your knowledge of containers and microservices and their ecosystems. • Docker and Kubernetes (3 days) • CI/CD (1 day) • IaC (1 day) • Docker and Kubernetes Operations (2 days) • Kubernetes on Google Cloud (2 days) • Kubernetes on Azure (2 days) • Kubernetes on AWS (2 days) cloudops.com/docker-and-kubernetes-workshops [email protected]
providers who have deep experience helping enterprises successfully adopt Kubernetes through support, consulting, professional services and/or training. Benefits • Placement at the top of https://kubernetes.io/partners/ • Monthly private meetings with cloud native project leaders, TOC members, and representatives from the Governing Board • Access to leads from the kubernetes.io for end users looking for support Requirements • Three or more certified engineers • Demonstrable activity in the Kubernetes community including active contribution • Business model to support enterprise end users https://www.cncf.io/certification/kcsp/
en ligne Approfondissez vos connaissances de conteneurs, microservices et leurs écosystèmes. • Docker et Kubernetes (2 jours) • CI/CD (1 jour) • Opérations Docker et Kubernetes (2 jours) • Kubernetes sur Google Cloud (2 jours) • Kubernetes sur Azure (2 jours) • Kubernetes sur AWS (2 jours) https://www.cloudops.com/fr/ateliers-docker-kubernetes/ [email protected]
China – Shanghai: November 14-15, 2018 – General session CFP closed! – Intro and Deep Dive Sessions CFP • North America – Seattle: December 11 - 13, 2018 – CFP open until August 12, 2018 – Intro and Deep Dive Sessions CFP • Europe – Barcelona: May 21 - 23, 2019
- Matt Mother - Julius First Public Release 2015 2016 Prometheus 1.0 joins CNCF as an Incubation project 2017 Release of Prometheus 2 • Massive storage improvement • Snapshots 2018 Graduation of Prometheus
Prometheus • Many different monitoring solutions exist, but – … many based on ancient technology – … most data formats are proprietary, hard to implement, or both – … most with hierarchical data models – … almost none with a focus on metrics • Solutions which addressed the above were overly complicated to operate • Only existing official standard with wide adoption: SNMP – Has not aged well (ASN.1, AAA, MIB system, …)
Prometheus • Prometheus has become the de facto standard in cloud-native metric monitoring – Active upstream work by competitors within Prometheus • Ease of implementing exposition data has lead to an explosion in compatible metrics endpoints • Prometheus’ exposition format is based on a lot of operational experience, but has been designed between few people • Some other projects & vendors are torn about adopting something from a “competing” product • Traditional vendors prefer to support official standards
Prometheus format • 300+ exporters registered for port numbers in the wiki • Dozens of native integrations that we are aware of • Unknown internal usage, but a lot of people tell Prometheus team about it at conferences, etc
is a trusted cloud native registry that stores, signs, and scans content. The mission is to provide cloud native environments the ability to confidently manage and serve container images.
trusted cloud native registry? − Registry features include ▪ Multi-tenant content signing and validation ▪ Security and vulnerability analysis ▪ Identity integration and role-based access control ▪ Image replication between instances ▪ Internationalization (currently English and Chinese) − Operational experience ▪ Deployed in containers ▪ Extends, manages, and integrates proven open source components
https://github.com/kubernetes/kubernetes/releases • Release focus: • Maturity • Scalability • Flexibility • Enhancing existing features • Special thanks to the release team led by Josh Berkus! Kubernetes 1.11
that allows configuring Linux kernel firewall (implemented on top of Netfilter) by configuring chains and rules. • What is Netfilter? • A framework provided by the Linux kernel that allows customization of networking-related operations, such as packet filtering, natting • Issues with IPTables as load balancer • Latency to access service (routing latency) • Latency to add/remove rule What’s IPTables?
TCP, UDP and SCTP based services to real servers. • Same to IPTables, IPVS is built on top of Netfilter. • Support 3 load balancing mode: NAT, DR and IP Tunneling. • Why using IPVS? • Better performance (Hashing vs. Chain) • More load balancing algorithm • Round robin, source/destination hashing. • Based on least load, least connection or locality, can assign weight to server. • Support server health check and connection retry, sticky session What’s is IPVS?
will do the following 3 things: • Make sure a dummy interface exists in the node, defaults to kube-ipvs0 • Bind Service IP addresses to the dummy interface • Create IPVS virtual servers for each Service IP address respectively • Parametres: • --ipvs-scheduler - rr, lc, dh, sh, sed, nq • --ipvs-min-sync-period • --ipvs-sync-period • --ipvs-exclude-cidrs IPVS Service Network Topology
CoreDNS • Kube-dns is a go wrapper around dnsmasq: ◦ prone to vulnerabilities ◦ Has limited scope • CoreDNS - Cloud Native, pure Go replacement: ◦ Less number of moving parts • Available as a cluster DNS add-on option • Default in kubeadm 1.11 • Optional in kops, kubeup, minikube, kubespray, .. etc
and limitations • Containers - Number of containers in the pod ◦ Kube-dns has 3 (kube-dns, dnsmasq, sidecar) ◦ CoreDNS has 1 • Metrics - Both report metrics to Prometheus, but the set of metrics differ • Configuration - format of configuration entirely different (migration tools available) ◦ CoreDNS fully configurable via configmap ◦ Kube-dns not fully configurable via configmap (e.g. cache)
records to another server • Namespace and label filtering - expose a limited set of services • Adjustable TTL - adjust up/down default service record TTL Negative • Caching - By default caches negative responses (e.g. NXDOMAIN) Other Notable New Features
• Old Way - change kubelet settings by changing startup flags and restart (ex: number max pods per node, memory allocation) • New Way - Change via config file and/or Configmap, make many changes without restarting ◦ Live cluster ◦ No Distruption Dynamic Kubelet Configuration
to plug any container or VM technologies to K8s: ◦ Windows container configuration in CRI is now considered (beta) ◦ Log rotation (beta) ◦ Validation test suite (stable) CRI Enhancements
Pods • Pre-emption - ability of K8s to say “you must run this pod now, even if it means evicting running pods from nodes to do it” • Use cases: ◦ Run urgent Cronjobs ◦ Run debuggers during overload ◦ Bump overloaded services for better, replacement services Pod Priority and Pre-emption (Alpha)
kind: PriorityClass metadata: name: high-priority value: 1000000 globalDefault: false description: "This priority class should be used for XYZ service pods only."
block volumes • AWS EBS, Azure Disk, GCE PD and Ceph RBD volume plugins now support dynamic provisioning of raw block Volumes • Cinder block volume support • Storage Protection (Stable)- prevents deletion of PVCs while Pods are still using them • Persistent Volume Resizing (Beta) Sig Storage Feature Update
(use the metrics server instead) • Heapster (use the native Kubernetes functionality of your monitoring instead) • Kubectl rolling-update (use rollout instead) • The gitRepo volume type (use an EmptyDir with the cloned repo instead) Other Notable New Features
cncfcanada
ysknsid25
salaboy
blueb
cmusudakeisuke
chou500
akexorcist
hogelog
ryder472
tenshoku_draft
kakehashi
nobutomurata
eileencodes
vanstee
irinanazarova
lara
tenderlove
chrisshort
jcasabona
danielanewman
holman
smashingmag
destraynor
chrislema
