Kubernetes & CNCF Meetup: Helsinki November 2019

Transcript

1. Kubernetes & CNCF Helsinki @KubernetesFin Proud member of the Cloud

   Native Nordics community www.cloudnativenordics.com An official meetup group

2. Today’s agenda: An official meetup group 18:00 - 18:15: Arrive

   at the venue, eat pizza, and network with others 18:15 - 18:20: Introductionary words from the venue sponsor for this time, Intel 18:20 - 18:45: KubeCon Recap and Community Updates 18:45 - 19:15: Be smarter, get more out of your clusters 19:15 - 19:30: Networking Break 19:30 - 20:00: All Meshed Up - How we use Linkerd 20:10 - 20:40: Cloud Native Components in VTT's Data Pipelines

3. 3

4. 4 MAP

5. 5

6. #CloudNativeNordics STATS 6 95 Total number of meetups 5696 Members

   4891 Total RSVPs 2700 unique attendees Average RSVPs 51 12 Groups

7. @phennex & @kubernetesonarm #CloudNativeNordics IT’S NOT ONLY US! 7 Foto:

   Torstein Lund Eik

8. #CloudNativeNordics WELCOME NEW MEMBERS! We now have over 900 members

   in the Kubernetes Finland meetup group! … and we’re still growing :) We follow the CNCF & Linux Foundation Code of Conduct. In short: Be nice and respectful to each other. Include everybody.

9. WE NEED YOUR HELP! 9 github.com/cloud-native-nordics/meetups - Data aggregated about

   the Nordics meetups github.com/cloud-native-nordics/meetup-kit - A re-usable tool to use for aggregating community data github.com/cloud-native-nordics/website - Frontend for cloudnativenordics.com written in Vue.js github.com/cloud-native-nordics/workshopctl - A tool to run Cloud Native workshops through a web browser

10. NEW COMMUNITY WEBSITE! Check out at https:/ /www.cloudnativenordics.com

11. @phennex & @kubernetesonarm #CloudNativeNordics REFERENCE STACK 11 kubernetes flux-cd helm

    stats-api website prometheus-operator nginx-ingress -controller cert- manager sealed- secrets node-exporters Kube-state- metrics prometheus grafana https:/ /github.com/cloud-native-nordics/k8s-config-repo

12. SOON… OUR OWN COMMUNITY STORE! A customized version of store.cncf.io

13. JOIN THE COMMUNITY! Continue the discussions and meet Cloud Natives

    from Denmark, Sweden, Norway, Finland, and Iceland :) #cloud-native-nordics www.cloudnativenordics.com Cloud Native Nordics github.com/cloud-native-nordics

14. WE’RE (ALWAYS) LOOKING FOR SPEAKERS Have you used Kubernetes in

    production? Taken a CNCF project for a test drive? Were you successful (or not) in containerizing your application? We want to hear! Let’s share our stories with each other You can also apply for a roadshow across the Nordics if you like Submit a talk proposal at https:/ /bit.ly/k8sfin-cfp
15. None

16. Please participate at https:/ /bit.ly/k8sfin-landscape

17. = OPEN SOURCE CLOUD COMPUTING FOR APPLICATIONS

18. What is CNCF? A non-profit foundation for getting Cloud Native:

    a) open source projects b) companies c) enthusiasts to come together in a neutral place. CNCF was founded in December 2015 and is a part of The Linux Foundation. CNCF curates and promotes a toolkit of trusted projects for modern applications. Helps hosted projects to succeed in various ways, one of them is by organizing events where the community can meet in person.

19. 19 CNCF Projects

20. None

21. Cloud Native Trail Map Trail Map: l.cncf.io Source

22. WHAT IS CLOUD NATIVE? 22 Cloud native technologies empower organizations

    to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

23. WHAT IS CLOUD NATIVE? 23 Cloud native technologies empower organizations

    to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

24. WHAT IS CLOUD NATIVE? 24 Cloud native technologies empower organizations

    to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

25. • Over 76,000 people have registered for the free Introduction

    to Kubernetes course on edX • Over 8,800 people have registered for the $299 Kubernetes Fundamentals course Training and Certification • Over 8,300 people have registered for the Certified Kubernetes Administrator (CKA) online test • Over 2,800 people have registered for the Certified Kubernetes Application Developer (CKAD) online test Individual Training Certification Source

26. KubeCon + CloudNativeCon • Europe 2020 – Amsterdam: March 30

    - April 2, 2020 • China 2020 – Shanghai: July 28-30, 2020 • North America 2020 – Boston: November 17-20, 2020 kubecon.io

27. Prospectus • Seoul Dec 9-10, 2019; Sydney Dec 12-13, 2019

    • Bengaluru Feb 17-18, 2020; Delhi Feb 20-21, 2020 • 2020 plans: Tel Aviv, Mexico City & Sao Pãulo, Tokyo & Singapore, Seoul & Sydney • Two-day events with a target audience of 1,500

28. KubeCon NA 2019 Recap Lucas Käldström - CNCF Ambassador 28th

    of November, 2019 - Helsinki Image credit: @ashleymcnamara

29. 29 KubeCon Recap 10 Weird Ways to Blow Up Your

    Kubernetes - Melanie Cebula & Bruce Sherrod, Airbnb Keynote: Reflections - Kelsey Hightower, Staff Developer Advocate, Google Keynote: Hello From the Other Side: Dispatches From a Kubernetes Attacker - Ian Coldwater Keynote: In Search of the Kubernetes "Rails" Moment - Bryan Liles

30. 30 Kubernetes • Released 1.16 • CRDs are GA •

    Overhauled metrics • Ephemeral containers: – kubectl debug => attach a debug container to your Pod • Node Topology Manager • Cloud Providers moved out of tree • IPv4/IPv6 dual stack support • Pod topology spread constraints • 32,000 individual contributors to date

31. 31 Kubernetes Community Values Both in dedicated presentation, but also

    throughout all presentations • Distribution is better than centralization • Community over product or company • Automation over process • Inclusive is better than exclusive • Evolution is better than stagnation E.g. Project mergers, focus on non-code contributions to Kubernetes

32. 32 Helm • Tiller is gone – Release stored as

    Secrets by default – helm3 2to3 convert (in-place conversion) • Helm Hub • No default helm repo • 3-way merge (instead of 2-way merge) • Helm 3 enables pushing charts to Docker Registry • Special handling of CRDs

33. 33 OpenTracing + OpenCensus = OpenTelemetry • “Project before company”

    • A standard way to instrument and trace any distributed application • Ability to trace and requests throughout the service meshes and the broader ecosystem • Keynote with live demo: (Open)Telemetry Makes Observability Simple - Sarah Novotny & Liz Fong-Jones

34. 34 OPA / Gatekeeper • JSON input + Rego policy

    => JSON output • Plenty of integrations: K8s, object storage, Terraform Gatekeeper: OPA integration for K8s • Gatekeeper acts as a cache for all resources in the cluster • V3 is out • Policies stored in CRDs • Dry run • Community developed policies Common misunderstandings: • Kubernetes is NOT secure by default • DevSecOps => automatedly enforce and verify best practices • Both for secure environments, but especially for regulated environments

35. 35 GitOps • “Operations by pull requests” • Benefits: –

    Shared view of developer and operators – Automation of infrastructure changes – Safely deploy changes • Ephemeral environments • Front-running horses: – (Vanilla) Helm – Flux + Argo = ArgoFlux • Git also changed by bots, not only humans • Argo + Flux = ArgoFlux – “Project before company” – GitOps Framework

36. 36 BPF • Small pieces of secure and restricted code

    • Can be injected before any function at run-time – Kernel-space – User-space • Think aspect-oriented programming done right Useful for: • Auditing (Falco, Sysdig) • Intrusion detection (Falco, Sysdig) • Anomaly detection (Falco, Sysdig) • Network filtering and routing (Cilium, a.k.a., “iptables killer”)

37. 37 Nodes Control Plane Kubernetes’ high-level component architecture Node 3

    OS Container Runtime Kubelet Networking Node 2 OS Container Runtime Kubelet Networking Node 1 OS Container Runtime Kubelet Networking API Server (REST API) Controller Manager (Controller Loops) Scheduler (Bind Pod to Node) etcd (key-value DB, SSOT) User Legend: CNI CRI OCI Protobuf gRPC JSON

38. 38 kubeadm = A tool that sets up a minimum

    viable, best-practice Kubernetes cluster Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure Layer 2 The scope of kubeadm Layer 3 Layer 1

39. 39 kubeadm vs kops or kubespray Two different projects, two

    different scopes Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure kops

40. Mark your Calendars! • Tampere: December 4, 2019 at Tieto

    ◦ How we live migrated thousands of users from Mesos to Kubernetes ◦ What does Cloud Native mean to you? ◦ CI/CD with Azure DevOps and Azure Kubernetes Service • Turku: December 12, 2019 at Reaktor ◦ Intro to Kubernetes objects ◦ Nomad: Kubernetes Without the Complexity ◦ RBAC, NetworkPolicies and PodSecurityPolicies

41. Github: https:/ /github.com/cloud-native-nordics/meetups Slack: https:/ /cloudnativenordics.com https:/ /slack.k8s.io #fi-users Youtube:

    https:/ /www.youtube.com/channel/UCQmQspgrBXbq5t7pAXPmd0Q Meetup Group: https:/ /www.meetup.com/Kubernetes-Finland https:/ /www.meetup.com/Kubernetes-Tampere https:/ /www.meetup.com/Kubernetes-Turku Twitter: @KubernetesFin Reach out to us!