►
From YouTube: Keynote: CNCF Project Updates - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Keynote: CNCF Project Updates - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware
https://sched.co/UdPK
A
All
right
so
today,
I'm
here
to
talk
about
CNCs
project
updates,
and
this
is
really
hard
for
me
because
there's
a
lot
of
CNCs
projects,
but
what
I
like
to
do
is
bring
up
some
projects
that
I
don't
feel
that
we
are
talking
about
enough
and
then
also
bring
up
some
creators
and
maintain
errs
and
people
who
are
associated
with
projects.
So
they
can
actually
take
advantage
of
this
stage
to
share
the
enthusiasm
that
they
have
about
their
projects.
A
So
I
have
three
of
those
today,
but
let's
get
started
off
with
one
project
that
I
just
don't
think
we
talked
about
enough
core
DNS
and
the
reason
that
this
is
first
is
because
I
believe
back
in
January
when
core
DNS
graduated
or
moved
to
graduation
status.
We
didn't
have
enough
fanfare,
because
one
thing
that
I
like
to
say
is
that
way:
back
in
March
of
2017
cortar
accordion
s
is
one
of
the
first
sandbox
projects,
so
it
would
actually
move
from
sandbox
to
incubation
to
graduated,
which
means
guess
what
the
process
kind
of
works.
A
But
the
reason
I
like
core
OS
is
because
of
what
I
put
on
this
slide.
It's
all
about
simplicity,
you
get
simple
DNS
and
for
those
of
us
who
actually
have
configured
things
that
rhyme
with
rind
in
the
past,
we
can
all
appreciate
the
value
of
not
only
a
simple
configuration
but
a
pluggable
and
a
module
configuration
so
I
invite
everyone
to
go
check
out
core
DNS
and
see
what
they
have
to
offer.
A
B
For
me,
it's
more
like
:,
sweat
smile.
You
know
good,
so
about
this
graduation
process.
The
the
main
difference
is
that
they
use
a
bigger
lens.
They
want
you
to
overkill
on
every
one
of
these
categories
like,
for
example,
if
you
desired
option,
they
want
to
make
sure
that
that
we
have
mission-critical
production
workloads
running
in
real
companies.
You
know,
and
when
it
comes
to
maintainer
diversity,
they
want
to
see
prolonged
contributions
from
multiple
organizations
and
then,
after
that,
they
drill
down
into
the
details
of
the
project.
Ask
about
how
are
you
doing
your
testing?
B
What
are
you
doing
for
your
design
strategy,
so
they
make
sure
that
the
project
is
actually
healthy
from
inside
all
the
way
out.
So
having
gone
through
this
whole
scrutiny
and
coming
out
successful
is
super
exciting.
So
what
is
with
us?
The
simplest
way
to
describe
it
is:
it
is
a
cloud
native
database
that
means
that
it
can
run
in
an
environment
like
so
kubernetes
without
losing
your
data.
B
Importantly,
it
can
scale
massively
and
I'll
talk
about
that
highly
available,
like
five
nines
of
availability
is
pretty
comfortable
for
a
system
like
with
us,
and
it's
based
on
my
sequel,
which
means
that
if
you
are
on
my
sequel,
it's
pretty
easy
to
move
to
the
test.
So
I'm
going
to
talk
about
a
few
case
studies
where
how
we
test
is
used
out
in
the
wild,
the
first
one
is
slack.
So,
as
you
must
know,
slack
is
experiencing
hyper
growth.
This
is
a
graph
from
them,
and
but
that's
not
their
only
issue.
B
Their
issue
is
also
very
fast.
Changing
business
needs
and
they
needed
a
system
that
is
flexible
enough
to
accommodate
those
changes
so
and
they
were
debating
between
build
versus
buy
decision
and
they
found
the
best
of
both
worlds
would
be
test
because
they
could
buy
into
the
test,
but
also
build
features
that
it
was
lacking
that
they
needed.
So
they
are
now
about
35%
migrated
and
they
are
shooting
400%
around
next
year,
and
this
statement,
from
slack
basically
is
a
testimony
to
how
much
they
love
with
us
and
how
trusted
it
is.
B
So
that's
a
good
stamp
of
approval,
so
Jerry
calm
is
one
of
the
largest
online
retailers
of
China
they
use
with
us,
so
they
recently
had
their
singles
day
sale,
which
was
last
week.
It's
late,
Black
Friday
of
China,
so
I
want
you
to
think
about
what
kind
of
QPS
whit
has
served
for
them.
Peak
ups
on
that
day
and
I'll
reveal
that
number
in
a
moment,
so
they
have
pretty
large
instance.
B
So
you
could
call
that
massive
scale
and
in
case
you
find
me
in
the
hallway,
you
can
tell
me
what
number
you
guessed
later.
So
in
contrast,
nozzle
is
stardom.
So
why
would
a
start-up
want
to
use
something
like
we
test,
which
is
built
for
massive
scale?
So
in
my
opinion,
they
are
one
of
the
best
role
models
of
what
startup
companies
should
be
doing
these
days,
which
is
to
run
all
in
kubernetes.
B
So,
in
their
case,
their
software
is
runs
on
all
kubernetes
and
they
got
a
really
good
deal
from
Europe,
so
they
deployed
their
software
on
aks.
So
after
a
while
Google
Cloud
countered
them,
they
got
a
better
deal.
So
what
did
they
do?
We
just
pack
their
bags
and
moved
so
so
that
is
the
advantage
of
running
all
in
kubernetes.
B
There
is
no
vendor
lock-in,
so
my
parting
thought
with
you
is:
if
you
are
moving
to
kubernetes,
don't
leave
your
data
behind,
take
everything
with
you
and
in
and
if
you
ask
me,
the
the
like,
in
the
future,
I
think
people
that
host
services
should
run
their
services
on
my
kubernetes,
not
like
me,
running
kubernetes
and
calling
out
into
their
services.
So
there
are
some
exciting
talks
coming
up.
B
The
most
one
of
the
best
is
I
would
say,
attend
the
one
from
slack
which
is
at
11:50,
which
is
they
had
know
a
thing
or
two
about
running
resilient
systems,
so
definitely
highly
recommended.
If
you
want
to
know
how
to
make
a
storage
system
or
a
database
cloud
native,
you
can
attend
my
talk
at
3:20
and
you
can
hear
from
the
horse's
mouth
about
how
nozzle
did
all
these
tricks
with
with
us
and
how
they
benefit
from
it.
B
A
All
right
so
I
want
to
apologize
to
sugu,
cuz,
actually
I
can't
say
his
name,
but
lights
and
camera.
So
thank
you,
sir,
go
and
don't
send
me
any
hate
email
later.
Alright.
So
next
up
I
want
to
talk
about
another
project
that
is
actually
at
our
incubator
right
now,
it's
linker
D.
What
linker
D
is
this
thing
called
a
service
mesh
and
I'm
not
going
to
go
into
what
a
service
mesh
is,
and
they
have
generously
created.
This
really
amazing
slide,
but
I
actually
want
to
highlight
a
few
things.
A
Is
this
2.7
release
that
is
getting
ready
to
head
up
mutual
TLS
for
all
TCP
traffic?
Encryption
is
good,
and
the
next
item
here
is
mandatory
TLS.
Think
about
this.
Having
encryption
available
is
neat
but
making
it
so
that
it
has
to
be
used,
so
your
developers
can
actually
think
about
your
development
instead
of
security.
All
the
time
is
even
better,
and
next
thing
I
want
to
share
here
is
a
little
bit
of
a
video
that
linker
D
shared
with
me
with
an
update.
A
So
this
is
a
canary
rollout
and
I
was
told
not
to
annotate
this
all
too
much
because
they
wanted
to
show
the
power
of
what
a
canary
roll-out
would
look
like
and
Link
her
deep
and
you'll
notice
that
there's
not
a
lot
of
operations
going
on
here.
So
what
we're
seeing
right
now
is
canary
traffic
and
seeing
that
there
wasn't
a
lot
of
configuration
that
needed
to
happen
to
configure
Canaries.
The
second
piece
was
linker
nap.
D
now
has
access
where
they
are
doing
observability
and
trace
metrics
with
bigger.
A
So
what
we're
going
to
see
here
is
that
link
D
will
create
all
these
tracing
spans
for
you
and
you
do
not
have
to
create
them
yourselves,
so
you
can
actually
see
more
of
what's
going
on
your
application
all
right.
So
next
up
I
want
to
talk
about
a
project
called
helm
and
to
talk
about
helm
today
will
be
Matt
Farina,
so
welcome.
Matt.
C
Thank
You
Bryan
for
those
of
you
unfamiliar
with
helm.
It
provides
package
management
for
kubernetes.
You
can
think
of
it
as
the
aptiom
or
homebrew
for
kubernetes
helm
has
taken
a
rather
unique
path
to
find
its
current
home
in
the
CN
CF.
When
the
CN
CF
launched
in
kubernetes,
joined
as
the
first
project
helm
was
a
sub
project
of
kubernetes
and
came
along
with
it
last
year.
How
am
I
grown
to
the
point?
It
could
become
its
own
CN
CF
project,
and
it
did
at
that
time,
helm
had
more
than
50,000
downloads
a
month.
C
C
According
to
dub
stats,
the
CN
CF
s--
analytics
tool
in
the
past
year,
thousands
have
contributed
to
the
home,
client
and
the
other
helm
projects.
We've
also
had
a
growing
number
of
maintainer
x'
and
an
increasing
company
diversity
among
them
can
I
get
a
round
of
applause
for
the
helm
contributors
without
them.
The
helm
project
wouldn't
be
what
it
is.
C
C
C
These
charts
can
contain
reusable
components
and
can
be
imported
by
other
charts
if
you're
familiar
with
helm
2
and
want
to
learn
about
the
changes
in
helm,
3,
you
might
want
to
check
out
the
helm,
3
deep
dive
tomorrow
as
part
of
the
process
to
release
helm
three
and
work
on
CN
CF,
graduation,
helm,
three
went
through
a
security
audit.
A
security
audit
is
a
requirement
for
graduation
and
the
CN
CF
funds
them
the
help
projects
improve
on
their
security
and
those
of
you
who
are
users
of
the
projects
better
understand
the
project's.
C
We
understand
that
it
takes
time
to
transition.
We
are
entering
the
holiday
season
with
all
the
holiday
shopping
and
right
after
that
is
actually
tax
season,
and
we
know
that
it
takes
some
time
to
change
from
one
version
major
version
to
another,
and
so
we
will
have
a
full
year
support
for
helm.
It's
not
going
away.
The
first
six
months
will
have
security
fix
and
bug
fix.
A
All
right
so
I
always
like
the
helm
project
to
know
that
I
was
like
four
of
those
1
million
downloads,
so
I
want
to
share
it
a
little
bit
in
your
success
all
right.
So
moving
on
another
project
that
has
moved
to
graduate
a
status
recently
is
Jaeger
in
the
Reiser
and
yeah
you
could
be
excited
gaze
at
Jaeger
is
pretty
interesting,
yes,
give
it
up
for
him.
A
A
A
fifth
area
is
of
projects
rotating
around
each
other
and
that's
really
important
to
the
community,
because,
as
we
talked
about
all
these
projects
on
the
stage
today,
we
realized
that
none
of
them
exists
in
an
island
and
we're
all
rotating
around
the
other
ones.
So,
for
my
third
project
that
I
would
like
to
bring
on
today
is
I'm
going
to
bring
up
open
policy
agent,
so
torn
come
up
and
tell
the
world
about
open
policy
agent.
D
All
right,
hi
everybody,
my
name
is
Turin
I'm,
one
of
the
co-creators
of
the
open
policy
agent
and
I'm,
an
engineer
at
styro.
Now
the
reason
that
I
love
to
work
on
the
open
policy
agent
is
because
policy
and
authorization
are
these.
These
fundamental
problems
that
exist
in
the
critical
path,
pretty
much
all
the
software
we
use,
so
whether
you're
talking
about
kubernetes
or
micro
services
or
CI,
CD
or
databases
or
even
Linux
servers.
You
know
policy
is
everywhere,
but
the
problem
is
that
in
the
past,
policy
has
been
very
fragmented
right.
D
Every
single
one
of
these
projects
or
products
has
its
own
way
of
letting
you
express
policy
and
the
problem
with
that
fragmentation
is
that
it
it
results
in.
It
makes
it
really
difficult
for
you
to
gain
any
kind
of
unified
control
or
visibility,
or
even
to
just
understand
the
rules
that
should
be
governing
how
the
system
behaves
and
so
I
think
that
policy
requires
a
rethink,
and
so
that's
why
we
started
the
open
policy
agent
project,
so
the
open
policy
agent
or
OPA
as
we
like
to
call
it,
is
basically
a
tool.
It's
a
it's.
D
So
what
is
open?
It's
a
it's
a
general
purpose
policy
engine
and
what
that
means
is
that
you
can
use
it
you.
Basically,
you
use
it
to
decouple
policy
decision-making
from
policy
enforcement,
so
the
decision-making
happens
inside
of
OPA
based
on
the
policies
and
the
data
that
you've
distributed
to
it,
and
the
enforcement
stays
in
your
software
and
stays
in
your
services.
So
when
your
service
needs
to
make
a
decision,
it
can
query,
OPA
and
open
will
crunch
the
policies
and
send
back
a
decision
to
be
enforced.
D
So
when
you
use
OPA,
what
you're
doing
is
you're
offloading
decision-making
to
a
dedicated
engine
and
make
all
of
that
happen.
We
give
you
a
high-level
declarative
language
to
express
policy
in
and
we
call
that
language
Rago
Rago
is
actually
the
latin
verb
to
rule,
and
so
we
thought
that
was
a
good
name
for
a
policy
language,
but
then
we
found
out
way
after
the
fact
that
it
actually
means
a
car
registration
in
Australia.
So
that
was
a
bit
of
a
mistake,
but
we
have
to
live
with
it.
D
So
when
it
comes
to
actually
using
oppa,
you
kind
of
have
different
options.
You
can
use
it
as
a
library.
You
can
use
it
as
a
daemon,
but
the
way
that
we
think
of
it
is
that
it's
a
basically
a
host
local
cache
for
decision-making.
So
we
recommend
that
you
take
oppa
and
you
run
it
as
close
to
your
software
as
possible,
ideally
on
the
same
machine
now.
D
Obviously,
if
you
have
all
these
opens
running
around
in
your
infrastructure,
you
need
some
way
to
manage
them,
and
so
open
exposes
API
is
to
do
things
like
distribute
policies
and
collect
decision
logs
for
auditing
and
so
on,
and
then,
of
course,
open
bodies.
This
idea
of
policy
is
code,
so
it
comes
with
a
rich
tool
chain
to
help
you
build
test
and
debug
your
policies.
D
Now,
every
time
I
come
to
coop
con
I
get
really
excited
because,
as
a
maintainer
I
get
to
hear
about
all
these
people
that
are
using
this
project,
and
so
in
fact,
yesterday
we
held
our
first
ever
open
summit,
which
was
a
great
event.
We
had
over
100
attendees
and
we
got
to
learn
about
how
all
these
different
companies
are
using
open
for
a
variety
of
different
use
cases.
So
we
heard
from
folks
at
Pinterest
about
how
they
use
open
to
secure
their
coffee
clusters.
D
So
OPA
gives
you
this
building
block
that
you
can
use
to
decouple
decision
making
from
enforcement
and
a
lot
of
the
time.
What
this
boils
down
to
is
plugging
into
extension
mechanisms
in
these
different
kind
of
projects
right
so
in
kubernetes
a
lot
of
the
time
this
is
this
is
admission
control
and
in
Envoy
it's
it's
it's.
It's
called
external
authorization
and
as
projects
mature,
they
tend
to
add
in
these
kinds
of
extensibility
mechanisms.
Now
there's
another
piece
of
general
purpose:
technology,
that's
emerging!
That
really
is
good.
D
That
I
think
is
going
to
have
a
huge
impact
on
extensibility
and
on
programmability
into
the
cloud
native
ecosystem
and
that
technology
is
called
web
assembly.
So
I
don't
have
enough
time
to
go
into
detail
here,
but
in
the
last
year,
or
so,
we've
seen
web
assembly
become
adopted
by
all
kinds
of
different
products
and
companies
and
projects
so
CD
ends
like
fastly
and
CloudFlare
have
given
you
the
ability
to
run
webassembly
compiled
workloads
on
their
networks.
D
Envoy
is
added
webassembly
based
filters
to
the
proxy.
You
can
even
run
custom
database,
built-in
functions
and
databases
like
Postgres,
so
I
think
that
what
we're
seeing
is
basically
an
emergence
of
you,
know,
a
standard
execution
environment,
for
you
know
arbitrary
code
and
so
I'm
super
excited
to
announce
that
in
the
latest
release
of
OPA,
you
can
actually
take
any
OPA
policy
expressed
in
Rago,
compile
it
into
web
assembly
and
then
run
it
in
any
of
those
runtimes.
D
A
All
right,
so
the
next
project
I
would
like
to
highlight
today
is
if
you've
ever
looked
at
or
smelled
that
kubernetes
you've
heard
of
this
thing
called
Etsy
D,
and
what
I
would
like
to
highlight
what
Etsy
D
is.
It
was
a
release
that
was
maybe
over
a
month
ago,
where
the
team
that
actually
works,
one
at
C
D,
has
been
able
to
scale
it
up
where
they
can
have
5,000
node
clusters,
and
you
know
coming
from
the
world
where
you
know
coming
from
the
cloud
world.
A
5,000
servers,
that's
not
too
many,
but
if
you're
actually
thinking
that
these
are
5,000
node
kubernetes
clusters
that
are
operating
at
scale,
you
know
that's
quite
a
feat
and
if
you've
ever
tried
to
install
at
C
D
from
the
beginning
days
back
when
it
was
at
CD
1
and
the
transition
at
cb2,
you
can
see
how
far
the
project
has
come.
So
I
definitely
wanted
to
highlight
at
C,
D
and
I
update
today
and
the
final
project.
A
That
I
would
like
to
highlight:
there's
not
a
lot
of
words
on
here
and
there's
actually
a
reason
we
like
to
talk
about
software.
How
many
of
us
are
software
developers?
We
write
software
for
living
in
here,
right
notice,
that
that
was
not
everybody.
There
are
people
that
contribute
to
our
community
through
ways
that
aren't
just
software
and
cloud
it
Vince
is
actually
one
of
these.
What
crowded
bins
is
it's
a
specification
for
sending
events,
and
you
know
just
on
the
surface
you're
saying
well.
Why
is
that
important?
A
Well,
the
thing
is
if
I
just
started
speaking
Greek
right
now,
I'm
there's
8,000
people
in
here.
Someone
here
probably
speaks
Greek,
but
if
I
went
into
a
patois
or
if
I
went
into
just
gobbledygook,
no
one
will
be
able
to
understand
so
being
able
to
understand
a
language
and
having
a
specification
for
that.
A
Language
is
a
great
idea,
so
I
have
to
commend
the
cloud
events
project
for
actually
going
through
and
doing
the
thing
that
all
of
us
developers
like
to
do
the
most
aka
documentation
so
just
wanted
to
give
them
a
shout
out
just
to
say
that
the
CNC
F
is
more
than
just
software.
The
CNC
F
is
more
than
just
picking
winners.
A
The
CS
CF
is
about
picking
is
about
cultivating
an
ecosystem
that
we
can
all
work
within
and
I
will
go
into
this
more
it's
on
Thursday,
when
I'm
actually
allowed
to
Brants,
but
I
will
say
that
I
love,
seeing
projects
like
this
succeed
and
have
uptake
so
with
that
I
would
like
to
end
our
CN
CF
project,
update
and
I.
Think
Vicki's
gonna
come
right
back.