KubeCon EU 2020 Summary

5 min readAug 22, 2020

Summary of all the KubeCon Sessions attended by me, categorized by topic (e.g. Keynotes, ServiceMesh Con, CD, Networking etc)

Keynotes

Newly introduced CNCF Radar (similar to Gartner)

Contour now supports TLS rotation, Header Manipulation etc

TiKV : A distributed Transaction Key Value DB

Jaeger : Grafana 7 now has Jaeger inbuilt. now has Open Telemtery Collector .

SD — WAN : support for 3D Video, File transafers and Audio

Falco : Parses System calls at runtime & adds kube data. Can rebuild original system state. runs on linux kernel.

Kube 1.18 features : new PVC Storage Class (cloning) CSI for windows. Ability for multiple scheduler profiles — PODTopologySpread. HPA Controls based on scaling on diff rates and replica sizes. NodeToplogyManager — for high performance nodes. Kubectl diff command (dry run on server , not client)

Kube 1.19 features : Generic inline Ephemeral Volumes. IPv6 support for windows.Can debug in Nodes Host Namespace.Support for CgroupsV2

IBM Razee.io : operator to auto deploy across multiple clusters

Pinterest and Service Mesh : Envoy configs using Jinja. Additional Use cases — SLI Monitoring (Error budget reports), Cookie Header audits, TLS Termination.

Kube Addon : Node Problem Detector — node problems visible to the upstream layers. Detects node problems and reports them to apiserver.

Continuous Delivery (CD)

Traction on these tools and the CD Strategies of GITOPS & Progressive Delivery based approaches for CD

Flagger — Progressive Delivery using Git

Uses Service Mesh (Istio/LinkerD)& Ingress Controller(Contour/NGINX) for CD (switch traffic). Supports Canary (Progressive), AB(header&Cookie routing) & BlueGreen(Switch & mirror). Support for Manual Gates (approve final step)

FluxCD — Gitops based tool

scans container registries and deploys new images.syncs YAMLs and Helm charts between git and clusters

Argo — Gitops based Workflow & events tool

Traditional CI/CD pipelines.Complex jobs with both sequential and parallel steps.Orchestrating deployments.time/event-based executions

CD using Native Kube

Debuggability & General Tools

LinkerD Tap : Tap into any HTTP Stream, View Reqs and Responses, Auth using RBAC.

nsenter -t -n tcpdmp //debug a POD/Network NS

kubectl debug -it demo –image=oldimage –target=newimage //add a ephemeral container (bash/tcpdump etc)to a running pod to debug the main container

Shell Operator : running event-driven scripts in a Kubernetes cluster.layer between Kubernetes cluster events and shell scripts by treating scripts as hooks triggered by events. Ops tools & langs can be used (bash/python etc)

Vertical Pod Autoscaler : increase memory of PODs

KEDA : Event Driven Autoscaling. you can explicitly map the apps you want to use event-driven scale, with other apps continuing to function.

KUI : Modern Terminal

Kapp : group kube resources into an app

Serverless

Stateful FAAS : cloudstate.io. Supports akka,knative,graalVM. State models supports event sourcing, CRDTs, Key Value.

Camel & Knative

Security

Best Security Practices at all levels (User, Node, Cluster, POD & Containers)

https://static.sched.com/hosted_files/kccnceu20/2a/Kubecon_EU_2020_Samuel_Davidson.pdf

Threat Modelling in Kube

Service Mesh and WASM

Istioctl install : generates yaml for upgrades

Mesh at Lyft : Used go-control plane. No Overlay, No Nat, No Ingress, No Kube Proxy, Envoy for Svc to Svc comm. POD gets VPC based IP Address. Two Meshes (one staging, one production).