The document summarizes a Kubernetes meetup that took place on June 9th 2021 in Geneva. The meetup aimed to bring together Kubernetes enthusiasts to discuss the Kubernetes ecosystem, share best practices and demonstrations. The agenda included presentations from KubeCon Europe 2021 on topics like multi-cluster, security, GitOps, service mesh and machine learning. Upcoming meetups were announced for September with the goal of meeting in person. Attendees were encouraged to propose future presentation topics.
2. ¡ Offrir un espace de rencontre entre passionnés
¡ Echanger sur l’écosystème Kubernetes
¡ Nouveautés
¡ Bonnes pratiques
¡ Démonstrations
¡ …
¡ … et bien entendu échanger autour d’une bière !
OBJECTIVES
3. AGENDA
KubeCon Europe 2021
Sébastien Féré / Yann Albou
SoKube
Kubernetes Admission Controllers - PSP, OPA and Kyverno
Rory McCune
Cloud Native Security Advocate at AquaSec
4. SPONSORS
SoKube helps companies entering the world of
Containers & Kubernetes, using a comprehensive SDLC
approach from Dev to Production, and using best
practices coming from Agile, CI/CD, DevSecOps, SRE,
GitOps.
Security Means Freedom
Aqua unleashes the power of cloud native security so your
business and applications can run free.
https://www.aquasec.com/
CNCF Silver Member & Kubernetes Certified Service Provider
https://www.sokube.ch
7. Keynotes
Cloud Native: The Building Blocks
for the Human Experience
Priyanka Sharma & Zain Asgar
The CNCF Sandbox: An
Exploration and Guided Tour
Justin Cormack, CTO, Docker
Predictions from the Technical
Oversight Committee (TOC)
Liz Rice & Lei Zhang
9. KubeCon Europe 2021
K8S
The Long, Winding and Bumpy Road to CronJob’s GA
Maciej Szulik, Red Hat & Alay Patel, Red Hat
https://www.youtube.com/watch?v=o5h6s3A9bXY
10. KubeCon Europe 2021
K8S
SIG Scheduling Intro and Deep Dive
Mike Dame & Jan Chaloupka, Red Hat
https://www.youtube.com/watch?v=pnNE5ZWpenE
11. KubeCon Europe 2021
K8S
Service
Mesh
Gateway API: A New Set of Kubernetes APIs for Advanced Traffic Routing
Harry Bagdi & Rob Scott
https://www.youtube.com/watch?v=lCRuzWFJBO0
• Ingress à too simple to support advanced usecases
• Gateway classes : abstract the notion of LB infra in k8s
• Support more complexe traffic routing like Canary or traffic Mirroring
• Role-oriented, portable, expressive, extensible
• No plan to remove Ingress API
Demo:
• Multiple Gateways
• Route Header Matching
• Multicluster Traffic Splitting
Service Mesh: implementation in progress
12. KubeCon Europe 2021
Service
Mesh
Turning Your Cloud Native Apps Inside Out With a Service Mesh
Adam Zwickey & Liam White, Tetrate
https://www.youtube.com/watch?v=eLxx8WjmEdk
// removed from the app
Ingress & Service Discovery
• Eureka dependencies
• @LoadBalanced, @DiscoveryClient
• Eureka registries
Client-Side Load Balancing
• @LoadBalanced, @DiscoveryClient
• Ribbon, LB configs or implementations
Resiliency
• Hystrix / Spring Cloud circuit breaker
• Resilience4j
• Deps, Factory impl., Configs, Annotations
Security – Service to Service
• L7 to non-TLS
• TrustStore / KeyStore for Jars
Security – Request level
• ** varies widely**
13. KubeCon Europe 2021
GitOps
Flux
Stefan Prodan, Developer Experience Engineer, Weaveworks
https://www.youtube.com/watch?v=kuzZpKHLoVM
Promoted to incubation : 40k+ Contributions,
1888 Contributors, 14 Maintainers in 5
companies
Multi-source, Built-in-Secrets management,
Multi-tenancy, auto update to git, Multi-Cluster,
Observability
14. KubeCon Europe 2021
GitOps
BuildKit CLI for kubectl: A New Way to Build Container Images
Daniel Hiltgen & Patrick Devine, VMware
https://www.youtube.com/watch?v=vTh6jkW_xtI
DevX inner-loop %
kubectl build -t myapp:test . &&
kubectl delete pod -l app=myapp
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
selector:
matchLabels:
app: myapp
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: service
image: myapp:test
imagePullPolicy: Never
restartPolicy: Always
terminationGracePeriodSeconds: 0
15. KubeCon Europe 2021
Security
Notary v2: Supply Chain Security for Containers
Justin Cormack, Docker & Steve Lasker, Microsoft
https://www.youtube.com/watch?v=SZMbuirEQVU
19. KubeCon Europe 2021
Observability
Traces from Events: A New Way to visualize Kubernetes Activities
Bryan Boreham, Weaveworks
https://www.youtube.com/watch?v=g5tHHD4crtQ
20. KubeCon Europe 2021
Multi-Cluster
&
Multi-
Tenancy
Multi-Tenancy in Kubernetes: How We Avoided Clusters Sprawl With Capsule
Dario Tranchitella & Maksim Fedotov
https://www.youtube.com/watch?v=WWKat7NP0NM
Capsule is an operator allowing to introduce
a notion of multi-tenancy in Kubernetes
(absent by default).
What is a Tenant ?
Single CRD that defines a Tenant
21. KubeCon Europe 2021
Security
Hacking into Kubernetes Security for Beginners
Ellen Körbes, Tilt & Tabitha Sable, Datadog
https://www.youtube.com/watch?v=mLsCm9GVIQg