KubeCon EU 2020 Summary
Summary of all the KubeCon Sessions attended by me, categorized by topic (e.g. Keynotes, ServiceMesh Con, CD, Networking etc)
Keynotes
Newly introduced CNCF Radar (similar to Gartner)
Contour now supports TLS rotation, Header Manipulation etc
TiKV : A distributed Transaction Key Value DB
Jaeger : Grafana 7 now has Jaeger inbuilt. now has Open Telemtery Collector .
SD — WAN : support for 3D Video, File transafers and Audio
Falco : Parses System calls at runtime & adds kube data. Can rebuild original system state. runs on linux kernel.
Kube 1.18 features : new PVC Storage Class (cloning) CSI for windows. Ability for multiple scheduler profiles — PODTopologySpread. HPA Controls based on scaling on diff rates and replica sizes. NodeToplogyManager — for high performance nodes. Kubectl diff command (dry run on server , not client)
Kube 1.19 features : Generic inline Ephemeral Volumes. IPv6 support for windows.Can debug in Nodes Host Namespace.Support for CgroupsV2
IBM Razee.io : operator to auto deploy across multiple clusters
Pinterest and Service Mesh : Envoy configs using Jinja. Additional Use cases — SLI Monitoring (Error budget reports), Cookie Header audits, TLS Termination.
Kube Addon : Node Problem Detector — node problems visible to the upstream layers. Detects node problems and reports them to apiserver.
Continuous Delivery (CD)
Traction on these tools and the CD Strategies of GITOPS & Progressive Delivery based approaches for CD
Flagger — Progressive Delivery using Git
Uses Service Mesh (Istio/LinkerD)& Ingress Controller(Contour/NGINX) for CD (switch traffic). Supports Canary (Progressive), AB(header&Cookie routing) & BlueGreen(Switch & mirror). Support for Manual Gates (approve final step)
FluxCD — Gitops based tool
scans container registries and deploys new images.syncs YAMLs and Helm charts between git and clusters
Argo — Gitops based Workflow & events tool
Traditional CI/CD pipelines.Complex jobs with both sequential and parallel steps.Orchestrating deployments.time/event-based executions
CD using Native Kube
Debuggability & General Tools
LinkerD Tap : Tap into any HTTP Stream, View Reqs and Responses, Auth using RBAC.
nsenter -t -n tcpdmp //debug a POD/Network NS
kubectl debug -it demo –image=oldimage –target=newimage //add a ephemeral container (bash/tcpdump etc)to a running pod to debug the main container
Shell Operator : running event-driven scripts in a Kubernetes cluster.layer between Kubernetes cluster events and shell scripts by treating scripts as hooks triggered by events. Ops tools & langs can be used (bash/python etc)
Vertical Pod Autoscaler : increase memory of PODs
KEDA : Event Driven Autoscaling. you can explicitly map the apps you want to use event-driven scale, with other apps continuing to function.
Kapp : group kube resources into an app
Serverless
Stateful FAAS : cloudstate.io. Supports akka,knative,graalVM. State models supports event sourcing, CRDTs, Key Value.
Security
Best Security Practices at all levels (User, Node, Cluster, POD & Containers)
https://static.sched.com/hosted_files/kccnceu20/2a/Kubecon_EU_2020_Samuel_Davidson.pdf
Threat Modelling in Kube
Service Mesh and WASM
Istioctl install : generates yaml for upgrades
Mesh at Lyft : Used go-control plane. No Overlay, No Nat, No Ingress, No Kube Proxy, Envoy for Svc to Svc comm. POD gets VPC based IP Address. Two Meshes (one staging, one production).
Mesh at GoPay : Changed from Consul to Istio.
WASM
Portable (CPU/OS agnostic),fast, secure(sandbox), lightweight
proxy-wasm git repo has a ABI/SDK etc for WASM dev + WASI support
WASCC : WebAssembly Secure Capabilities Connector
Code Actors (loose coupled) and bind them to capabilities
Code Actors in Rust/Assembly or Zig — compile to WASM
Observability
Open Telemetry = Open Tracing + Open Census
Use Open Telemetry Collector and Open Telemetry Agent
OpenTelemetry- JS : For UI/Browser based tracing
For Tracing across messaging systems : specs are here
For Tracing across boundaries , adhere to B3 spec, here
Use tail based sampling (instead of head based)
Networking
OVN — Open Virtual Network & SmartNIC
Cloud Native Functions (CNF) : Open Network Automation Platform (ONAP)