Well-Architected Kubernetes

Slide 1

Slide 1 text

Open-Source Well-Architected + Kubernetes Julio Faerman

Slide 2

Slide 2 text

How to demonstrate quality In systems architecture?

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

Isn’t that Kubernetes? https://github.com/kubernetes/kubernetes

Slide 8

Slide 8 text

Kubernetes 1.29/30 https://github.com/kubernetes/kubernetes ● Gateway API ● Sidecar Containers ● In-Place Updates ● Common Language Expression ● Structured Authorization Configuration ● Priority and Fairness for API Server ● ReadWriteOncePod ● User Namespaces ● Nftables Firewalls ● Dynamic Resource Allocation ● SwapBehavior: LimitedSwap ● Routing Preferences for Services

Slide 9

Slide 9 text

What else is our job?

Slide 10

Slide 10 text

The CNCF Landscape

Slide 11

Slide 11 text

Open-Source Well-Architected + Kubernetes Infrastructure Level

Slide 12

Slide 12 text

AWS Controllers for Kubernetes https://github.com/aws-controllers-k8s/community

Slide 13

Slide 13 text

“The cloud native control plane framework”

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

✓ VirtualMachineInstance ✓ VirtualMachineInstance ReplicaSet ✓ virtctl and kubectl ✓ virthandler ✓ nodelabeler ✓ virtlauncher ✓ libvirt + qemu https://github.com/kubevirt

Slide 16

Slide 16 text

✓ Memory Overcommit ✓ Non-disruptive vertical scaling ✓ Disaster Recovery ✓ Data Protection ✓ Observability ✓ Ecosystem Partners https://github.com/kubevirt

Slide 17

Slide 17 text

Quay Image Registry ● Replication ● Clustering ● Scanning ● RBAC ● Tagging ● Web UI https://github.com/quay/quay

Slide 18

Slide 18 text

Ignition ● Cloud Boot ● Pre-OS ○ initramfs ● Declarative ○ FS ○ Network ○ Security ● Idempotency https://github.com/coreos/ignition

Slide 19

Slide 19 text

● Open-Source ● Container-First ● Secure ○ Minimal ○ Immutable ○ Transactional ○ Automatic Updates ○ Encrypted ○ PolicyKit, SELinux, Exec-Shield … ● Flexible ○ Architecture ○ Cloud Provider https://github.com/coreos

Slide 20

Slide 20 text

Open-Source Well-Architected + Kubernetes Platform Level

Slide 21

Slide 21 text

Container Runtime Interface Implementation https://github.com/cri-o/cri-o https://github.com/etcd-io/etcd Distributed reliable key-value store

Slide 22

Slide 22 text

ETCD Performance Eﬃciency

Slide 23

Slide 23 text

Istio ✓ Service Mesh ✓ Traﬃc Management ○ Load Balancing ○ Traﬃc Shaping ○ Fault Injection ○ Resiliency ✓ Service Discovery ✓ Security ✓ Observability ✓ Policy Enforcement ✓ Multi-Cluser Multi-Mesh https://istio.io/

Slide 24

Slide 24 text

OpenTELemetry Tracing Metrics Alerts Logs Netﬂows https://github.com/open-telemetry

Slide 25

Slide 25 text

Tekton https://github.com/tektoncd https://github.com/argoproj/argo-cd

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

StackRox ● Threat Detection and Prevention ● Runtime Policy Enforcement ● Image Scanning ● Automated Compliance ● Network Visibility ● CI/CD Pipeline ● Reporting and Visualization ● Response Management ● API & Integrations https://github.com/stackrox/stackrox

Slide 28

Slide 28 text

Open-Source Well-Architected + Kubernetes Application Level

Slide 29

Slide 29 text

Keycloak ✓ Single Sign-On ✓ User Federation ✓ Social Identites ✓ Oauth, OpenId, SAML, … ✓ Role Based Access Control ✓ User Management ✓ Clustered and Scalable ✓ Auditable ✓ Multi-tenant ✓ Extensible https://github.com/keycloak/keycloak

Slide 30

Slide 30 text

Eclipse Che Cloud Development Environment https://github.com/eclipse-che/che

Slide 31

Slide 31 text

Open Data Hub ● Jupypter Lab ● Elyra ● Apache Airﬂow ● Kubeﬂow Pipelines ● Apache Spark ● Minio ● Kserver ● Kueue https://github.com/opendatahub-io

Slide 32

Slide 32 text

Open-Source Well-Architected + Kubernetes Operations Level

Slide 33

Slide 33 text

https://github.com/aws/karpenter-provider-aws

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

Kubecost + OpenCost https://github.com/kubecost https://www.opencost.io/

Slide 36

Slide 36 text

Knative ● Serverless Deployments ● Routing & Traﬃc Management ● Automatic Scaling ● Revision Management ● Event-Driven ● Extensible Architecture ● GitOps Ready https://knative.dev/docs/

Slide 37

Slide 37 text

About Julio https://faermanj.com/ Helping people with open-source projects and tech jobs. All projects mentioned today, except ACK and Karpenter, are supported components of Red Hat OpenShift, where I work as a software engineer.

Slide 38

Slide 38 text

ًﻼﯾزﺟ ًارﻛﺷ ؟ﺔﻠﺋﺳأ [@] faermanj [.com]