Kubernetes is designed to be an extensible system. But what is the vision for Kubernetes Extensibility? Do you know the difference between webhooks and cloud providers, or between CRI, CSI, and CNI? In this talk we will explore what extension points exist, how they have evolved, and how to use them to make the system do new and interesting things. We’ll give our vision for how they will probably evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build with them.
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
Follow along in this free workshop and experience GitOps!
AGENDA:
Welcome - Tamao Nakahara, Head of DX (Weaveworks)
Introduction to Kubernetes & GitOps - Mark Emeis, Principal Engineer (Weaveworks)
Weave Gitops Overview - Tamao Nakahara
Free Gitops Workshop - David Harris, Product Manager (Weaveworks)
If you're new to Kubernetes and GitOps, we'll give you a brief introduction to both and how GitOps is the natural evolution of Kubernetes.
Weave GitOps Core is a continuous delivery product to run apps in any Kubernetes. It is free and open source, and you can get started today!
https://www.weave.works/product/gitops-core
If you’re stuck, also come talk to us at our Slack channel! #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
GitOps è un nuovo metodo di CD che utilizza Git come unica fonte di verità per le applicazioni e per l'infrastruttura (declarative infrastructure/infrastructure as code), fornendo sia il controllo delle revisioni che il controllo delle modifiche. In questo talk vedremo come implementare workflow di CI/CD Gitops basati su Kubernetes, dalla teoria alla pratica passando in rassegna i principali strumenti oggi a disposizione come ArgoCD, Flux (aka Gitops engine) e JenkinsX
These are the slides for a talk/workshop delivered to the Cloud Native Wales user group (@CloudNativeWal) on 2019-01-10.
In these slides, we go over some principles of gitops and a hands on session to apply these to manage a microservice.
You can find out more about GitOps online https://www.weave.works/technologies/gitops/
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
Follow along in this free workshop and experience GitOps!
AGENDA:
Welcome - Tamao Nakahara, Head of DX (Weaveworks)
Introduction to Kubernetes & GitOps - Mark Emeis, Principal Engineer (Weaveworks)
Weave Gitops Overview - Tamao Nakahara
Free Gitops Workshop - David Harris, Product Manager (Weaveworks)
If you're new to Kubernetes and GitOps, we'll give you a brief introduction to both and how GitOps is the natural evolution of Kubernetes.
Weave GitOps Core is a continuous delivery product to run apps in any Kubernetes. It is free and open source, and you can get started today!
https://www.weave.works/product/gitops-core
If you’re stuck, also come talk to us at our Slack channel! #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
GitOps è un nuovo metodo di CD che utilizza Git come unica fonte di verità per le applicazioni e per l'infrastruttura (declarative infrastructure/infrastructure as code), fornendo sia il controllo delle revisioni che il controllo delle modifiche. In questo talk vedremo come implementare workflow di CI/CD Gitops basati su Kubernetes, dalla teoria alla pratica passando in rassegna i principali strumenti oggi a disposizione come ArgoCD, Flux (aka Gitops engine) e JenkinsX
These are the slides for a talk/workshop delivered to the Cloud Native Wales user group (@CloudNativeWal) on 2019-01-10.
In these slides, we go over some principles of gitops and a hands on session to apply these to manage a microservice.
You can find out more about GitOps online https://www.weave.works/technologies/gitops/
Docker Kubernetes Istio
Understanding Docker and creating containers.
Container Orchestration based on Kubernetes
Blue Green Deployment, AB Testing, Canary Deployment, Traffic Rules based on Istio
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
http://sched.co/EaYe
Until recently, running `docker build` against Dockerfile had been the only way to build container images.
However, lots of opensource software are being proposed as successors/alternatives to `docker build`:
- BuildKit (Moby Project / Docker)
- img (Jessica Frazelle / Microsoft)
- Buildah (Project Atomic / Red Hat)
- umoci & Orca (SUSE)
- Bazel (Google)
- OpenShift S2I (Red Hat)
Akihiro Suda compares these new tools' advantages and disadvantages.
His evaluation basis would include but not be limited to:
- Performance (Cache efficiency, Concurrency, Distributed Execution)
- Secret management, e.g. SSH and AWS keys
- Support for non-Dockerfile
- Non-root execution
- UI & UX
- Governance of the community
He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.
This talk discusses the core concepts behind the Kubernetes extensibility model. We are going to see how to implement new CRDs, operators and when to use them to automate the most critical aspects of your Kubernetes clusters.
Helm version 3 was recently released with new features and a new architecture to support those features. The changes to Helm and charts were based on feedback, changes to Kubernetes, and lessons learned in the past couple years.
Presented at GDG Devfest Ukraine 2018.
Prometheus has become the defacto monitoring system for cloud native applications, with systems like Kubernetes and Etcd natively exposing Prometheus metrics. In this talk Tom will explore all the moving part for a working Prometheus-on-Kubernetes monitoring system, including kube-state-metrics, node-exporter, cAdvisor and Grafana. You will learn about the various methods for getting to a working setup: the manual approach, using CoreOS’s Prometheus Operator, or using Prometheus Ksonnet Mixin. Tom will also share some little tips and tricks for getting the most out of your Prometheus monitoring, including the common pitfalls and what you should be alerting on.
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
The Kubernetes API provides a number of proven patterns to build distributed systems. More and more 3rd-party components are built on-top of Kubernetes and these patterns, providing their own resources stored in the cluster. In this presentation we will discuss CustomResourcesDefinitions and how they can extend the Kubernetes API in a quasi-native way. We look at the features, limits and their future.
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
Google DevFest2019 Presentation at Infosys Campus Bangalore. Application deployment in Kubernetes with Helm is demo'ed in Google Kubernetes Engine (GKE). This is an introductory session on Helm. Several references are given in it to further explore helm3 as it is in Beta state now.
Effective Building your Platform with Kubernetes == Keep it Simple Wojciech Barczyński
Effective Kubernetes is a continuous deployment process that the team understands. Keep it Simple. Think twice before going for more complex solutions.
Source: https://github.com/wojciech12/talk_effective_kubernetes
Presented at Cloud Native Talks #2 (Online Meetup) - https://www.meetup.com/Cloud-Native-Kubernetes-Warsaw/events/257125529/
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes MeetupLaure Vergeron
Julien Girardin presents metal-k8s, an opinionated Kubernetes distribution designed for bare-metal deployments. Julien explains why we chose certain Kubespray plugins over others for Zenko's needs of scalability and petabyte-scale storage over multiple public and private clouds.
Docker Kubernetes Istio
Understanding Docker and creating containers.
Container Orchestration based on Kubernetes
Blue Green Deployment, AB Testing, Canary Deployment, Traffic Rules based on Istio
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
http://sched.co/EaYe
Until recently, running `docker build` against Dockerfile had been the only way to build container images.
However, lots of opensource software are being proposed as successors/alternatives to `docker build`:
- BuildKit (Moby Project / Docker)
- img (Jessica Frazelle / Microsoft)
- Buildah (Project Atomic / Red Hat)
- umoci & Orca (SUSE)
- Bazel (Google)
- OpenShift S2I (Red Hat)
Akihiro Suda compares these new tools' advantages and disadvantages.
His evaluation basis would include but not be limited to:
- Performance (Cache efficiency, Concurrency, Distributed Execution)
- Secret management, e.g. SSH and AWS keys
- Support for non-Dockerfile
- Non-root execution
- UI & UX
- Governance of the community
He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.
This talk discusses the core concepts behind the Kubernetes extensibility model. We are going to see how to implement new CRDs, operators and when to use them to automate the most critical aspects of your Kubernetes clusters.
Helm version 3 was recently released with new features and a new architecture to support those features. The changes to Helm and charts were based on feedback, changes to Kubernetes, and lessons learned in the past couple years.
Presented at GDG Devfest Ukraine 2018.
Prometheus has become the defacto monitoring system for cloud native applications, with systems like Kubernetes and Etcd natively exposing Prometheus metrics. In this talk Tom will explore all the moving part for a working Prometheus-on-Kubernetes monitoring system, including kube-state-metrics, node-exporter, cAdvisor and Grafana. You will learn about the various methods for getting to a working setup: the manual approach, using CoreOS’s Prometheus Operator, or using Prometheus Ksonnet Mixin. Tom will also share some little tips and tricks for getting the most out of your Prometheus monitoring, including the common pitfalls and what you should be alerting on.
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
The Kubernetes API provides a number of proven patterns to build distributed systems. More and more 3rd-party components are built on-top of Kubernetes and these patterns, providing their own resources stored in the cluster. In this presentation we will discuss CustomResourcesDefinitions and how they can extend the Kubernetes API in a quasi-native way. We look at the features, limits and their future.
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
Google DevFest2019 Presentation at Infosys Campus Bangalore. Application deployment in Kubernetes with Helm is demo'ed in Google Kubernetes Engine (GKE). This is an introductory session on Helm. Several references are given in it to further explore helm3 as it is in Beta state now.
Effective Building your Platform with Kubernetes == Keep it Simple Wojciech Barczyński
Effective Kubernetes is a continuous deployment process that the team understands. Keep it Simple. Think twice before going for more complex solutions.
Source: https://github.com/wojciech12/talk_effective_kubernetes
Presented at Cloud Native Talks #2 (Online Meetup) - https://www.meetup.com/Cloud-Native-Kubernetes-Warsaw/events/257125529/
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes MeetupLaure Vergeron
Julien Girardin presents metal-k8s, an opinionated Kubernetes distribution designed for bare-metal deployments. Julien explains why we chose certain Kubespray plugins over others for Zenko's needs of scalability and petabyte-scale storage over multiple public and private clouds.
Installing and Using Kubernetes is hard, but Operating Kubernetes is even harder! This BOF is for Kubernetes Operators to get together and discuss our day to day Operations, and for people new to Kubernetes to learn more about how to operate it.
Francisco Javier Ramírez Urea - IT Architect, Hoplasoftware
Guillaume Morini - SE, Docker
The integration of Kubernetes orchestration into the Docker Enterprise Platform presents deployments with interesting new abstractions for application connectivity. Devs and Ops are often challenged with rationalizing how pod networking (with CNI plugins like Calico or Flannel), Services (via kube-proxy) and Ingress work in concert to enable application connectivity within and outside a cluster. Similarly, given the dynamic and transient nature of containerized microservice workloads, how to leverage scalable and declarative approaches like network policies to express segmentation and security primitives. This session provides an illustrative walkthrough of these core concepts by going through common deployment architectures providing design, operations, and scale considerations based on experience from numerous production deployments. We will discuss Kubernetes publishing methods and deep dive into Ingress Controllers. This session will also showcase how to complement application and operations workflows with policy-driven business, compliance and security controls typically required in enterprise production deployments including going further into limiting traffic to services, session persistence, rewriting, and activating container health checks.
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
how to join legacy VMs and bare metal machines to a Kubernetes service mesh so that VMs can consume Kubernetes services AND publish services used by Kubernetes hosted applications
Load Balancing in the Cloud using Nginx & KubernetesLee Calcote
Presented on March 16, 2017 through O'Reilly - http://www.oreilly.com/pub/e/3864
Modern day applications bring modern day infrastructure requirements. Whether you bring your own or you use your cloud provider's managed load-balancing services, even moderately sophisticated applications are likely to find their needs underserved.
Kubernetes is exploding in popularity right now and has all the buzz and cargo-culting that Docker enjoyed just a few years ago. But what even is Kubernetes? How do I run my PHP apps in it? Should I run my PHP apps in it ?
Get you Java application ready for Kubernetes !Anthony Dahanne
In this demos loaded talk we’ll explore the best practices to create a Docker image for a Java app (it’s 2019 and new comers such as Jib, CNCF buildpacks are interesting alternatives to Docker builds !) - and how to integrate best with the Kubernetes ecosystem : after explaining main Kubernetes objects and notions, we’ll discuss Helm charts and productivity tools such as Skaffold, Draft and Telepresence.
Kubernetes for java developers - Tutorial at Oracle Code One 2018Anthony Dahanne
You’re a Java developer? Already familiar with Docker? Want to know more about Kubernetes and its ecosystem for developers? During this session, you’ll get familiar with core Kubernetes concepts (pods, deployments, services, volumes, and so on) before seeing the most-popular and most-productive Kubernetes tools in action, with a special focus on Java development. By the end of the session, you’ll have a better understanding of how you can leverage Kubernetes to speed up your Java deployments on-premises or to any cloud.
Containers are everywhere these days. Many of us are containerizing our applications to take advantage of the ease of a single artifact, but what can we do to make deploying these containers to a fleet of servers easier? Kubernetes is arguably the most popular container orchestration system to date. Kubernetes was born out of a decade of research at Google and has seen success; by itself as a fantastic way to orchestrate containers across multiple machines and as a component in other platforms.
This talk will begin with the anatomy and setup of a Kubernetes cluster. We'll demonstrate (live) taking a container containing a simple web service and launch our application into a small Kubernetes cluster. Next we'll perform a rolling update to deploy a new container version with zero downtime. Also, we'll check out some cool debugging features Kubernetes provides over the course of our demo.
In this meetup, Liran Cohen, Cloud platform & DevOps Team Leader, will talk about some of Kubernetes key concepts. We will learn about the architecture of the system; the different resources available in the system; the problems it’s trying to solve, and the model that it uses to manage containerized application deployments.
Cloud native applications are popular these days. They promise superior reliability and almost arbitrary scalability. They follow three key principles: they are built and composed as microservices. They are packaged and distributed in containers. The containers are executed dynamically in the cloud. But which technology is best to build this kind of application? This talk will be your guidebook.
In this hands-on session, we will briefly introduce the core concepts and some key technologies of the cloud native stack and then show how to build, package, containerize, compose and orchestrate a cloud native showcase application on top of a cluster operating system such as Kubernetes or OpenShift. Throughout the session we will be using an off-the-shelf MIDI controller to visualize the concepts and to remote control the cluster.
Container Days 2017 conference. @ConDaysEU #CDS17 #qaware #CloudNativeNerd @LeanderReimer
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
Raymond Arifianto, AccelByte and
Mark Mandel, Google -
We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
Nicholas Dille, Haufe-Lexware + Docker Captain -
Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
Lukonde Mwila, Entelect -
As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud.
In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics:
- Docker Compose
- Containerizing an Nginx Server
- Containerizing an React App
- Containerizing an Node.JS App
- Containerizing anMongoDB App
- Runing Multi-Container App Locally
- Creating a CI/CD Pipeline
- Adding a build stage to test containers and push images to Docker Hub
- Deploying Multi-Container App to AWS Elastic Beanstalk
Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking.
After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.
Securing Your Containerized Applications with NGINXDocker, Inc.
Kevin Jones, NGNIX -
NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
Kathleen Juell, Digital Ocean -
Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself.
This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.
Jessica Deen, Microsoft -
Helm 3 is here; let's go hands-on! In this demo-fueled session, I'll walk you through the differences between Helm 2 and Helm 3. I'll offer tips for a successful rollout or upgrade, go over how to easily use charts created for Helm 2 with Helm 3 (without changing your syntax), and review opportunities where you can participate in the project's future.
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
Jeff Hajewski, Salesforce -
There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
James Fuller, webcomposite s.r.o. -
Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.
Fabian Stäber, Instana -
In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
Clemente Biondo, Engineering Ingegneria Informatica -
When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.
Chris Lauer, NOAA Space Weather Prediction Center -
This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
Brian Christner, 56k + Docker Captain -
In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
Brandon Mitchell, Boxboat + Docker Captain -
How do you make your builds more performant? This talk looks at options to configure caching and mirroring of images that you need to save on bandwidth costs and to keep running even if something goes down upstream.
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
Ashish Sharma, SS&C Eze -
SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.
Ara Pulido, Datadog -
Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.
Andy Clemenko, StackRox -
One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
Patrick Deloulay, Micro Focus -
Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
Lukonde Mwila, Entelect
As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud.
In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics:
- Docker Compose
- Containerizing an Nginx Server
- Containerizing an React App
- Containerizing an Node.JS App
- Containerizing anMongoDB App
- Runing Multi-Container App Locally
- Creating a CI/CD Pipeline
- Adding a build stage to test containers and push images to Docker Hub
- Deploying Multi-Container App to AWS Elastic Beanstalk
Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking.
After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
Elton Stoneman, Docker Captain + Container Consultant and Trainer
How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least).
In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product.
There's a lot of technology here from a real world case study, and I'll focus on:
- running Windows apps in Docker containers
- building a .NET Core API which can run in Linux or Windows containers
- running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud
- configuring AKS workloads in Azure to burst out to Azure Container Instances
And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.
Developing with Docker for the Arm ArchitectureDocker, Inc.
This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
4. What is Kubernetes?
...an abstraction layer over
infrastructure
...a framework for declarative
APIs and distributed control
Infrastructure
Extensibility
API
Extensibility
6. A major focus of the last 2 years of development
From infrastructure to APIs, we have over a dozen
extension points
We have WAY more material than time!
https://goo.gl/2qz8jW
Kubernetes & Extensibility
8. Networks are like snowflakes
There is no “one size fits all” for almost
anything networking related
We needed a way for users to customize how
Kubernetes consumes networking infra
Network Plugins
9. Old: built-in “plugins” (aka “send Tim a PR”)
New: CNI - Container Network Interface
● Started by CoreOS, now CNCF with community
● “exec” interface with stdin/stdout/env API
Widely used, also by other projects (e.g. Mesos)
Underpins the default impl in Kubernetes
Network Plugins (present)
10. Proposal open for a gRPC based API which
covers more than just interfaces and IPAM
Tighter coupling with Service API seems valuable
Proposals open for multi-IP and multi-network
Network Plugins (future)
11. Many storage technologies - physical and
virtual, block and file
● Cloud block devices, FC, iSCSI, NFS, Ceph, Gluster, ...
Many vendors want their products to support
Kubernetes
Storage Plugins
12. Old: built-in “plugins” (aka “send Tim a PR”)
Old: Volume “flex” plugins via “exec”
New: CSI - Container Storage Interface
● Collaboration: Google, Mesosphere, Docker, Cloud Foundry
● gRPC spec, with Kubernetes-specific adaptors
● In development now, alpha in Kubernetes 1.10
Plan to transition most in-tree plugins to CSI
Storage Plugins (present)
13. GPUs and other “accelerator” hardware is
becoming very common
Part of the larger resource model in Kubernetes
gRPC based plugins
Beta in Kubernetes 1.10
Device Plugins
14. Docker was baked-in, but people wanted to try
new and interesting ideas
● rkt, Containerd, CRI-O
● Kata containers, Hyper.sh, gVisor
Making it a plugin made the code better: win-win!
CRI - gRPC based plugins
Container Runtimes
17. Controllers
THE fundamental design pattern in Kubernetes
Examples: scheduler, kubelet, deployments,
kube-proxy, cloud providers, load balancers,
volume provisioners, auto-scalers, ...
Allows automation & extension of almost any
existing API
19. Kubernetes is designed to leverage clouds
Built-in cloud-provider API (i.e. send me a PR) is
hooked into many core control loops
Now 8 implementations (and huge LOC count),
so moving out-of-tree
Cloud Providers
20. The API is a VIP (more or less) and virtual LB
We ship a default implementation (kube-proxy),
but that can be replaced
Controller: watch the API server for Services
and Endpoints, program $NETWORK
Services
21. But Wait, There’s More!
● Secret management (KMS)
● HTTP load-balancing (Ingress)
● NetworkPolicy
● DNS
● Scheduler extenders & whole schedulers
● ...and that’s JUST the infrastructure (i.e. boring) parts
23. ● Add new types of resources to your cluster
● Add custom policy hooks
○ to custom and built-in APIs
● "APIs that add and modify APIs"
API Extensibility
24. ● In Mac Edge, Windows Edge, and EE 2.0
● Supports API Extensions.
● Certified Kubernetes
● Docker Stacks uses API Extensions
Kubernetes for Docker
27. Exploring Stacks
https://goo.gl/JT7v8Z
$ docker stack deploy --compose-file docker-compose.yml stackdemo
Waiting for the stack to be stable and running...
- Service redis has one container running
Stack stackdemo is stable and running
36. Exploring Stacks API
https://goo.gl/JT7v8Z
# last time...
$ docker stack deploy --compose-file docker-compose.yml stackdemo
Waiting for the stack to be stable and running...
- Service web has one container running
- Service redis has one container running
Stack stackdemo is stable and running
37. Exploring Stacks API
https://goo.gl/JT7v8Z
№ last time...
$ docker stack deploy --compose-file docker-compose.yml stackdemo
Waiting for the stack to be stable and running...
- Service web has one container running
- Service redis has one container running
Stack stackdemo is stable and running
$ kubectl get stacks
NAME AGE
stackdemo 39s
41. Exploring Stacks API
https://goo.gl/JT7v8Z
$ kubectl proxy -v 5
Starting to serve on 127.0.0.1:8001
I0613 10:13:27.322416 82905
proxy_server.go:138] Filter accepting
GET
/apis/compose.docker.com/v1beta2/name
spaces/default/stacks localhost
$ kubectl get stacks -s localhost:8001
NAME AGE
stackdemo 1m
43. Exploring Stacks API
https://goo.gl/JT7v8Z
$ kubectl get apiservices.apiregistration.k8s.io
NAME AGE
v1. 29d
v1.apps 29d
...
v1beta2.compose.docker.com 29d
v2beta1.autoscaling 29d
46. Exploring Stacks API
https://goo.gl/JT7v8Z
$ kubectl get services -n docker
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
compose-api ClusterIP 10.110.211.86 <none> 443/TCP 17d
$ kubectl get deployments -n docker
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
compose 1 1 1 1 29d
compose-api 1 1 1 1 29d
49. Kubernetes APIs
Service API
API Registration
API
Compose.
docker.com
Kubernetes Cluster
Deployment API
Compose-API
compose.docker.com
API
50. Kubernetes APIs
Service API
API Registration
API
Compose.
docker.com
Kubernetes Cluster
Deployment API
Compose-API
compose.docker.com
API
51. Kubernetes APIs
Service API
API Registration
API
Compose.
docker.com
Kubernetes Cluster
Deployment API
Compose-API
compose.docker.com
API
Compose
52. Kubernetes APIs
Service API
API Registration
API
Compose.
docker.com
Kubernetes Cluster
Deployment API
Compose-API
compose.docker.com
API
Compose
redis
docker
CLI
53. Kubernetes APIs
Service API
API Registration
API
Compose.
docker.com
Kubernetes Cluster
Deployment API
Compose-API
compose.docker.com
API
Compose
redis
redis
redis
redis
54. ● Users
○ Already have a client installed
○ Already know how to find, trust it (TLS) and auth to the API
● Controllers
○ Can efficiently watch your resources
● Admins
○ Can separate your resources by Namespace
○ Can authorize and audit log access to your resources
Why Use an API Extension?
57. Extension API
Server (EAS)
API Aggregation &
Extension API Servers (EAS)
Extension API
Server (EAS)Extension API
Server (EAS)
API
resource
Controller
58. Extension API
Server (EAS)
API Aggregation &
Extension API Servers (EAS)
Extension API
Server (EAS)Extension API
Server (EAS)
API
resource
Controller
61. EAS
Forked LoC: 0
Storage: provided
Components: 1
Popularity: 100s
Multiversioning: not yet
Customizability: good
CRD
Forked LoC: 5000*
Storage: you manage
Components: 3
Popularity: 10s
Multiversioning: yes
Customizability: better
* http://github.com/sample-apiserver
62. Extension Ecosystem
Devices 5 public plugins
Storage 10 public plugins
Networking >20 public plugins
Custom APIs >400 Github Projects with
custom APIs
63. Extension Ecosystem
● 4 Serverless frameworks
● 6 PaaSes
● 10 CI/CD systems
● 14 different database controllers
● 4 popular ML toolkits
64. Adding Types to the API
● Extension API Servers
● Custom Resource Definitions
Adding Policy to the API
● ValidatingAdmissionWebhooks
● MutatingAdmissionWebhooks
API Extensions
65. Admission:
After authn/z but before storing the change.
Affects mutations, not reads.
Webhooks:
The API Server calls your URL, synchronously
Run in cluster via service or outside, e.g.
serverless.
Admission Webhooks
66. Old thinking:
Better to make narrow specific interfaces, like
ImagePolicyWebhook, for specific use cases.
Can make easier to use. Overly general
extensions may limit future optimization.
Admission Webhooks
67. New thinking:
Many custom resoures. Cluster owners need to
write policy for core resources and for custom
resources written by 3rd parties. Need to
compose policies written by different parties.
Admission Webhooks
68. Composability.
Make all the changes before doing all the checks.
MutatingAdmissionWebhooks
- then-
ValidatingAdmissionWebhooks
Admission Webhooks
70. Istio:
inject sidecar into all the pods
Service Catalog:
inject credentials into
Mutating Admission Webhooks
71. - Mutate the pod template of a deployment
- Install a flaky webhook matching all resources.
Bad Ideas
72. •Kubernetes for Docker:
• Super easy way to try Kubernetes
•API Extensions:
• Use them. Author them. On Docker. For Kubernetes.
•Try it:
• https://goo.gl/JT7v8Z
Conclusion