 My name is Mauricio Salatino. I am presenting about building functions as service platforms on top of Kubernetes, but the presentation and the topics actually apply to any kind of platform that you want to build on top of Kubernetes. So let's get started with. Again, as I mentioned, my name is Mauricio Salatino. I'm at Salavoy in Twitter and also in Mastodon nowadays. I'm working full-time on a project that's called Knative. I don't know if you have heard about that project. It's about server list and building functions. So I recommend you to check it out. I will be showing a bit of that later on. And I'm also writing a book that's called Continuous Delivery for Kubernetes, where I'm basically covering all the projects and topics that I'm covering here during the session. Of course, in much more detail, because it's like an entire book. The QR code in there will take you to the book, and there are some discounts for the book later on on the presentation as well, if you're interested. So the agenda for this presentation, usually my style of presentation is too much content. There is a lot of things going on. I'm doing live demos. And everything can go wrong. But for this specific presentation, because I only have 30 minutes, I will be covering the first two bits, and I will try to go faster on the tools that I'm using because I will provide all the links for you to check all these tools later on. So context about why do we need to build platforms on top of Kubernetes? And I will be doing a live demo showing how that experience of using a platform should look like on top of Kubernetes from application development teams and also from operational teams. So why do you need to build platforms on top of Kubernetes? Or the main reasons why I see companies, medium and large companies building platforms on top of Kubernetes? And I'm pretty happy to say that when I arrived here this morning, I just actually go and talk to a company that it's building this kind of thing. So it's a good validation for this presentation. You can go and talk to local people about these topics as well. So the main reason to think about building platforms on top of Kubernetes is because Kubernetes actually provides you only a set of building blocks that you need to use to create more complex tools for actually deploying your workloads, right? Like Kubernetes provides you services, deployments, ingresses and all these things. But when you start deploying real life workloads that are complex, you need to combine them, extend Kubernetes, create your own higher level abstraction layers to make your life easier. Because dealing with those low level concepts, it's complicated. The main reason why we have so many CNCF projects, they are all great, because they are solving specific problems on top of Kubernetes by using all these concepts and solving more specific problems. So the moment that you start using Kubernetes, you need to start not only learning Kubernetes, but you also need to learn about all the ecosystem and which tools are solving each specific problems. And that takes time, right? The more larger the company is, the more that you see that one single Kubernetes cluster will not cut it, right? Like the previous presentation about Hypershift actually is going into that direction. You will need multiple clusters and then you need to manage the complexity of having multiple clusters, right? And learning Kubernetes is hard. I've seen this, I've been doing Kubernetes trainings for some time and I see a lot of large companies that the thing that they struggle the most is basically bringing everyone up to speed into Kubernetes and understanding how Kubernetes works. So we should be thinking about abstracting Kubernetes away and building platforms that basically makes the life of application development teams easier so they can consume Kubernetes without actually understanding all the tools that you need to use it. So a platform can help in solving some of these problems, right? Like reducing the cognitive load of teams that are consuming Kubernetes related tools. We can create a platforms that basically provide a self-service approach to consume all these complex infrastructure and tools. And we can also improve our software delivery practices, but by providing a platform that basically curate all best practices about how teams should deliver software to different environments. So I've included here kind of like one of my definition of what the platform is. And for me nowadays in 2022, because this is actually changing a lot in the Kubernetes space, a platform is just a collection of services and tools focused on enabling teams with a self-service approach to get the tools that they need when they need them. So we are going to be seeing now in a couple of demos, how can we implement these with open source tools and how the platform experience should look like. In reality, when you start looking at things and the shape of these tools and how do you combine different tools to create one of these platforms that I'm talking about, you will see that it looks something like this. You have a bunch of teams that wants to consume and interact with complex infrastructure and tools. And for that, you have a team building something that we are calling a platform in this diagram that basically exposes a platform API. These teams that wants to consume all this tooling on the right-hand side, they only need to understand how to interact with that API. If these teams are application development teams, they know how to interact with the APIs for sure. So they can interact with the APIs, get the tools that they need, configure in a way that the company applies all the compliance, make sure that they can get all these tools very secured by default, by just interacting with these APIs. And the platform will use a bunch of tools to orchestrate Kubernetes clusters, virtual machines, cloud resources, some on-prem services, or even maybe third party services that you want to consume, right? So, if you have been looking into the platform space in Kubernetes, and I've seen this kind of like a lot in the last KubeCon in Detroit and also in Valencia, there is a book that is being coded quite regularly because this talks about the cultural change that you need to apply in your organization in order to start thinking about building platforms. This book is called Team Topology, that's the website of the book. And it basically described the interactions between different teams, right? Like having a platform team that is in charge of building this intermediate layer between infrastructure and application development teams. The main idea here is the platform team treats application development teams as customers, so they build a platform that looks like a product. And if application development teams needs more features into that product, the platform team will start delivering those features. So application development teams can get again all the tools that they need when they need them. So I will start with a very, very quick demo of an application that I built to exemplify the use of this platform. And this demo is this very, very simple application. So this application, you can actually access to that instance of the application here if you can scan that QR code. You don't need to, right? Like this is just a very simple demo, but it's live and it's running in a Kubernetes cluster that is hosted inside Google Cloud, right? So this application, okay, hopefully some people access it. This application allows you to, very, very simply, you can generate a value here on the client side and I can store that value. That value should be stored into a Redis database, which is, of course, it's a live demo. So why it should work? Maybe internet connectivity or something. Let me refresh and see if it's actually running. The browser crashed. All right. I wonder if it's working for some of you folks. Oh, there you go. I can see the application back in there. Let's see, maybe too many people accessing at the same time. It's actually making it crash. It should have some replicas, but it's running in a different continent maybe, so maybe it's too far away. And I can see there you go. You have all those numbers that people is generating. Of course, you can make it crash, of course. But that's kind of like the application. And the idea of the application, please do not make it break, folks. Come on, be gentle. So the main idea of the application is to show that it's a very simple application. It's a monolith application, that it's generating some data from the browser, in this case, and sending that data into a Redis instance that it's also running in Google Cloud. So that's kind of like my production environment, the thing that you are accessing. It's not very well configured, as you can see, but I will work on that later. So the idea is that at some point, like the company, the business will say, okay, we need to add a new feature into our new application, right? But developers will not work in the production environment where all of you are accessing, right? We will just need to separate place to go and do our work. And in this case, what we want to do is, as a platform, we want to provide a way for development teams to have a development environment on demand. So they can say to the platform, hey, I need a new development environment to create and implement this feature. I need the platform to provision a new environment for me. And I need to get all the secrets or credentials to be able to connect to that environment, right? That's kind of like what we are going to do now. I will just show a demo where I will connect to the platform API. I will send a request and I will get a development environment back that it's being configured by the platform team. But it's automatically provisioned when I send the request. So that's kind of like the first demo we are going to just request a development environment. Again, this is a live demo. So be patient with it, it should work. It's Kubernetes, right? So it should work. So the idea here is that I've extended Kubernetes in some way by using some tools and I define this new resource type in Kubernetes that it's called environment. As you can see, it's just a Kubernetes resource that Kubernetes manifest. And it's basically allowing me to set the name of the resource, in this case, team A environment. And I can set the type of the environment that I want to create in this case with the label, like that says the development in there. And I can set as like as an application development team some parameters that are very specific to my team. For example, I want to make sure that when I create this environment, there is a database, like a Redis database in the same way that we have in the production environment. Because it's a Kubernetes resource and my platform API is exposing a Kubernetes API, I can just send this resource using QtlApply or any other Kubernetes tool that allows me to send a resource to the cluster. Again, Wi-Fi, why not? Maybe a cluster is in a different container in a different city or something. It was working before. But as you can see there, like after we get the return back there, the environment was created by the platform. And as a user, because again, it's just a Kubernetes source, I can just list all my environments, right? So I'm listing my environment there. It's not ready yet because it's been just provisioned. We just create that request 17 seconds ago. So it will take some time in order to be created and to be provisioned. But what I will do now is, as I mentioned before, as an application development team, as soon as I get an environment created, I will love to be able to connect to it. And in order to connect to it, I will run a command because I'm using a very specific tool. But you can imagine that if you are provisioning a cluster in Amazon or in Google, you will probably need to run a command to connect to that cluster. In this case, I'm using a tool that it's called Bcluster that I will talk a little bit about later on, but that's the only thing that I'm doing here. I'm just connecting to the environment that I've just created for this application development team. That's why using Bcluster Connect and the name of the environment there. Again, remote cluster, it might take a second. When I was trying it before, it was almost automatically, but it will take some time now to do the network connectivity. So hopefully it works. At some point, this is going to connect and we will be able to interact with our development environment. We are not connected anymore to our platform API. We are connected to our environment and we can start developing our new feature. This environment, it's going to contain an instance of the application that was running in production configured to work. So I will be able to test any change that I do kind of like in a very production-like environment in this case. At some point, it will connect. Let's go back to the slides here. So the next step would be the application development team actually needs to create a new feature for the application. And this is when I wanted to talk a little bit about functions, right? You can go and change the monolithic application and of course you can go and change it, but if it's like a large application, usually you will have a long process to change that. Functions can help a lot with extending monolithic applications that you already have by adding features that are not included in the same source code. So you can actually iterate functions much faster. Usually functions are described in, when you can create purely functional applications. But in this case, I wanted to show how you can extend an existing application by creating a function that creates a new feature and it allows you to implement something that it's not by changing the monolithic application that we just created. So the application development team, it's very interested in just extending the application. We will be creating a function. Good thing about functions is that you can create functions in any language that you want. And we will be able to deploy our function into our development environment because our platform team that defined what the environment is actually install some tools for our function run times in there, right? And that's kind of like our second demo. But the problem with the second demo is that it depends on the first demo for the environment to be ready. So we will see. All right. Let's see if I can connect. Hopefully I can, but it's actually not connecting to the cluster. So we will see. Let's wait for a bit. I will probably run out of time for sure now, but let's see if it connects. The idea here is that as soon as we are connected into our environment, we should be able to use some tools again that were created by the platform team or at least decided by the platform team to create functions and deploy functions into our environments without writing Docker files or without writing YAML files to do deployment. It's not connecting to the cluster. So what would you expect? And I do not have my 5G phone here with me to connect to it, unfortunately. But that's the idea, right? So imagine that I'm connected to this cluster. Could that, what? Again, live demos. I should have a recording. And you know, my father told me, you should get a recording. I didn't do it, unfortunately, because I really like the risk. But you can imagine, you're like creative people so you can imagine what happens when you connect to a cluster. You can interact with the API server, right? So it's not connecting, but what we can do instead, and you can think that this will work, right? When we interact with a new API server and with a new instance of the application, by using vCluster, we'll be able to access to that instance of the application that runs inside that environment with a completely separate URL, right? So we can actually go and interact with the application in the new environment. But it's not connecting, unfortunately. So let's do the second thing. The second thing was to build, so to create and build a function using a CLI that it's called Funk. And I can just run here. Let's see if this works. So basically, if we want to create functions, we can use tools that are specifically created for that use case. So I'm creating a new, I'm going to a new directory. I'm creating a new directory called Average because the feature that we want to build is we want to calculate the average of all the values that are stored in this environment. And then I will use this command that it's called FunkCreate that basically will create a new template for a function, in this case, using the Go language. And then consuming a template that it's called Redis because we need to connect to the Redis database to get all the values, right? And the template is located in this repository there that it's in GitHub. So I cover repository in GitHub that was created by the platform team that contains multiple templates in different languages that can contain curated dependencies, for example, in this case, to connect to Redis. This of course also requires the network because it will go and fetch the template and create like the function here, which unfortunately, it's not working. But as you can imagine at the end of this command, we will have the template of the function created in our local development environment, in our local laptop in this case. And then I will be able to use another command that it's called FunkDeploy to deploy that function into my deployment environment. So the network is not working at all. Let me try to switch. Let's do this. Let's try again. No, no. It's the wired one, it should be working. Come on, network preferences. I will try, I will try, you know, connect, whatever. Okay, you have enjoyed the session to see this. So anyways, the idea here is to use that command line tool that allows you to create functions and then deploy functions to the development environment. So the demo goes like this, you, I created a demo, I created the function, I just modify the function so it actually calculates the average and then I deploy it to a development environment. As soon as the function is deployed in the development environment, I can interact with the function and actually make some requests so I can see the average being calculated. Unfortunately, I cannot show that. I promise you, you will see a video as soon as I create a recording of the demo from my hotel room. Finally, just for the sake of the story here, we have created here a function in our development environment, right? And that's running in there and I can interact with it and everything is fine. But as soon as the application development team is done with the, you know, with writing the functionality, the platform should be in charge of taking this functionality from our development environment, from our, you know, development, give and have repositories into our production environment. And the way of doing that, it's very different from the tools that we are using for developing things, right? Like I was using this function CLI to create and deploy functions in my development environment. I do not want to do the same things for our production environments. So for production environments, what you usually do is you probably apply some kind of like GitOps and also here is where you run all the compliance on top of, you know, the things that you are deploying into your production environments. So for this demo, like the third demo of my presentation, actually shows a tool that it's called ArgoCD that it's configured to sync, you know, changes into our live clusters. Let me see if I can see here. So that's the application that it's not working anymore because I'm just not, now I'm not even connected to the network. Let me see if I can connect back. But the idea here is that our production environment, the application that I showed at the beginning that was working is actually configured in this repository that it's called Cube Day Japan production. And inside this production directory, that it's not there, come on. Basically contains the configuration files for deploying this application into our production environment. And then we have a tool like ArgoCD or Flux, which is basically, now I'm not even showing, but it actually have the configuration to go and check into this repository and sync all this configuration to the live cluster. Unfortunately, the network is not collaborating with us today. The network is not even connecting, so there's not much that I can do there. But let me try to summarize the idea here. So let me go down at the end here. So two things here that I wanted to talk, right? Like the first idea was to use a tool that it's called Big Cluster to create virtual clusters to create development environments. So you can quickly create these environments where your developers can interact with the application and a copy of the application in a safe way, in an isolated way. And then you can use tools like FunkCLI to actually create new functionality without pushing your developers to learn about like how to build containers or how to write YAML file to deploy these applications or functions into Kubernetes cluster. By doing that, you are kind of like abstracting away all the complexity and all the things that they need to understand in order to do these deployments or to quickly iterate over different functions. And then when we are going more like into a production environment or a more sensitive environment, using tools like ArgoCD to sync the configuration of a cluster that it's starting it into a production environment, it's much more safer because you remove the manual intervention against the cluster so you can keep track of all the changes of configurations on these environments. We will go back now a little bit. So that's kind of like what the demo is, what the demo is showing. You can actually imagine how is that working. But one of the things that I kept in mind when I was building this demo is that all the tools that I've used in the demo and to create environments, to actually sync changes, to install applications, I haven't created any Kubernetes operator. And I think that this is what's coming for next year. We have been, I have been working on Kubernetes for the last six years and I've seen a lot of companies creating their own custom controllers, custom operators for solving the challenges. But now that CNCF projects are maturing, there are a lot of projects that are being graduated now like ArgoCD, I've seen a lot of adoption of these tools and people is actually starting to think that when you extend Kubernetes, then you need to maintain all these extensions and maintaining these extensions are pretty hard. So one of the key points here is that if you are planning to extend Kubernetes, you need to make sure that there is no other project doing something similar that you can reuse because you will save a lot of time on maintaining components otherwise. So for this demo, I've used Crossplane to create that environment resource. Crossplane is a project that allows you to create cloud resources using the Kubernetes APIs. So you can actually create a YAML file to create a cluster in different cloud providers and Crossplane will have a way to connect to that cloud provider and then create those resources for you. So you can create a cluster and a database by just creating some YAML files. You send that to the platform cluster that has Crossplane installed and Crossplane will go and create these resources. And then you will be able to use Qtcl or any other Kubernetes tool to list these resources there which is kind of like a very interesting approach. And this is actually bringing a little bit more of that multicloud approach to the space because you can create clusters in all the cloud providers by just installing some extensions and also providing the credentials so Crossplane can access to these resources. Crossplane allows you to also create compositions which is pretty like a very, very important concept. In this case, you can create something like I did. Like I created a resource type called environment that basically represent a bunch of cloud resources being created together, right? So I created a local like a development environment that basically created a virtual cluster but you can create like a staging environment that actually goes and create a Google cloud cluster for you. And the interface for the users will be the same. You can create very, very similar YAML files to create different environments and to provision different cloud resources across multiple different cloud providers. And that's a pretty powerful idea and that's why Crossplane is becoming really, really popular in the platform space. Big cluster, as I mentioned before, it's a quick way to create virtual clusters inside the same cluster. So you are creating isolated API servers and reusing the Kubernetes scheduler, like the main, the hosted scheduler for all these API servers. This is pretty good when you want to isolate workloads and when you want to isolate like API access, right? It comes very, very frequently when you talk about like using namespaces is not good enough for your use case because again, you don't have enough isolation between different tenants. And when you cannot create different clusters for different tenants because that's too expensive. You need multiple counterplanes. So this like big cluster is an open source project that gives you kind of like some good benefits there. You can have isolation without paying the cost for creating separate control planes for that. There are other projects like HyperShift of course that applies a different approach, but it's in the same space, multi-tenancy, right? Like this is also very important in the platform building space because you will have more than one cluster. So that's kind of like what I was doing there when I send a request to the platform API like crossplane was using vCluster which basically is just using Helm to create a new vCluster and deploying my application into the environment. Then I was using a KNATIVE which is the project that I'm working for for the runtime function, right? Like the function runtimes, right? So if I want to deploy functions into Kubernetes clusters and scale them down to zero and scale them up based on demand, you can use something like KNATIVE and the funk CLI comes from there like the KNATIVE functions initiative. So that initiative is focused on allowing you to quickly build functions in any languages and deploy them without writing Docker files or YAML files. And again, I use vCluster and KNATIVE in conjunction. There is a plugin that allows you to use them both so you can reuse the same installation of KNATIVE for multiple vClusters. And then at the end, I use Argo CD just for GitOps again, just to sync Kubernetes resources into a Kubernetes cluster. And that's the thing that I showed you before. There are some other tools that you should be checking out if you are looking into building platforms like Open Feature is something that it's growing in the CNCF space. Dapper is another project that I will be looking onto which is more in the developer space. So to make your developers life easier no matter which language they are using. Cloud Events and CD Events are other initiatives that you should be looking at. And of course, if you are building platforms you want to measure how good the platforms are. So you should be looking at Dora metrics and I'm building a POC showing all these tools together and how can you measure how efficient your platform is. So check it out if you're interested. The presentation topic and the examples and the demos that you can of course run in your own local laptops if you want. I should have done that now that I think of but I really like the remote cluster. I described in this series of blog posts that is called like changes of building platforms on top of Kubernetes where I'm trying to cover why people is thinking about doing these things the tools that exist today and the challenges that you will face while you are trying to adopt all these tools. And of course at the end that's the link of the GitHub repository that contains all the step-by-step tutorial. I promise that works if you try it out on your local laptop. You need to have a lot of RAM to run all these components locally but actually if you have like 32 gigs it should be all right. And again, the idea was we started in production we changed our application by creating a development environment. We deploy the function there and then we use GitOps in order to apply back the configuration into our production environment. The tools that I mentioned here like Crossplane, K-Native, Dapper, Argo CD also like I mentioned in the abstract tecton that you can use to build all these container images and the FUNC CLI are just an example of things that you can combine together to build a platform experience but of course you can go and choose your own tools. Like if you are provisioning cluster hyper shifts or like you know like copy like cluster API can work as well of course. But the key point here is that if you're building platforms you should focus on developer experience on making sure that you provide like an API for your development teams to quickly consume and in like an on a self-service approach that they can go and request new environments on demand. They shouldn't wait for like they shouldn't create tickets and wait for the operational team to create those environments. Automation here, it's key. Thank you very much. Apologize for the demo not working. I can actually install it locally later on and show it to you if you're interested. Apologize once again, I will share the recording. That's the link to the book and that's my Twitter handle if you have any questions. So if you want to dig deeper into these topics. If there are any questions right now, I'm happy to answer. Yep, one question down there in the back. I will check the connection again and now the connection will work because you know how it is, right? Like it's still not working, so I'm happy. Okay, so the concept made a lot of sense. So I wouldn't worry too much about the demo. I think the one thing I didn't quite understand with the concept was I think where Argo CD is involved. So are you creating a new manifest that's like automatically like kind of understands, okay, this is what the function is supposed to do and it builds out whatever the custom resource would be for that and copies over to production. I think I'm just confused about that interaction. Perfect, no, I think that the question makes a lot of sense because like the demo kind of quite covered that. So the idea is that we use funk CLI to deploy to our development environment, right? In that case, we do not create any Jammel file. The CLI actually do a deployment to the cluster, but the CLI can also have kind of like a dry run mechanism that actually gives you the Jammel that you need in order to deploy that function. So in order to move the function that is running in our development environment to our production environment, the only thing that we need to do, something that I showed in the demo is we go to the Git repository that contains the production configuration and we move that Jammel file into that production environment, right? Of course, at that point, the platform team will need to replace, for example, the database connection string and where the database is and all the production parameters that needs to be applied at that point. And we do that by creating a pull request into that repo where the platform can actually run all the automated checks to make sure that the changes are going to work. And as soon as you merge that pull request into the main branch, Argo CD will sync that into the production cluster and we will be able to interact with that function in there. Gotcha, yeah. So the Jammel that is being created, I guess it's a month familiar with how the function service also works. So I'm assuming the function service, it abstracts, it'll create the config maps and everything that's necessary for the developers and basically all of that, that's being created, all of those Jammels will kind of be sent over to the pull request that's going to be leveraged by production. Is that correct? That's correct, yes. I got you. The idea is to provide tools that help developers but also the platform team and maybe operation teams can use in order to actually get the configuration that you need to apply into production. Awesome, thank you. Thank you for the question, that was a very good question. Time is round now. Ronald, thank you very much folks, I appreciate that.