering: Manage your infrastructure using Kubernetes and Crossplane
Ahmed AbouZaid221 vistas
Optimizing the Ops in DevOps por Gordon Haff
Optimizing the Ops in DevOpsOptimizing the Ops in DevOps
Optimizing the Ops in DevOps
Gordon Haff1.1K vistas
Cloudify your applications: microservices and beyond por Ugo Landini
Cloudify your applications: microservices and beyondCloudify your applications: microservices and beyond
Cloudify your applications: microservices and beyond
Ugo Landini1.6K vistas
Fast, Secure Deployments with Docker on AWS por Amazon Web Services
Fast, Secure Deployments with Docker on AWSFast, Secure Deployments with Docker on AWS
Fast, Secure Deployments with Docker on AWS
Amazon Web Services2.5K vistas
Slide DevSecOps Microservices por Hendri Karisma
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma618 vistas
CNCF Introduction - Feb 2018 por Krishna-Kumar
CNCF Introduction - Feb 2018CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018
Krishna-Kumar 1.3K vistas
Jfokus Workshop: Code in the Cloud for the Cloud por Lauren Hayward Schaefer
Jfokus Workshop: Code in the Cloud for the CloudJfokus Workshop: Code in the Cloud for the Cloud
Jfokus Workshop: Code in the Cloud for the Cloud
Lauren Hayward Schaefer583 vistas
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri... por Srijan Technologies
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
Srijan Technologies548 vistas
The Evolution from Agile to DevOps por XMPlify Tech
The Evolution from Agile to DevOpsThe Evolution from Agile to DevOps
The Evolution from Agile to DevOps
XMPlify Tech50 vistas
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015) por Nedelcho Delchev
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)
Dirigible powered by Orion for Cloud Development (EclipseCon EU 2015)
Nedelcho Delchev888 vistas

Más de sparkfabrik

IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirt por
IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirtIAD 2023 - 22 Years of Agile and all I got is this lousy t-shirt
IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirtsparkfabrik
3 vistas61 diapositivas
2023 - Drupalcon - How Drupal builds your pages por
2023 - Drupalcon - How Drupal builds your pages2023 - Drupalcon - How Drupal builds your pages
2023 - Drupalcon - How Drupal builds your pagessparkfabrik
5 vistas54 diapositivas
2023 - TAC23 - Agile HR - Racconti dal fronte por
2023 - TAC23 - Agile HR - Racconti dal fronte2023 - TAC23 - Agile HR - Racconti dal fronte
2023 - TAC23 - Agile HR - Racconti dal frontesparkfabrik
8 vistas78 diapositivas
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl... por
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
29 vistas48 diapositivas
What is the Secure Supply Chain and the Current State of the PHP Ecosystem por
What is the Secure Supply Chain and the Current State of the PHP EcosystemWhat is the Secure Supply Chain and the Current State of the PHP Ecosystem
What is the Secure Supply Chain and the Current State of the PHP Ecosystemsparkfabrik
4 vistas44 diapositivas
UX e Web sostenibile (UXday 2023).pdf por
UX e Web sostenibile (UXday 2023).pdfUX e Web sostenibile (UXday 2023).pdf
UX e Web sostenibile (UXday 2023).pdfsparkfabrik
10 vistas24 diapositivas

Más de sparkfabrik(20)

IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirt por sparkfabrik
IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirtIAD 2023 - 22 Years of Agile and all I got is this lousy t-shirt
IAD 2023 - 22 Years of Agile and all I got is this lousy t-shirt
sparkfabrik3 vistas
2023 - Drupalcon - How Drupal builds your pages por sparkfabrik
2023 - Drupalcon - How Drupal builds your pages2023 - Drupalcon - How Drupal builds your pages
2023 - Drupalcon - How Drupal builds your pages
sparkfabrik5 vistas
2023 - TAC23 - Agile HR - Racconti dal fronte por sparkfabrik
2023 - TAC23 - Agile HR - Racconti dal fronte2023 - TAC23 - Agile HR - Racconti dal fronte
2023 - TAC23 - Agile HR - Racconti dal fronte
sparkfabrik8 vistas
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl... por sparkfabrik
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
sparkfabrik29 vistas
What is the Secure Supply Chain and the Current State of the PHP Ecosystem por sparkfabrik
What is the Secure Supply Chain and the Current State of the PHP EcosystemWhat is the Secure Supply Chain and the Current State of the PHP Ecosystem
What is the Secure Supply Chain and the Current State of the PHP Ecosystem
sparkfabrik4 vistas
UX e Web sostenibile (UXday 2023).pdf por sparkfabrik
UX e Web sostenibile (UXday 2023).pdfUX e Web sostenibile (UXday 2023).pdf
UX e Web sostenibile (UXday 2023).pdf
sparkfabrik10 vistas
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th... por sparkfabrik
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
sparkfabrik15 vistas
Deep dive nella supply chain della nostra infrastruttura cloud por sparkfabrik
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
sparkfabrik20 vistas
Come Drupal costruisce le tue pagine por sparkfabrik
Come Drupal costruisce le tue pagineCome Drupal costruisce le tue pagine
Come Drupal costruisce le tue pagine
sparkfabrik42 vistas
Drupal 10: un framework PHP di sviluppo Cloud Native moderno por sparkfabrik
Drupal 10: un framework PHP di sviluppo Cloud Native modernoDrupal 10: un framework PHP di sviluppo Cloud Native moderno
Drupal 10: un framework PHP di sviluppo Cloud Native moderno
sparkfabrik26 vistas
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022) por sparkfabrik
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
Do you know what your Drupal is doing Observe it! (DrupalCon Prague 2022)
sparkfabrik55 vistas
Do you know what your Drupal is doing_ Observe it! por sparkfabrik
Do you know what your Drupal is doing_ Observe it!Do you know what your Drupal is doing_ Observe it!
Do you know what your Drupal is doing_ Observe it!
sparkfabrik1K vistas
Progettare e sviluppare soluzioni serverless con AWS por sparkfabrik
Progettare e sviluppare soluzioni serverless con AWSProgettare e sviluppare soluzioni serverless con AWS
Progettare e sviluppare soluzioni serverless con AWS
sparkfabrik54 vistas
From React to React Native - Things I wish I knew when I started por sparkfabrik
From React to React Native - Things I wish I knew when I startedFrom React to React Native - Things I wish I knew when I started
From React to React Native - Things I wish I knew when I started
sparkfabrik143 vistas
Headless Drupal: A modern approach to (micro)services and APIs por sparkfabrik
Headless Drupal: A modern approach to (micro)services and APIsHeadless Drupal: A modern approach to (micro)services and APIs
Headless Drupal: A modern approach to (micro)services and APIs
sparkfabrik250 vistas
Cloud-Native Drupal: a survival guide por sparkfabrik
Cloud-Native Drupal: a survival guideCloud-Native Drupal: a survival guide
Cloud-Native Drupal: a survival guide
sparkfabrik119 vistas
Mobile Development: una introduzione per Web Developers por sparkfabrik
Mobile Development: una introduzione per Web DevelopersMobile Development: una introduzione per Web Developers
Mobile Development: una introduzione per Web Developers
sparkfabrik90 vistas
Retro gaming machine made with Javascript and Kubernetes por sparkfabrik
Retro gaming machine made with Javascript and Kubernetes Retro gaming machine made with Javascript and Kubernetes
Retro gaming machine made with Javascript and Kubernetes
sparkfabrik229 vistas
Gitops: the kubernetes way por sparkfabrik
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
sparkfabrik2.1K vistas
Applicazioni Serverless con AWS por sparkfabrik
Applicazioni Serverless con AWSApplicazioni Serverless con AWS
Applicazioni Serverless con AWS
sparkfabrik136 vistas

Último

TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... por
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
130 vistas29 diapositivas
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... por
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
69 vistas29 diapositivas
Network Source of Truth and Infrastructure as Code revisited por
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisitedNetwork Automation Forum
49 vistas45 diapositivas
"Surviving highload with Node.js", Andrii Shumada por
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada Fwdays
49 vistas29 diapositivas
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online por
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineShapeBlue
154 vistas19 diapositivas
Igniting Next Level Productivity with AI-Infused Data Integration Workflows por
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Safe Software
373 vistas86 diapositivas

Último(20)

TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... por TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc130 vistas
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... por ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue69 vistas
Network Source of Truth and Infrastructure as Code revisited por Network Automation Forum
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisited
Network Automation Forum49 vistas
"Surviving highload with Node.js", Andrii Shumada por Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays49 vistas
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online por ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue154 vistas
Igniting Next Level Productivity with AI-Infused Data Integration Workflows por Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software373 vistas
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... por ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue52 vistas
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... por ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue97 vistas
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda... por ShapeBlue
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
ShapeBlue93 vistas
Digital Personal Data Protection (DPDP) Practical Approach For CISOs por Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash103 vistas
Ransomware is Knocking your Door_Final.pdf por Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp81 vistas
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... por ShapeBlue
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
ShapeBlue120 vistas
State of the Union - Rohit Yadav - Apache CloudStack por ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue218 vistas
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue por ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue191 vistas
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ... por ShapeBlue
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
ShapeBlue121 vistas
The Power of Heat Decarbonisation Plans in the Built Environment por IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE67 vistas
Future of AR - Facebook Presentation por Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty54 vistas
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... por ShapeBlue
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
ShapeBlue105 vistas
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool por ShapeBlue
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPoolExtending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
ShapeBlue56 vistas
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O... por ShapeBlue
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
ShapeBlue59 vistas

KCD Italy 2022 - Application driven infrastructure with Crossplane

  • 2. IMAGE GOES OVER HERE Daniele Monti ● Platform Engineer @ SparkFabrik ● GitHub: https://github.com/Monska85 Twitter: @danielemonti Linkedin: https://www.linkedin.com/in/danielemonti1985/
  • 3. DEVOPS AND SHIFT LEFT PRINCIPLES
  • 4. “DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and to provide continuous delivery with high software quality.” https://www.dynatrace.com/news/blog/what-is-shift-left-and-what-is-shift-right/
  • 5. “The shift left approach consists in pushing the beginning of the quality related tasks at earlier stages of the software lifecycle. Shift left as a principle was created thinking about testing, but now it involves also other disciplines such as security and deployment.”
  • 6. Shift left Lifecycle SHIFT LEFT & CLOUD NATIVE Quality related tasks Software lifecycle ● This approach reduces risk since many issues are addressed long before the release ● Releases can be made more quickly and with better quality ● Earlier tests ensure most problems are caught much earlier, when they are easier to debug and fix (less problem detection, more problem prevention) ● More reliable estimations of effort and resources
  • 7. SHIFT LEFT & CLOUD NATIVE Security concepts must be introduced in the early stages, so the entire application development workflow will follow defined security standards. This prevents code rewritings close to the deployment and leaves only minor security fixes for the production checks. Shift left Security DevSecOps
  • 8. SHIFT LEFT & CLOUD NATIVE Shift left Costs This graph is based on the data taken from The Economic Impacts of Inadequate Infrastructure for Software Testing, National Institute of Standards and Technology (NIST) report. Read the entire document here.
  • 9. SHIFT LEFT & CLOUD NATIVE Shift right Complements to shift left Shift right is not the opposite of shift left It takes place in the production environment. The unexpected behaviour and the performance analysis will produce more value in the production environment. The continuous deployment of small changes and the monitoring of the system are the best practices used in this stage. The chaos engineering is the discipline of testing resilience of the system in the production environment.
  • 10. TO SUM UP: ● Shift left spreads the QA tests during the entire process ● Shift left is not only related to the software testing ● The automation of these tasks is mandatory ● Having less problem detection and more problem prevention has an high impact on the costs ● Shift right complements the shift left SHIFT LEFT & CLOUD NATIVE
  • 11. SHIFT LEFT & CLOUD NATIVE You build it, you run it. 2006 - Werner Vogels, CTO and vice president of Amazon
  • 12. SHIFT LEFT & CLOUD NATIVE Cloud native model Ops for Dev “Giving developers operational responsibilities has greatly enhanced the quality of the services, both from a customer and a technology point of view.” - A conversation with Werner Vogels The old model of throwing the artifact over the wall of confusion1 and then forgetting about it is no more suitable in the cloud native model. 1. The “Wall of Confusion” is a DevOps term popularized by Andrew Clay Schafer (AgileRoots 2009 ~17:00 mark) and Lee Thompson (Dev2Ops Interview). It refers to the phenomena where one group in a value stream approaches their job as complete when they’ve passed it onto the next group.
  • 13. INFRASTRUCTURE AS CODE & PLATFORM ENGINEERING
  • 14. Infrastructure as Code IaC & PLATFORM ENGINEERING ● Easier to read, maintain and distribute ● Consistent over time: each deployment has the same configuration ● Reusable code (modules) and cost efficient ● Automation (no human errors) ● Self documented ● Versioned
  • 15. Infrastructure as Code IaC & PLATFORM ENGINEERING GCP Deployment Manager AWS CloudFormation AZURE Resource Manager ...
  • 16. IaC Terraform Examples IaC & PLATFORM ENGINEERING
  • 17. IaC Terraform Examples IaC & PLATFORM ENGINEERING
  • 18. IaC & PLATFORM ENGINEERING Platform Engineering Cloud Services Organization Best practices Policies Security models Platform Dev team Dev team Dev team
  • 19. IaC & PLATFORM ENGINEERING The Platform The Platform offers a simple access to a complex set of resources The scope of The Platform is to expose a simply way (API) to obtain a piece of infrastructure or a service encapsulating all the organization rules.
  • 20. IaC & PLATFORM ENGINEERING The Platform Interaction modes There are only three ways in which teams should interact: ● Collaboration: working together for a defined period of time to discover new things (APIs, practices, technologies, etc.) ● X-as-a-Service: one team provides and one team consumes something “as a Service” ● Facilitation: one team helps and mentors another team The team interaction modes https://teamtopologies.com/key-concepts
  • 21. IaC & PLATFORM ENGINEERING The Platform API Development team needs: “Our new microservice needs a Postgresql database and an S3-like object storage bucket. The microservice will be deployed on K8S”
  • 22. IaC & PLATFORM ENGINEERING The Platform API K8S + Terraform
  • 23. IaC & PLATFORM ENGINEERING The Platform API K8S + Terraform 🚨 COGNITIVE LOAD ALERT 🚨 A new tool to learn for the development team. Hard to integrate with a K8S CI/CD pipeline.
  • 24. THE CLOUD NATIVE CONTROL PLANE FRAMEWORK
  • 27. CROSSPLANE Crossplane enables platform teams to assemble infrastructure from multiple vendors, and exposes higher level self-service APIs for application teams to consume, without having to write any code. Crossplane extends the Kubernetes cluster to support orchestrating any infrastructure or managed service. Crossplane is an incubating project in the CNCF landscape Crossplane CNCF Project
  • 28. CROSSPLANE Providers are Crossplane Packages that bundle a set of Managed Resources and their respective controllers to allow Crossplane to provision the respective infrastructure resources. Each Provider package has its own configuration type, the so colled ProviderConfig. This resource, for example, is used by the provider controller to get the API credentials. Providers are the core concept of Crossplane Crossplane Providers
  • 29. CROSSPLANE Managed resource is the Crossplane representation of a resource in an external system. Managed Resources are the building blocks of Crossplane. They are designed to be composed of higher level, opinionated Custom Resources that Crossplane calls Composite Resources or XRs. Managed resources are the mapping between K8S and the external services Crossplane Managed resources
  • 30. CROSSPLANE Anything with an API could be connected to a Kubernetes cluster where Crossplane is running, giving you a CRD representing each resource. This model allows Crossplane to manage infrastructure pieces or services (or whatever) using a specific provider for those resources. https://blog.crossplane.io/providers-101-ordering-pizza-with- kubernetes-and-crossplane/ this is an awesome example on how Crossplane could manage any API driven service. Crossplane is extensible, thanks to its provider model Crossplane Provider model
  • 32. CROSSPLANE The Platform API The Kubernetes way 🚨 COGNITIVE LOAD ALERT 🚨 There are a lot of moving parts and many things to configure, including some properties that should be opinionated by the platform.
  • 33. CROSSPLANE The composite resources are the way to create the high level API and to leverage Crossplane to create your opinionated platform. With a single YAML manifest, with a small amount of configuration, Crossplane will be able to create all the needed managed resources. Composite Resources are designed to build the platform with the opinionated concepts Crossplane Composite resources
  • 35. CROSSPLANE Crossplane uses X as shorthand for Crossplane and Composite. This choice was made to avoid the confusion between the kubernetes resources and the crossplane ones. Crossplane Terminology Custom Resource Definition (CRD) Custom Resource (CR) Composite Resource Definition (XRD) Composite Resource (XR)
  • 36. CROSSPLANE Composite Resource Definition (XRD) Composite Resource (XR) Define Composition Use Managed Resource Managed Resource Managed Resource Application Application team Platform team
  • 37. CROSSPLANE Crossplane K8S closed box Crossplane can write all the connection reference as secrets inside the cluster. This is really useful to keep all the data inside the cluster which could be used as a kubernetes secret in the workloads.
  • 38. CROSSPLANE Crossplane YAML for the win ● Consistency across resources ● Application and infrastructure are deployed at the same time ● Simple text file human and machine readable ● Versioned
  • 40. CROSSPLANE Crossplane Drawbacks ● The providers are still in development version (0.x.y in semver) ● Another tool to maintain ● Another set of modules (XRD and Composition) to maintain ● Balance between complexity and advantages ● Static YAML
  • 41. CROSSPLANE Crossplane Alternatives ● Pulumi ● Serverless Framework ● Terraform ● Rancher terraform controller
  • 42. TO SUM UP: ● Offer the dev teams simple APIs to create opinionated services ● Platform Engineers should package the organization model into the Platform ● Crossplane is a framework to develop a custom platform in the kubernetes way CROSSPLANE