diff --git a/content/day-2/08_airgapped-cp.md b/content/day-2/08_airgapped-cp.md new file mode 100644 index 0000000..5ce07cc --- /dev/null +++ b/content/day-2/08_airgapped-cp.md @@ -0,0 +1,109 @@ +--- +title: Building air-gapped control planes for a global pharma leader using crossplane and argo +weight: 8 +tags: + - rejekts + - crossplae +--- + + + +Joint effort of norvo-nordik and upbound. + +## Background + +- Ymir Platform: Foundational abstraction platform +- Goal: Faster time to market +- Usage in pharma: end-2-end compliance +- Airgap: Use gitopt and prevent human interaction with the control planes + +## Setup + +- Decision for crossplane was obvious +- Problem: Chicken and egg "we provision clusters via crossplane but crossplane needs a cluster" +- GitOps: Everything as code with automatic tests and argo +- Infra: Azure + +### Public AKS + +```mermaid +graph LR + subgraph MC + ProviderAzure + ProviderKubernetes + end + ProviderAzure-->|Calls APU|AKS + AKS-->|Provisions|Kubernetescluster + ProviderKubernetes-->|Deploys service on|Kubernetescluster +``` + +### Bastion Bootstrap + +- Options: Terraform/Opentofu +- Goal: Crossplane all the things +- Solution: Run Crossplane in a github action + 1. Kind Cluster + 2. Install Crossplane + 3. Propagete Credentials + 4. Create Cluster +- Tooling: Uptest - E2E Test automation Framework, can be used for bootstrapping since it creates kind cluster with crossplane + +```mermaid +graph LR + subgraph GitHubRunner + Kubernetes + Crossplane + end + subgraph Azure + BastionVM + end + Crossplane-->|Create|BastionVM +``` + +### Next steps + +- Problem: How to access bastion +- Solution: Auto-register bastion as github runner +- Create Bastion-Cluster via Uptest + +```mermaid +graph LR + subgraph Azure + subgraph BastionVM + GitHubRunner + Kubernetes + Crossplane + end + subgraph BastionCluster + Kubernetes + Argo + CrossPlane + end + end + Crossplane-->|Create|BastionCluster +``` + +TODO: Steal image from slides + +## Challenges + +- Argo sync waves: + - Problem: Argo does not support eventual consistency + - Example: Install a ProviderConfig before your Provider and sync fails without retry + - Order stuff very carefully +- Delivering updates to private clusters + - Difference between public and private: It's the same package + - Upgrades/Downgrades: Change the package (Crossplane) and cluster (CRD) +- Testing: + - Static: Multiple stages and each stage has it's own bootstrap env that can be set to any branch + - Ephemeral: Uptest + +TODO: Steal images from slides + + +## Wrap-up + +- Cloud native air-gapped ✅ +- GitOps ✅ +- Crossplane, no terraform ✅ +- Extensible, reusable, API-first ✅ \ No newline at end of file diff --git a/content/day-2/_index.md b/content/day-2/_index.md index db25d83..727eab8 100644 --- a/content/day-2/_index.md +++ b/content/day-2/_index.md @@ -12,5 +12,10 @@ This is the first day of Cloud Native Rejekts and the first time of me attending - How to hire, manage and develop engineers: [Tech is broken and AI won't fix it](../05_broken-tech) - What if my homelab is an african island: [Geographically Distributed Clusters: Resilient Distributed Compute on the Edge](../06_geo-distributed-clusters) +- Bootstrap and CI/CD with crossplane: [Building air-gapped control planes for a global pharma leader using crossplane and argo](../08_airgapped-cp) - Handling large number of clusters: [CRD Data Architecture for Multi-Cluster Kubernetes](../04_multicluster-crd) -- Handling large scale migrations: [The Cluster API Migration Retrospective: Live migrating hundreds of clusters to Cluster API](../02_clusterapi) \ No newline at end of file +- Handling large scale migrations: [The Cluster API Migration Retrospective: Live migrating hundreds of clusters to Cluster API](../02_clusterapi) + +## Other stuff I learned or people i talk to + +- Throughout the lunch break I talked to a nice guy who heared my government question during the [Tech is broken and AI won't fix it](../05_broken-tech)-Talk, we talked \ No newline at end of file