Kubernetes & CNCF Helsinki @KubernetesFin Proud member of the Cloud Native Nordics community www.cloudnativenordics.com An official meetup group

Today’s agenda: An official meetup group 18:00 - 18:15: Arrive at the venue, eat pizza, and network with others 18:15 - 18:20: Introductionary words from the venue sponsor for this time, Intel 18:20 - 18:45: KubeCon Recap and Community Updates 18:45 - 19:15: Be smarter, get more out of your clusters 19:15 - 19:30: Networking Break 19:30 - 20:00: All Meshed Up - How we use Linkerd 20:10 - 20:40: Cloud Native Components in VTT's Data Pipelines

3

4 MAP

5

#CloudNativeNordics STATS 6 95 Total number of meetups 5696 Members 4891 Total RSVPs 2700 unique attendees Average RSVPs 51 12 Groups

@phennex & @kubernetesonarm #CloudNativeNordics IT’S NOT ONLY US! 7 Foto: Torstein Lund Eik

#CloudNativeNordics WELCOME NEW MEMBERS! We now have over 900 members in the Kubernetes Finland meetup group! … and we’re still growing :) We follow the CNCF & Linux Foundation Code of Conduct. In short: Be nice and respectful to each other. Include everybody.

WE NEED YOUR HELP! 9 github.com/cloud-native-nordics/meetups - Data aggregated about the Nordics meetups github.com/cloud-native-nordics/meetup-kit - A re-usable tool to use for aggregating community data github.com/cloud-native-nordics/website - Frontend for cloudnativenordics.com written in Vue.js github.com/cloud-native-nordics/workshopctl - A tool to run Cloud Native workshops through a web browser

NEW COMMUNITY WEBSITE! Check out at https:/ /www.cloudnativenordics.com

@phennex & @kubernetesonarm #CloudNativeNordics REFERENCE STACK 11 kubernetes flux-cd helm stats-api website prometheus-operator nginx-ingress -controller cert- manager sealed- secrets node-exporters Kube-state- metrics prometheus grafana https:/ /github.com/cloud-native-nordics/k8s-config-repo

SOON… OUR OWN COMMUNITY STORE! A customized version of store.cncf.io

JOIN THE COMMUNITY! Continue the discussions and meet Cloud Natives from Denmark, Sweden, Norway, Finland, and Iceland :) #cloud-native-nordics www.cloudnativenordics.com Cloud Native Nordics github.com/cloud-native-nordics

WE’RE (ALWAYS) LOOKING FOR SPEAKERS Have you used Kubernetes in production? Taken a CNCF project for a test drive? Were you successful (or not) in containerizing your application? We want to hear! Let’s share our stories with each other You can also apply for a roadshow across the Nordics if you like Submit a talk proposal at https:/ /bit.ly/k8sfin-cfp

No content

Please participate at https:/ /bit.ly/k8sfin-landscape

= OPEN SOURCE CLOUD COMPUTING FOR APPLICATIONS

What is CNCF? A non-profit foundation for getting Cloud Native: a) open source projects b) companies c) enthusiasts to come together in a neutral place. CNCF was founded in December 2015 and is a part of The Linux Foundation. CNCF curates and promotes a toolkit of trusted projects for modern applications. Helps hosted projects to succeed in various ways, one of them is by organizing events where the community can meet in person.

19 CNCF Projects

No content

Cloud Native Trail Map Trail Map: l.cncf.io Source

WHAT IS CLOUD NATIVE? 22 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

WHAT IS CLOUD NATIVE? 23 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

WHAT IS CLOUD NATIVE? 24 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.

● Over 76,000 people have registered for the free Introduction to Kubernetes course on edX ● Over 8,800 people have registered for the $299 Kubernetes Fundamentals course Training and Certification ● Over 8,300 people have registered for the Certified Kubernetes Administrator (CKA) online test ● Over 2,800 people have registered for the Certified Kubernetes Application Developer (CKAD) online test Individual Training Certification Source

KubeCon + CloudNativeCon • Europe 2020 – Amsterdam: March 30 - April 2, 2020 • China 2020 – Shanghai: July 28-30, 2020 • North America 2020 – Boston: November 17-20, 2020 kubecon.io

Prospectus • Seoul Dec 9-10, 2019; Sydney Dec 12-13, 2019 • Bengaluru Feb 17-18, 2020; Delhi Feb 20-21, 2020 • 2020 plans: Tel Aviv, Mexico City & Sao Pãulo, Tokyo & Singapore, Seoul & Sydney • Two-day events with a target audience of 1,500

KubeCon NA 2019 Recap Lucas Käldström - CNCF Ambassador 28th of November, 2019 - Helsinki Image credit: @ashleymcnamara

29 KubeCon Recap 10 Weird Ways to Blow Up Your Kubernetes - Melanie Cebula & Bruce Sherrod, Airbnb Keynote: Reflections - Kelsey Hightower, Staff Developer Advocate, Google Keynote: Hello From the Other Side: Dispatches From a Kubernetes Attacker - Ian Coldwater Keynote: In Search of the Kubernetes "Rails" Moment - Bryan Liles

30 Kubernetes • Released 1.16 • CRDs are GA • Overhauled metrics • Ephemeral containers: – kubectl debug => attach a debug container to your Pod • Node Topology Manager • Cloud Providers moved out of tree • IPv4/IPv6 dual stack support • Pod topology spread constraints • 32,000 individual contributors to date

31 Kubernetes Community Values Both in dedicated presentation, but also throughout all presentations • Distribution is better than centralization • Community over product or company • Automation over process • Inclusive is better than exclusive • Evolution is better than stagnation E.g. Project mergers, focus on non-code contributions to Kubernetes

32 Helm • Tiller is gone – Release stored as Secrets by default – helm3 2to3 convert (in-place conversion) • Helm Hub • No default helm repo • 3-way merge (instead of 2-way merge) • Helm 3 enables pushing charts to Docker Registry • Special handling of CRDs

33 OpenTracing + OpenCensus = OpenTelemetry • “Project before company” • A standard way to instrument and trace any distributed application • Ability to trace and requests throughout the service meshes and the broader ecosystem • Keynote with live demo: (Open)Telemetry Makes Observability Simple - Sarah Novotny & Liz Fong-Jones

34 OPA / Gatekeeper • JSON input + Rego policy => JSON output • Plenty of integrations: K8s, object storage, Terraform Gatekeeper: OPA integration for K8s • Gatekeeper acts as a cache for all resources in the cluster • V3 is out • Policies stored in CRDs • Dry run • Community developed policies Common misunderstandings: • Kubernetes is NOT secure by default • DevSecOps => automatedly enforce and verify best practices • Both for secure environments, but especially for regulated environments

35 GitOps • “Operations by pull requests” • Benefits: – Shared view of developer and operators – Automation of infrastructure changes – Safely deploy changes • Ephemeral environments • Front-running horses: – (Vanilla) Helm – Flux + Argo = ArgoFlux • Git also changed by bots, not only humans • Argo + Flux = ArgoFlux – “Project before company” – GitOps Framework

36 BPF • Small pieces of secure and restricted code • Can be injected before any function at run-time – Kernel-space – User-space • Think aspect-oriented programming done right Useful for: • Auditing (Falco, Sysdig) • Intrusion detection (Falco, Sysdig) • Anomaly detection (Falco, Sysdig) • Network filtering and routing (Cilium, a.k.a., “iptables killer”)

37 Nodes Control Plane Kubernetes’ high-level component architecture Node 3 OS Container Runtime Kubelet Networking Node 2 OS Container Runtime Kubelet Networking Node 1 OS Container Runtime Kubelet Networking API Server (REST API) Controller Manager (Controller Loops) Scheduler (Bind Pod to Node) etcd (key-value DB, SSOT) User Legend: CNI CRI OCI Protobuf gRPC JSON

38 kubeadm = A tool that sets up a minimum viable, best-practice Kubernetes cluster Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure Layer 2 The scope of kubeadm Layer 3 Layer 1

39 kubeadm vs kops or kubespray Two different projects, two different scopes Master 1 Master N Node 1 Node N kubeadm kubeadm kubeadm kubeadm Cloud Provider Load Balancers Monitoring Logging Cluster API Spec Cluster API Cluster API Implementation Addons Kubernetes API Bootstrapping Machines Infrastructure kops

Mark your Calendars! ● Tampere: December 4, 2019 at Tieto ○ How we live migrated thousands of users from Mesos to Kubernetes ○ What does Cloud Native mean to you? ○ CI/CD with Azure DevOps and Azure Kubernetes Service ● Turku: December 12, 2019 at Reaktor ○ Intro to Kubernetes objects ○ Nomad: Kubernetes Without the Complexity ○ RBAC, NetworkPolicies and PodSecurityPolicies

Github: https:/ /github.com/cloud-native-nordics/meetups Slack: https:/ /cloudnativenordics.com https:/ /slack.k8s.io #fi-users Youtube: https:/ /www.youtube.com/channel/UCQmQspgrBXbq5t7pAXPmd0Q Meetup Group: https:/ /www.meetup.com/Kubernetes-Finland https:/ /www.meetup.com/Kubernetes-Tampere https:/ /www.meetup.com/Kubernetes-Turku Twitter: @KubernetesFin Reach out to us!