►
From YouTube: End-To-End GitOps - S. Alipio & V. Farcic, Upbound
Description
You are likely already using GitOps for your applications, but not for everything else. You are likely not using Argo CD, Flux, Rancher Fleet, or similar tools to manage the state of your infrastructure and services.
Website: https://www.upbound.io/
Organized by @Microsoft @kubermatic7173 @SysEleven
Thanks to our sponsors @CapgeminiGlobal, @gardenio, @sysdig, @SUSE, @anynines, @redhat, nginx, serve-u
A
So,
let's
talk
about
githubs
and
how
we
can
extend
git
tops
to
everything
right
assemble.
They
explained
that
in
a
second
very
quickly.
This
is
how
it
looks
like
after
I
visit,
one
of
the
customers,
I've
worked
for
upbound
with
a
I,
have
a
Twitter
books,
Foundation
stuff,
like
that
not
important.
What
is
important
is
Sam.
There
you
go
see
how
I.
B
Yeah
I
use
this
one.
There
we
go
hi,
I'm,
Sam
and
I.
Only
have
one
thing
about
me,
which
is
I'm
a
product
manager
at
upbound
nice
to
meet
you
so
get
UPS.
Applying
get
UPS
to
everything.
I
wanted
to
start
out
with
an
awkward
exercise
in
an
audience
engagement.
Can
you
raise
your
hand
if
you're
using
get
Ops
today.
B
It's
a
it's
a
pretty
sizable,
pretty
sizable
number
of
people,
so
in
git,
Ops,
you're,
storing
your
desired
state
in
git
and
then
there's
going
to
be
some
kind
of
process.
That's
converging
your
actual
State
into
your
desired
state
and
if
you're,
one
of
the
people,
that's
maybe
not
familiar
with
githubs.
These
four
principles
are
pretty
important.
It's
declarative,
versioned
pulled
automatically
and
continuously
reconciled,
and
most
of
the
get
UPS
tooling
out
there
today
is
based
on
kubernetes
operators
and
there's
a
reason
for
that.
B
Kubernetes
allows
us
to
access
its
extensible
API,
and
it
also
has
drift
detection
and
Reconciliation,
which
means
these
tools
don't
have
to
reinvent
the
wheel.
They
can
rely
on
those
capabilities
that
are
already
there.
So
the
question
with
Git
Ops
is:
why
is
it
so
commonly
applied
only
to
Applications?
B
So
if
the
promise
of
git
Ops
is
you
can
converge
your
desired
and
actual
states?
You
have
a
problem
because
kubernetes
resources
are
not
necessarily
going
to
represent
your
actual
estate.
It's
a
fraction
of
the
actual
State
meaning
those
tools
they're
using
that
rely
on
kubernetes
operators
are
only
getting
you
part
of
the
way
there.
B
So,
in
other
words,
sometimes
kubernetes
is
the
destination,
and
sometimes
it's
an
intermediary
between
your
desired
State
and
your
actual
state.
So
the
actual
State
could
be
in
kubernetes.
It
could
be
I,
don't
know
in
Lambda
in
Google,
Cloud
run
it's
your
databases,
your
servers
and
so
on.
So
if
we
know
that
our
actual
state
is
coming
from
many
places
and
we're
keeping
everything
in
git,
why
is
it
that
we
see
git
Ops
commonly
applied
only
to
Applications?
B
A
A
So
what
we're
trying
to
do
is
to
bring
the
definitions
of
all
those
resources
into
kubernetes
so
that
you
can
benefit
from
whatever
the
whatever
the
reasons
why
you
are
using
kubernetes
in
the
first
place,
right,
API
detection,
reconciliation
and
so
on
and
so
forth.
Right
and
on
top
of
that
and
I
will
show
that
in
a
demo
in
in
a
few
minutes,
Bishop
something
called
compositions,
which
is
a
way
for
you
as
an
operator
or
SRE
or
devops
or
whatever.
Those
roles
are
called
today
to
Define.
A
B
A
So,
let's
start
with
the
cluster
right.
Do
you
see
this?
Is
this
big
enough
yeah,
Okay
cool?
So
let's
say
that
you
have
this
definition:
production
yaml
right
now.
This
definition
is
a
kubernetes
definition.
They
Define
something
called
the
cluster
claim.
Now
cluster
claim
does
not
exist.
It
does
not
come
out
of
the
box
in
Cross
plane.
It
was
created
by
me
right.
It
was
created
by
me
so
that
the
rest
of
the
people
in
my
company
can
create
and
manage
kubernetes
clusters
in
different
providers.
A
What
matters
is
that
from
the
user
perspective
as
a
developer,
if
I
would
like
to
create
a
manager,
cluster
I
need
to
select
to
type
some
labels
that
will
Define
what
type
of
a
cluster
I
want
in
this
case,
AWS
in
AWS,
and
it
will
be
eks
and
to
define
a
few
variables
or
parameters
or
whatever
schema
is
something
that
I
Define.
It
can
be
anything
right
and
in
this
case
I'm
saying
Hey
I
want
small
small
servers
in
that
cluster.
A
I
have
no
idea
what
small
means
small
is
whatever
whatever
it
is:
small
in
AWS,
that's
a
job
with
somebody
else
and
I
want
to
start
with
the
three
three
nodes
and
finally,
to
be
able
to
connect
to
that
cluster
I
want
to
create
a
secret
with
cubeconfig.
Then
the
secret
will
be
called
in
this
case
production
cluster.
A
Now
what
I
was
what
I'm
supposed
to
do
now
is
to
Commit
This
to
push
this
to
a
git
repository
and
then
flux
we'll
take
it
over
from
there.
Synchronize
it
with
my
management
cluster
and
from
their
own
cross
plane
would
create
all
the
resources
in
AWS,
and
not
only
that,
but
also
it's
supposed
to
be
production
ready
cluster.
So
it
will
also
install
everything,
make
make
a
cluster
production
ready
whatever
that
means,
and
that
depends
on
your
organization
now.
I
will
not
do
that.
A
A
Come
on
there
we
go,
it
says
Hey,
something
called
the
cluster
clay,
or
here
there
is
one
cluster
claim
we're
going
to
call
production.
This
is
the
name
of
the
cluster
control.
Plane
is
active,
node
the
node
pool
is
active.
It
is
fully
ready.
Now
again,
the
output
is
something
you
define.
You
define
what
will
be
the
output
of
of
that
that
controller
that
resource
right.
A
Now,
if
you
are,
if
you're
an
Ops
person
in
the
bottom
window,
then
you
can
see
actually
what
happened
when
I
created
cluster
claim
that
this
will
take
a
while,
because
there
is
an
issue
with
cattle
that
we
are
solving
right
now.
Actually,
it's
already
I
think
there
is
a
pull
request
because
it
needs
to
query
like
thousand
different
resources
in
that's
how
many
resources
there
are
in
AWS
but
anyways
it's
here,
and
you
can
see
that
this
cluster
claim
created
a
bunch
of
roles.
It
created
some
policy
attachments.
A
It
installed
certain
resources
in
kubernetes
cluster.
It
installed
some
Helm
charts.
It
created
a
node
group
cluster
VPC
route
table
a
few
subnets
Security
Group,
internet
and
internet
gateway
right.
So
this
is
you
as
an
operator
designing
what
that
resource
will
become
when
somebody
applies
it
in
a
cluster
right
and
all
that,
in
this
case,
being
fueled
and
being
synchronized
with
with
flux
and
the
way
how
I
did
that
I
was
so
very
quickly.
I
don't
want
to
troll
too
much.
A
A
This
is
a
huge
deal.
This
is
this
is
basically
all
the
stuff
that
theoretically
I
would
need
to
Define
myself
to
run
successfully
kubernetes
clustering
production,
but
me
as
an
operator
or
SRE
is
packaging
all
that
into
a
new
resource.
That
is
relatively
easy
to
use.
Right
now,
where
are
we
yes?
Now,
let's
say
that
I
want
to
Define
an
application
and
that
application
should
be,
let's
say,
back-end
application.
It
should
have
a
database
right
and
depending
on
where
that
database
is
running,
it
could
be
maybe
database
in
a
cluster.
A
Let's
say:
postgres
inside
of
a
cluster
for
development,
environment,
and
let's
say:
if
it's
production,
then
it
would
be
RDS
in
AWS
I
mean
it
can
be
anything
you
want.
You
are
defining
what
something
is
so
what
I'm
going
to
do
is
this
time
I.
This
is
not
what
I
did
last
night.
This
time
is
happening
for
real
I'm,
creating
a
directory,
devops
and
I'm
going
to
copy
and
paste
this
definition
and
then
I'm
going
to
explain
what's
happening
here.
A
We
go
right
so
I'm
having
again
two
different
resources:
I
want
to
simplify
lives
of
everybody,
no
matter
the
level
of
expertise
and
I'm
here,
defining
application
claim
and
saying
Hey
whenever
you
want
to
deploy
an
application
in
this
case
to
manage
application
kubernetes,
you
do
not
need
to
worry
about
deployments
in
state
facets
and
services
and
virtual
services
and
all
the
building
blocks,
because
kubernetes
realistically
does
not
have
a
concept
of
an
application.
It
has
a
concept
of
a
bunch
of
building
blocks,
so
instead
you
can
just
Define
up
claim.
A
Whatever
the
name
is
with
labels,
we
are
going
to
say
that
I
want
to
have
a
backend
type
of
application
connected
to
the
database.
There
are
other
types
of
applications
in
this
case
case
and
I
wanted
to
run
locally
in
the
same
cluster,
and
there
are
a
couple
of
parameters
that
I
can
Define
whatever
matters
to
me
as
a
developer,
and
that
can
be
anything
really
depends
on
the
experience
level
and
so
on
and
so
forth.
In
this
case,
I'm
saying
hey
namespace
is
this
image?
Is
that
part?
A
Is
that
go
and
I
want
a
database
and
I'm
saying
again
same
logic?
There
is
a
new
resource
called
SQL
claim
some
labels
that
Define
what
type
of
database
I
want
and
a
few
parameters
specific
to
the
database
in
this
case
I
will
be
running
postgres
locally
right.
So
what
I'm
going
to
do?
Is
there
we
go
I'm
going
to
push
this
to
get
and
I'm
going
to
create
a
new
application
in
flux,
so
this
is
happening
only
once
after
I
create
this
application
in
flux.
A
A
From
here
on,
if
it
works,
flux
will
be
monitoring
that
that
directory
that
repository
and
it
will
be
making
sure
that
whatever
I
push
there
is
what
is
defined
in
a
cluster
and
then
cross
plane
will
take
those
definitions
and
process
them
further.
Better,
that's
creating
something
in
a
cluster,
whether
there's
something
creating
in
AWS
Azure
or
whatever.
It
is
right,
let's
say,
flux,
customization,
but
not
found.
A
A
This
is
a
simple
example:
real
life
is
more
complicated
in
two
English
stateful
set
for
the
database
deployment
for
the
application,
some
services
and
so
on,
and
so
forth,
right
so
cross
brain
converted,
those
compositions
into
the
the
end
user
resources.
Now
this
is
very
simple
right
because
it's
simulation
of
a
development
environment
where
I'm
running
both
to
the
database
and
the
application
in
the
same
cluster.
A
A
So
what
I'm
going
to
do
is
first
I'm
going
to
get
cubeconfigured
that
new
cluster
that
was
created
right
now,
I'm
switching
to
the
production,
cluster
and
cubeconfig
is
a
secret
in
in
the
management
cluster,
because
crosswind
created
that
cluster
and
everything
that
it
needs,
including
the
secret
and
I,
can
prove
that
that
cluster
is
running
by
showing
you
the
nodes,
that's
kind
of
obvious.
What
matters
more
is
there
we
go.
That's
a
production
cluster
of
simulation
of
production
cluster
12
hours
ago.
That's
when
I
did
it
now.
A
What
I'm
going
to
do
is
create
another
directory.
The
previous
one
was
devops
in
this
case
I'm,
creating
a
directory
products.
That's
where
my
production
applications
will
be
running
I'm
going
to
create
yet
another
manifest
which
is
going
to
be
almost
exactly
the
same
as
the
previous
one
right
here.
It
is.
The
definition
of
the
application
is
basically
essentially
the
same.
The
only
difference
is
in
the
namespace.
A
Now,
in
this
case,
it's
going
to
be
a
bit
more
complicated
than
before
for
a
simple
reason,
because
flux
CLI
does
not
allow
me.
It
allows
me
to
create
a
manifest
for
Flex
itself,
but
there
is
no
argument
as
far
as
the
not
the
trivia
can
say:
hey
use
this
Cube
config
right.
This
is
the
cube
config
that
tells
you.
Where
is
the
cluster,
that
you
should
synchronize?
A
So
what
I'm
going
to
do
is
open
whatever
I
just
created,
TMP
products
and
I'm
going
to
add
here
we
go
I'm
going
to
add
this
to
the
Here
We
Go
cube,
config
secret
ref,
the
name
and
the
name
is
I.
Don't
remember,
but
I
have
it
written
here,
production
cluster
right,
that's
the
name
of
the
production
cluster,
which
happens
to
have
a
secret
solid
flux
can
authenticate
over
there
cool
now.
A
So
what
I'm
going
to
do
is
tell
flux
Justice
for
the
development
environment,
hey
use,
this
repository
use
this
directory
and
that's
where
you
will
find
on
the
all
the
information
how
to
manage
the
production
cluster,
a
different
cluster
than
the
one
I
was
managing
so
far,
and
if
I
now
go
to
that
production
cluster
and
if
I
now
I'm
in
the
diff
now
I'm
in
a
different
cluster
right.
So,
let's
see
there,
we
go
right
12
seconds
ago
in
that
new
cluster
production,
I
got
up,
claim
and
SQL
claim.
A
A
You
will
see
here
if
I
list
all
the
resources
in
that
namespace,
you
will
notice
that
stuff
is
not
working
very
well
and
the
reason
why
it's
not
working
very
well
is
that
this
pod
is
failing
big
time
right
and
the
reason
why
this
spot
is
failing
is
because
the
application
that
cluster
needs
to
connect
to
the
database
and
it
takes
like
three
four
five
minutes
until
RDS
database
is
created
and
until
it
is
created
there
is
no
authentication
information
without
application.
There
is
no
secret
without
Secret
that
pod
feels
miserable.
A
A
Come
on
there
we
go
right.
You
can
see
that
that
the
SQL
claim
got
converted
into
DB,
subnets
and
RDS
instances
instance,
those
those
are
the
objects
of
the
application
as
well,
some
subnets
in
database
routes
table
and
so
on
and
so
forth.
Right,
whatever
is
needed
and
you're
designing
right,
you
are
designing
what
the
dev
composition
is.
What
is
the
end
user
interface?
What
are
all
the
resources
just
as
what
they
did
for
the
Clusters,
so
how
much
time
do
I
have?
When
does
this
end?