1
Mario-Leander Reimer
mario-leander.reimer@qaware.de
@LeanderReimer
qaware.de
Photo by CHUTTERSNAP on Unsplash
K8s-native Infrastructure as Code:
einfach, deklarativ, produktiv

2
Mario-Leander Reimer
Principal Software Architect
@LeanderReimer
#cloudnativenerd #qaware
#gernperDude

What is your preferred
Infrastructure-as-code tool?
ⓘ Start presenting to display the poll results on this slide.

QAware | 4

So what's wrong with traditional
Infrastructure-as-code tools?

“Too much cognitive load will become a bottleneck for fast
flow and high productivity for many DevOps teams.”
QAware | 7
■ Intrinsic Cognitive Load
Relates to fundamental aspects and knowledge in the
problem space (e.g. used languages, APIs, frameworks)
■ Extraneous Cognitive Load
Relates to the environment (e.g. console
command, deployment, configuration)
■ Germane Cognitive Load
Relates to specific aspects of the business domain
(aka. „value added“ thinking)

The Platform team and engineers are a key enabler for high
productivity of stream-aligned DevOps teams.
QAware | 8
■ Responsible to build and operation a platform to
enable and support the teams in their day to day
development work.
■ The platform aims to hide the inherent complexity
to reduce the cognitive load for the other teams.
– Standardization
– Self-Service
■ Fully automated software delivery is the goal!
https://hennyportman.wordpress.com/2020/05/25/review-team-topologies/

Cloud-native
Application Engineering
Cloud-native
Platform Engineering
The 5 Layers of Cloud-native Software Engineering
QAware | 9
IaaS
Network, Compute, Storage
(VPC, EC2, NLB, ALB, ...)
CaaS
(Kubernetes Services)
PaaS
(Software Infrastructure Blueprints with Helm and
Continuous Delivery Toolchain)
Application-specific
Software Infrastructure
Cloud-friendly & cloud-native
Applications
Architect Build Run
Amazon SNS
AWS IAM
Amazon
EC2
Amazon EBS

The 5 Layers of Cloud-native Software Engineering
QAware | 10
IaaS
Network, Compute, Storage
(VPC, EC2, NLB, ALB, ...)
CaaS
(Kubernetes Services)
PaaS
(Software Infrastructure Blueprints with Helm and
Continuous Delivery Toolchain)
Application-specific
Software Infrastructure
Cloud-friendly & cloud-native
Applications
Architect Build Run
Amazon SNS
AWS IAM
Amazon
EC2
Amazon EBS
?

Why not model cloud infrastructure
as Kubernetes resources?

Custom Resource Definitions are user-defined, declarative
extensions of the Kubernetes API
QAware | 12
■ Abstraction of complex application constructs and concepts
■ Definition solely via CustomResourceDefinitions
■ Structure definition via OpenAPI v3.0 Validation Schema
■ Default Support for several API Features: CRUD, Watch, Discovery,
json-patch, merge-patch, Admission Webhooks, Metadata, RBAC, …
■ Versioning und Conversion supported via Webhooks

QAware | 13

QAware | 14
Operator.
- Do stuff with my CRDs.

Operators are codified Ops procedures!
QAware | 15
■ Operators are the path towards Zero-Ops. They enable
auto-updating, self-monitoring and self-healing infrastructure
and applications.
■ The concept was coined in the Kubernetes world. It’s now been
adopted and used widespread in the cloud native world.
■ Examples: OKD, Sealed Secrets, Kube Monkey, Weave Flux,
Crossplane, and many more …

Kubernetes Operators Explained
QAware | 16

Introducing the Operator SDK
QAware | 17

lreimer/aws-ecr-operator

QAware | 19
https://intl.startrek.com/sites/default/files/styles/amp_metadata_content_image_min_696px_wide/public/images/2020-05/memes_002.png
Are you serious?!

Conceptual Showcase Architecture
QAware | 20
Provision
GitOps
Cluster API
AWS Controllers
for Kubernetes

qaware/k8s-native-iac

Manage AWS services using the Amazon Controllers for
Kubernetes (ACK)
QAware | 22
■ Define and use AWS service resources directly from Kubernetes. No need to define
resources outside the cluster using traditional IaC tools.
■ Each ACK service controller is packaged into a separate container image and Helm chart
■ Uses IAM Roles for Service Accounts (IRSA) to automate the provisioning and rotation of
temporary IAM credentials
■ Currently 20 different controllers with RELEASED status available, however, most of these
are still in PREVIEW maintenance phase
■ https://aws-controllers-k8s.github.io/community/

Crossplane in a Nutshell
QAware | 23
■ Open Source Kubernetes Add-on. Universal Control Plane for Cloud Infrastructure.
■ Cloud Infrastructure Services can be defined declaratively by application teams
■ Platform teams can provide relevant cloud infrastructure services via high level
self-services APIs
■ Individual Provider bundle a set of Managed Resources with their controllers. All major
cloud providers are supported, e.g. AWS, GCP, Azure, Alibaba, …
■ Managed Resources are fine granular representations of external cloud resources
■ Composite Resource Definitions or XRDs enable the definition and creation of new
abstractions for composite managed resources
■ https://crossplane.io

Kubernetes Cluster API
QAware | 24
■ Official Kubernetes sub-project
■ Declarative APIs and tooling to
provision, upgrade, and operate
multiple Kubernetes clusters
■ Work in different environments, both
on-premises and in the cloud
■ Reuse and integrate existing ecosystem
components rather than duplicating

Cloud Engineering for Everyone. Modern Infrastructure as Code for
Developers and SREs.
QAware | 25
■ Tame overall complexity. One consistent approach to cloud engineering for
Docker, many cloud providers and Kubernetes.
■ No breach between application development and DevOps engineering.
■ Rich programmable cloud interfaces with abstractions and reusable packages.
■ Apply engineering practices to infrastructure code: automation, modularity,
testing, and Continuous Integration / Delivery
■ No intermediary formats. Direct usage of provided APIs.
■ Several converters available: arm2pulumi, crd2pulumi, kube2pulumi, tf2pulumi
■ Plenty of documentation and example resources available
■ Pulumi Operator enables users to create Stacks as a first-class API resource

qaware.de
QAware GmbH
Aschauer Straße 32
81549 München
Tel. +49 89 232315-0
info@qaware.de
twitter.com/qaware
linkedin.com/company/qaware-gmbh
xing.com/companies/qawaregmbh
slideshare.net/qaware
github.com/qaware