Cloud Native Computing Foundation / KCD Indonesia 2021

Kustomize purely declarative approach to configuration customization that adheres to and leverages the familiar concept of KRM.

Here’s a common scenario. Somewhere on the internet you find someone’s Kubernetes configuration for a content management system. It's a set of files containing YAML specifications of Kubernetes API objects. Then, people would like to use it for different environments, eg: development and production.

on today industry, specially on Container, there is lot of Container storage solution in the market, this presentation will help audience to better understanding how to choose the right storage platform solution for the Kubernetes / Container

I a world full of Kubernetes, we often use Helm to deploy our application or dependencies. Most people will install helm chart releases by using imperative format. We need to register helm chart repo first and then continue installation imperatively. This process continue repeatedly every deployment in CI/CD. It would be cumbersome if we need to install many helm chart releases at the same time.

This presentation will tell you how to manage helm chart installation in a declarative format using Helmfile. Helmfile allows you to create a single source of truth about your helm chart releases deployment and deploy all of them in a single command. Helmfile extends the power & flexibility of Helm, also make it easier, managable, & readable. At the end, it is expected that Helmfile can be an artifact that could be read by all stakeholders and tell general view of your application architecture.

Saya akan menceritakan pengalaman tim kami menggunakan GitOps (dalam case ini Argocd) dalam menjalankan Continious Deployment production workload dalam industri perbank-an yang harus comply dalam PCI-DSS dan berbagai Regulasi lainnya.

Bagaimana kami menggunakan "declarative way", sambil tentunya memperhatikan aspek di sisi security juga. Argocd untungnya mempunyai beberapa plugin yg support itu seperti argocd-vault-plugin. Dan kustomize untuk mempermudah dalam struktur folder di environment kami.

Saya juga akan bercerita tentang bagaimana kami mencoba untuk integrasi dengan Active Directory. Dan bagaimana pembagian authorisasi user dalam mengakses argocd.

Kubernetes is a complex and highly distributed platform. As your organization grows bigger, it is getting more challenging to maintain your policies and compliance.

One of underrated built-in feature in Kubernetes is Admission Controllers. It has the ability to audit and enforce policies/compliance to most requests coming through Kubernetes API. And in the other side, many platform engineers working with kubernetes aren't aware of this feature.

In this talk, we will dive deep into Kubernetes admission controller, how can we leverage its potentials, and a brief demo in building our custom admission webhook with Python.

While cloud native tools and practises helps building scalable software and microservices. It comes with a cost. Cloud Naive, is a tongue-in-cheek phrase to make people aware of the cost of bulding microservices and avoiding buliding complicated software architecture just because.

Security is the first and foremost thing everyone is concert about. Everything is moving towards containers these days, working with a large crowd needs security as well. security enhancement would be the next things to consider to implement, in this talk Husni (Certified Kubernetes Security Specialist) will brings one of the tools in runtime security its call Falco (de facto Kubernetes threat detection engine), in this talk he will cover an introduction and concept of the Falco itself, kind of threat, example behavior or activity rules and lastly about how to implement & to integrate it to Kubernetes and the underlying infrastructure

When a developer team creates a new application, they have to consider what platform to use, how to manage and recover the application state after failures, managing secrets, tracing the application, etc. Then, when it comes to migration, they need to rewrite some code in the application. Another case is when companies have legacy applications with a monolithic architecture, and they want to adopt modern architecture like cloud-native or cloud-agnostic. The company wants to do it all at once and moving all at once can cost time, thus creating more gap if there’s new technology emerge when migrating the application. This is where Dapr comes in. Dapr codifies the best practices for building microservice applications into open, independent building blocks. Each building block is completely independent and you can use one, some, or all of them in your application.

When we use templating engines for Kubernetes manifest such as Helm, it is hard to find a Helm chart provider that includes a service mesh manifest. It's because there are multiple implementations of a service mesh with distinct manifests (e.g. Istio, Traefik, Consul, etc). Therefore, when they want to make the chart support service mesh, they need to create multiple different manifests for different service mesh implementations. That reason emphasizes why an abstraction layer is needed to provide an easy-to-consume API that can be implemented by many different service mesh implementations. By using the Service Mesh Interface (SMI), users are free to adopt service mesh concepts without being bound to any particular implementation. This talk will guide you about what features Service Mesh Interface provides and how it benefits the community.

Ketika testing untuk deployment kubernetes object atau helm charts dilakukan, umumnya deployment tersebut dilakukan didalam sebuah temporary namespace yang dengan mudah di-create-delete dalam hitungan detik. Bagaimana dengan deployment yang melibatkan cluster-wide objects seperti cluster-role, CRDs, admission validation webhook ?

Kubernetes-in-Kubernetes (KinK) adalah sebuah methode menjalankan cluster kubernetes baru diatas kubernetes yang sudah ada yang bisa digunakan untuk testing kubernetes application yang melibatkan object dari namespaced scope sampai cluster-wide scope.

Gojek, a decacorn with 100 million users in Southeast Asia, used to have developer teams that managed their own Elasticsearch logging clusters. However, they have different knowledge and time for it, resulting in different QoS of each cluster. To solve this issue, the infrastructure team started to manage those clusters by provisioning Elasticsearch and Kafka clusters on LXC containers on behalf of the developer teams.

The initial architecture worked fine for 30+ clusters, but significant growth demanded the team to manage 250+ clusters. Elasticsearch and Kafka require special care to administer, e.g. Elasticsearch cluster status should be green before turning off another Elasticsearch node. This complexity slows down the team to do maintenance operations, e.g. the team needs weeks to upgrade these clusters. This talk presents how Operator Frameworks reduces our daily toil.

Kubernetes is not easy for development team. At first there are so many setup and configurations, and must helped by Operations team. Knative, a serverless platform for Kubernetes, helping team for deploying, releasing, and monitoring services (observability). Development team should focus on build high quality apps. Knative and Kubernetes will handle the deployment, workload, scaling, etc.

A fundamental principle of DevOps is to treat infrastructure the same way developers treat code. Now, with AWS CDK, an open source framework to model and provision cloud resources using Typescript, Python, Java and .Net, we can provision Kubernetes cluster, to deploy applications with code in our language of choice. On top of that, AWS CDK extends the abstraction with the new CDK for Kubernetes (cdk8s). With cdk8s, now we can create abstraction, define Kubernetes applications and reuse components using familiar programming languages.

How can you tell your Node.JS cloud app is slow? broken? or want to improve your code quality? Observability is the answer!, especially using OpenTelemetry. OpenTelemetry lets us generate, collect, and export telemetry data (metrics, logs, and traces) for analysis in order to understand your software's performance and behavior.

Kelsey is very popular in Indonesia for his amazing work in educating Kubernetes and cloud native practices, lots of people learned from his book Kubernetes Up and Running, and from his great tutorial kubernetes the hardway. Indonesia is underrepresented country in tech and Kelsey shares his point of view on how to progress as tech learner in this ecosystem and how to build open and inclusive tech community that everyone feels safe to be part of.

#kubernetes #cncf #kcd

Nikhita is ex-Steering Committee Member of the Upstream Kubernetes Open Source organization. She shares the easiest way to start making code, docs, and other form of contributions to Kubernetes project, and how did it impact her professional career by being active in an open source organization.

#kubernetes #cncf #kcd

Automating the deployment of the newly built container images from your CI can usually be a pain and not-so-straightforward process. Keel is a single container, stateless, robust and lightweight Kubernetes Operator to automate update Helm, DaemonSet, StatefulSet & Deployment updates.

Configure your deployments using labels & annotations (no more messing around with complex scripts, painful CLI & API), receive update instructions via webhooks from your CI (DockerHub, Quay, Azure, custom) container registry, and also get notified of updates to your Slack, Hipchat, Mattermost and other platform via standard webhook notifications.

In the Kubernetes environment, apps are instrumented for observability and it needs a cache-efficient way to run build systems. One of the tool great tools that we can use is BuildKit. BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner with a lots of features.

In this session, I will demonstrate how to use rootless and daemonless. BuildKit to run secure, fast and cache-efficient builds in Kubernetes.

Kubernetes Event-driven Autoscaler provides us another option to do autoscale kubernetes object based on external metrics resources such as Apache Kafka, AWS CloudWatch, Pub/Sub, etc

Moving Directory Server such as LDAP from traditional Infrastructure was not an easy task. There's a lot of thing to consider from choosing tools, migration scheme, and backup plan. I want to share my experience moving an ApacheDS LDAP server from On-Prem infra to kubernetes. I also want to share about known issues from ApacheDS in Docker on how I managed to resolved it.

Teknologi infrastruktur telekomunikasi saat ini ber-evolusi dari bentuk appliance (hardware & software dalam 1 box) dengan mengadopsi teknologi Virtualisasi atau NFV (Network Function Virtualization) sesuai standar ETSI.NFV yang pada awalnya berbasis berbasis teknologi hypervisor, saat ini mulai meng-adopsi teknologi cloud native, dengan 5G menjadi salah satu driver utama. Hal tersebut didukung oleh berbagai pihak seperti komunitas (CNCF Telecom User Grup), telco operator (Rakuten), dan vendor/ technology ownerSaat ini Telkom sedang melakukan riset dan pengembangan telco cloud native skala lab menggunakan teknologi open-source di area NFV Infrastructure (XCP-NG, Kubernetes, Ansible) serta berbagai VNF dan CNF.

Melalui riset dan eksperimentasi ini diharapkan dapat muncul beberapa use cases yang bermanfaat dan potensial untuk diadopsi di masa yang akan datang.

Istio merupakan teknologi Service Mesh yang paling populer di Kubernetes. Fitur Istio membantu menambah kemampuan observability, security, dan traffic management seperti fault injection, circuit breaker, traffic shifting dan masih banyak lagi. Namun, orang-orang masih sering overwhelmed dan mendapatkan kesan bahwa Istio itu kompleks. Itu mungkin benar beberapa tahun yang lalu, tetapi Istio sekarang sudah semakin sederhana dan mudah untuk mendapatkan manfaatnya.

Lightning Talk ini akan membahas apa saja yang bisa kita dapat hanya dari Istio out of the box a.k.a Zero-Config Istio.

Panelist talk about adoption of Kubernetes in Indonesia by Giovanni Sakti. Andri Setiawan, Nugroho Gito, Arga Dhahana Pramudianto

No description provided.

Deploying Service Mesh in GCP with a managed control plane.

Doing cloud native on premise could be troublesome, and usually no API provided for automation. In this session, we will show how Nutanix making cloud native on prem is simple, and leverage Nutanix kubernetes platform Karbon to provide kubernetes on Prem. Later on will showing also how easy to create pipeline to call karbon API to create kubernetes on Nutanix and using linkerd to routing traffic between on prem and public cloud.

No description provided.