Slide 1

Slide 1 text

Kubernetes & CNCF Helsinki @KubernetesFin Proud member of the Cloud Native Nordics community www.cloudnativenordics.com An official meetup group

Slide 2

Slide 2 text

Today’s agenda: An official meetup group 18:00 - 18:15: Arrive at the venue, eat pizza, and network with others 18:15 - 18:20: Introductionary words from the venue sponsor for this time, Intel 18:20 - 18:45: KubeCon Recap and Community Updates 18:45 - 19:15: Be smarter, get more out of your clusters 19:15 - 19:30: Networking Break 19:30 - 20:00: All Meshed Up - How we use Linkerd 20:10 - 20:40: Cloud Native Components in VTT's Data Pipelines

Slide 3

Slide 3 text

3

Slide 4

Slide 4 text

4 MAP

Slide 5

Slide 5 text

5

Slide 6

Slide 6 text

#CloudNativeNordics STATS 6 95 Total number of meetups 5696 Members 4891 Total RSVPs 2700 unique attendees Average RSVPs 51 12 Groups

Slide 7

Slide 7 text

@phennex & @kubernetesonarm #CloudNativeNordics IT’S NOT ONLY US! 7 Foto: Torstein Lund Eik

Slide 8

Slide 8 text

#CloudNativeNordics WELCOME NEW MEMBERS! We now have over 900 members in the Kubernetes Finland meetup group! … and we’re still growing :) We follow the CNCF & Linux Foundation Code of Conduct. In short: Be nice and respectful to each other. Include everybody.

Slide 9

Slide 9 text

WE NEED YOUR HELP! 9 github.com/cloud-native-nordics/meetups - Data aggregated about the Nordics meetups github.com/cloud-native-nordics/meetup-kit - A re-usable tool to use for aggregating community data github.com/cloud-native-nordics/website - Frontend for cloudnativenordics.com written in Vue.js github.com/cloud-native-nordics/workshopctl - A tool to run Cloud Native workshops through a web browser

Slide 10

Slide 10 text

NEW COMMUNITY WEBSITE! Check out at https:/ /www.cloudnativenordics.com

Slide 11

Slide 11 text

@phennex & @kubernetesonarm #CloudNativeNordics REFERENCE STACK 11 kubernetes flux-cd helm stats-api website prometheus-operator nginx-ingress -controller cert- manager sealed- secrets node-exporters Kube-state- metrics prometheus grafana https:/ /github.com/cloud-native-nordics/k8s-config-repo

Slide 12

Slide 12 text

SOON… OUR OWN COMMUNITY STORE! A customized version of store.cncf.io

Slide 13

Slide 13 text

JOIN THE COMMUNITY! Continue the discussions and meet Cloud Natives from Denmark, Sweden, Norway, Finland, and Iceland :) #cloud-native-nordics www.cloudnativenordics.com Cloud Native Nordics github.com/cloud-native-nordics

Slide 14

Slide 14 text

WE’RE (ALWAYS) LOOKING FOR SPEAKERS Have you used Kubernetes in production? Taken a CNCF project for a test drive? Were you successful (or not) in containerizing your application? We want to hear! Let’s share our stories with each other You can also apply for a roadshow across the Nordics if you like Submit a talk proposal at https:/ /bit.ly/k8sfin-cfp

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

Please participate at https:/ /bit.ly/k8sfin-landscape

Slide 17

Slide 17 text

= OPEN SOURCE CLOUD COMPUTING FOR APPLICATIONS

Slide 18

Slide 18 text

What is CNCF? A non-profit foundation for getting Cloud Native: a) open source projects b) companies c) enthusiasts to come together in a neutral place. CNCF was founded in December 2015 and is a part of The Linux Foundation. CNCF curates and promotes a toolkit of trusted projects for modern applications. Helps hosted projects to succeed in various ways, one of them is by organizing events where the community can meet in person.

Slide 19

Slide 19 text

19 CNCF Projects

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

Cloud Native Trail Map Trail Map: l.cncf.io Source

Slide 22

Slide 22 text

WHAT IS CLOUD NATIVE? 22 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

Slide 23

Slide 23 text

WHAT IS CLOUD NATIVE? 23 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

Slide 24

Slide 24 text

WHAT IS CLOUD NATIVE? 24 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

Slide 25

Slide 25 text

● Over 76,000 people have registered for the free Introduction to Kubernetes course on edX ● Over 8,800 people have registered for the $299 Kubernetes Fundamentals course Training and Certification ● Over 8,300 people have registered for the Certified Kubernetes Administrator (CKA) online test ● Over 2,800 people have registered for the Certified Kubernetes Application Developer (CKAD) online test Individual Training Certification Source

Slide 26

Slide 26 text

KubeCon + CloudNativeCon • Europe 2020 – Amsterdam: March 30 - April 2, 2020 • China 2020 – Shanghai: July 28-30, 2020 • North America 2020 – Boston: November 17-20, 2020 kubecon.io

Slide 27

Slide 27 text

Prospectus • Seoul Dec 9-10, 2019; Sydney Dec 12-13, 2019 • Bengaluru Feb 17-18, 2020; Delhi Feb 20-21, 2020 • 2020 plans: Tel Aviv, Mexico City & Sao Pãulo, Tokyo & Singapore, Seoul & Sydney • Two-day events with a target audience of 1,500

Slide 28

Slide 28 text

KubeCon NA 2019 Recap Lucas Käldström - CNCF Ambassador 28th of November, 2019 - Helsinki Image credit: @ashleymcnamara

Slide 29

Slide 29 text

29 KubeCon Recap 10 Weird Ways to Blow Up Your Kubernetes - Melanie Cebula & Bruce Sherrod, Airbnb Keynote: Reflections - Kelsey Hightower, Staff Developer Advocate, Google Keynote: Hello From the Other Side: Dispatches From a Kubernetes Attacker - Ian Coldwater Keynote: In Search of the Kubernetes "Rails" Moment - Bryan Liles

Slide 30

Slide 30 text

30 Kubernetes • Released 1.16 • CRDs are GA • Overhauled metrics • Ephemeral containers: – kubectl debug => attach a debug container to your Pod • Node Topology Manager • Cloud Providers moved out of tree • IPv4/IPv6 dual stack support • Pod topology spread constraints • 32,000 individual contributors to date

Slide 31

Slide 31 text

31 Kubernetes Community Values Both in dedicated presentation, but also throughout all presentations • Distribution is better than centralization • Community over product or company • Automation over process • Inclusive is better than exclusive • Evolution is better than stagnation E.g. Project mergers, focus on non-code contributions to Kubernetes

Slide 32

Slide 32 text

32 Helm • Tiller is gone – Release stored as Secrets by default – helm3 2to3 convert (in-place conversion) • Helm Hub • No default helm repo • 3-way merge (instead of 2-way merge) • Helm 3 enables pushing charts to Docker Registry • Special handling of CRDs

Slide 33

Slide 33 text

33 OpenTracing + OpenCensus = OpenTelemetry • “Project before company” • A standard way to instrument and trace any distributed application • Ability to trace and requests throughout the service meshes and the broader ecosystem • Keynote with live demo: (Open)Telemetry Makes Observability Simple - Sarah Novotny & Liz Fong-Jones

Slide 34

Slide 34 text

34 OPA / Gatekeeper • JSON input + Rego policy => JSON output • Plenty of integrations: K8s, object storage, Terraform Gatekeeper: OPA integration for K8s • Gatekeeper acts as a cache for all resources in the cluster • V3 is out • Policies stored in CRDs • Dry run • Community developed policies Common misunderstandings: • Kubernetes is NOT secure by default • DevSecOps => automatedly enforce and verify best practices • Both for secure environments, but especially for regulated environments

Slide 35

Slide 35 text

35 GitOps • “Operations by pull requests” • Benefits: – Shared view of developer and operators – Automation of infrastructure changes – Safely deploy changes • Ephemeral environments • Front-running horses: – (Vanilla) Helm – Flux + Argo = ArgoFlux • Git also changed by bots, not only humans • Argo + Flux = ArgoFlux – “Project before company” – GitOps Framework

Slide 36

Slide 36 text

36 BPF • Small pieces of secure and restricted code • Can be injected before any function at run-time – Kernel-space – User-space • Think aspect-oriented programming done right Useful for: • Auditing (Falco, Sysdig) • Intrusion detection (Falco, Sysdig) • Anomaly detection (Falco, Sysdig) • Network filtering and routing (Cilium, a.k.a., “iptables killer”)

Slide 37

Slide 37 text

37 Nodes Control Plane Kubernetes’ high-level component architecture Node 3 OS Container Runtime Kubelet Networking Node 2 OS Container Runtime Kubelet Networking Node 1 OS Container Runtime Kubelet Networking API Server (REST API) Controller Manager (Controller Loops) Scheduler (Bind Pod to Node) etcd (key-value DB, SSOT) User Legend: CNI CRI OCI Protobuf gRPC JSON

Slide 38

Slide 38 text

38 kubeadm = A tool that sets up a minimum viable, best-practice Kubernetes cluster Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure Layer 2 The scope of kubeadm Layer 3 Layer 1

Slide 39

Slide 39 text

39 kubeadm vs kops or kubespray Two different projects, two different scopes Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure kops

Slide 40

Slide 40 text

Mark your Calendars! ● Tampere: December 4, 2019 at Tieto ○ How we live migrated thousands of users from Mesos to Kubernetes ○ What does Cloud Native mean to you? ○ CI/CD with Azure DevOps and Azure Kubernetes Service ● Turku: December 12, 2019 at Reaktor ○ Intro to Kubernetes objects ○ Nomad: Kubernetes Without the Complexity ○ RBAC, NetworkPolicies and PodSecurityPolicies

Slide 41

Slide 41 text

Github: https:/ /github.com/cloud-native-nordics/meetups Slack: https:/ /cloudnativenordics.com https:/ /slack.k8s.io #fi-users Youtube: https:/ /www.youtube.com/channel/UCQmQspgrBXbq5t7pAXPmd0Q Meetup Group: https:/ /www.meetup.com/Kubernetes-Finland https:/ /www.meetup.com/Kubernetes-Tampere https:/ /www.meetup.com/Kubernetes-Turku Twitter: @KubernetesFin Reach out to us!