10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Advanced Network Capability for NFV on Kubernetes - Ashish Billore, Samsung Electronics & 박종한, Samsung
Kubernetes is becoming the choice of platform for containerized applications.
Applications benefit from the built in capabilities of managing and orchestrating container lifecycle at scale.
Telco and NFV usecases, especially for 5G, too are looking to benefit from these capability of kubernetes.
However, usecases for Telco and NFV containerized applications require advanced networking capabilities for user-plane or the data path.
In this session we’ll cover some of these advanced networking requirements and how some of these are fulfilled using various kubernetes capabilities while others are being adopted from some of the existing options such as Neutron (OpenStack networking project).
Session also goes over the challenges and future directions.
Advanced Network Capability for NFV on Kubernetes - Ashish Billore, Samsung Electronics & 박종한, Samsung
Kubernetes is becoming the choice of platform for containerized applications.
Applications benefit from the built in capabilities of managing and orchestrating container lifecycle at scale.
Telco and NFV usecases, especially for 5G, too are looking to benefit from these capability of kubernetes.
However, usecases for Telco and NFV containerized applications require advanced networking capabilities for user-plane or the data path.
In this session we’ll cover some of these advanced networking requirements and how some of these are fulfilled using various kubernetes capabilities while others are being adopted from some of the existing options such as Neutron (OpenStack networking project).
Session also goes over the challenges and future directions.
- 2 participants
- 26 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Adventures in Production with GitOps, Secure Pipelines and Compliance - Brandon Lum, IBM & Ricardo Aravena, Rakuten
In the last two years, Kubernetes GitOps has become more common in many organizations helping them enhance their software CI/CD by removing manual commands and keeping release versions consistent. However, there are still some gaps when it comes to security and compliance technologies.
We will go over some of the most popular open-source tools for GitOps, container images scanning, encryption and signing tools and how they work together. Among them, Flux, Scaffold, Ignite, Aqua scanner, in-toto, and Grafeas. In addition, we will talk about incorporating compliance into DevSecOps pipelines and explore the importance of application specifications such as CNAB.
In the end, the audience will understand how to create a container software pipeline in a fully automated, encrypted and secure way with Kubernetes in production environments, with compliance built-in.
Adventures in Production with GitOps, Secure Pipelines and Compliance - Brandon Lum, IBM & Ricardo Aravena, Rakuten
In the last two years, Kubernetes GitOps has become more common in many organizations helping them enhance their software CI/CD by removing manual commands and keeping release versions consistent. However, there are still some gaps when it comes to security and compliance technologies.
We will go over some of the most popular open-source tools for GitOps, container images scanning, encryption and signing tools and how they work together. Among them, Flux, Scaffold, Ignite, Aqua scanner, in-toto, and Grafeas. In addition, we will talk about incorporating compliance into DevSecOps pipelines and explore the importance of application specifications such as CNAB.
In the end, the audience will understand how to create a container software pipeline in a fully automated, encrypted and secure way with Kubernetes in production environments, with compliance built-in.
- 3 participants
- 30 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Filling the Gaps in Kubernetes Test Coverage - Hippie Hacker, ii.coop
Are the Kubernetes behaviors your applications actually require well tested and guaranteed to be available on all cloud providers?
In this session, you will learn how to ensure your Kubernetes API surface area usage is exercised by tests all Kubernetes Certified Service Providers must pass.
We will cover:
- the e2e test suite
- automation that runs the suite before code is merged into Kubernetes.
- the API surface area covered by these tests
- the API surface area required by several popular applications.
- Identifying the untested API surface area your applications require
- Contributing tests that increase API surface coverage
- Promoting tests to Conformance
Filling the Gaps in Kubernetes Test Coverage - Hippie Hacker, ii.coop
Are the Kubernetes behaviors your applications actually require well tested and guaranteed to be available on all cloud providers?
In this session, you will learn how to ensure your Kubernetes API surface area usage is exercised by tests all Kubernetes Certified Service Providers must pass.
We will cover:
- the e2e test suite
- automation that runs the suite before code is merged into Kubernetes.
- the API surface area covered by these tests
- the API surface area required by several popular applications.
- Identifying the untested API surface area your applications require
- Contributing tests that increase API surface coverage
- Promoting tests to Conformance
- 1 participant
- 21 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Getting Involved in Kubernetes SIG Docs and Korean Localization - Seokho Son, Electronics and Telecommunications Research Institute (ETRI) & Ian Choi, Microsoft
Kubernetes documentation and localization are vital parts of Kubernetes community. High-quality documentation helps people start to use Kubernetes and keep using it properly, and localization is an essential activity to spread Kubernetes to people who are not familiar with English. Kubernetes SIG Docs (Docs Special Interest Group) supports localization for various languages, and Korean localization team is one of the active localization teams in SIG Docs.
In this presentation, Seokho Son and Ian Choi will introduce Kubernetes SIG Docs and remark the importance of documentation and localization in the community, introduce the Korean localization team with the current status and progress, and show you the contribution procedure and a way to get involved in. Anyone is welcome to file issues about content and to open a pull request. You may also become a member, reviewer, or approver.
Getting Involved in Kubernetes SIG Docs and Korean Localization - Seokho Son, Electronics and Telecommunications Research Institute (ETRI) & Ian Choi, Microsoft
Kubernetes documentation and localization are vital parts of Kubernetes community. High-quality documentation helps people start to use Kubernetes and keep using it properly, and localization is an essential activity to spread Kubernetes to people who are not familiar with English. Kubernetes SIG Docs (Docs Special Interest Group) supports localization for various languages, and Korean localization team is one of the active localization teams in SIG Docs.
In this presentation, Seokho Son and Ian Choi will introduce Kubernetes SIG Docs and remark the importance of documentation and localization in the community, introduce the Korean localization team with the current status and progress, and show you the contribution procedure and a way to get involved in. Anyone is welcome to file issues about content and to open a pull request. You may also become a member, reviewer, or approver.
- 2 participants
- 26 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
How to Debug the Pod Which is Hard to Debug - Eohyung Lee, Kakao Enterprise
When using Kubernetes, users face a variety of problems. The most diverse of these problems occurs in pods. So users need to know how to debug pods.
Of course, the start of debugging a pod is taking a look at it's status and logs and events. But, in most case, this is not enough. So the users want to get the shell from a pod and test it by reproducing the same situation as the problem. But there are pods that are impossible to get the shell such as scratch image.
So this session will introduce various techniques for debugging pods with minimal or no modification workloads.
In particular, the following cases will be explained.
* debugging docker, containerd pod
* debugging pod using host informations, tools
* debugging pod in crashloopback status
* debugging pod based scratch image
* debugging readonly disk pods
How to Debug the Pod Which is Hard to Debug - Eohyung Lee, Kakao Enterprise
When using Kubernetes, users face a variety of problems. The most diverse of these problems occurs in pods. So users need to know how to debug pods.
Of course, the start of debugging a pod is taking a look at it's status and logs and events. But, in most case, this is not enough. So the users want to get the shell from a pod and test it by reproducing the same situation as the problem. But there are pods that are impossible to get the shell such as scratch image.
So this session will introduce various techniques for debugging pods with minimal or no modification workloads.
In particular, the following cases will be explained.
* debugging docker, containerd pod
* debugging pod using host informations, tools
* debugging pod in crashloopback status
* debugging pod based scratch image
* debugging readonly disk pods
- 1 participant
- 26 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Improving Monitoring Systems Interoperability with Prometheus & OpenMetrics - Chan Shik Lim, NexCloud
Prometheus is the top-listed monitoring technology in use for container clusters whilst enterprises are taking their legacy IT infrastructure the cloud native environments such as Kubernetes. Prometheus collects and stores the metrics that are preset in exposition formats that it makes the container cluster monitoring feasible by exporting the metrics data in exposition format regardless of OS and programming languages.
The OpenMetrics Project is in progress in an effort to further extend the Prometheus exposition format by determining a standard for exposing metrics data, and is aimed at allowing heterogeneous monitoring systems to share data effortlessly as a means to improving interoperability. In this presentation, ChanShik will cover the methodology of improving Prometheus-based monitoring systems by taking advantage of OpenMetrics-based standard metrics protocol.
Improving Monitoring Systems Interoperability with Prometheus & OpenMetrics - Chan Shik Lim, NexCloud
Prometheus is the top-listed monitoring technology in use for container clusters whilst enterprises are taking their legacy IT infrastructure the cloud native environments such as Kubernetes. Prometheus collects and stores the metrics that are preset in exposition formats that it makes the container cluster monitoring feasible by exporting the metrics data in exposition format regardless of OS and programming languages.
The OpenMetrics Project is in progress in an effort to further extend the Prometheus exposition format by determining a standard for exposing metrics data, and is aimed at allowing heterogeneous monitoring systems to share data effortlessly as a means to improving interoperability. In this presentation, ChanShik will cover the methodology of improving Prometheus-based monitoring systems by taking advantage of OpenMetrics-based standard metrics protocol.
- 1 participant
- 21 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Keynote: Getting to Know Helm 3 - Matt Farina, Senior Staff Engineer, Samsung SDS
Helm version 3 was recently released with new features and a new architecture to support those features. The changes to Helm and charts were based on feedback, changes to Kubernetes, and lessons learned in the past couple years. In this session you will learn:
• New features you can leverage in charts
• The new Helm client security model
• How using the command line has changed
• Where the architecture has changed to support new features going forward
• Some insight into upcoming features including an experimental feature available today
Keynote: Getting to Know Helm 3 - Matt Farina, Senior Staff Engineer, Samsung SDS
Helm version 3 was recently released with new features and a new architecture to support those features. The changes to Helm and charts were based on feedback, changes to Kubernetes, and lessons learned in the past couple years. In this session you will learn:
• New features you can leverage in charts
• The new Helm client security model
• How using the command line has changed
• Where the architecture has changed to support new features going forward
• Some insight into upcoming features including an experimental feature available today
- 1 participant
- 12 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Keynote: Hiding in the Dark - Dan Kohn, Executive Director, Cloud Native Computing Foundation
What can Minecraft teach us about the adoption of cloud native technologies?
Keynote: Hiding in the Dark - Dan Kohn, Executive Director, Cloud Native Computing Foundation
What can Minecraft teach us about the adoption of cloud native technologies?
- 1 participant
- 8 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Keynote: Kubeflow Endoscopy - Hong Seok Hwan, CEO, Dudaji, Inc.
They are a medical AI team. It consists of doctor and S/W engineer. They are actively working on AI projects, including publishing the topic ""Reading gastric endoscopic gastric cancer"" in the journal Endoscopy. This group is interested in doing AI research efficiently. The group is doing AI research with Kubeflow and Katib this year and seeing great results. They share their experiences in this session and cover the following:
(1) Basic knowledge of Hyper parameter tuning
(2) Kubeflow and Katib basic knowledge
(3) Pros and Cons of Hyperparameter Tuning Library
(4) Kubernetes and Kubeflow at the Medical AI Center
(5) Kubeflow and Katib use cases
In this session, the audience will learn how Kubeflow and Katib have been applied to real-world research. If an institute that is doing AI projects inefficiently is looking for an efficient platform, it can be the best starting point.
Keynote: Kubeflow Endoscopy - Hong Seok Hwan, CEO, Dudaji, Inc.
They are a medical AI team. It consists of doctor and S/W engineer. They are actively working on AI projects, including publishing the topic ""Reading gastric endoscopic gastric cancer"" in the journal Endoscopy. This group is interested in doing AI research efficiently. The group is doing AI research with Kubeflow and Katib this year and seeing great results. They share their experiences in this session and cover the following:
(1) Basic knowledge of Hyper parameter tuning
(2) Kubeflow and Katib basic knowledge
(3) Pros and Cons of Hyperparameter Tuning Library
(4) Kubernetes and Kubeflow at the Medical AI Center
(5) Kubeflow and Katib use cases
In this session, the audience will learn how Kubeflow and Katib have been applied to real-world research. If an institute that is doing AI projects inefficiently is looking for an efficient platform, it can be the best starting point.
- 1 participant
- 10 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Keynote: Kubernetes and Cloud Native: The Past, Present, and Future - Cheryl Hung, Director of Ecosystem, Linux Foundation
Google started using Borg as its internal workload manager in 2003. In 2014, Google introduced Kubernetes as an open source container orchestration platform that leveraged what it had learned from Borg. Now it is one of the world’s most popular open source projects, used by more than 71% of Fortune 100 companies.
Cheryl Hung, Director of Ecosystem at the Cloud Native Computing Foundation, will present how and why the Kubernetes community has grown to its present state, the role of the CNCF as a neutral home, and where we might go next.
Keynote: Kubernetes and Cloud Native: The Past, Present, and Future - Cheryl Hung, Director of Ecosystem, Linux Foundation
Google started using Borg as its internal workload manager in 2003. In 2014, Google introduced Kubernetes as an open source container orchestration platform that leveraged what it had learned from Borg. Now it is one of the world’s most popular open source projects, used by more than 71% of Fortune 100 companies.
Cheryl Hung, Director of Ecosystem at the Cloud Native Computing Foundation, will present how and why the Kubernetes community has grown to its present state, the role of the CNCF as a neutral home, and where we might go next.
- 1 participant
- 8 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Keynote: Multicluster Strategies to “Kubernetify” Legacy Apps - Sai Vennam, Developer Advocate, IBM
Container-based application architectures powered by Kubernetes have seen large-scale adoption and have become the industry standard for developing new cloud-native applications. However, the overwhelming majority have existing legacy applications they need to modernize, while also innovating with the latest and greatest cloud-native technologies.
A standard pattern for modernization is to leverage a hybrid or multi-cluster approach, easing the path to the cloud by integrating your apps running anywhere: on-prem, private and public clouds. In this talk, I’ll outline key modernization strategies using multi-cluster Kubernetes, and service mesh capabilities with Istio. Then we’ll dive into a real-world demo, where we'll “kubernetify” a sample legacy application and integrate it with services across multiple clusters, all while maintaining a stack based on open-source technologies.
Keynote: Multicluster Strategies to “Kubernetify” Legacy Apps - Sai Vennam, Developer Advocate, IBM
Container-based application architectures powered by Kubernetes have seen large-scale adoption and have become the industry standard for developing new cloud-native applications. However, the overwhelming majority have existing legacy applications they need to modernize, while also innovating with the latest and greatest cloud-native technologies.
A standard pattern for modernization is to leverage a hybrid or multi-cluster approach, easing the path to the cloud by integrating your apps running anywhere: on-prem, private and public clouds. In this talk, I’ll outline key modernization strategies using multi-cluster Kubernetes, and service mesh capabilities with Istio. Then we’ll dive into a real-world demo, where we'll “kubernetify” a sample legacy application and integrate it with services across multiple clusters, all while maintaining a stack based on open-source technologies.
- 1 participant
- 11 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Keynote: Security and the OODA Loop - Liz Rice, Technology Evangelist, Aqua Security
Keynote: Security and the OODA Loop - Liz Rice, Technology Evangelist, Aqua Security
- 1 participant
- 11 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Kubernetes Scalability: Federation & Cluster API - Katie Gamanji, Condé Nast International
In the past years, Kubernetes has been the nucleus of container orchestration frameworks. With the growing number of microservices in a cluster, scalability is one of the core pillars for a fault-tolerant application. Additionally, from a technological landscape standpoint, the cloud platform teams are highly focused on delivering scalable, reliable and highly available platforms. Scalability on the Kubernetes clusters can be approached on the application level and cluster level. While the application level scaling techniques (e.g. HPA and VPA) are widely used, Federation v2 and Cluster API are emerging tools that still prove their worth in a production setup.
Kubernetes Scalability: Federation & Cluster API - Katie Gamanji, Condé Nast International
In the past years, Kubernetes has been the nucleus of container orchestration frameworks. With the growing number of microservices in a cluster, scalability is one of the core pillars for a fault-tolerant application. Additionally, from a technological landscape standpoint, the cloud platform teams are highly focused on delivering scalable, reliable and highly available platforms. Scalability on the Kubernetes clusters can be approached on the application level and cluster level. While the application level scaling techniques (e.g. HPA and VPA) are widely used, Federation v2 and Cluster API are emerging tools that still prove their worth in a production setup.
- 1 participant
- 38 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Kubernetes Security Best Practices - Ian Lewis, Google
Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different that security isolation. How do we make applications deployed in containers more secure? What tools can be we apply to our containers running in Kubernetes to make them more secure? How can we apply policy to our network and services to make sure applications only have access to what they need and nothing more?
In this talk, attendees will learn about the risks and attack surfaces of a Kubernetes cluster. s-We'll look at tools like PodSecurityPolicy, SELinux, AppArmor, seccomp, and sandboxed containers in action to improve the security of containers. We’ll then go up the stack and learn how to apply network policy to containers to further improve security.
Kubernetes Security Best Practices - Ian Lewis, Google
Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different that security isolation. How do we make applications deployed in containers more secure? What tools can be we apply to our containers running in Kubernetes to make them more secure? How can we apply policy to our network and services to make sure applications only have access to what they need and nothing more?
In this talk, attendees will learn about the risks and attack surfaces of a Kubernetes cluster. s-We'll look at tools like PodSecurityPolicy, SELinux, AppArmor, seccomp, and sandboxed containers in action to improve the security of containers. We’ll then go up the stack and learn how to apply network policy to containers to further improve security.
- 1 participant
- 29 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
OCI, CRI, ??: Making Sense of the Container Runtime Landscape in Kubernetes - Phil Estes, IBM
You've probably heard about the OCI—a standardization effort to share a common definition for container runtime, image, and image distribution. Add to that the CRI (container runtime interface) in Kubernetes—designed to abstract the container runtime from the kubelet—and you may start to wonder what all these standards and interfaces mean for you in a Kubernetes world.
As of this year, a long list of runtimes, including CNCF projects containerd and cri-o, all implement the CRI. But did you know there are quite a few others? The unique number of CRI combinations is growing, all of which use the common OCI definitions for runtime and image interoperability.
But how would you decide which container runtime is right for you? Clearly each one has tradeoffs. This talk will help describe the current landscape and give you details on the why and how of each CRI implementation available today.
OCI, CRI, ??: Making Sense of the Container Runtime Landscape in Kubernetes - Phil Estes, IBM
You've probably heard about the OCI—a standardization effort to share a common definition for container runtime, image, and image distribution. Add to that the CRI (container runtime interface) in Kubernetes—designed to abstract the container runtime from the kubelet—and you may start to wonder what all these standards and interfaces mean for you in a Kubernetes world.
As of this year, a long list of runtimes, including CNCF projects containerd and cri-o, all implement the CRI. But did you know there are quite a few others? The unique number of CRI combinations is growing, all of which use the common OCI definitions for runtime and image interoperability.
But how would you decide which container runtime is right for you? Clearly each one has tradeoffs. This talk will help describe the current landscape and give you details on the why and how of each CRI implementation available today.
- 1 participant
- 24 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Policing Your Kubernetes Clusters with Open Policy Agent (OPA) - Mark Puddick & Amith Nambiar, Pivotal
Open Policy Agent (CNCF project) is a full-featured policy engine that offloads policy decisions from your Kubernetes cluster to an external service.
Policies are essential to the long-term success of an organization, because they encode important knowledge about how to comply with legal requirements, avoid repeating mistakes, and so on.
For example, a custom policy could be that developers are ONLY allowed to reference container images in their Deployments from your own Private registry. Other could be , Developers must have certain labels be present in all deployment definitions identifying the business unit to chargeback to.
Join us as we take you through configuring and deploying custom policies using the Open Policy Agent. We will cover some common policies used in enterprises and walk you through how to implement them in OPA using Rego. Rego is OPA’s native query language.
Policing Your Kubernetes Clusters with Open Policy Agent (OPA) - Mark Puddick & Amith Nambiar, Pivotal
Open Policy Agent (CNCF project) is a full-featured policy engine that offloads policy decisions from your Kubernetes cluster to an external service.
Policies are essential to the long-term success of an organization, because they encode important knowledge about how to comply with legal requirements, avoid repeating mistakes, and so on.
For example, a custom policy could be that developers are ONLY allowed to reference container images in their Deployments from your own Private registry. Other could be , Developers must have certain labels be present in all deployment definitions identifying the business unit to chargeback to.
Join us as we take you through configuring and deploying custom policies using the Open Policy Agent. We will cover some common policies used in enterprises and walk you through how to implement them in OPA using Rego. Rego is OPA’s native query language.
- 2 participants
- 25 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Re-architecting Data Platform with Spark on Kubernetes - SeungYong Oh, Devsisters
Since last year, many data platform projects including Apache Spark began to support the Kubernetes environment. What differentiates the Kubernetes environment and motivates engineers to use it over the existing environments? Should we move to Kubernetes environment while everything works well even now?
The talk will discuss Devsisters' journey of migrating its internal data platform including Spark to Kubernetes. During the process, we found out that migrating to the Kubernetes environment actually involved re-architecting our data platform, which lead to huge benefits including enhancing user experiences and collaboration workflows. The process and outcome of our journey will be shared in detail, along with an overview of the current technology status and its details.
Re-architecting Data Platform with Spark on Kubernetes - SeungYong Oh, Devsisters
Since last year, many data platform projects including Apache Spark began to support the Kubernetes environment. What differentiates the Kubernetes environment and motivates engineers to use it over the existing environments? Should we move to Kubernetes environment while everything works well even now?
The talk will discuss Devsisters' journey of migrating its internal data platform including Spark to Kubernetes. During the process, we found out that migrating to the Kubernetes environment actually involved re-architecting our data platform, which lead to huge benefits including enhancing user experiences and collaboration workflows. The process and outcome of our journey will be shared in detail, along with an overview of the current technology status and its details.
- 1 participant
- 26 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Running gRPC Services for Serving Legacy RESTful API on Kubernetes - Sungwon Lee & Hoseong Hwang, Buzzvil
gRPC is best suited for microservice communication. gRPC is fast, clear and powerful. It is an excellent alternative to address the verbose client problem when architecting a microservice infrastructure.
But the legacy environment is always a big hurdle for changes. You must support existing clients that only understand RESTful HTTP API. In other cases, you need to provide RESTful APIs to the outside world. This session suggests solutions to resolve these problems.
The session covers:
- Why the team chose gRPC as the inter-service communication protocol while moving from a monolith to microservices and the challenges they faced.
- How they leveraged Istio to support RESTful APIs using gRPC servers without additional development.
- How they set up CI/CD to deliver API changes (including legacy API) using Helm and Spinnaker.
- What they have learned through it and future improvements.
Running gRPC Services for Serving Legacy RESTful API on Kubernetes - Sungwon Lee & Hoseong Hwang, Buzzvil
gRPC is best suited for microservice communication. gRPC is fast, clear and powerful. It is an excellent alternative to address the verbose client problem when architecting a microservice infrastructure.
But the legacy environment is always a big hurdle for changes. You must support existing clients that only understand RESTful HTTP API. In other cases, you need to provide RESTful APIs to the outside world. This session suggests solutions to resolve these problems.
The session covers:
- Why the team chose gRPC as the inter-service communication protocol while moving from a monolith to microservices and the challenges they faced.
- How they leveraged Istio to support RESTful APIs using gRPC servers without additional development.
- How they set up CI/CD to deliver API changes (including legacy API) using Helm and Spinnaker.
- What they have learned through it and future improvements.
- 2 participants
- 23 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Smooth Operator - A Rough Guide to Kubernetes Operators - Olive Power, VMware
Kubernetes Operators are key to the automation of complex containerised applications. They facilitate the encoding of post deployment configuration information into Kubernetes primitives. This means operational tasks like installation and configuration (day 1), update, reconfiguration and failover (day 2), can exist as software inside Kubernetes, with integration into the Kubernetes API. This integration makes these applications Kubernetes-native. In this talk we will discuss the genesis and evolution of Kubernetes Operators. In addition, we will discuss their use in some common complex applications being orchestrated by Kubernetes today. Finally, we will touch on the process of building an Operator and how that process pathway looks. Kubernetes Operators take the rough edges off a complex application, enabling smooth automation!
Smooth Operator - A Rough Guide to Kubernetes Operators - Olive Power, VMware
Kubernetes Operators are key to the automation of complex containerised applications. They facilitate the encoding of post deployment configuration information into Kubernetes primitives. This means operational tasks like installation and configuration (day 1), update, reconfiguration and failover (day 2), can exist as software inside Kubernetes, with integration into the Kubernetes API. This integration makes these applications Kubernetes-native. In this talk we will discuss the genesis and evolution of Kubernetes Operators. In addition, we will discuss their use in some common complex applications being orchestrated by Kubernetes today. Finally, we will touch on the process of building an Operator and how that process pathway looks. Kubernetes Operators take the rough edges off a complex application, enabling smooth automation!
- 1 participant
- 20 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
The Secret Recipe of etcd - Junho Son, Line Plus
etcd is the heart of a kubernetes cluster.
However, most kubernetes endusers don't care much until the problem occurs.
And as the cluster grows, etcd sends small signals for changing configuration.
In order to detect the signal in advance and configure etcd for the state of the cluster, it is necessary to understand etcd.
In this session, He will talk about how etcd works and monitors, etcd tunning points for cluster conditions, and what user need to do to ensure stable operation.
Presenter Son Junho studied kubernetes at NCSOFT and built and operated a large cluster for web services.
Currently, He is developing and operating a cloud native app deployment service on a kubernetes cluster called Nucleo at Line Plus. He is studying the knowledge of what is needed to run a large kubernetes cluster.
The Secret Recipe of etcd - Junho Son, Line Plus
etcd is the heart of a kubernetes cluster.
However, most kubernetes endusers don't care much until the problem occurs.
And as the cluster grows, etcd sends small signals for changing configuration.
In order to detect the signal in advance and configure etcd for the state of the cluster, it is necessary to understand etcd.
In this session, He will talk about how etcd works and monitors, etcd tunning points for cluster conditions, and what user need to do to ensure stable operation.
Presenter Son Junho studied kubernetes at NCSOFT and built and operated a large cluster for web services.
Currently, He is developing and operating a cloud native app deployment service on a kubernetes cluster called Nucleo at Line Plus. He is studying the knowledge of what is needed to run a large kubernetes cluster.
- 2 participants
- 23 minutes
10 Dec 2019
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Understanding the Cluster-API Structure Through the Openstack Provider - Jaesang Lee & Esther Kim, SK Telecom
The Cluster API is a Kubernetes project to bring declarative, Kubernetes-style APIs to cluster creation, configuration, and management. It provides optional, additive functionality on top of core Kubernetes. The Cluster API allows us to automate the deployment of Kubernetes
in a more advanced way. In this session, we'll use the CAPO(Cluster-API Provider OpenStack) to build Kubernetes on OpenStack VMs and learn about how Cluster-API works and how to implement it.
Understanding the Cluster-API Structure Through the Openstack Provider - Jaesang Lee & Esther Kim, SK Telecom
The Cluster API is a Kubernetes project to bring declarative, Kubernetes-style APIs to cluster creation, configuration, and management. It provides optional, additive functionality on top of core Kubernetes. The Cluster API allows us to automate the deployment of Kubernetes
in a more advanced way. In this session, we'll use the CAPO(Cluster-API Provider OpenStack) to build Kubernetes on OpenStack VMs and learn about how Cluster-API works and how to implement it.
- 2 participants
- 36 minutes