The future of Kubernetes itself could well be found in the open source Crossplane project. That was one of the prevailing themes at the Crossplane Community Day Europe virtual event, which was held May 4 coinciding with Kubecon EU virtual conference that is running the same week.
The event was the third Crossplane Community Day in the last two years, demonstrating the accelerating momentum and excitement in the growing open source Crossplane project.
Among the diverse group of speakers were developers from AWS, IBM, Red Hat, Dell and Accenture among others. Session topics ranged from the introductory with the 'Notes for Newbs' session to more complex talks where attendees learned how to build their own Platform-as-a-Service out of different cloud native projects, using Crossplane as a unified control plane.
In the opening keynote session Bassam Tabbara, CEO of Upbound detailed why Kubernetes is critical for more than just containers and how it inspired the creation of the Crossplane project.
"While Kubernetes is known for being the gold standard in container orchestration, I don't believe, managing containers is its true superpower," Tabbara said.
In Tabbara's view, Kubernetes emerged as a foundation for modern application delivery because it defined a new operating model for managing applications and infrastructure. Among the core properties of Kubernetes is the fact that interactions are executed via a RESTful API which offers a high level of interoperability. He noted that the Kubernetes API was designed for both platform engineers who have an intimate knowledge of infrastructure, and application engineers who have intimate knowledge of their applications.
"All automation, operational, and business policies live behind the API line," Tabbara said. With this new operating model, organizations can achieve a high degree of automation. Once reserved for hyper scale cloud providers, this democratization and implementation of control theory is the reason, Kubernetes won the container wars."
"We started Crossplane because early on we saw the power of this operating mode, and wanted to take beyond container orchestration," Tabbara said. "We believe containers are simply the first use case of this operating model."
Tabbara emphasized that the Crossplane control plane offers a declarative API that promotes interoperability and results in a much larger ecosystem.
"We see Crossplane and Kubernetes, ushering in a new era of application, and infrastructure management, that will lead to a much higher degree of self service, and automation," Tabbara said.
Using Crossplane to Achieve Operational Nirvana
Jay Pipes, Principal Engineer at Amazon Web Services echoed some of the key themes from Tabbara, during his own keynote.
For Pipes, Kubernetes helps to define a new operating model that can be extended, with Crossplane and GitOps concepts to enable what he referred to as - operational nirvana. GitOps is an increasingly popular operational methodology for doing safe, repeatable software deployments. In the GitOps model, after a configuration change is merged into a git repository, then automation takes over to keep everything running according to plan.
Kubernetes together with a Git repository and the open source Flux project are commonly deployed together to enable the GitOps model. With Crossplane in the mix, the GitOps model extends beyond just a single Kubernetes cluster, to enable an operator to manage a much wider set of resources in an automated approach. Pipes explained that Crossplane controllers pick up state changes and attempt to consistently and constantly reconcile the desired state to be the latest observed state.
"I like to say this is an operational Nirvana, right, where we're able to declare the configuration of our entire system, not just the Kubernetes native resources," Pipes said. "We now can describe all of the resources, all of our infrastructure resources all of our Kubernetes native application resources, all of these in the same format, all using the same git based workflow,, where humans are responsible for approving the pull requests that describe those changes in configuration and robots are responsible for actually deploying things."
Outgrowing Terraform and Keeping the Promise of Crossplane
In a session titled, Outgrowing Terraform, Dalorion Johnson from Guidewire Software outlined the reasons why her firm had scaling challenges with Terraform. She was joined by Nic Cope from Upbound, explaining how Crossplane does things in a different way than Terraform.
"We are now managing 73,000 lines of HCL so we're starting to feel the limitations of Terraform," Johnson said. "We've really been using the heck out of it."
HashiCorp Configuration Language -HCL, is the declarative language used in Terraform. One of the key challenges Johnson said her organization is facing is the issue of drift, that is configurations that over time move or 'drift' from the desired state. Cope noted Crossplane is always running, keeping deployments inside of the desired state, limiting the risk of drift.
Johnson also noted that she's facing issues with access control, which is a concern that Cope said Crossplane deals with at the API level. Another limitation with Terraform was something Johnson referred to as - Cognitive Overhead. That is, Terraform was just another thing that her organization had to maintain. That issue is minimized with Crossplane, since the tooling is already consistent with Kubernetes, which Guidewire is already using and is familiar with.
In a lighting talk Steve Cavallo, DevOps Engineer at Cloudcheckr explained what Promise Theory is and how it applies to both Terraform and Crossplane.
"Promise theory is a way we can think about interactions between agents within a system," Cavallo explained. "In promise theory we say - get into the state, instead of - do this."
Cavallo noted that with Terraform the model is defined as HCL but the challenge in terms of promise theory is that the admin doesn't know exactly what the model is, until a plan is executed or applied to generate it. Until then, it's not a true promise. In contrast, he sees Kubernetes as a very literal implementation of promise theory.
Since Crossplane is based on Kubernetes that promise carries forward. Cavalla said that with Crossplane administrators have controller observability and the controller ensures that the deployment remains in the expected state.
"At scale Crossplane gives us high predictability of outcome, in fact, all of its dependencies are promises," Cavallo said. "So in conclusion, Crossplane keeps its promises.
Crossplane also keeps promises even if another service or a user attempts to terminate a service either on purpose of by accident.
In a light hearted lightning talk about Notes for Crossplane Newbs of new users Jeremy Tanner who work in developers relations at Equinix observed that if resources initiated by Crossplane are not terminated in the right way, they'll come back in around 30 seconds. He explained that if a user creates a machine with Crossplane, and then destroys it via directly using the API it will pop back up because there is a policy that notices the machine doesn't exist so it needs to be brought back.
"Resources forged in the fires across playing can only be destroyed in the fires of Crossplane," Tanner said emphatically.
How to Build Your Own PaaS from the Cloud Native Landscape
A key attribute of Crossplane is its ability to enable composition of different resources that can be managed with a unified control plane.
In a session entitled How to Build Your Own PaaS, Upbound founding engineer Jared Watts walked through a scenario in a Community Day detailing how to put together a cloud platform using multiple services from different sources.
"Basically, we can assemble low level granular resources from multiple vendors and clouds environments," Watts explained. "Then we can expose those as a higher level of abstraction to our application teams that serves as an API for them to be able to self service and get the infrastructure they need."
The ability to use Crossplane to compose a set of cloud services was also detailed by Yury Tsarev, platform engineering tech lead at Absa Group. Tsarev explained during a lighting talk how his firm was able to use Crossplane XRDs (Composite Resource Definitions) to build a Kubernetes global load balancer that his firm has dubbed - K8gb. Tsarev noted that Crossplane provides an effective abstraction with minimal configuration.
"You can use the same approach to scale and compose your own unique platforms," Tsarev said.
Improving Cloud Security with Crossplane
Beyond just composability, Crossplane can also help to enable improved cloud security according to a number of speakers at the Community Day event. In a session entitled Dejy Vu: Lets Think about Security Again, IBM engineers Shripad Nadgowda and Paolo Dettori outlined how using Crossplane to enforce proper configuration can be a real benefit for security.
Nadgowda stated that Crossplane can enable a sustainable security model for cloud operations. "If you make security part of the default configuration for every cloud service, that essentially means that as a developer, whenever I create a cloud resource, by default it is secure."
Looking forward, Emerging Trends in Cloud Engineering was the topic of the last panel of the day. Katie Gamanji, ecosystem advocate at the CNCF observices there is always evolution with technology. In her view, the stage the industry is now at with cloud native is about improving developer experience and helping organizations to deploy easier.
Kubernetes, while central to cloud native, is no longer the most exciting part, according to Brian Gracely, Senior Director of Product Strategy at Red Hat.
“We used to call it Kubecon because that was the dominant technology, now Kubernetes is this sort of safe and boring piece,” Gracely said. He continued by pointing out that the event might more accurately be called “control plane con” now, concluding by saying, “what that event will evolve into is really exciting to consider.”
You can view all of the Crossplane Community Day sessions on-demand here.