AWS re:Invent 2022
Secure and Multi Tenant Infrastructure as Code with Crossplane Argo Opn309

Title

AWS re:Invent 2022 - Secure and multi-tenant infrastructure as code with Crossplane & Argo (OPN309)

Summary

  • Vikram Sethi from Adobe and AWS architects Nima and Gaurav presented their collaboration on enabling GitOps-based application and infrastructure provisioning using Crossplane and Argo.
  • Adobe's previous infrastructure provisioning approach had pain points, including custom tooling, learning curves, and lack of visibility for the platform team.
  • The new solution involves a hub and spoke model with a central hub cluster and multiple remote clusters, using Argo for deployment and Crossplane for infrastructure provisioning.
  • The solution is designed to be Kubernetes-native, GitOps-friendly, multi-tenant, secure, multi-cloud capable, extensible, and aligned with industry standards.
  • Adobe's internal developer platform supports various Adobe clouds and services, with the new solution focusing on infrastructure provisioning and orchestration, delivery and deployment, and workflow orchestration.
  • Crossplane allows for the provisioning of cloud infrastructure resources and building higher-level abstractions.
  • The solution addresses multi-tenancy and security requirements, including legitimate access, namespace isolation, secret management, and performance.
  • The new developer experience is improved, with service teams able to track resources in a Kubernetes-native way and the platform team gaining standardization and observability.
  • Challenges remain, including performance scaling, support for other cloud providers, technology maturity, tooling inertia, and community dependency.
  • The collaboration between Adobe and AWS, along with contributions from the community, has been key to the project's success.

Insights

  • The transition to a GitOps-based infrastructure provisioning model using Crossplane and Argo represents a significant shift towards a more standardized, Kubernetes-native approach for Adobe.
  • The hub and spoke model centralizes the management of deployments and infrastructure provisioning, potentially simplifying operations but also raising questions about scalability and performance.
  • The solution's design reflects a broader industry trend towards multi-cloud strategies and the need for extensibility to accommodate diverse and evolving requirements.
  • The integration of Crossplane with Argo CD for GitOps workflows indicates a maturing ecosystem around Kubernetes and the growing importance of community-driven open-source projects in enterprise infrastructure.
  • Adobe's focus on multi-tenancy and security highlights the critical need for fine-grained access control and secure secret management in modern cloud-native environments.
  • The challenges mentioned, such as performance scaling and technology maturity, are common in the adoption of cutting-edge technologies and underscore the importance of close collaboration with the open-source community and cloud providers like AWS.
  • The presentation demonstrates the potential benefits of adopting a GitOps and infrastructure-as-code approach, but also the necessity of careful planning, community engagement, and ongoing management to address the inherent complexities.
Secure Access on Aws with Ztna 20 Prt044Secure Your Application Development with Aws and Mend Prt052