Modern cloud deployments involve many tools with different lifecycles, creating a heavy burden on engineers. The Kubernetes ecosystem offers a unified Control Plane approach. Maximilian Techritz and Johannes Ott presented How to Build a European Cloud Orchestration Platform from within an Enterprise at KubeCon & CloudNativeCon Europe. They showed how sharing best practices through tech talks and inner-source collaboration created an engaged community and drove adoption.
We write an application that we deploy on servers, create and configure databases, manage and persist secure secrets, and integrate with a huge range of existing services from internal and external vendors, Ott mentioned. To manage all these different aspects, many tools are involved, all coming with their own usage patterns and lifecycles. This can be pipelines, CLIs, ticket-based configurations, Click-Ops, etc.
When rolling out new versions of our software, we have to verify that nothing breaks along this complex toolchain, Ott explained:
Our engineers have to lift the burden of maintaining and developing on the stack, taking up much time and attention from their development work. The world is becoming more complex. Software is no longer just shipped to a few data centers but more often to private and sovereign clouds.
Reconsidering how to handle cloud orchestration, it was clear that they could not solve this by building another tool. They looked at the open source ecosystem and tools already out there, Techritz said. With the Kubernetes ecosystem, they can declaratively apply the desired configuration of all external cloud resources to a Kubernetes Control Plane:
We have tools such as Crossplane. It allows us to manage databases at Google Cloud Platform, Buckets at AWS, or Network Policies at Microsoft Azure. We simply apply the desired state of these resources at the Control Plane. Dedicated controllers running in the Kubernetes cluster continuously reconcile the actual cloud provider APIs to create the resource, get its state, or update and delete it accordingly.
Tools like External Secrets Operator sync and rotate credentials from one place to another, Kyverno defines custom policies that adhere to company regulations, and Flux can put all configuration files in a git repository to make use of GitOps best practices, Techritz added:
All of these tools are already out there. And they all have the same look and feel and integrate with the Kubernetes ecosystem.
OpenControlPlane allows companies to run a platform offering Control Planes to their development teams, Techritz said. The platform owners define how secrets, databases, and applications should be used by the development teams. Development teams order a Control Plane to get operators pre-installed and pre-configured; they do not need to worry about installing and managing all these different tools themselves.
When they introduced this full Kubernetes way of orchestrating cloud landscapes, they faced great resonance and interest. However, experience with the Kubernetes resource model is widely different between teams and organizations, Ott explained:
We initiated a monthly tech talk, a hybrid event inviting people from different corners of the company to share commonly faced challenges. In short sessions, requiring close to zero knowledge, we demonstrated how Control Plane methodology can make their life easier. We invested time and effort to collaborate on user enablement material. From day one, everything is inner-source, with most parts open-source now.
Our tech talk series has been attracting new and existing stakeholders, sharing best practices in informal yet informative sessions, Ott said.
To create an engaged community that supports adapting solutions, Techritz suggested finding common pain points in the company and working on a proof of concept of solving the challenges using the Control Plane methodology. Don’t highlight differences, embrace similarities, and actively invest in a shared minimum viable solution. Don’t shoot for a perfect picture, but create a culture of collectively improving what can be improved, he suggested:
It doesn’t always work, and patience or failure openness certainly helps. But never stop enabling and educating the people around. Make it easy for people to follow along, to try it out, and give constructive feedback.
In the end, you do need a healthy mix of engineers, domain experts, facilitators, and networks to succeed, Techritz concluded.
InfoQ interviewed Maximilian Techritz and Johannes Ott after their talk.
InfoQ: What benefit can developers get from using Control Planes?
Johannes Ott: Making the entire desired state well-defined in one machine and human-readable syntax, with Kubernetes Operators holding the knowledge of how to orchestrate and maintain them forever, significantly reduces the amount of manual operations work, handbooks, and other processes that used to slow us down.
Through this methodology, you can confidently ship out software meeting the requirements of the modern cloud landscapes.
InfoQ: What have you achieved, what are you proud of?
Maximilian Techritz: We got super excited when we heard that we could donate this project to the EU-funded project IPCEI-CIS (Important Projects of Common European Interest - Cloud Infrastructure & Services). This brings us closer to many different other projects that share the goal to strengthen Europeans cloud native sovereignty.
All these projects can be found under the umbrella of the NeoNephos Foundation. This is a project of the Linux Foundation Europe and ensures vendor neutrality.
InfoQ: What have you learned?
Techritz: Start small. Learn what actually matters to people along the way. Find the pain points that development teams share. Solve them together using the Control Plane methodology - build a Kubernetes Operator, or find an existing open source one that fits.
On this journey, enable people with no Kubernetes experience. Active contribution is what makes projects succeed.