Kubernetes & CNCF Meetup: Helsinki November 2019

Transcript

1. Kubernetes & CNCF Helsinki
   @KubernetesFin
   Proud member of the Cloud Native Nordics community
   www.cloudnativenordics.com
   An official
   meetup group
   

   View Slide

2. Today’s agenda:
   An official
   meetup group
   18:00 - 18:15: Arrive at the venue, eat pizza, and network with others
   18:15 - 18:20: Introductionary words from the venue sponsor for this time, Intel
   18:20 - 18:45: KubeCon Recap and Community Updates
   18:45 - 19:15: Be smarter, get more out of your clusters
   19:15 - 19:30: Networking Break
   19:30 - 20:00: All Meshed Up - How we use Linkerd
   20:10 - 20:40: Cloud Native Components in VTT's Data Pipelines
   

   View Slide

3. 3
   

   View Slide

4. 4
   MAP
   

   View Slide

5. 5
   

   View Slide

6. #CloudNativeNordics
   STATS
   6
   95
   Total number of
   meetups
   5696
   Members
   4891
   Total RSVPs
   2700
   unique attendees
   Average RSVPs
   51
   12
   Groups
   

   View Slide

7. @phennex & @kubernetesonarm
   #CloudNativeNordics
   IT’S NOT ONLY US!
   7
   Foto: Torstein Lund Eik
   

   View Slide

8. #CloudNativeNordics
   WELCOME NEW MEMBERS!
   We now have over 900 members in the Kubernetes Finland meetup group!
   … and we’re still growing :)
   We follow the CNCF & Linux Foundation Code of Conduct.
   In short: Be nice and respectful to each other. Include everybody.
   

   View Slide

9. WE NEED YOUR HELP!
   9
   github.com/cloud-native-nordics/meetups
   - Data aggregated about the Nordics meetups
   github.com/cloud-native-nordics/meetup-kit
   - A re-usable tool to use for aggregating community data
   github.com/cloud-native-nordics/website
   - Frontend for cloudnativenordics.com written in Vue.js
   github.com/cloud-native-nordics/workshopctl
   - A tool to run Cloud Native workshops through a web browser
   

   View Slide

10. NEW COMMUNITY WEBSITE!
    Check out at https:/
    /www.cloudnativenordics.com
    

    View Slide

11. @phennex & @kubernetesonarm
    #CloudNativeNordics
    REFERENCE STACK
    11
    kubernetes
    flux-cd
    helm
    stats-api
    website prometheus-operator
    nginx-ingress
    -controller
    cert-
    manager
    sealed-
    secrets
    node-exporters
    Kube-state-
    metrics
    prometheus
    grafana
    https:/
    /github.com/cloud-native-nordics/k8s-config-repo
    

    View Slide

12. SOON… OUR OWN COMMUNITY STORE!
    A customized version of store.cncf.io
    

    View Slide

13. JOIN THE COMMUNITY!
    Continue the discussions and meet Cloud Natives
    from Denmark, Sweden, Norway, Finland, and Iceland :)
    #cloud-native-nordics
    www.cloudnativenordics.com
    Cloud Native Nordics
    github.com/cloud-native-nordics
    

    View Slide

14. WE’RE (ALWAYS) LOOKING FOR SPEAKERS
    Have you used Kubernetes in production?
    Taken a CNCF project for a test drive?
    Were you successful (or not) in containerizing your application?
    We want to hear! Let’s share our stories with each other
    You can also apply for a roadshow across the Nordics if you like
    Submit a talk proposal at https:/
    /bit.ly/k8sfin-cfp
    

    View Slide

15. View Slide

16. Please participate at https:/
    /bit.ly/k8sfin-landscape
    

    View Slide

17. = OPEN SOURCE CLOUD COMPUTING FOR APPLICATIONS
    

    View Slide

18. What is CNCF?
    A non-profit foundation for getting Cloud
    Native:
    a) open source projects
    b) companies
    c) enthusiasts
    to come together in a neutral place.
    CNCF was founded in December 2015 and
    is a part of The Linux Foundation.
    CNCF curates and promotes a toolkit of
    trusted projects for modern applications.
    Helps hosted projects to succeed in
    various ways, one of them is by
    organizing events where the community
    can meet in person.
    

    View Slide

19. 19
    CNCF Projects
    

    View Slide

20. View Slide

21. Cloud Native
    Trail Map
    Trail Map: l.cncf.io
    Source
    

    View Slide

22. WHAT IS CLOUD NATIVE?
    22
    Cloud native technologies empower organizations to build and run scalable applications in
    modern, dynamic environments such as public, private, and hybrid clouds.
    Containers, service meshes, microservices, immutable infrastructure, and declarative APIs
    exemplify this approach.
    These techniques enable loosely coupled systems that are resilient, manageable, and observable.
    Combined with robust automation, they allow engineers to make high-impact changes frequently
    and predictably with minimal toil.
    The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and
    sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art
    patterns to make these innovations accessible for everyone.
    

    View Slide

23. WHAT IS CLOUD NATIVE?
    23
    Cloud native technologies empower organizations to build and run scalable applications in
    modern, dynamic environments such as public, private, and hybrid clouds.
    Containers, service meshes, microservices, immutable infrastructure, and declarative APIs
    exemplify this approach.
    These techniques enable loosely coupled systems that are resilient, manageable, and
    observable. Combined with robust automation, they allow engineers to make high-impact changes
    frequently and predictably with minimal toil.
    The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and
    sustaining an ecosystem of open source, vendor neutral projects. We democratize
    state-of-the-art patterns to make these innovations accessible for everyone.
    

    View Slide

24. WHAT IS CLOUD NATIVE?
    24
    Cloud native technologies empower organizations to build and run scalable applications in modern,
    dynamic environments such as public, private, and hybrid clouds.
    Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify
    this approach.
    These techniques enable loosely coupled systems that are resilient, manageable, and observable.
    Combined with robust automation, they allow engineers to make high-impact changes frequently
    and predictably with minimal toil.
    The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and
    sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art
    patterns to make these innovations accessible for everyone.
    

    View Slide

25. ● Over 76,000 people have
    registered for the free
    Introduction to Kubernetes
    course on edX
    ● Over 8,800 people have
    registered for the $299
    Kubernetes Fundamentals
    course
    Training and Certification
    ● Over 8,300 people have
    registered for the
    Certified Kubernetes
    Administrator (CKA) online test
    ● Over 2,800 people have
    registered for the Certified
    Kubernetes Application
    Developer (CKAD) online test
    Individual Training Certification
    Source
    

    View Slide

26. KubeCon + CloudNativeCon
    • Europe 2020
    – Amsterdam: March 30 - April 2, 2020
    • China 2020
    – Shanghai: July 28-30, 2020
    • North America 2020
    – Boston: November 17-20, 2020
    kubecon.io
    

    View Slide

27. Prospectus
    • Seoul Dec 9-10, 2019; Sydney Dec 12-13, 2019
    • Bengaluru Feb 17-18, 2020; Delhi Feb 20-21, 2020
    • 2020 plans: Tel Aviv, Mexico City & Sao Pãulo, Tokyo &
    Singapore, Seoul & Sydney
    • Two-day events with a target audience of 1,500
    

    View Slide

28. KubeCon NA 2019
    Recap
    Lucas Käldström - CNCF Ambassador
    28th of November, 2019 - Helsinki
    Image credit: @ashleymcnamara
    

    View Slide

29. 29
    KubeCon Recap
    10 Weird Ways to Blow Up Your Kubernetes - Melanie Cebula
    & Bruce Sherrod, Airbnb
    Keynote: Reflections - Kelsey Hightower, Staff Developer
    Advocate, Google
    Keynote: Hello From the Other Side: Dispatches From a
    Kubernetes Attacker - Ian Coldwater
    Keynote: In Search of the Kubernetes "Rails" Moment - Bryan
    Liles
    

    View Slide

30. 30
    Kubernetes
    • Released 1.16
    • CRDs are GA
    • Overhauled metrics
    • Ephemeral containers:
    – kubectl debug => attach a debug
    container to your Pod
    • Node Topology Manager
    • Cloud Providers moved out of tree
    • IPv4/IPv6 dual stack support
    • Pod topology spread constraints
    • 32,000 individual contributors to date
    

    View Slide

31. 31
    Kubernetes Community Values
    Both in dedicated presentation, but also throughout all
    presentations
    • Distribution is better than centralization
    • Community over product or company
    • Automation over process
    • Inclusive is better than exclusive
    • Evolution is better than stagnation
    E.g. Project mergers, focus on non-code contributions to
    Kubernetes
    

    View Slide

32. 32
    Helm
    • Tiller is gone
    – Release stored as Secrets by default
    – helm3 2to3 convert (in-place conversion)
    • Helm Hub
    • No default helm repo
    • 3-way merge (instead of 2-way merge)
    • Helm 3 enables pushing charts to Docker Registry
    • Special handling of CRDs
    

    View Slide

33. 33
    OpenTracing + OpenCensus = OpenTelemetry
    • “Project before company”
    • A standard way to instrument and trace
    any distributed application
    • Ability to trace and requests throughout
    the service meshes and the broader
    ecosystem
    • Keynote with live demo:
    (Open)Telemetry Makes Observability
    Simple - Sarah Novotny & Liz Fong-Jones
    

    View Slide

34. 34
    OPA / Gatekeeper
    • JSON input + Rego policy => JSON
    output
    • Plenty of integrations: K8s, object
    storage, Terraform
    Gatekeeper: OPA integration for K8s
    • Gatekeeper acts as a cache for all
    resources in the cluster
    • V3 is out
    • Policies stored in CRDs
    • Dry run
    • Community developed policies
    Common misunderstandings:
    • Kubernetes is NOT secure by
    default
    • DevSecOps => automatedly
    enforce and verify best practices
    • Both for secure environments, but
    especially for regulated
    environments
    

    View Slide

35. 35
    GitOps
    • “Operations by pull requests”
    • Benefits:
    – Shared view of developer and operators
    – Automation of infrastructure changes
    – Safely deploy changes
    • Ephemeral environments
    • Front-running horses:
    – (Vanilla) Helm
    – Flux + Argo = ArgoFlux
    • Git also changed by bots, not only humans
    • Argo + Flux = ArgoFlux
    – “Project before company”
    – GitOps Framework
    

    View Slide

36. 36
    BPF
    • Small pieces of secure and restricted code
    • Can be injected before any function at run-time
    – Kernel-space
    – User-space
    • Think aspect-oriented programming done right
    Useful for:
    • Auditing (Falco, Sysdig)
    • Intrusion detection (Falco, Sysdig)
    • Anomaly detection (Falco, Sysdig)
    • Network filtering and routing (Cilium, a.k.a., “iptables killer”)
    

    View Slide

37. 37
    Nodes
    Control Plane
    Kubernetes’ high-level component architecture
    Node 3
    OS
    Container
    Runtime
    Kubelet
    Networking
    Node 2
    OS
    Container
    Runtime
    Kubelet
    Networking
    Node 1
    OS
    Container
    Runtime
    Kubelet
    Networking
    API Server (REST API)
    Controller Manager
    (Controller Loops)
    Scheduler
    (Bind Pod to Node)
    etcd (key-value DB, SSOT)
    User
    Legend:
    CNI
    CRI
    OCI
    Protobuf
    gRPC
    JSON
    

    View Slide

38. 38
    kubeadm
    = A tool that sets up a minimum viable, best-practice Kubernetes cluster
    Master 1 Master N Node 1 Node N
    kubeadm kubeadm kubeadm kubeadm
    Cloud Provider Load Balancers Monitoring Logging
    Cluster API Spec
    Cluster API Cluster API Implementation
    Addons
    Kubernetes API
    Bootstrapping
    Machines
    Infrastructure
    Layer 2
    The scope of
    kubeadm
    Layer 3
    Layer 1
    

    View Slide

39. 39
    kubeadm vs kops or kubespray
    Two different projects, two different scopes
    Master 1 Master N Node 1 Node N
    kubeadm kubeadm kubeadm kubeadm
    Cloud Provider Load Balancers Monitoring Logging
    Cluster API Spec
    Cluster API Cluster API Implementation
    Addons
    Kubernetes API
    Bootstrapping
    Machines
    Infrastructure
    kops
    

    View Slide

40. Mark your Calendars!
    ● Tampere: December 4, 2019 at Tieto
    ○ How we live migrated thousands of users
    from Mesos to Kubernetes
    ○ What does Cloud Native mean to you?
    ○ CI/CD with Azure DevOps and Azure Kubernetes Service
    ● Turku: December 12, 2019 at Reaktor
    ○ Intro to Kubernetes objects
    ○ Nomad: Kubernetes Without the Complexity
    ○ RBAC, NetworkPolicies and PodSecurityPolicies
    

    View Slide

41. Github: https:/
    /github.com/cloud-native-nordics/meetups
    Slack: https:/
    /cloudnativenordics.com
    https:/
    /slack.k8s.io #fi-users
    Youtube:
    https:/
    /www.youtube.com/channel/UCQmQspgrBXbq5t7pAXPmd0Q
    Meetup Group: https:/
    /www.meetup.com/Kubernetes-Finland
    https:/
    /www.meetup.com/Kubernetes-Tampere
    https:/
    /www.meetup.com/Kubernetes-Turku
    Twitter: @KubernetesFin
    Reach out to us!
    

    View Slide