diff --git a/content/day-1/_index.md b/content/day-1/_index.md index bd08efe..9e09777 100644 --- a/content/day-1/_index.md +++ b/content/day-1/_index.md @@ -4,6 +4,11 @@ title: Day -1 weight: 3 --- -This year there was only one day of Cloud Nativ Rejekts. So this was a down day. Well if your define finishing two talks downtime. But certainly no conference today. +This year there was only one day of Cloud Nativ Rejekts. So this was a down day. +Well if your define finishing two talks as downtime. But certainly no conference today. + +Last year Rejekts happend on sunday and monday with the Co-Located events on tuesday and KubeCon from wednesday to friday. +It was very cool having two full days of Rejekts last year but the day of preparation is certainly appreciated. Also this is the day that most my friends (that are attending KubeCon) arrived. +No one from back home attendes Rejekts but as mentioned in yesterday's notes I met some awesome people I get to see every year at these events alonside some new - but nevertheless cool - humans- diff --git a/content/day-2/10_kcpcrossplane.md b/content/day-2/10_kcpcrossplane.md new file mode 100644 index 0000000..466c25f --- /dev/null +++ b/content/day-2/10_kcpcrossplane.md @@ -0,0 +1,79 @@ +--- +title: "Achiving Platform Engineering Multi-Tenancy with kcp and Crossplane" +weight: 2 +tags: + - rejekts + - kcp + - crossplane + - kubermatic + - upbound +--- + + + +{{% button href="https://github.com/SimonTheLeg/crossplane-and-kcp-demo" style="info" icon="code" %}}Code/Demo{{% /button %}} + +An introductory talk to kcp and crossplanes by the companies maintaining both of them. + +## The basics + +- A platform should me automated and self-service driven to count as platform engineering +- Provider teams: Certificates, databases, ... +- Consumer teams: Want to use a provided Service +- IDP: Sits in the middle -> The real hard part + +## KCP + +- Idea: Why not use Kubernetes as our API-Layer? It tracks API ownership, versioning and resource managment and has built-in extensibility (CRD) +- Problems: + - APIs are always cluster-scoped (you advertise them to everyone) -> You could give everyone a cluster + - Ramping up a new cluster takes time and resources -> Let's just create a lightweight hosted control plane with it's own datastore + - Sharing APIs to multiple clusters is hard -> Leightweight control planes with a shared datastore +- Solution: Workspaces that are organized in a tree and each workspace contains it's own CRDs and RBAC -> All resources (e.g. namespaces) exist just in their own workspace +- API-Sharing; APIExport CRD and APIBinding CRD (reference via the workspace path of the APIExport) +- Running the operators that work on the APIs: Virtual Workspaces (virtually connects your operator to all of their resources across kcp via a magic kubeconfig) -> Controller needs to be built with multicluster-runtime (drop in replacement for controler runtime) +- KCP API-Syncagent allows you to use a existing operator without modifying it for use with multicluster-runtime + +```mermaid +graph + KCP + Datastore + User + subgraph Workspace + APIs[API/CRD] + RBAC + end + KCP-->|interact with|Datastore + User-->|Create tenant|KCP + KCP-->|Manages|Workspace + KCP-->|Return kubeconfig|User + User-->|Uses KCP like the apiserver|KCP +``` + +## Crossplane + +- Providers for all kunds of resources (kubernetes or infra/cloud) +- Compositions for higher level abstractions accross one or multiple providers +- Uses the Kubernetes API (aka CRDs) as it's api to enable integration with standardized tooling (like GitOps) + +```yaml +apiVersion: ... +kind: CompositeResourceDefinition +spec: + compositetyperef: + group: my.exdample/v1aplha1 + kind: Test + mode: pipeline + pipeline: + - ... +``` + +## The demo + +I recommend watching the recording but thul shall serve as a overview of the scenario. +Or run it locally (code linked above). + +- User whants to order a new database in their workspace a +- Database team offers their API through their database workspace +- Database team runs their operator in their own cluster +- kcp api-syncagent swyncs the database crd from workspace a into the db team's cluster and the connection-secrets back to the workspace \ No newline at end of file diff --git a/content/day-2/_index.md b/content/day-2/_index.md index 954fd40..ba1a338 100644 --- a/content/day-2/_index.md +++ b/content/day-2/_index.md @@ -19,6 +19,7 @@ I have to admit that I'm very bad with names and don't always regocnize people b - If you're building operators: [Solving Operator Extensibility: A gRPC Plugin Framework for kubernetes](./04_operator-estensibility) - [Intro to both chaos engineering and building operators that interact with containerd in rust](./07-chaosengineering) - The idea behind [The self-improving platform: Closing the Loop Between Telemetry and Tuning](./05_selvimproving) is very interesting but the first half of the talk is kinda confusing as it discusses a study that could have been shortened drasticly. But the way they automaticly create PRs for resource utilizations is cool +- [A good introduction to kcp and crossplane](./10_kcpcrossplane) ## Other stuff I learned or people i talk to @@ -27,4 +28,6 @@ I have to admit that I'm very bad with names and don't always regocnize people b - Arik and Simon about the review process for conference talks - Nico - Stephan -- A nice guy who's name i forgot (did i mention that I'm bad with names yet?) about the process of bleaching/dyeing my hair (he asked for a friend) \ No newline at end of file +- A nice guy who's name i forgot (did i mention that I'm bad with names yet?) about the process of bleaching/dyeing my hair (he asked for a friend) +- A group of random people in the elevator about Neon Genisis Evangelion (not a tech-topic but hey) +- And a bunch of smalltalk and deeptalk with the awesome attendees \ No newline at end of file