Shifting Left Stateful Applications In Kubernetes

I'd like to talk about how we can shift left stateful applications. I don't know why we have mics. Everybody can hear me, right? Anyways... Look at me, rockstar. Okay, stateful applications. So, this is me when I work with other companies, big enterprises, or when you ask me questions. That's that will be my face. This is encouraging, right? Okay. So, I'm Victor. I work for Upbound, the better company behind Crossplane. I have a Twitter account. I belong to some groups. I was kicked out of some groups. So, those who watch my talk earlier will notice that some of them are missing. Books, podcasts, YouTube... Doesn't matter.

So after 25 minutes... So I will be talking fast with a strange accent. Anyway, my mission today is to destroy Jira as a company? Not as a company, it's a product. That's been my mission for a while now. But today, with a different concept. Right, where I think we're going, or we should be going, is to really remove Jira from as a way to request from somebody to do something. Right? Like, 'Hey, I need a cluster.' What do you do when you need a cluster? You open Jira ticket.

And imagine that you're a developer, right? You open a Jira ticket. If you're religious, it helps a lot because you can pray to your deity that it will be done sooner than later. Right? Same thing goes, 'Hey, I need a to define a new application. I need a Git repository. I need something. I open a Jira ticket. I fill in some forms and wait and wait and wait. And ultimately, I get that something.' That's how most companies still work today. If you say, 'I'm not using Jira ticket,' that's okay. You can do emails. You can do Slack messages. You can... What else is there? I don't know.

What's the problem? Anyways, what we are trying to do, what I'm trying to do is to remove all that and create a system that will enable people to be self-sufficient without spending 75 years trying to learn everything. Right? Because the easiest option probably is to say, 'Here's the AWS account, here's the Kubernetes cluster. See you in seven years once you understand what's going on. And then I will tell you that the technology changed, so you will need another seven years.' Right?

So, what one way to do it, actually without this slide, the easiest way to do it is to go to a highly opinionated service, something like Heroku. I don't know how many of you use Heroku, right? Nobody? Okay, cool. So, something like Heroku, now... Case go away. This is stupid, what I'm going to say. Really, it is. If it fits your use case, highly opinionated community service is always the best choice. Now when it doesn't fit the use case, which happens to be in most of the cases, then the alternative to that is to figure out a way how to create your own platform that will be done by experts in certain areas and enable everybody else to do something. Whether that something is infrastructure, services, monitoring, security, doesn't matter what it is, right? You codify your knowledge and enable that codified knowledge as a service that everybody else can consume, right?

That's the general idea, general gist and so on and so forth. So, what I'm going to do today is show an example of a stateful application, meaning an application, a database running in a Kubernetes cluster. But it's more about the logic than really that specific use case. It doesn't have to be stateful. I mean, every system is statefu eventually. But anyways... So what I'm going to set is required request that...

So, I need a Kubernetes cluster. That's one requirement. I need a database server, right? A database server is useless by itself. You need a database inside of that server. And you need a schema inside of that database to correspond with whatever application needs. I need to be able to develop that application, and I need a way to deploy that application later on to production. Now, we skip the last part because that would definitely take more than 25 minutes. I will probably skip more than the last part because I discovered that this talk is 25 minutes, 15 minutes ago.

Anyways, those are my requirements and I will do it in a way that I assume that people who will be doing this are not experts in any of those things, right? You're not a DBA, something... Something. You're not a Kubernetes ninja. You did not start using Kubernetes before it existed and all those things. So, what I will use today is a combination of tools. I will use Crossplane to define those services.

By somebody force everybody else, I would use Schema Hero to define the schema for the database. And I will use Okteto to enable people to synchronize their applications into whatever they're deploying and so on and so forth. And I will use a bit of Bash, right? Because I was lazy. Normally, you create real CLIs to enable people to do things but not today, right? So, I will skip the setup because that's boring. I already created what they needed, and now I will plug this in.

Hello, okay, and jump into a demo right from now on. You will see only a terminal now. Some people don't like this. If you're used to pretty colors, you like graphs and Jira, not happening. Now, I will show you everything from a terminal, but everything is API based, so whether you put some UI on top of it or Visual Studio extension or whatever, it doesn't really matter. It's all based on the same principles, right?

So, what was the first? Yeah, I need a cluster first, right? Now, I already said that I don't want you to be an ex-, an expert in seven years in Kubernetes. So, I created something like this. Now, imagine that we went through a process of me, this guy, I'm a Kubernetes expert in this scenario, hypothetically. And I spent some time with my developer, not my developers, with people, the rest of the people in my company. They're not mine. And, okay, so when you need Kubernetes, what do you care about, right? That's very important part.

And imagine that hypothetical situation. They told me, 'Hey, I need to be able to define the size of the servers, and I need to be able to define what is the minimum number of nodes,' right? And then follow-up questions from me would be, 'Do you want to define VPCs?' and the answer would be 'What?' Right? Subnets and so on and so forth, right? So, you do the conversation, you try to figure out what the requirements are that somebody has because that somebody is my customer, right? I need to satisfy his or her needs, not in the way you're thinking, instead of just doing something that helps me, right?

And we agreed that we are going to have something like this. And this is a custom resource definition, right? So, this does not come out of the box from any tool or anything. It is backed by Crossplane, but I defined a custom resource definition in my Kubernetes cluster management Kubernetes cluster that anybody can use and say, 'Hey, I want to deploy my cluster. I want my cluster to be in Google, in GCP. There are different variations. I have a variation that runs, does the same thing, same interface, but in Azure or in AWS. Civo, I actually wanted to use Civo for the demo today, but they were too lazy to implement Postgres, which I will need later. So, not my fault. And parameters, right? Schema is whatever you define, and parameters are node size: medium, and minimum number of nodes: one.

Now, 'Node size: minimum.' Because I spoke with them and then, then I understand, they asked, 'Okay, so you want to define the size of the nodes in AWS?' 'Yes.' 'Do you know what is T2 something-something or T3 something-something and so on?' And so, 'No idea.' 'Excellent, we're going to have small, medium, large, right?' Now, this is easy. Everybody can do this. And in a real-world situation, I will be pushing this to Git. But again, 25 minutes, I will not be pushing anything to Git and using Argo CD, Flux, Rancher Fleet if you're still alive. I will apply directly.

Namespace 'A-Team.' This is the name of the team. Now, I'm changing the role. I'm not Victor anymore. I'm, I'm a developer. And I will apply this defined in 'example-gates-GCP,' something-something. I don't remember what it was. Official. This one, right? I will apply to the management cluster, and then that's it. That's my job. It's done. Actually, I cheated a bit because I already executed the same command before the demo for a simple reason: because I'm using GKE Cloud, it takes like 10 minutes or give or take. I didn't want you to wait for that much. But what matters here is that if I do 'kube-cattle namespace A-Team get cluster claims,' right? This is custom made for me. You can see that, imagine 10, 15, 20 minutes later I have my cluster running.

Okay, now what is, what is important here? I created the cluster. It's very easy. And I got a secret. 'A-Team, get secrets.' And here, anybody, whomever has permissions can get this, secret with authentication to the cluster. If you have permission to access this, you have permission to work with your cluster, right? It's your cluster. Do whatever you want with it. I'm a service provider. I'm not not the person who you will call in the middle of the night, uh, for a simple reason because it's yours now.

So what I will do now is keep config YAML and you can see, get nodes, that I got the cluster. You know I mentioned that this is, but now, got the cluster with three nodes. Now the next thing I need is a database server. Right, my application is a database running somewhere. Now, one way we can do that is SQL Kubernetes YAML. Great, again, custom interface. This is made specifically for me. Some people claim, you can select your labels, whether you want to run the cluster, and you can especially for some parameters what we agreed that matters to you to fine-tune your experience. In this case, version of process, size of node, small, whatever that is, and where do we want that cluster to be--sorry, database instance--to be running. And through labels you can see that it is in the same Kubernetes cluster as the one I'm running. Now, I'm not going to do this. In the development environment, this is great, please do not run databases yourself, it's just silly. What we are going to do is something because I'm lazy and I strongly believe that it's a better option. I'm going to use this which is exactly the same thing but the different implementation. The only difference between what you saw before and now is not in the interface and how I interact as a user to manage my database, but in labels saying, I want the same thing but in Google, i want a managed database. Right. And again, I should be--Lasso can tell you--I should push this in Flux, should take care of it or Argo CD, but then he will not like me. Instead, I will do dev apply data, file name is examples SQL--what did I do--GCP official. Right. To get and synchronize it with a cluster or synchronize it directly. Again, I cheated, I did this before. What does matter is that if I go to the--and by the way, I'm not anymore in the cluster where I was before when I created a cluster--nine in that cluster that I created myself.

Namespace dev, get SQL claims, and you can see that my database--this time I was lazy, I did not put in those additional fields--you can do whatever you want, might be, maybe six hours ago. Now I solved the second problem, how people, everybody can manage their services themselves, instead of calling me again because I'm lazy.

Now, the good thing when you create, we call it composition in Crossplane, meaning that you create an interface that others will interact with and what happens behind that interface is completely your choosing. Right? You define what is happening in the background, and apart from creating subnets and VPCs and whatever heck I'm creating over there, and I don't remember anymore, that interface creates not only data resistance, but the database itself inside of that instance. And we can do--we can take a look that that's really true by--get databases PostgreSQL, SQL Crossplane.io. You can see that as a result of applying all that among other things, the database inside of the database server was created as well.

Now, the only thing missing here is creating a schema. Now, I did not want to create a schema inside of that composition, simply because while databases are the same for everybody--within variations that we all agree that we're gonna have--schema is going to be completely different. Right, so schema, I decided to have it apart and I will show you the schema here--cut examples SQL Schema Hero, Something Something PostgreSQL Params, there we go. Right. Now I'm switching from Crossplane to Schema Hero, and all that people need to do is to define the schema and say, hey, this is a database, connect to the database through a secret, and that secret was created through the composition that I created before. It's already there and defines the table. Right, simple example, you could have as many tables or whatever you want to define schema here, is just like any other schema management solution with the only difference is that everything is defined as Kubernetes resources, so I do not need to go through something completely different. Works with GitOps which I'm not using today, and so on and so forth. So, let's do this. Cube's cattle, there's a namespace, dev apply file name--file name is what did I have there--examples SQL Schema Hero PostgreSQL Params, there we go. There we go, and now for the change. This is not something I did in advance. You see, by the Creator, is this big enough? Okay, so schema. Schema, very very easy. If you don't believe me, we can do namespace Dev, get tables, and you can see the schema called videos is there. It's in my database. Everything's still very very very easy.

Now, the last thing I need is to figure out how can people develop that application again without really figuring out everything they need to know about databases and Kubernetes and so on and so forth. In this case, I'm going to switch to a repo of my application, Siri demo, that's how advanced it is. And I'm going to use Okteto. Right again, principles, everything works with the same thing, works with any other tool. The point that I'm trying to find here is that I cannot just deploy my application to a cluster when I want to develop. First of all, I do not want to work on my laptop because connecting applications on my laptop and the database running somewhere else, and fighting with firewalls and VPCs and VPNs and whatever somebody else has is just a nightmare. So what I want to do is enable people to develop remotely, even though it looks as if they're developing on their laptop. Right, with all the security constraints in place and all the other good things that you do. And what I'm looking for tools in this case, and again, I'm using Okteto, others work just as well, is a way to deploy my application there and have it synchronized with my laptop all the time. And that's what this one does. It says, hey, because education is defined here, customers--in this case, please don't use count, it's horrible. There are questions coming up later if you want to--want me to elaborate--and synchronize my local directory with the directory SRC in that application running over there, somehow. Sso what I'm going to do is context use, I'm going to switch to that newly created cluster which is this one.

I'm gonna say Oktero up, namespace Dev and it was the first time. It takes a while because downloading go libraries is kind of painful, not as painful as Node.js, so but still painful. So this will take about now. While this is happening, let me show you very quickly. I showed you mostly how it works from the end user perspective. I probably have enough time, yeah, I do. Anyways, let me show you how I developed all that. How did I create those services? And we actually had the example of Kubernetes and an SQL, right? And in the case of Crossplane, when you want to define your own interface, there are two different things that you need to define.

First is a definition, right? That's the custom resource definition. That's the interface that will be exposed to everybody else. And in case of Kubernetes, uh, here's my definition. This is the open API schema, standard stuff, give or take few additions from Crosslane. That just say, "Hey, this is the scheme of this new resource type that you want to have in Kubernetes with fields like version. I don't know why are you popping up? Node size, minimum number of..." You create your schema, right? You can do this without Crossplay, nothing really special. What is special is then that once you create that schema and you give it a name, whatever name that is, you create implementations of that schema. That's what becomes the Kubernetes controller that does the heavy lifting, converts something to all the shenanigans that we have.

And if you look at, let's take a look at EKS. AWS is always the best example, simply because nobody understands how it works, all right? Behind that, simply implementation of Kubernetes that has to have everything that is required in my company. The implementation itself says, "Hey, create,... Is this big enough? You see it? Create a cluster, and then create authentication for the cluster. And then create a node group, and then create IAM roles. I cannot pronounce it. Going back to the node group, right? Here I'm taking the input from that interface, converting it into what my resources need, and transforming it. Like, for example, here I'm saying, "Hey, whenever you specify a node size, in the case of AWS, small means this, medium means that," right? For a Azure, it will be different, and so on and so forth. Some roles, some other roles, and more relative purpose attachments, and so on and so forth. Look at it. I'm going to try to see how much time it takes to scroll to the bottom. There we go.

Whomever ever thought that they're going to enable developers by giving them access to AWS should see this, right? Because it's impossible. I think that people in AWS don't understand it either. Google is easier, though. Civo is even easier.

Anyways, and then there are different implementations. Like, here I have implementation. The same thing, same interface, everything, but different implementation for Civo, right? This is what I need to create the Kubernetes cluster with the same specifications for Civo. Now, if you think that, "Hey, how... How come that Civo is so easy, and this is so big?" is because in my case, creating a cluster is not creating a cluster. That's the easy part. But creating a cluster is creating a cluster, installing Ingress, installing monitoring, securing it, five thousand different things, right? So all that included and easy for people to use.

Now, I hope that there... We go. I got Okteto up and running. Now, I am in a container, in a pod, managed by a replica set, managed by deployment with service in English, all the good things in Kubernetes. I'm inside of that, right? So my laptop is synchronizing with it, my laptop that are being synchronized over there. If I do go run.my application will be up and running at some moment in the future, nobody knows when...

And then the part I will skip because I don't have much time. Do I have time? I don't have time. Whatever change locally it is automatically applied to my application running in that cluster connected to the database inside of the cluster that I created myself. I have a few minutes for questions. Go! This will take more than a few minutes, so I will not wait until it's done. And while you're going, yeah, come, come ask questions. Something... This is average for Outbound, Crossplane is what I showed you among other tools. Check it out. I have a podcast and YouTube channel and what so not. Thank you.

Okay, give me the mic. Okay, okay. I'm generous today. Thank you.

Okay, so I have the Crossplane CRDs and I am a regular developer. I am happy. Whatif I am a little bit more experienced developer and I want to do just a little bit custom thing. Is there an option to just go around the abstraction somehow?

Yeah, though at the end of the day those are all end up, those obstructions end up being Kubernetes resources like what they didn't show beforeif I go back to that class and do 'kubectl get managed' all the managed resources you would see dozens of resources being created from that. Right? So you have options to create additional resources to all to create additional services or do whatever you want. Right? The limitation really is what you are allowed and what you're not allowed to do based on permissions and so on and so forth. Right? I would also say that if I created a service that you should consume and you're not happy, doesn't fit your use case, then I'm not treating you as a user, as a customer, I'm treating you as... I don't know who. And that's really complicated. But that's what most, what kind of platform teams do, those things that they create something random and then wonder why nobody uses it. I will file a zero ticket. Okay.

Great. Anybody else?

Anybody else? You have no idea what to talk about, right?

You talked about Helm and how you're not supposed to be using it. But I did see some references in your Civo, uh, YAML file that uses Helm. Yes, yes. So...

Good catch. So, I think that Helm is fantastic for third-party applications. Right? So if you need like MongoDB, or you need Postgres, or you need... I don't know, something from Vietnamese or whatever, right? Helm is the best choice for a very, very simple reason. Two reasons, but it's a great choice. First, because no other packaging mechanism has the library that Helm has. Right? You can find literally anything in Helm. So for third-party applications, it's great. And it's great for vendors of those third-party applications, because Helm allows you to create zillion different permutations to fit everybody's needs. Right? Because if you're a vendor, you need to figure out all the permutation issues that everybody who might be your user ever needs. Now, when you, and that's so for third-party applications, great. But for your own applications, it's a very different story because you do not need those permutations. Right? You're not going to have 5,000 users with completely different needs of that Helm chart. Right? Customize works much, much better. That's number one. Number two is that I believe that we are going towards the direction where the complexity is moving from the client side, from the laptop, you know, the templates directory, Helm, into Kubernetes clusters. I prefer that people, especially for internal use, create their own controllers and custom resource definitions and say, 'This is how you define a backend application,' in a very similar way, not necessarily the same tools, but very similar way as what I did with the database. Right? So that what you define is what you're getting, instead of templates directory madness. I dare anybody to go to common popular Helm chart and tell me what's going on over there with less than three hours trying to figure it out.

Excellent. Ah, you... Okay, go, go. Yes. Exactly.

So think of it as a custom resource becoming equivalent, in a way, to Helm chart values, and Helm chart templates become equivalent to a controller in a Kubernetes cluster. Right? Interpreting those values. It's not the same, but more or less. Open Application Model is a good example. Yes, don't use Open Application Model, but it's a good example.

Yeah, cool.