SlideShare a Scribd company logo

Kubermatic.pdf

L
LibbySchulze

This document summarizes a webinar about spinning up Kubernetes infrastructure in a GitOps way. It introduces Kubermatic and their start.kubermatic project, which provides a wizard to easily bootstrap infrastructure on cloud providers and install Kubermatic Kubernetes Platform (KKP) using GitOps. The webinar demonstrates how tools like Terraform, KubeOne, Helm, Flux, and SOPS are used to automate the provisioning and management of the Kubernetes cluster and KKP configuration. It also discusses security aspects and provides a live demo.

Related slideshows

Pivotal Container Service : la nuova soluzione per gestire Kubernetes in azienda
Pivotal Container Service : la nuova soluzione per gestire Kubernetes in aziendaPivotal Container Service : la nuova soluzione per gestire Kubernetes in azienda
Pivotal Container Service : la nuova soluzione per gestire Kubernetes in azienda
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetes
 
Project Gardener - EclipseCon Europe - 2018-10-23
Project Gardener - EclipseCon Europe - 2018-10-23Project Gardener - EclipseCon Europe - 2018-10-23
Project Gardener - EclipseCon Europe - 2018-10-23
 
1 of 40
Download to read offline
Spin Up your Kubernetes Infrastructure the GitOps Way Michal Vančo CNCF Webinar &
Michal Vančo K8S Cloud Architect, Consultant @michalvanco michal@kubermatic.com Who Am I? • Living in Czech Republic, Brno • Consultant & K8S cloud architect in PS team @Kubermatic • Helping customers with their cloud native journeys • Full-stack engineer with focus on automation, delivery and QA • 14 years experience in Software Engineering Before ... • Full-stack engineer / architect / manager @GoodData • JBoss Middleware projects @Red Hat michal-vanco
This Webinar Will Be About... ● Brief Kubermatic introduction ● start.kubermatic project preview ● Motivations and usage of CNCF tools ● GitOps and declarative management on all levels ● Security aspects ● Live Demo
Kubermatic, the Leading Kubernetes Experts ● Creator of KubeOne & Kubermatic Kubernetes Platform, Enterprise Software Platform, widely deployed in EU ● The top Kubernetes employer in Europe ● #6 top committer to the Kubernetes Project for over 3 years ● Employs the #1 and #2 top contributors to Kubernetes Dashboard for over 3 years Our Team 90+ employees Located All across the globe Conway's law in Action Designing a highly distributed product as a highly distributed company
Our Vision: Power Through Automation Building the world’s most adaptable and autonomous service operations platform. free up resources save time improve your systems keep up with new tech
Our Portfolio Automate operations of a single Kubernetes cluster on your chosen cloud, on-prem, or edge environment. Automate multi cloud, on-prem, and edge operations with a single management UI enabling you to deliver the cloud native transformation immediately. The operator of operators. Centrally manage all your services and applications across multiple clusters, clouds and regions with Kubernetes native API and tooling.
Automate operations of a single Kubernetes cluster on your chosen cloud, on-prem, or edge environment. KubeOne
AZ 3 AZ 2 AZ 1 Subnet 1 Users Control Plane 1 Host Worker Node Subnet 2 Control Plane 2 Host Worker Node Subnet 3 Control Plane 3 Host Worker Node Load Balancer VPC
Automate multi-cloud, on-prem, and edge operations with a single management UI enabling you to deliver the cloud native transformation immediately. Kubermatic Kubernetes Platform
Multi Cluster Management For cluster lifecycle, deployments, configuration, policies, observability, maintenance Includes the Master Components for Configuration Highly Available Kubernetes Cluster Scales User Cluster Master Components Delivers additional logic and features API Controller Scheduler etcd Seed Cluster Seed Cluster Seed Cluster Seed Cluster User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker API Controller Scheduler etcd
start.kubermatic
Kubermatic.pdf
1 Git Provider 2 Cloud Provider 3 Cluster 4 KKP 5 KKP Bootstrap Config 6 Summary Specify details of your master cluster and provider Specify details of your KKP configuration Specify details of your initial KKP configuration, initial datacenter and details of your provider Download the preconfigured bundle + Web wizard that guides you through the categorized steps.
Example structure of downloaded archive.
How Do I Deliver? ● Combination of automatic pipeline + GitOps tool (Flux v2) ● Setup Git repo and git push ● Alternatively follow the README-local steps
Main Motivations User-friendly wizard, detailed documentation, ready for any customizations Quick and Easy to Bootstrap GitHub Workflow / GitLab CI/CD for master cluster preparation, GitOps for KKP and other k8s resources Fully Automated Sensitive values safely stored in Git, Mozilla SOPS for encryption / decryption Secure Ready to be customized, scaled and managed in sustainable way!
Kubermatic.pdf
Used CNCF tools
What Are the Steps Under the Hood?
+ Cloud resources are created by Terraform and output is used by KubeOne.
KubeOne Master Cluster K8s Master K8s Master K8s Master Worker Worker Worker Load balancer HA Kubernetes cluster is provisioned by KubeOne, workers are managed by the machine-controller.
Master Cluster addons (sc, autoscaler, ..) Empty Kubernetes cluster with various KubeOne addons.
KKP installer is used for orchestration of installation steps (set of checks, helm charts installation, etc.).
Master Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI oauth (dex) These namespaces were created by KKP installer on k8s cluster (core components for KKP).
Master Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI oauth (dex) kkp.endpoint.xyz (DNS) DNS records are registered – that enables provisioning of certificates and access to KKP dashboard.
Master Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI flux-system oauth (dex) kkp.endpoint.xyz (DNS) GitOps tool (Flux v2) is bootstrapped on k8s cluster.
Master / Seed Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI flux-system monitoring logging minio iap oauth (dex) Seed Project User (admin) SOPS kustomization KKP Settings kkp.endpoint.xyz (DNS) GitOps managed resources are now delivered (various KKP resources, set of helm charts - MLA, minio, IAP).
Master / Seed Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI flux-system monitoring logging minio iap oauth (dex) Seed Project User (admin) Preset KKP Cluster Template SOPS kustomization KKP Settings kkp.endpoint.xyz (DNS) Additional kustomization delivered other resources while applying decryption with SOPS directly.
GitOps Way on All Levels
Declarative, declarative... Want more? ● User Cluster templates ● Addons, OPA policies ● Other KKP resources ● User Clusters (to be supported in future KKP release) ● Flux2 KKP Addon for User clusters (flux/clusters/xyz/…) ● ArgoCD KKP Addon is also available $ flux bootstrap gitlab --owner=${CI_PROJECT_NAMESPACE} --repository=${CI_PROJECT_NAME} --branch=main --personal=true --path=flux/clusters/master --commit-message-appendix='[ci skip]'
Programmatic API Access $ curl -o gce-gitlab-<customer>.zip -X POST -H "Content-Type: application/json" --data-binary @req-gce.json https://start.kubermatic.com/api/generate # file: req-gce.json { "gitProvider": "github", "cloudProvider": "gce", "kubernetesSpec": { "clusterName": "kkp-demo-gce", "masterVersion": "v1.22.2", "containerRuntime": "containerd", "cloudProvider": { "gce": { "region": "europe-west3" } } }, "kkpSpec": { "version": "v2.19.2", "endpoint": "kkp-gce.lab.kubermatic.io", "seed": { "datacenterName": "gce-europe", "datacenterSpec": { "gce": { "region": "europe-west3" } } }, "preset": { "gce": { "serviceAccount": "xxx" } }, … } * OpenAPI definition to be exposed
Security
Usage of Mozilla SOPS + AGE
# file: secrets.md
Only Pipeline and K8s Is Able to Decrypt Values
Demo Time
Try It Yourself! start.kubermatic.com VISIT NOW
We Want to Hear from You! kubermatic-community.slack.com #start-kubermatic kubermatic.com/contact-us
Team Michal Vančo Project Lead Marcin Maciaszczyk UI Developer Marko Mudrinić Developer Sebastian Florek UI Developer Sascha Haase Product Manager Weronika Franczyk Designer Chiara Schieder Designer
Thank You for Your Attention! And Enjoy Your GitOps Journey :) Email: michal@kubermatic.com Project: start.kubermatic.com Demo repo (GitLab+GCP): gitlab.com/michal.vanco/start-kkp-webinar-demo Demo repo (GitHub+AWS): github.com/michalvanco/start-kkp-aws Documentation: docs.kubermatic.com/kubermatic/master/installation/start_kkp

More Related Content

Kubermatic.pdf

  • 1. Spin Up your Kubernetes Infrastructure the GitOps Way Michal Vančo CNCF Webinar &
  • 2. Michal Vančo K8S Cloud Architect, Consultant @michalvanco michal@kubermatic.com Who Am I? • Living in Czech Republic, Brno • Consultant & K8S cloud architect in PS team @Kubermatic • Helping customers with their cloud native journeys • Full-stack engineer with focus on automation, delivery and QA • 14 years experience in Software Engineering Before ... • Full-stack engineer / architect / manager @GoodData • JBoss Middleware projects @Red Hat michal-vanco
  • 3. This Webinar Will Be About... ● Brief Kubermatic introduction ● start.kubermatic project preview ● Motivations and usage of CNCF tools ● GitOps and declarative management on all levels ● Security aspects ● Live Demo
  • 4. Kubermatic, the Leading Kubernetes Experts ● Creator of KubeOne & Kubermatic Kubernetes Platform, Enterprise Software Platform, widely deployed in EU ● The top Kubernetes employer in Europe ● #6 top committer to the Kubernetes Project for over 3 years ● Employs the #1 and #2 top contributors to Kubernetes Dashboard for over 3 years Our Team 90+ employees Located All across the globe Conway's law in Action Designing a highly distributed product as a highly distributed company
  • 5. Our Vision: Power Through Automation Building the world’s most adaptable and autonomous service operations platform. free up resources save time improve your systems keep up with new tech
  • 6. Our Portfolio Automate operations of a single Kubernetes cluster on your chosen cloud, on-prem, or edge environment. Automate multi cloud, on-prem, and edge operations with a single management UI enabling you to deliver the cloud native transformation immediately. The operator of operators. Centrally manage all your services and applications across multiple clusters, clouds and regions with Kubernetes native API and tooling.
  • 7. Automate operations of a single Kubernetes cluster on your chosen cloud, on-prem, or edge environment. KubeOne
  • 8. AZ 3 AZ 2 AZ 1 Subnet 1 Users Control Plane 1 Host Worker Node Subnet 2 Control Plane 2 Host Worker Node Subnet 3 Control Plane 3 Host Worker Node Load Balancer VPC
  • 9. Automate multi-cloud, on-prem, and edge operations with a single management UI enabling you to deliver the cloud native transformation immediately. Kubermatic Kubernetes Platform
  • 10. Multi Cluster Management For cluster lifecycle, deployments, configuration, policies, observability, maintenance Includes the Master Components for Configuration Highly Available Kubernetes Cluster Scales User Cluster Master Components Delivers additional logic and features API Controller Scheduler etcd Seed Cluster Seed Cluster Seed Cluster Seed Cluster User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker User k8s Worker API Controller Scheduler etcd
  • 13. 1 Git Provider 2 Cloud Provider 3 Cluster 4 KKP 5 KKP Bootstrap Config 6 Summary Specify details of your master cluster and provider Specify details of your KKP configuration Specify details of your initial KKP configuration, initial datacenter and details of your provider Download the preconfigured bundle + Web wizard that guides you through the categorized steps.
  • 14. Example structure of downloaded archive.
  • 15. How Do I Deliver? ● Combination of automatic pipeline + GitOps tool (Flux v2) ● Setup Git repo and git push ● Alternatively follow the README-local steps
  • 16. Main Motivations User-friendly wizard, detailed documentation, ready for any customizations Quick and Easy to Bootstrap GitHub Workflow / GitLab CI/CD for master cluster preparation, GitOps for KKP and other k8s resources Fully Automated Sensitive values safely stored in Git, Mozilla SOPS for encryption / decryption Secure Ready to be customized, scaled and managed in sustainable way!
  • 19. What Are the Steps Under the Hood?
  • 20. + Cloud resources are created by Terraform and output is used by KubeOne.
  • 21. KubeOne Master Cluster K8s Master K8s Master K8s Master Worker Worker Worker Load balancer HA Kubernetes cluster is provisioned by KubeOne, workers are managed by the machine-controller.
  • 22. Master Cluster addons (sc, autoscaler, ..) Empty Kubernetes cluster with various KubeOne addons.
  • 23. KKP installer is used for orchestration of installation steps (set of checks, helm charts installation, etc.).
  • 24. Master Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI oauth (dex) These namespaces were created by KKP installer on k8s cluster (core components for KKP).
  • 25. Master Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI oauth (dex) kkp.endpoint.xyz (DNS) DNS records are registered – that enables provisioning of certificates and access to KKP dashboard.
  • 26. Master Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI flux-system oauth (dex) kkp.endpoint.xyz (DNS) GitOps tool (Flux v2) is bootstrapped on k8s cluster.
  • 27. Master / Seed Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI flux-system monitoring logging minio iap oauth (dex) Seed Project User (admin) SOPS kustomization KKP Settings kkp.endpoint.xyz (DNS) GitOps managed resources are now delivered (various KKP resources, set of helm charts - MLA, minio, IAP).
  • 28. Master / Seed Cluster addons (sc, autoscaler, ..) nginx-ingress cert-manager API Operator UI flux-system monitoring logging minio iap oauth (dex) Seed Project User (admin) Preset KKP Cluster Template SOPS kustomization KKP Settings kkp.endpoint.xyz (DNS) Additional kustomization delivered other resources while applying decryption with SOPS directly.
  • 29. GitOps Way on All Levels
  • 30. Declarative, declarative... Want more? ● User Cluster templates ● Addons, OPA policies ● Other KKP resources ● User Clusters (to be supported in future KKP release) ● Flux2 KKP Addon for User clusters (flux/clusters/xyz/…) ● ArgoCD KKP Addon is also available $ flux bootstrap gitlab --owner=${CI_PROJECT_NAMESPACE} --repository=${CI_PROJECT_NAME} --branch=main --personal=true --path=flux/clusters/master --commit-message-appendix='[ci skip]'
  • 31. Programmatic API Access $ curl -o gce-gitlab-<customer>.zip -X POST -H "Content-Type: application/json" --data-binary @req-gce.json https://start.kubermatic.com/api/generate # file: req-gce.json { "gitProvider": "github", "cloudProvider": "gce", "kubernetesSpec": { "clusterName": "kkp-demo-gce", "masterVersion": "v1.22.2", "containerRuntime": "containerd", "cloudProvider": { "gce": { "region": "europe-west3" } } }, "kkpSpec": { "version": "v2.19.2", "endpoint": "kkp-gce.lab.kubermatic.io", "seed": { "datacenterName": "gce-europe", "datacenterSpec": { "gce": { "region": "europe-west3" } } }, "preset": { "gce": { "serviceAccount": "xxx" } }, … } * OpenAPI definition to be exposed
  • 33. Usage of Mozilla SOPS + AGE
  • 35. Only Pipeline and K8s Is Able to Decrypt Values
  • 38. We Want to Hear from You! kubermatic-community.slack.com #start-kubermatic kubermatic.com/contact-us
  • 39. Team Michal Vančo Project Lead Marcin Maciaszczyk UI Developer Marko Mudrinić Developer Sebastian Florek UI Developer Sascha Haase Product Manager Weronika Franczyk Designer Chiara Schieder Designer
  • 40. Thank You for Your Attention! And Enjoy Your GitOps Journey :) Email: michal@kubermatic.com Project: start.kubermatic.com Demo repo (GitLab+GCP): gitlab.com/michal.vanco/start-kkp-webinar-demo Demo repo (GitHub+AWS): github.com/michalvanco/start-kkp-aws Documentation: docs.kubermatic.com/kubermatic/master/installation/start_kkp