Managing cloud-hosted resources alongside Kubernetes workloads using Kubernetes' declarative model
- Kubernetes' API server is the source of truth for external tools, clients, and internal components
- Kubernetes' declarative model transfers the responsibility of reconciling intended and actual state from the user to the cluster
- Kubernetes resource model (KRM) is a data model or schema used to define the intended state of Kubernetes resources
- Cloud resources can be managed using first-party cloud controllers or third-party open-source tools
- AWS Controllers for Kubernetes (ACK) and Google Cloud Config Connector are examples of cloud controllers
- AWS S3 controller can be installed onto a Kubernetes cluster using Helm and used to manage S3 buckets
- OpenPolicyAgent can be integrated with cloud-hosted resource definitions to enforce custom policies across environments
The AWS S3 controller can be used to manage S3 buckets within a Kubernetes cluster. The controller is installed using Helm and given specific permissions to create, update, and destroy S3 buckets. Once installed, an app can be created to use the S3 bucket. The controller can be viewed running as a pod inside the cluster and can be given specific permissions to access AWS IAM setup.
One of Kubernetes’ most powerful features is its declarative API, where the cluster is defined by its intended state. This transfers the responsibility to reconcile the intended and actual state from the user to the cluster. But it’s likely that users are also running workloads outside of Kubernetes, from databases to virtual machines— and they might be using multiple cloud providers at once. How to manage it all? In this talk, the speakers explore how Kubernetes’ declarative model can be used to manage cloud-hosted resources alongside their Kubernetes workloads. They will demonstrate this, first using Crossplane, a Kubernetes add-on with native multi-cloud support, and second, using custom controllers built by different cloud providers. Finally, they will show how to integrate OpenPolicyAgent with cloud-hosted resource definitions, to enforce custom policies across environments. Attendees will leave this talk ready to simplify their cloud configuration with Kubernetes.