OPENING KEYNOTE: The Cloud Native Computing Foundation (CNCF) is an open source software foundation dedicated to making cloud native computing universal and sustainable. With over 300 members including the world’s largest public cloud and enterprise software companies, Alexis Richardson, CEO of Weaveworks and chair of the CNCF Technical Oversight Committee will walk you through some success stories, and why cloud native is the way forward. You’ll learn why Kubernetes and other CNCF projects have some of the fastest adoption rates in the history of open source, and how this is only the beginning. Alexis will then show how you can increase speed and reliability in your development workflows even further by using the GitOps model, which has been developed at Weaveworks. You’ll learn about the core concepts of GitOps, including customer success stories, and how you can benefit from using this model.

1. Cloud Native Transformation
Alexis Richardson
CEO, Weaveworks
TOC Chair, CNCF
@monadic
alexis@weave.works
Dec 2018

2. Hallo

3. Hallo
● Weaveworks is a vendor
● I’m cofounder and CEO
● I’m also TOC chair at CNCF

4. Agenda
What is CNCF
Why does cloud native matter
Cloud led us to Devops – cloud native leads us to Gitops
http://cncf.io
https://www.weave.works/blog/what-is-gitops-really
4

5. About Weaveworks
● Founded in 2014, backed by Google Ventures &
Accel Partners
● Mission: help software teams go faster by
providing technologies that support cloud native
development

6. ● 40 people
● Berlin
● London
● San Francisco
Team

7. Team
In addition to weaveworks open source some of us are known for...

8. New ways of working
cloud led us to devops
cloud native leads us to gitops
automation for cloud native
or “operations by pull request”

9. Cloud Native

10. Cloud Native

11. CNCF is the home of
Kubernetes

14. 14

16. If we want to introduce digital solutions into the business environment
then we need to stop writing infrastructure and focus on applications
We need
● A common cloud platform & toolkit for the next generation of applications
● Makes it much easier to run and scale apps in the cloud – or anywhere!
● Accelerate adoption of modern architectures for the interesting new opportunities
in analysis, machine learning, drones, cars, IoT, medicine, communications …
Why this matters

17. Lego is an amazing system

18. Lego is an amazing system of components

19. Home of Lego

23. CNCF in 2016

24. CNCF in 2018

25. CNCF is building a cloud platform
● Goal of a Cloud Platform for era of ubiquitous services
 a bigger deal than the Web
 open like Linux
 everyone is on board this time
● Business Peeps TLDR Cloud Native is Cloud
● Outcome: Innovation and new Business Models for make profit

26. Velocity

27. Hadoop
Typical Hadoop Project 2013

28. 2018: Kubeflow

29. Componentisation

30. Componentisation

31. No platform?
Who
wants to
build a
toaster?

32. Platforms enable Velocity
● Higher speed
● Lower barriers to entry
● Explosion of higher order systems

33. Velocity is a key metric in Continuous Delivery
High-performing teams deploy
more frequently and have
much faster lead times
They make changes with fewer
failures, and recover faster
from failures
200x more frequent
deployments
2,555x shorter lead
times
3x lower
change failure rate
24x faster
recovery from failures
200x
2,555x 3x
24x
Source: 2016 State of DevOps Report (Puppet Labs)

34. Make me a Velocity
Developers write code
that powers Applications
and integrates Services
deployed to a Cloud Platform that is easy, stable & operable
using best practices for Continuous Delivery at high velocity

35. New Cloud Platform
“Just run my code”
Kubernetes
Infra - Cloud & DCs & Edge
Other CNCF
Projects
Local Services &
Data
Code >>
Containers >>

36. 1000s of ways to “Just Run My Code”
● Serverless: Openfaas, Kubeless, OpenEvents, AWS Lambda….
● PaaS (Openshift, Cloud Foundry..), MBaaS, KMaaS, ..
● Kubeflow, Istio, Pachyderm and other k8s native app f/works
● Declarative app def eg compose, ksonnet, ballerina
● Native general frameworks: metaparticle
● Ports: Laravel (PHP!) and other app frameworks to Kube
● Tools: Cert-manager, ChaosIQ, ..
● Explosion of higher order systems is caused by platform

37. Getting to a Cloud Platform
2017 2018-20 2020+
Core Platform
- Kubernetes & containers
Observability / Operability
- monitoring (prom.)
- logging (fluentd)
- tracing (jaeger, OT)
Routing
- mesh (envoy, linkerd)
- messaging (nats)
Security:
Spiffe, OPA, SAFE
Storage:
- orchestration
- CSI
- other
Interfaces:
- OpenMetrics
- OpenEvents
Developer On Ramp:
CICD, Helm packaging, &c
Marketplace of Services
and other Add-ons
“Just run my code” user
experiences for 1000s of
different use cases
>> Towards Ubiquity

38. Cloud native – just run my code

39. Practice
Tribes gotta tribe

40. New ways of working
cloud led us to devops
cloud native leads to gitops
“push code not containers”
“operations by pull request”

41. Summary
● Cloud Platform powered by CNCF tools, Kubernetes at the core
● Multi Cloud support: Amazon, Azure, OSS
● Explosion of higher order tools and services
● GitOps is best practice

42. “The world is envisioned
as a repo and not as a
kubernetes installation"
- Kelsey Hightower
Kubernetes ❤️ GitOps

43. What is GitOps
● K8S is GR8 but how do I operate apps and services using it
● GitOps is an Operating Model for Kubernetes
● Best practices for the whole stack
To me, [GitOps is] the holy grail of software and infrastructure
management. I make this change, I push it, and off it goes
Chris Short, THENEWSTACK, May 2018

44. Image credit:
Helen Beal,
Ranger4
At least a decade of DevOps best practices

45. Meet Qordoba
● Mid size SF co use machine learning
to create ”localized” marketing UX for
big brands
● Rapid iteration is essential
● SOC2 compliance
● Using Jenkins & Cloud
● Adopted GitOps

46. Start using GitOps
All Four Teams using
GitOps
Trend before GitOps
Customer
Features
Bugs +
Customer
Features

47. Over 30 releases per day per team, up from 1-2 per week across all teams
1) Estimated time needed to fix prod software bugs ~60% less time
2) Estimated time to respond to customer requests ~43% less time
3) Uptime 99%  100% (so far…!)
Impact

48. Who is talking about or doing GitOps?
Weaveworks
Chick-fil-A
Intuit
Cloudbees
Bitnami
OpenFaaS
Hasura
Ocado
Financial Times
Datree & more…

49. GitOps is Automation
for Cloud Native
We can only automate
and control what we
can describe and
observe

50. • Config is code
• Code must be version controlled
• Config must be version controlled too
GitOps follows the Logic of DevOps

51. GitOps follows the Logic of DevOps
• Config is code
• Code must be version controlled
• Config must be version controlled too
• What can be described can be automated
• Describe everything: code, config,
monitoring & policy; and then keep it in
version control

52. GitOps
• Git as a source of truth for desired state of whole system yes really
the whole system
• Control loop compares desired with actual state to pull changes,
enforce convergent atomic updates and writeback to log in Git
• Diff alerts, eg.:

53. What this gets us
• Any developer can use GitHub
• Anyone can join team and ship a new
app or make changes easily
• All changes can be triggered, stored,
audited and validated in Git
And we didn’t have to do anything very
new or clever ☺

54. Kubernetes lets you describe systems
This is YAML
Think of it as
a protocol for
specifying
infrastructure

55. We want everything to be described
Customer Cloud Native Applications
Kubernetes +
Extensions
Google – Amazon – Microsoft – On Premise
Core CNCF
Add-Ons &
Services
Customer
Add-Ons &
Services

56. We want everything to be observed

57. • We use declarative infrastructure ie.
Kubernetes, Docker, Terraform, … and we
“diff all the things”
• Our entire system including code, config,
monitoring rules, dashboards, is described
in GitHub with full audit trail
• We roll out major or minor changes as pull
requests for any updates, outages and D/R
GitOps at Weaveworks

58. 58
Canonical
source of truth
Clear model with strong separations of concerns
(safety)
Easy rollbacks and reverts (velocity)
Tapping into existing code review tools and
processes
Great compliance tool
Collaboration point between software and
humans

59. Dashboards
Alerts
Playbook
Kubernetes Manifests
Application configuration
Provisioning scripts
59
Application checklists
Recording Rules
Sealed Secrets

60. CI ops

61. There should be a firewall between CI and CD
CI CD

62. CI Image
Registry
Code Repo
Typical CICD pipeline
ClusterDev RW
RW RWRW
RO RW RO

63. CICode Repo
Kubernetes API
GitOps CICD pipeline
Dev RO
RO
CD OperatorRO
RW
RW
RW
RW Image
Registry
Config Repo

64. GitOps separation of concerns
CI tooling
Scope: test, build, publish artifacts
● Runs outside the production cluster
● Read access to code repo
● Read/Write access to image repo
● Read/Write access to integration env
● “Push” based
CD tooling
Scope: reconciliation between git and the cluster
● Runs inside the production cluster
● Read/Write access to config repo
● Read access to image repo
● Read/Write access to production cluster
● “Pull” based

65. Security
● The CI tooling can be push based but has no production system access
● The CD tooling is pull based and retains the production credentials inside
the cluster
● Developers can’t push directly to image registry
● Cluster API & credentials are never exposed/cross boundary
● Encrypted API keys and data storage credentials can be stored in Git and
decrypted at deploy time inside the cluster

66. Summary
Deployment
(clusters, apps)
Monitoring
Tracing
Logging
(Observability)
Management
(operations)
Git
Build / CI Servers
GIT
Test / CI Servers
IDE
Unifies Continuous Deployment,
Monitoring and Management.
Git as the single source of truth of a system’s
desired state
GitOps Diffs compare desired state with
observed state
ALL intended operations are committed by
pull request, for all environments & for any CI
ALL diffs between GIT and observed state
lead to (auto) convergence using tools like
K8s
ALL changes are observable, verifiable and
audited indisputably, with rollback & D/R
‘immutability firewall’
Kubernetes
GitOps
Continuous
Integration
https://www.weave.works/blog/what-is-gitops-really

67. Thank you!
Alexis Richardson
alexis@weave.works
@monadic
facebook.com/WeaveworksInc/
twitter.com/weaveworks
slack.weave.works/
youtube.com/c/WeaveWorksInc
linkedin.com/company/weaveworks
@weaveworks
https://weave.works