►
From YouTube: End-To-End GitOps - S. Alipio & V. Farcic, Upbound
Description
You are likely already using GitOps for your applications, but not for everything else. You are likely not using Argo CD, Flux, Rancher Fleet, or similar tools to manage the state of your infrastructure and services.
Website: https://www.upbound.io/
Organized by @Microsoft @kubermatic7173 @SysEleven
Thanks to our sponsors @CapgeminiGlobal, @gardenio, @sysdig, @SUSE, @anynines, @redhat, nginx, serve-u
A
So,
let's
talk
about
githubs
and
how
we
can
extend
git
tops
to
everything
right
assemble.
They
explained
that
in
a
second
very
quickly.
This
is
how
it
looks
like
after
I
visit,
one
of
the
customers,
I've
worked
for
upbound
with
a
I,
have
a
Twitter
books,
Foundation
stuff,
like
that
not
important.
What
is
important
is
Sam.
There
you
go
see
how
I.
B
Yeah
I
use
this
one.
There
we
go
hi,
I'm,
Sam
and
I.
Only
have
one
thing
about
me,
which
is
I'm
a
product
manager
at
upbound
nice
to
meet
you
so
get
UPS.
Applying
get
UPS
to
everything.
I
wanted
to
start
out
with
an
awkward
exercise
in
an
audience
engagement.
Can
you
raise
your
hand
if
you're
using
get
Ops
today.
B
It's
a
it's
a
pretty
sizable,
pretty
sizable
number
of
people,
so
in
git,
Ops,
you're,
storing
your
desired
state
in
git
and
then
there's
going
to
be
some
kind
of
process.
That's
converging
your
actual
State
into
your
desired
state
and
if
you're,
one
of
the
people,
that's
maybe
not
familiar
with
githubs.
These
four
principles
are
pretty
important.
It's
declarative,
versioned
pulled
automatically
and
continuously
reconciled,
and
most
of
the
get
UPS
tooling
out
there
today
is
based
on
kubernetes
operators
and
there's
a
reason
for
that.
B
Kubernetes
allows
us
to
access
its
extensible
API,
and
it
also
has
drift
detection
and
Reconciliation,
which
means
these
tools
don't
have
to
reinvent
the
wheel.
They
can
rely
on
those
capabilities
that
are
already
there.
So
the
question
with
Git
Ops
is:
why
is
it
so
commonly
applied
only
to
Applications?
B
So
if
the
promise
of
git
Ops
is
you
can
converge
your
desired
and
actual
states?
You
have
a
problem
because
kubernetes
resources
are
not
necessarily
going
to
represent
your
actual
estate.
It's
a
fraction
of
the
actual
State
meaning
those
tools
they're
using
that
rely
on
kubernetes
operators
are
only
getting
you
part
of
the
way
there.
B
So,
in
other
words,
sometimes
kubernetes
is
the
destination,
and
sometimes
it's
an
intermediary
between
your
desired
State
and
your
actual
state.
So
the
actual
State
could
be
in
kubernetes.
It
could
be
I,
don't
know
in
Lambda
in
Google,
Cloud
run
it's
your
databases,
your
servers
and
so
on.
So
if
we
know
that
our
actual
state
is
coming
from
many
places
and
we're
keeping
everything
in
git,
why
is
it
that
we
see
git
Ops
commonly
applied
only
to
Applications?
B
A
Yeah,
so
the
idea
behind
cross-plane.
Actually
there
are
quite
a
few
ideas
behind
Crosman.
But
what
is
what
matters
now
here
for
this
conversation
related
with
githubs.
A
So
what
we're
trying
to
do
is
to
bring
the
definitions
of
all
those
resources
into
kubernetes
so
that
you
can
benefit
from
whatever
the
whatever
the
reasons
why
you
are
using
kubernetes
in
the
first
place,
right,
API
detection,
reconciliation
and
so
on
and
so
forth.
Right
and
on
top
of
that
and
I
will
show
that
in
a
demo
in
in
a
few
minutes,
Bishop
something
called
compositions,
which
is
a
way
for
you
as
an
operator
or
SRE
or
devops
or
whatever.
Those
roles
are
called
today
to
Define.
A
B
Here's
my
commercial
message:
what
upbound
is
doing
is
we
are
offering
companies
a
product
that
allows
you
to
use
control
planes
at
scale
in
order
to
manage
and
build
your
entire
Cloud
platform,
and
now
we
will
move
on
to
the
demo.
Yes,.
A
Let's
say
that
I
want
to
do
a
couple
of
things:
let's
set
a
Taiwan
and
all
with
GitHub
said
we'll
be
using
flux
today,
but
whatever
I'm,
showing
with
flux
equally
applies
to
Argo
CD
or
branch
of
Fleet
I,
don't
know
if
there
is
a
fourth
option
today,
anyways
the
logic
is
the
same,
no
matter
at
all,
so
what
I
will
try
to
do
is
create
a
cluster
in
which
I
can
do
stuff
deploy,
applications,
what
to
know
and
whatso
not
and
I'm,
going
to
afterwards
create
an
application
in
development
environment
together
with
the
database
and
then
that
same
application
in
production,
together
with
the
database.
A
That
will
assume
that
I
will
have
enough
time
for
all
that,
and
we
are
going
to
do
that
without
I'm,
going
to
do
that
without
touching
kubernetes
at
all,
I
mean
I
will
be
touching
kubernetes,
but
only
to
show
you
what's
going
on,
not
as
a
way
to
operate
anything
right.
A
So,
let's
start
with
the
cluster
right.
Do
you
see
this?
Is
this
big
enough
yeah,
Okay
cool?
So
let's
say
that
you
have
this
definition:
production
yaml
right
now.
This
definition
is
a
kubernetes
definition.
They
Define
something
called
the
cluster
claim.
Now
cluster
claim
does
not
exist.
It
does
not
come
out
of
the
box
in
Cross
plane.
It
was
created
by
me
right.
It
was
created
by
me
so
that
the
rest
of
the
people
in
my
company
can
create
and
manage
kubernetes
clusters
in
different
providers.
A
Without
Really
Trying
to
figure
out
all
the
madness
about
subnets,
vpcs,
internet
gateways
and
things
that
matter
to
some
and
don't
matter
to
the
majority
right
I'm,
not
sure
how
I
created
that
that
definition
that
custom
resource
definition
later
for
now.
A
What
matters
is
that
from
the
user
perspective
as
a
developer,
if
I
would
like
to
create
a
manager,
cluster
I
need
to
select
to
type
some
labels
that
will
Define
what
type
of
a
cluster
I
want
in
this
case,
AWS
in
AWS,
and
it
will
be
eks
and
to
define
a
few
variables
or
parameters
or
whatever
schema
is
something
that
I
Define.
It
can
be
anything
right
and
in
this
case
I'm
saying
Hey
I
want
small
small
servers
in
that
cluster.
A
I
have
no
idea
what
small
means
small
is
whatever
whatever
it
is:
small
in
AWS,
that's
a
job
with
somebody
else
and
I
want
to
start
with
the
three
three
nodes
and
finally,
to
be
able
to
connect
to
that
cluster
I
want
to
create
a
secret
with
cubeconfig.
Then
the
secret
will
be
called
in
this
case
production
cluster.
A
Now
what
I
was
what
I'm
supposed
to
do
now
is
to
Commit
This
to
push
this
to
a
git
repository
and
then
flux
we'll
take
it
over
from
there.
Synchronize
it
with
my
management
cluster
and
from
their
own
cross
plane
would
create
all
the
resources
in
AWS,
and
not
only
that,
but
also
it's
supposed
to
be
production
ready
cluster.
So
it
will
also
install
everything,
make
make
a
cluster
production
ready
whatever
that
means,
and
that
depends
on
your
organization
now.
I
will
not
do
that.
A
A
So
trust
me
that
what
I
did
last
night
was
take
this
definition
and
push
it
to
git
Repository
now,
as
a
result
of
that,
I
got
something
like
this
running
in
my
cluster,
and
this
is
not
from
the
from
the
user
perspective
from
developer
perspective.
A
Come
on
there
we
go,
it
says
Hey,
something
called
the
cluster
clay,
or
here
there
is
one
cluster
claim
we're
going
to
call
production.
This
is
the
name
of
the
cluster
control.
Plane
is
active,
node
the
node
pool
is
active.
It
is
fully
ready.
Now
again,
the
output
is
something
you
define.
You
define
what
will
be
the
output
of
of
that
that
controller
that
resource
right.
A
Now,
if
you
are,
if
you're
an
Ops
person
in
the
bottom
window,
then
you
can
see
actually
what
happened
when
I
created
cluster
claim
that
this
will
take
a
while,
because
there
is
an
issue
with
cattle
that
we
are
solving
right
now.
Actually,
it's
already
I
think
there
is
a
pull
request
because
it
needs
to
query
like
thousand
different
resources
in
that's
how
many
resources
there
are
in
AWS
but
anyways
it's
here,
and
you
can
see
that
this
cluster
claim
created
a
bunch
of
roles.
It
created
some
policy
attachments.
A
It
installed
certain
resources
in
kubernetes
cluster.
It
installed
some
Helm
charts.
It
created
a
node
group
cluster
VPC
route
table
a
few
subnets
Security
Group,
internet
and
internet
gateway
right.
So
this
is
you
as
an
operator
designing
what
that
resource
will
become
when
somebody
applies
it
in
a
cluster
right
and
all
that,
in
this
case,
being
fueled
and
being
synchronized
with
with
flux
and
the
way
how
I
did
that
I
was
so
very
quickly.
I
don't
want
to
troll
too
much.
A
This
is
my
Repository
okay
and
the
way
how
I
defined
all
that
is
in
this
directory
packages.
If
I
look
at
kubernetes,
there
are
two
types
of
definitions:
I
must
create
or
resources.
A
One
is
a
composite
resource
definition
that
basically
essentially
defines
schema
and-
and
we
enter
this
scheme-
I'm
saying-
hey,
use
this
schema
to
create
a
new
resource
that
everybody
else
can
use
and
that
that
resource
will
be
converted
into
something
else,
whatever
that
something
else
is,
and
that's
something
else
you
can
see
here
that
I
have
implementation
of
that
schema
for
AKs,
for
Siva,
for
digitalocean,
for
eks
and
for
GK,
in
this
case
right
different
implementations
of
the
same
schema
of
the
same
custom,
resource
definition
and
if
I
go
to
not
not
that
one
if
I
go
to
eks
because
I'm
using
it
here
is
all
the
madness
that
you
need
to
Define
like
eks
cluster
is
defined
here
and
the
node
group
is
defined
here
and
there
are
some
Transformations
whenever
we
say
small,
that's
T2,
something
something
is
so
on
and
so
forth
right.
A
This
is
a
huge
deal.
This
is
this
is
basically
all
the
stuff
that
theoretically
I
would
need
to
Define
myself
to
run
successfully
kubernetes
clustering
production,
but
me
as
an
operator
or
SRE
is
packaging
all
that
into
a
new
resource.
That
is
relatively
easy
to
use.
Right
now,
where
are
we
yes?
Now,
let's
say
that
I
want
to
Define
an
application
and
that
application
should
be,
let's
say,
back-end
application.
It
should
have
a
database
right
and
depending
on
where
that
database
is
running,
it
could
be
maybe
database
in
a
cluster.
A
Let's
say:
postgres
inside
of
a
cluster
for
development,
environment,
and
let's
say:
if
it's
production,
then
it
would
be
RDS
in
AWS
I
mean
it
can
be
anything
you
want.
You
are
defining
what
something
is
so
what
I'm
going
to
do
is
this
time
I.
This
is
not
what
I
did
last
night.
This
time
is
happening
for
real
I'm,
creating
a
directory,
devops
and
I'm
going
to
copy
and
paste
this
definition
and
then
I'm
going
to
explain
what's
happening
here.
A
We
go
right
so
I'm
having
again
two
different
resources:
I
want
to
simplify
lives
of
everybody,
no
matter
the
level
of
expertise
and
I'm
here,
defining
application
claim
and
saying
Hey
whenever
you
want
to
deploy
an
application
in
this
case
to
manage
application
kubernetes,
you
do
not
need
to
worry
about
deployments
in
state
facets
and
services
and
virtual
services
and
all
the
building
blocks,
because
kubernetes
realistically
does
not
have
a
concept
of
an
application.
It
has
a
concept
of
a
bunch
of
building
blocks,
so
instead
you
can
just
Define
up
claim.
A
Whatever
the
name
is
with
labels,
we
are
going
to
say
that
I
want
to
have
a
backend
type
of
application
connected
to
the
database.
There
are
other
types
of
applications
in
this
case
case
and
I
wanted
to
run
locally
in
the
same
cluster,
and
there
are
a
couple
of
parameters
that
I
can
Define
whatever
matters
to
me
as
a
developer,
and
that
can
be
anything
really
depends
on
the
experience
level
and
so
on
and
so
forth.
In
this
case,
I'm
saying
hey
namespace
is
this
image?
Is
that
part?
A
Is
that
go
and
I
want
a
database
and
I'm
saying
again
same
logic?
There
is
a
new
resource
called
SQL
claim
some
labels
that
Define
what
type
of
database
I
want
and
a
few
parameters
specific
to
the
database
in
this
case
I
will
be
running
postgres
locally
right.
So
what
I'm
going
to
do?
Is
there
we
go
I'm
going
to
push
this
to
get
and
I'm
going
to
create
a
new
application
in
flux,
so
this
is
happening
only
once
after
I
create
this
application
in
flux.
A
After
I
tell
flux
to
monitor
specific
repository
with
specific
directory
from
here
on
flux
sometimes
gets
confused.
It
will
happen.
A
From
here
on,
if
it
works,
flux
will
be
monitoring
that
that
directory
that
repository
and
it
will
be
making
sure
that
whatever
I
push
there
is
what
is
defined
in
a
cluster
and
then
cross
plane
will
take
those
definitions
and
process
them
further.
Better,
that's
creating
something
in
a
cluster,
whether
there's
something
creating
in
AWS
Azure
or
whatever.
It
is
right,
let's
say,
flux,
customization,
but
not
found.
A
Sometimes
there
we
go
every
six.
Every
big
99
of
the
issues
in
our
industry
are
sold
by
repeating
restarting
stuff
right
and-
and
this
was
a
proof
that
that's
how
it
works
now,
it
works
always
and
I'm,
not
even
using
Windows.
A
Anyways,
so
if
I
list
all
up
claims
and
SQL
claims
you
can
see
by
you
can
see
by
the
time
here
right,
28
seconds,
that
flux
already
detected,
that
in
a
git
repository
synchronized
it
in
my
management
cluster
and
from
now
on,
those
two
compositions
are
being
expanded
in
what
the
real
resources
are,
whatever
they
are
right
and
I
can
prove
that
that's
happening
by
saying:
hey,
give
me
all
the
resources
and
increases
and
secrets,
and
you
can
see
that
it,
those
two
resources
were
expanded
into.
A
This
is
a
simple
example:
real
life
is
more
complicated
in
two
English
stateful
set
for
the
database
deployment
for
the
application,
some
services
and
so
on,
and
so
forth,
right
so
cross
brain
converted,
those
compositions
into
the
the
end
user
resources.
Now
this
is
very
simple
right
because
it's
simulation
of
a
development
environment
where
I'm
running
both
to
the
database
and
the
application
in
the
same
cluster.
A
But
let's
say
that
I
want
to.
Let's
say
that
I
want
to
do
that
in
production.
So
to
do
that
in
production,
and
let's
say
that
in
production
should
be
what
I
mentioned
before
RDS
in
AWS.
A
So
what
I'm
going
to
do
is
first
I'm
going
to
get
cubeconfigured
that
new
cluster
that
was
created
right
now,
I'm
switching
to
the
production,
cluster
and
cubeconfig
is
a
secret
in
in
the
management
cluster,
because
crosswind
created
that
cluster
and
everything
that
it
needs,
including
the
secret
and
I,
can
prove
that
that
cluster
is
running
by
showing
you
the
nodes,
that's
kind
of
obvious.
What
matters
more
is
there
we
go.
That's
a
production
cluster
of
simulation
of
production
cluster
12
hours
ago.
That's
when
I
did
it
now.
A
What
I'm
going
to
do
is
create
another
directory.
The
previous
one
was
devops
in
this
case
I'm,
creating
a
directory
products.
That's
where
my
production
applications
will
be
running
I'm
going
to
create
yet
another
manifest
which
is
going
to
be
almost
exactly
the
same
as
the
previous
one
right
here.
It
is.
The
definition
of
the
application
is
basically
essentially
the
same.
The
only
difference
is
in
the
namespace.
A
A
Now
I'm
saying
hey
in
this
case,
I
want
that
same
manifest
I'm,
not
changing
anything
except
the
label
saying
in
this
case
providers
should
be
AWS
right
and
store
the
secret
in
in,
in
the
sorry
authentication
to
the
database
in
a
secret
called
silly
demo,
so
that
the
application
in
that
cluster
can
connect
to
the
database
through
that
secret
right.
A
Now,
in
this
case,
it's
going
to
be
a
bit
more
complicated
than
before
for
a
simple
reason,
because
flux
CLI
does
not
allow
me.
It
allows
me
to
create
a
manifest
for
Flex
itself,
but
there
is
no
argument
as
far
as
the
not
the
trivia
can
say:
hey
use
this
Cube
config
right.
This
is
the
cube
config
that
tells
you.
Where
is
the
cluster,
that
you
should
synchronize?
A
So
what
I'm
going
to
do
is
open
whatever
I
just
created,
TMP
products
and
I'm
going
to
add
here
we
go
I'm
going
to
add
this
to
the
Here
We
Go
cube,
config
secret
ref,
the
name
and
the
name
is
I.
Don't
remember,
but
I
have
it
written
here,
production
cluster
right,
that's
the
name
of
the
production
cluster,
which
happens
to
have
a
secret
solid
flux
can
authenticate
over
there
cool
now.
A
So
what
I'm
going
to
do
is
tell
flux
Justice
for
the
development
environment,
hey
use,
this
repository
use
this
directory
and
that's
where
you
will
find
on
the
all
the
information
how
to
manage
the
production
cluster,
a
different
cluster
than
the
one
I
was
managing
so
far,
and
if
I
now
go
to
that
production
cluster
and
if
I
now
I'm
in
the
diff
now
I'm
in
a
different
cluster
right.
So,
let's
see
there,
we
go
right
12
seconds
ago
in
that
new
cluster
production,
I
got
up,
claim
and
SQL
claim.
A
Just
is
what
I
had
in
the
development
cluster.
But
the
result,
the
outcome,
the
of
the
real
resources,
is
going
to
be
different
right.
A
You
will
see
here
if
I
list
all
the
resources
in
that
namespace,
you
will
notice
that
stuff
is
not
working
very
well
and
the
reason
why
it's
not
working
very
well
is
that
this
pod
is
failing
big
time
right
and
the
reason
why
this
spot
is
failing
is
because
the
application
that
cluster
needs
to
connect
to
the
database
and
it
takes
like
three
four
five
minutes
until
RDS
database
is
created
and
until
it
is
created
there
is
no
authentication
information
without
application.
There
is
no
secret
without
Secret
that
pod
feels
miserable.
A
A
Come
on
there
we
go
right.
You
can
see
that
that
the
SQL
claim
got
converted
into
DB,
subnets
and
RDS
instances
instance,
those
those
are
the
objects
of
the
application
as
well,
some
subnets
in
database
routes
table
and
so
on
and
so
forth.
Right,
whatever
is
needed
and
you're
designing
right,
you
are
designing
what
the
dev
composition
is.
What
is
the
end
user
interface?
What
are
all
the
resources
just
as
what
they
did
for
the
Clusters,
so
how
much
time
do
I
have?
When
does
this
end?
A
Okay,
cool
cool
cool
I
was
speaking
fast.
Excellent,
so
did
I
miss
something
from
the
demo.
No
really.