Day-2’000 - Migration From kubeadm+Ansible to ClusterAPI+Talos: A Swiss Bank’s Journey

Описание: Is it even possible to migrate 35 clusters in an air-gapped environment with a custom PKI infrastructure to ClusterAPI without Downtime? We'll show you why and how this can be pulled off, and how you could do the same.

The journey starts with our legacy provisioning setup (a mix of kubeadm/ansible/puppet), followed by the migration path and tooling. Along the road, we'll discover a series of challenges such as loss of etcd quorum, mismatched kube-apiserver configuration, mismatched etcd encryption keys, and more.

After a live demo of a migration, the session explores managing our fleet of clusters with ArgoCD (with a focus on simple Talos configuration files in our repositories thanks to a few templating tricks, and a clean ClusterAPI workload cluster overview through ArgoCD ApplicationSets).

The presentation concludes by addressing a critical puzzle: solving the chicken/egg bootstrapping problem of the first ClusterAPI management cluster(s).

About the speaker:
Clément Nussbaumer
PostFinance CH, Systems Engineer - Kubernetes
🇨🇭 Systems Engineer living on a farm 🐄
Kubernetes Clusters during the day, helping out on the farm whenever needed, and playing music in the evening 🎺