Cloud Native Computing Foundation / KCD Washington DC 2021

Microservices are great, no doubt about that. But, when it comes to troubleshooting issues in a distributed system, it’s rarely easy. Getting multiple independent teams to agree to use a standard set of metrics or debugging strategies, makes it even harder. Issues turn into a blame game where DNS, Kubernetes, the network, or the mesh all take turns. Linkerd, the CNCF's recently graduated service mesh, has a built-in ability to tap into and analyze traffic to quickly identify and isolate problems. To do that, no code changes are required, nor do app teams need to expose their own metrics or become experts in Kubernetes or the mesh. When a problem occurs, Linkerd users can rely on the mesh as a single source of truth to help quickly identify issues and drive down MTTR.

Cloud native technologies give us exciting opportunities to modernize, accelerate, and grow. But new technologies can introduce massive change, and startups or small teams aren’t always ready for it. The go-to-market strategy, tech stack, leadership team, funding, M&A positioning are all BIG CHANGES that require an antifragile approach and emotionally elastic team. As your organization undergoes change, how can you position yourself for success? What’s the best organizational structure to drive the outcomes you want - for your team and your customers - today AND tomorrow? How can you be antifragile and emotionally elastic to continue to drive innovation, enjoy your work and the humans you work with daily, and create a robust business? This talk offers insights into how to embrace change instead of fear it as your business evolves, so we can embrace change and evolve together.

This presentation provides an overview of how Kubernetes capabilities can be used to simplify use of hybrid infrastructure rather than complicate it. We will cover the general challenges posed by hybrid multi-site architectures, including provisioning and operations, ingress traffic management, network connectivity, and distributed data management. We will also review and demo (using AWS and Azure as examples) how each of these challenges can be addressed with Kubernetes and various Kubernetes controllers used as an infrastructure abstraction layer.

It's day 2. The corporate k8s cluster is humming. Everything works perfectly in a local environment, but how do you connect the wires? Your first few steps in Kubernetes may feel like walking through uncharted territory. Yet, several tools can make you just as productive as you were in your comfortable local setup. With only a few changes in your configuration, you can automatically rebuild clusters when a file changes and even debug software running in containers. Add this to some visualization tools and some templating software, and you'll be back on track very quickly. In this talk, you’ll learn how to use some open source tooling available around the Kubernetes ecosystem to become more productive and optimize for developer joy.

While Kubernetes has a rich feature-set with RBAC and namespaces, it still falls short in making a multi-tenant solution possible out-of-the-box. How do you protect teams from each other without simply taking all of the control from them? For example, how do you prevent a team from defining an Ingress object that takes the traffic from another? Or how do you prevent teams from creating additional LoadBalancer services? Fortunately, Gatekeeper has come to the rescue! In this talk, we'll talk about admissions controllers and how Gatekeeper can solve these problems. We'll go over the Rego language (which takes some time to wrap your head around) and provide several examples of how Virginia Tech is using Gatekeeper to support multi-tenancy. While policy enforcement sounds scary, it certainly doesn't have to be!

If you've researched cloud native applications and technologies, you've probably come across the CNCF cloud native landscape. Unsurprisingly, the sheer scale of it can be overwhelming. So many categories and so many technologies. How do you make sense of it? As with anything else, if you break it down and analyze it one piece at a time, you'll find it's not that complex and makes a lot of sense. In fact, the map is neatly organized by functionality and, once you understand what each category represents, navigating it becomes a lot easier. During this talk, Jason and Catherine break this mammoth landscape down and provide a high-level overview of its layers, columns, and categories.

No description provided.

GitOps has a lot to offer – there’s a reason the operational framework for k8s cluster management and app delivery is red hot. Get it right and devs get a single source of truth of the desired state, automated syncs, drift detection and reconciliation, etc. But manifests have remained too complex for everyone to understand and usually describe k8s resources instead of apps. The tools that *do* treat apps as apps (instead of resources) tend to be focused mostly on CLI and UI – often ignoring the need to define everything as code. But can you combine both? Can you have app specs that are easy for devs to understand/write/manage? Can you combine that with GitOps, to focus on pushing changes to Git instead of operating clusters? Can you make everything easy to the point that anyone can use it, no matter if they have a Ph.D. in k8s or are an app developer that just wants their apps to run?

Building a secure software supply chain is no easy feat. SolarWinds showed us that even the experts have a difficult time. This talk gives an overview of what's required, including ingesting external dependencies, attestation of the build infrastructure, signing artifacts, SBoMs, reproducible builds, and admission controllers. We'll also look at some of the key projects in this space being developed within the CNCF and Linux Foundation.