Building the Multicloud GitOps Foundation for Kubernetes

If you’re adopting GitOps patterns to accelerate software delivery, you’re probably also choosing Kubernetes (K8s), lured by its flexibility and power. However, if your organization is newer to K8s, you’ll quickly discover that standing up K8s clusters across multiple clouds can be extremely complex and challenging to implement and maintain.

Application developers find they need to be Kubernetes experts to test and deploy their code. Platform teams are soon burning hours on provisioning and managing clusters, as well as on the whole stack of observability, security and other supporting components.

At CDW, our Digital Velocity team has partnered with Spectro Cloud to solve for some of these challenges. GitLab, Terraform Cloud, and Spectro Cloud Palette are the building blocks of a prescriptive services engagement we call the Multicloud GitOps Foundation (MGF). Think of it as a fast way to establish a “landing zone” for cloud-native applications for a multicloud approach.

We’ll take a closer look at these building blocks later in the article. First, let’s explore how Kubernetes has shaped the way organizations build modern applications, and how — together with the right components — K8s can be less complex to manage at scale than existing ways of managing software deployments. We’ll touch on what we’re seeing in the Kubernetes landscape, along with trends in multicloud that influenced our design of the MGF engagement to simplify cluster provisioning and operations.

K8s adoption has recently exploded. In the 2022 Stack Overflow Developer Survey, nearly 60,000 developers identified Docker and Kubernetes as the number one and number two most loved tool and the ones most targeted to adopt in the future, as both promise a modular and portable framework to build and run applications.

Kubernetes was originally a container orchestration platform created by Google around 2003. Later in 2015 Google partnered with the Linux Foundation to create the Cloud Native Computing Foundation the stewards of the project today. Since 2015 most of the major cloud providers have created services leveraging Kubernetes, such as Azure Kubernetes Service, AWS Elastic Kubernetes Service, and Google Kubernetes Engine. Many other OEMs have created supported approached to implementing Kubernetes (more on that later), frequently referred to as distributions.

Why all the hype? Containers give a great deal of flexibility to application developers and can unify the process of building and deploying applications. To a large extent, wherever a supported container engine like Docker runs, a container can easily be deployed on that system.

Kubernetes orchestrates the deployment of containers and supporting services across a cluster of container engine enabled hosts and maintains the desired state of the containers. Packaged together with networking, storage and compute, Kubernetes provides a path to uniform application builds and deployments across operating systems and clouds, providing freedom and flexibility. Deployment patterns like Blue-Green and Canary can be used more seamlessly in K8s than traditional systems, enhancing safety for releases.

Kubernetes also offers the flexibility to uniformly run workloads as: 1) VMs where absolutely necessary, 2) containers for longer running workloads, and 3) serverless jobs using tools like Knative. This positions Kubernetes as the new cloud operating system that many teams are running toward.

Despite all the benefits we also recognize the challenges with Kubernetes. Various flavors of managed cloud services have emerged, along with dozens of Kubernetes distributions so making sense of all the options can require quite a bit of research. And that’s just the start. Kubernetes clusters are never complete with just Kubernetes itself. There are adjacent technologies and supporting stack resources that teams need to deploy in clusters to deliver core functionality like networking, observability, storage and security.

As of this writing, there are over 1,100 projects tracked by the Cloud Native Computing Foundation (CNCF). These projects can be overwhelming to navigate as teams look to adopt an approach to Kubernetes that works for them.

Kubernetes distribution providers also have their own sets of opinions you can consume, but this can feel more like train tracks than a paved road, with no ability to deviate from those opinions.

When deploying clusters, each component can have very little room for flexibility including the operating system, the container network interface, the container storage interface, sometimes even the binaries used to interact with the cluster, and the rest of the components teams will need to operationalize Kubernetes.

It’s the Henry Ford model for Kubernetes with these opinionated stacks: “Any customer can have a car painted any color that he wants, so long as it is black.” —Henry Ford.

Teams are often looking for an easy way to lasso the power of Kubernetes while maintaining control of their platform. The tools and services described in this blog provide a solution to help them do just that.

There is an industry trend with organizations choosing to be in multiple public or private clouds.

In a June 2022 Forrester study, 47 percent of organizations said they would expand their multicloud approach. And, 90 percent said that using multiple clouds has helped advance their organization’s business goals.

Why is this? A multicloud approach allows organizations maximum flexibility and gives cloud and platform teams the ability to say “yes” to developers who need to quickly use a specific cloud service to access a new feature or capability.

But there are many challenges in how organizations take advantage of multicloud targets for the deployment of applications and services. The top cited barriers are centered around skills, costs, security and complexity.

However, platform engineering concepts have answered some of the questions around tackling these challenges. Platform engineering teams are built to reduce the cognitive load of developers and the value stream aligned teams, while working to stay productive as they move the business forward. Development teams no longer need to spend precious time learning Kubernetes to test and deploy their application quickly.

Platform engineering practices can focus on: 

• Defining and measuring reliability
• Continuously reducing toil and increasing automation
• Enabling education and encouraging platform adoption
• Building in security and compliance
• Building internal communities through advocacy
• Providing a delightful developer experience; allowing developers to quickly test and deploy applications
• Employing pragmatic standardization
• Optimizing costs with “chargebacks” and “showbacks”
• Aligning goals to business outcomes

With these in mind, organizations adopting multicloud are largely turning to standardized tools that allow uniform approaches and workflows across clouds and environments. They are shifting to a platform mindset to focus on iteration and ease of use, leveraging a “platform-as-a-product” mentality.

The GitOps Working Group (WG) is under the CNCF App Delivery SIG and has largely led the effort to codify GitOps and create a “vendor-neutral, principle-led meaning.”

Their definition of GitOps can be encapsulated in four cornerstone concepts: 

1. Declaratively expressing the desired state
2. Storing that desired state in a way that enforces immutability, versioning and retention of a complete version history
3. Having software agents automatically pull the desired state declarations from the source
4. Having software agents continuously observe the actual system state and attempt to apply the desired state

This translates to leveraging the power of your preferred Git repository (branch protection rules, RBAC, approval flow, etc.) when governing how declared state is applied.

The WG states that individuals, teams and organizations who implement GitOps experience benefits such as:

• Increased developer and operational productivity
• Enhanced developer experience
• Improved stability
• Higher reliability
• Consistency and standardization
• Stronger security guarantees

Put these GitOps concepts together with Spectro Cloud Palette, and what you get is a basis for simplifying K8s platform adoption across any cloud, aka MGF, delivering multicloud operating capabilities.

Now, let’s take a moment to discuss the three tools that make up the Multicloud GitOps Foundation (MGF).

1. Spectro Cloud Palette provides the basis of orchestration that enables us to make standing up K8s clusters across multiple clouds easier. It allows you to choose or carryover your own integrations, import your existing clusters and manage any cloud location at scale — enabling organizations to establish a consistent and standardized approach to managing Kubernetes clusters across any cloud environment. The Terraform provider for Spectro Cloud Palette gives access to the APIs used to define cluster profiles, cluster deployments and manage cluster resources.

2. GitLab is a comprehensive DevOps platform that offers a wide range of features to support the entire software development lifecycle. It provides powerful Git repository management, built-in CI/CD pipelines for automation, issue tracking and project management capabilities.
GitLab also includes a wiki for documentation, code review and collaboration tools, a container registry with Kubernetes integration, and robust security and compliance features. With its scalability and high availability, GitLab is a versatile platform that enables teams to streamline their development processes, collaborate effectively and deliver high-quality software efficiently.

3. Terraform Cloud is a powerful infrastructure as code (IaC) platform that simplifies the management of cloud resources, empowering teams to automate infrastructure provisioning, improve consistency and accelerate their development and deployment processes — all with scalability and reliability. It also offers features like remote state management, which allows teams to store and share infrastructure state securely. In the context of GitOps, Terraform Cloud is providing the software agent that is continually pulling desired state of the clusters from source, and reconciling that against current state.

Spectro Cloud offers a comprehensive set of features that deliver numerous benefits for managing K8s clusters in multicloud environments.

With Spectro Cloud Palette, users gain the ability to choose from a multitude of options in the form of “packs”. These packs make up the basis of the cluster profile, a layered set of these packs to define each component of the cluster and supporting software. Packs are provided by Spectro Cloud or teams can host their own pack server — allowing for a great deal of flexibility and a large number of supported paths.

With Spectro Cloud's Cluster profiles, teams can enjoy enhanced control and efficiency. The ability to version cluster resources and supporting software ensures consistent deployments and simplifies troubleshooting and rollback processes. The flexibility to select resources not tied to opinions empowers teams to optimize performance and cost-effectiveness based on their specific needs.

Furthermore, project deployments, such as service mesh and observability, are seamlessly integrated into clusters at the time of provisioning, eliminating manual configuration steps and reducing deployment complexity. Spectro Cloud also provides blueprints for successful deployments, guiding users with pre-defined configurations and best practices, ensuring reliable and industry-standard setups.

Cluster deployment is made easier and more secure with Spectro Cloud.

By leveraging cloud accounts, teams can reduce credential sprawl and centralize access control, enhancing security and simplifying management. With the ability to deploy to any cloud, Spectro Cloud offers flexibility and the option to leverage multicloud strategies, empowering teams to choose the cloud provider that best suits their requirements. Creating fault-tolerant clusters in multiple availability zones further enhances reliability and ensures high availability of applications and services, providing a robust infrastructure for mission-critical workloads.

Spectro Cloud's virtual clusters feature enables efficient cluster management.

Teams can quickly create clusters inside namespaces, improving organization and visibility. Additionally, users can easily provide entire clusters to team members, enabling seamless collaboration and accelerating development cycles. Virtual clusters also help fight Kubernetes sprawl by optimizing workload placement on existing deployments, improving resource utilization and reducing waste.

Security is a top priority with Spectro Cloud.

Integration with Identity Providers (IdPs), RBAC and Single Sign-On (SSO) ensures secure authentication and access control. The use of RBAC for Palette and cluster access allows for granular control over user permissions, enhancing security and maintaining compliance.

Spectro Cloud also provides out-of-the-box configuration, performance and penetration testing capabilities, ensuring that clusters are secure and performing optimally. The scanning of deployed software, facilitated by Spectro Cloud's Palette, includes a Software Bill of Materials (SBOM) that tracks important metadata such as version, origin and license. This enables organizations to track vulnerabilities, perform regular software maintenance, and ensure compliance with regulatory requirements.

Spectro Cloud Palette helps teams get started sooner and enables enterprise-ready Kubernetes orchestration and management for organizations with existing K8s workloads.

As GitOps builds on ideas established in DevOps and Infrastructure as Code (IaC), the growing need for ease-of-provisioning infrastructure must follow suit.

So when CDW’s Digital Velocity team organized the MGF, the following criteria were established:

• Portability: Teams must be able to deploy clusters and workloads on any of the big three cloud providers, to bare metal, to VMware and to the edge
• Code-first approach: The benefits of IaC (repeatability and consistency) are applied across clouds
• Short-lived resources: Recreate clusters on-demand and spin up new resources quickly
• Simple: Reduce complexity with easy-to-deploy supporting software
• Customizable: Customize the modularized platform
• Scalable: Deploy and reduce the administrative burden of managing Kubernetes
• Reduces toil: Reduce toil by using end-to-end automation
• Consistency: Standardized and codified higher and lower environments

Based on these criteria and those already established, this is how we landed on the three primary solutions providers mentioned earlier as the basis for the MGF methodology. The three components work together beautifully:

GitLab provides the version control system, CI processes and GitOps deployment workflows, and it is ultimately the source of truth and the primary point of interaction in the MGF.

Terraform Cloud provides teams with a system to automate cluster provisioning, cluster profiles and everything needed to leverage automation across teams.

Spectro Cloud Palette is a Kubernetes multicloud, multicluster orchestration platform that allows teams to provision and manage clusters in any cloud using a consistent set of APIs and tools. 

From the above high-level diagram, we can see that application and infrastructure code can be treated with the same overall workflow, and the ability to use the Spectro Cloud Terraform provider gives an easy way to define and deploy clusters in any cloud.

The Multicloud GitOps Foundation methodology helps organizations overcome the complexities of managing Kubernetes across multiple clouds, enabling accelerated software delivery, enhanced developer productivity, improved stability and stronger security guarantees.

By leveraging MGF, organizations can establish a solid foundation for building and deploying cloud-native applications in multicloud environments, empowering them to harness the benefits of Kubernetes while maintaining control of their platforms.