Cloud Native Computing Foundation / GitOpsCon North America 2021

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

A Day in the Life of the GitOps Platform Team - Mae Large & Priyanka Ravi, State Farm

Mae Large and Pinky Ravi have been a part of the GitOps team at State Farm since its inception in February 2019. GitOps at State Farm is adopted in all our strategic cloud platforms - AWS, Multi-tenant Kubernetes (on-prem), and Cloud Foundry (on-prem). This talk will walkthrough how we scaled GitOps in our large organization. The GitOps team is 5-person team. We have successfully rolled out GitOps, supported our customers, and continue to advance the offering towards observability and resiliency of the applications or products using GitOps. We will give an insight on how our typical day is like and also highlight the different bumps and challenges (including outages) we’ve faced and how these all became opportunities for us to continuously improve.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

A Multi-Cluster, Multi-Cloud Infrastructure with GitOps at CERN - Ricardo Rocha, CERN

CERN relies on a large distributed infrastructure to store and analyze the multiple petabytes of data coming out of its experiments every year. In the last few years two important trends have been changing the way we manage our infrastructure: kubernetes and cloud native technologies on the deployment side, and public clouds as a potentially cost effective way to get additional capacity to cover for workloads spikes and accessing resources that are scarce on premises, such as GPUs and other accelerators. This has made efficient management of multiple clusters even more relevant. This talk will describe how we've been evolving our deployments to rely on GitOps and tools like Flux and ArgoCD to centralize and standardize our highly distributed infrastructure. It will cover the three main layers of our deployments: the "underlay" infrastructure, and how with a bit of yaml and tools like crossplane we manage our on-premises clusters and those across multiple regions of the different public cloud providers; the "base services", including monitoring and central aggregation with Prometheus, OPA policies, cost calculation, etc; and finally our end user services. A quick demo will show how clusters can be added and removed with a couple lines in a matter of minutes.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Are Your Declarative Configurations Human Friendly? Closer Look at Code Reviews with GitOps - Ryota Sawada, UPSIDER

The great values of GitOps such as commit history for change audit and code reviews / approvals are underpinned by declarative configurations. Both Argo CD and Flux support not just simple Kubernetes YAML definitions, but also Helm Charts and Kustomize. They allow templating and some basic computation for generating manifests, but how declarative are they "to humans"? Any changes to a Git repository can have a significant impact on GitOps platform setup, and code reviews play a significant role for ensuring correctness. Even if changes are carefully made and reviewed, you can still end up with unwanted changes when templates such as Helm and/or Kustomize are used. They are great at managing large and complex configurations, but can be confusing or unclear to humans. This talk takes a closer look at the common pitfalls of using Helm and Kustomize with GitOps, how to tackle them using additional tools, and a potential alternative approach using a new tool called "Importer".

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Building Flux's Multi-Tenant API with K8s User Impersonation - Leigh Capili, VMware

Kubernetes is hard to operate in a multi-tenant manner. As organizations add API's and privileged controllers to their clusters, it becomes infeasible to build clusters that teams can share with each other safely. This is a design issue with the way projects extend Kubernetes. While policy engines like Gatekeeper and Kyverno enable cluster owners to patch over insecure API surfaces to protect tenants, there are patterns that produce API's resistant to cross-tenant issues. It's possible to extend Kubernetes without relying on admission-based policy engines to restrict API boundaries and controller implementations. This session will teach you how to enable multiple organizations and teams to work safely together across namespaces and clusters. Flux will be used as an example on how to use RBAC, impersonation and kubeConfig secrets, but the techniques shown can be used to improve projects across the ecosystem!

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

GitOps Cloud Resource Management - Brett Weaver, Intuit

In this talk, you will learn about how Intuit is extending the support for GitOps to manage Cloud Resources. You will learn about Argo CloudOps, the open source project we developed to integrate Terraform and CDK using Argo Workflows to provide GitOps automation to manage our cloud resources. We discuss how this has provided greater security, automation and allowed us to extend Git as the source of truth for our cloud resource configuration.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

GitOps Use Cases & Best Practices Comedy Game Show - Tamao Nakahara & Sebastian Bernheim, Weaveworks; Chris Short, Red Hat; Javeria Khan, Snowflake & Christian Hernandez, Red Hat

Everyone wants to hear real-world use cases and best practices from GitOps practitioners and experts! But another same-old same-old panel? Not this time! Come join Tamao Nakahara’s GitOps Game Show - a game-show style session where the audience will hear real-world situations, guess at solutions, and then hear several experts go into depth with their actual solutions. Experts will include Javeria Khan and other guests. The session will be sprinkled with fun nerdy zingers and one-liners from our friends, Chris Short and Sebastian Bernheim! Test your knowledge and skills: * Hear about real-world GitOps needs and constraints * Guess at possible solutions! * Hear from the experts about their actual use cases, the paths they chose, what tools they used, what worked, and what pitfalls to avoid * Try to one-up our nerdy jokes! The session will be fast-paced, educational with concrete data, and fun!

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

GitOps and the CD Pipeline - Friend or Foe? - Tracy Ragan, DeployHub Inc.

While GitOps is solving some big problems for continuous deployments, does the operations by pull request model fit into a continuous delivery pipeline? In this session we will explore the ‘front end’ of GitOps and how the CD pipeline will need to shift to embrace a GitOps approach, particularly around independently deployed microservices. The question to answer is how will the CD Pipeline automate the GitOps steps that are currently done by a human, such as updating .yaml files, submitting pull requests and approving commits. With potentially thousands of .yaml files, automation of these steps will be critical.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

GitOps in the Real World: Opportunities for Developer Experience Improvement - Christopher Lane & Alex Crane, Chick-fil-A

GitOps is a pattern for managing the state of Kubernetes clusters using git as the source of truth. The entire state of the cluster is declared in manifests stored in git repositories and any changes to the manifests follow well-known git processes. Once the manifests are version controlled in git, then there's a number of state reconcilers (Flux, ArgoCD and the like) that can automatically apply changes from the repository. However, this leaves a significant gap in the process: How do we build and get the manifests *into the git repositories* in the first place? This talk will walk through Chick-fil-A's experiences with GitOps to manage the state of our production clusters at scale and offer what we see as opportunities to improve the frontend of the process.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Gitopsify Cellular Architecture - Ayush Ghosh & Sergey Sergeev, Cisco Systems, Inc.

Building and managing data-intensive microservices applications have their challenges. Cellular architecture & Gitops together help create an independently deployable, manageable, and observable solution. We moved from running multiple expensive non-prod inconsistent environments to testing in production. Weave Flux, Istio, and Crossplane helped us build multi-cloud, multi-cluster declarative environments in minutes. With the new deployment model and custom tooling, devs can get a miniaturized version of the SaaS running on their laptops. The devs can pick and choose which components and versions they want to run locally. The CI/CD metrics have improved dramatically as the integration & E2E tests run against real apps and not mocks. The system spins up real cloud-native solutions for production deployments and falls back to containerized workloads for non-production. Adding support for new regions has come down to days of work from months.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: Creating the Enterprise App Store - Alexis Richardson, Weaveworks

Enterprises have missed the “app store moment” largely because each organization has been running their own infrastructure for the past decades. With the adoption of Containers which provides the next level of abstraction to encapsulate applications, we are closer to the app store ideal, but it's really Kubernetes that adds the security and management that will finally turn enterprise software into an asset. Companies want to use the same core platform everywhere so they can focus on "the same skillset, the same tools, the same way of thinking, but not the same data centers." GitOps delivers certain standardization for that core platform – so the most important asset, people, can now focus on the delivery of applications.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: Declaring Complexity - Emily Freeman, Amazon

Broadly speaking, GitOps is a way of declaring the desired state of a system. But more than that, it's a way of capturing complexity in a way that the human brain can conceptualize. This talk focuses on the importance of tech developing ways of obfuscating convolution while not exaggerating simplicity.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: Pipeline as Code Empowering Cloud-Native CI/CD on Kubernetes Using Open Source Tools - Christian Hernandez, Red Hat

The pipeline-as-code approach allows git workflows to automate the deployment of CI/CD pipelines, turning code into features faster and at a more secure pace for business. This approach means developers continue to focus on developing and contributing code as they always have, through git repositories, and helps traditional operations teams evolve into their desired SRE or DevOps engineer roles they’ve aspired to become. Kubernetes has provided a platform to integrate all of these tasks and desired tools along the way.

We’ll demonstrate how to fully integrate git repositories, pipelines, and CD frameworks on top of OpenShift to deliver a complete, declarative, pipeline as code and GitOps framework in a cloud-native environment.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Managing Apps Dependencies and Kubernetes Versions with Kraan and Flux - Adrian Vacaru, Fidelity Investments

The Fidelity platform team supports internal users on different Kubernetes versions and gives cluster admins from different business units permissions across EKS, AKS, and on-prem (with Rancher). Their OSS Kraan project helps create this seamless experience in a highly regulated industry by using Kubernetes and CNCF Flux. This talk covers Fidelity’s enterprise use case and how users can use Kraan to provide modular and reusable components across different Kubernetes clusters. Platform teams can spin up K8s clusters and install application “layers” using Kraan. Eg. an “IoT layer” comes with Prometheus, Grafana and InfluxDB for storing data from IoT sensors. Cluster admins don’t have to deal with complex deployment/upgrade logic because the kraan-controller, helm-controller and source-controller take care of that. Kraan also has a versioned layer dependency system that simplifies dependency management between addons. Add-ons can be certified and mapped to different Kubernetes versions. Other possible Titles: - GitOps in a Highly Regulated Industry - How To Solve Complex Apps Dependencies on Kubernetes - Kraan - The systemd for Kubernetes - How To Make GitOps Work for You - Layering Addons on Top of Kubernetes

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Secure Your GitOps - How to Implement a Robust Security Strategy - Todd Ekenstam, Intuit

Access control and security are especially crucial for managing the deployment of applications and infrastructure. Traditional security processes that rely on human operational knowledge will struggle to scale and meet the needs of enterprises utilizing automated build and release infrastructure. The GitOps methodology can improve the integrity and security of your application deployments while at the same time exposing new attack vectors that must be secured.

This talk will cover the following topics:
- Improving security with GitOps
- Implementing access control in GitOps
- Multi-tenant cluster and namespace management for GitOps
- Configuring access limitations for critical GitOps components
- Common security model patterns and best practices

This talk will teach you how to securely implement a GitOps methodology to deploy applications and cluster components to Kubernetes. You will also learn strategies to securely manage multi-tenant clusters and common security model patterns and best practices.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Securing GitOps - Andrew Block & Shoubhik Bose, Red Hat

Implementing a GitOps based strategy brings a wealth of benefits including automation and conformance, each of which increases the overall security posture of any software and infrastructure delivery lifecycle. But, how do you ensure that you have fully taken advantage of all of the available options to provide the most secure GitOps environment? In this session, attendees will learn the role security plays in a GitOps environment and the areas that can be configured to properly enforce appropriate security controls common to organizations big and small including:

* Git repositories
* Static code analysis of manifests
* Ensuring appropriate rights in a Kubernetes environment
* Taking advantage of GitOps tools configurations
* Operating in a multitenant environment

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Tales from the Branches: GitOps in the Real World - Moderated by Dan Garfield, Codefresh; Cornelia Davis, Amazon; Christopher Lane, Chick-fil-A; Mae Large, State Farm; Mike Bowen, Blackrock & David Lewis, Starbucks

Join a panel of GitOps end users from major companies in different industries – Blackrock, Chick-fil-a, Lyft, Starbucks, State Farm – as they tell stories from their GitOps journey. Attendees will hear about problems they sought to solve, challenges faced along the way, and how GitOps strategies and tools were used to make it work.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Using GitOps for Kubernetes Reliability at Scale - Uma Mukkara, ChaosNative

GitOps is typically seen as a practice to get your things in order for infrastructure changes and infrastructure configuration management. However, there is another interesting use case for GitOps where it is used to chaos test the large scale deployments when changes happen to the application. Complete reliability as such is a complex subject and it requires carefully designed chaos engineering practices and SRE focus. In large scale systems where Chaos Engineering is scaled up, the chaos scenarios also become big enough to be maintained and applied. One solution is to maintain them and apply them through GitOps. In this lightning talk, I discuss a case study of how GitOps is used in a large customer environment to automate Chaos Engineering using LitmusChaos and FluxCD. The challenge of managing chaos experiments is presented when there are multiple team members and teams are involved. Then I discuss the schematic representation of how GitOps was structured between the application change and chaos experiments. Finally I discuss and summarise the GitOps best practices used to overcome these challenges.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Welcome & State of GitOps - Dan Garfield, Codefresh & Scott Rigby, Weaveworks