1) The presentation introduced Brice Fernandes and Sebastian Bernheim from Weaveworks and discussed their roles as customer reliability engineers. 2) It provided an overview of Weaveworks' approach to enabling GitOps across the Kubernetes landscape through open source projects and consulting services. 3) Key SRE practices like embracing risk, establishing service level objectives, automating processes, and implementing deliberate release engineering were shown to be well-aligned with a GitOps model for Kubernetes management.

1. Taking Kubernetes
SRE-iously with
1
Weaveworks – https://weave.works – @weaveworks

2. Webinar Platform - FAQs
Using Zoom
Questions?
• You are in listen only mode
• Q&A session will follow the presentation, please use the Q&A panel to
submit questions
• Hit escape to exit full screen
Technical Issues - please visit Zoom Help
https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions

3. Introduction
3

4. Meet the team
4

5. Brice Fernandes
London, United Kingdom
Brice fell in love with programming while studying physics and
never really looked back. He has a broad technology background
that covers everything from embedded C to backendless browser
apps using the trendiest javascript frameworks. He taught Game
Development and Functional Programming online and founded his
own education platform for developers before joining
Weaveworks. He now spends his professional time helping
companies make the most of Kubernetes and understand GitOps.
Weaveworks
Customer
Reliability
Engineer
5
linkedin.com/in/brice-fernandes
twitter.com/fractallambda
github.com/bricef
fractallambda.com

6. Weaveworks
Customer
Reliability
Engineer
6
Sebastian Bernheim
New York, USA
Sebastian works closely with developers and systems engineers
to implement Kubernetes infrastructure management, application
deployment, and DevOps solutions that integrate gracefully with
enterprise systems. He was also a Solutions Engineer at Galactic
Fog, deploying the Gestalt platform’s CaaS and FaaS engines to
help clients empower internal development teams and increase
innovation velocity. He has worked in FinTech over the past two
decades as a software developer, architect, and DevOps
advocate.
github.com/sbernheim
twitter.com/fredomtocode

7. About Weaveworks
7

8. Weaveworks ❤ GitOps
Open
Source
Services
Weave
Kubernetes
Platform
Weaveworks enabling GitOps across the Kubernetes landscape
• Key open source projects:
flux, flagger, eksctl
• Top 10 contributor to
CNCF
• GitOps thought leadership
• Design, consulting and
delivery of K8s
• GitOps & Kubernetes
training and quickstart
• Helping teams optimise
their platform
• Manage 100’s of clusters
with GitOps
• Cloud and on-premise
• Repeatability, flexibility
and situational awareness
8

9. Educate Enable Platform Applications
Weaveworks Consulting, Training and CRE Service
• Guided technology choices
• Cloud native reference
architecture designs
• Cloud native technology
options and selection
Weave Kubernetes Platform
• Infrastructure of your choice:
public cloud and on premise
• Configuration management
for the whole platform
• Integrated security
• 24/7 Support
DevOps
• Automation, management
and Continuous Delivery
• Prometheus monitoring
and alerting
• Training for cluster
operators, application
operators and developers
• Delivery of POCs and
experimental environments
Accelerating the path to Cloud Native
9
GET STARTED FAST DESIGN AND BUILD
DELIVER A PRODUCTION
READY K8S PLATFORM
ENABLE AN AGILE
DELIVERY MODEL
1 2 3 4

10. SRE Best Practices
10

11. SRE Roles and practices
11

12. What’s an SRE anyway?
12

13. What’s an SRE anyway?
13

14. What’s an SRE anyway?
14
Technical role
Operation focused
Apply engineering principles to operations problems

15. 1. Embrace Risk
2. Service Level Objectives
3. Eliminate Toil
4. Monitor and observe
5. Automate
6. Deliberate Release Engineering
7. Simplicity
SRE Core principles
15

16. 1. Embrace Risk
2. Service Level Objectives
3. Eliminate Toil
4. Monitor and observe
5. Automate
6. Deliberate Release Engineering
7. Simplicity
SRE Core principles
16
Continuous
improvement

17. Some SRE core practices
● Playbook
● Practical Alerting
● The on-call rota
● Incident response
● Postmortem
● Canary releases
● Graceful failure handling
17

18. Pragmatic pessimism
18

19. Murphy’s law
Anything that can go wrong will go wrong
Brice’s Law
Time between individual failures approaches 0 as the number of
components and relations increases. This is irrespective of the
reliability of your components.
Basically, something’s always broken somewhere.
19

20. 20
��
��
��
��
��
��

21. SRE practices are needed to
deal with the new normal
21

22. SRE and GitOps
22

23. Confidential do not distribute
The entire
system is
described
declaratively
The canonical
desired system
state is
versioned in git
Software agents
ensure
correctness and
perform actions
on divergence in
a closed loop
The Principles of GitOps
Approved
changes can be
automatically
applied
to the system

24. 24
GitOps SRE

25. 1. Embrace Risk
2. Service Level Objectives
3. Eliminate Toil
4. Monitor and observe
5. Automate
6. Deliberate Release Engineering
7. Simplicity
GitOps and SRE practices
25

26. 26
Kubernetes operator (Flux, Open Source)
Multiple clusters (staging and prod)
CD into staging
Promotion from staging to prod
Kubernetes
Automated diff tools
(*diff operators, Open Source)
Dashboard definitions in Git
(Grafanalib, Open Source)
Alert definitions in git
Read-only access to production
for all developers
Gated, PR-driven changes to
production
⇒
< 30 minute total disaster recovery
Dozens of changes per day
with a very small team
Incredibly fast
regression response
Permissive approach
to production access
Excellent developer experience
Stress-free on-call*
*“stress-reduced”

27. Confidential do not distribute
Case Study: Large Financial Customer
● Using Kubernetes as a firm-wide application platform.
● Deployed on multiple clouds and on-premise
● Weaveworks providing long-term expertise and
technology to build and operate it.
● Multiple different business units and security needs.
“GitOps workflows are now en vogue. Kubernetes-based
container platforms.. perform version-controlled, automated
releases of both applications and software-defined
infrastructure”
“Rolling out an update to an existing process when you
have a complex workflow and many security gates is very
difficult, so packaging an application's context as part of an
[automated] platform is of immense value to us."
27
Key Takeaways
● GitOps driving scalability,
repeatability and security
● Weaveworks knowledge of
complex enterprise requirements

28. Confidential do not distribute
Case Study: Large Retail Customer
● Large scale replatforming effort
● Migrate from wide variety of different systems,
including Mesos, Kops, EKS into a common platform
● Wanted to Enable tenants rather than create service
tickets for operations
● Heavily focused on AWS as a target platform
● Needed to provision AWs resources dynamically for
tenants without giving the tenants permissions
● Create a PaaS-Quality User Experience
28
Key Takeaways
● Significant simplification of deployment
pipeline (reduction of code > 50% )
● User experience focus pays dividends
● Modular platform allows continuous
improvement and adaptation

29. Embodying GitOps and SRE practices
29

30. WKP Experience
Workload Workload Workload Workload
Container
Control
Release
Management
Visualisation
Monitoring &
Metrics
Alerting
Cluster
audits
Deployment
Policy
Dashboards
Kubernetes
Cluster
configuration
Fleet
management
Cluster
components
Logging and
Tracing
Networking Storage
Infrastructure
Automation
Security
• Continuous Delivery, observability
and monitoring
• Consistent developer workflows
across multiple deployments
• Team workspaces for
multi-tenanted usage
• Extend Kubernetes to managed
platform using GitOps model
• An Open Source Kubernetes
platform for on-premise
deployment
• Additive to manage Kubernetes
(e.g. EKS, AKS or GKE)
• Upgrades to new versions
• Extensible controls to
implement security and policy
controls
Developer
Experience
Operator
Experience

31. Confidential do not distribute
Weave Kubernetes Platform
Workload Workload Workload Workload
Container Control
Release
Management
Visualisation
Monitoring &
Metrics
Alerting
Cluster audits
Deployment Policy Dashboards
Kubernetes
● Add-ons are curated optional
capabilities
● Prometheus monitoring,
logging, Helm and others
● Customer created add-ons
make the platform flexible
● Upstream Kubernetes tested
and with secure defaults
● GitOps configuration
management
● Models for multi-cluster
management
● Same installation experience
on all platforms
● Pre-scripting for platform
automation (e.g. Terraform)
● Host aware operations (e.g.
draining and upgrading)
Infrastructure
Core
Platform
Cluster
Components
Cluster
configuration
Fleet management
Cluster
components
Cluster
observability
Networking Storage
Infrastructure
Automation
Security
31

32. Confidential do not distribute
Weave Kubernetes Platform
Workload Workload Workload Workload
Container Control
Release
Management
Visualisation
Monitoring &
Metrics
Alerting
Cluster audits
Deployment Policy Dashboards
● Add-ons are curated optional
capabilities
● Prometheus monitoring,
logging, Helm and others
● Customer created add-ons
make the platform flexible
● Upstream Kubernetes tested
and with secure defaults
● GitOps configuration
management
● Models for multi-cluster
management
● Multi-backend
● Compatible with any certified
version of Kubernetes
● Red Hat OpenShift, VMWare
Tanzu, Google Anthos, AWS
EKS
Infrastructure
Core
Platform
Cluster
Components
Cluster
configuration
Fleet management
Cluster
components
Cluster
Observability
32

33. 33
Questions?

34. 34
Next Steps
Contact Brice
brice@weave.works
@fractallambda
Contact Sebastian
sebastian@weave.works
@freedomtocode
Our services
weave.works/services
sales@weave.works
Our products
weave.works
sales@weave.works
Sign up for a Weave Kubernetes Platform demo:
http://www.weave.works/wkp
How GitOps Boosts Business Performance: The Facts
https://go.weave.works/DORA_GitOps_WP.html
The Art of Modern Ops (podcast):
https://www.weave.works/podcast-the-art-of-modern-ops/