2. ¡ Offrir un espace de rencontre entre passionnés
¡ Echanger sur l’écosystème Kubernetes
¡ Nouveautés
¡ Bonnes pratiques
¡ Démonstrations
¡ …
¡ … et bien entendu échanger autour d’une bière !
OBJECTIVES
3. AGENDA
KubeCon Europe 2021
Sébastien Féré / Yann Albou
SoKube
Kubernetes Admission Controllers - PSP, OPA and Kyverno
Rory McCune
Cloud Native Security Advocate at AquaSec
4. SPONSORS
SoKube helps companies entering the world of
Containers & Kubernetes, using a comprehensive SDLC
approach from Dev to Production, and using best
practices coming from Agile, CI/CD, DevSecOps, SRE,
GitOps.
Security Means Freedom
Aqua unleashes the power of cloud native security so your
business and applications can run free.
https://www.aquasec.com/
CNCF Silver Member & Kubernetes Certified Service Provider
https://www.sokube.ch
7. Keynotes
Cloud Native: The Building Blocks
for the Human Experience
Priyanka Sharma & Zain Asgar
The CNCF Sandbox: An
Exploration and Guided Tour
Justin Cormack, CTO, Docker
Predictions from the Technical
Oversight Committee (TOC)
Liz Rice & Lei Zhang
9. KubeCon Europe 2021
K8S
The Long, Winding and Bumpy Road to CronJob’s GA
Maciej Szulik, Red Hat & Alay Patel, Red Hat
https://www.youtube.com/watch?v=o5h6s3A9bXY
10. KubeCon Europe 2021
K8S
SIG Scheduling Intro and Deep Dive
Mike Dame & Jan Chaloupka, Red Hat
https://www.youtube.com/watch?v=pnNE5ZWpenE
11. KubeCon Europe 2021
K8S
Service
Mesh
Gateway API: A New Set of Kubernetes APIs for Advanced Traffic Routing
Harry Bagdi & Rob Scott
https://www.youtube.com/watch?v=lCRuzWFJBO0
• Ingress à too simple to support advanced usecases
• Gateway classes : abstract the notion of LB infra in k8s
• Support more complexe traffic routing like Canary or traffic Mirroring
• Role-oriented, portable, expressive, extensible
• No plan to remove Ingress API
Demo:
• Multiple Gateways
• Route Header Matching
• Multicluster Traffic Splitting
Service Mesh: implementation in progress
12. KubeCon Europe 2021
Service
Mesh
Turning Your Cloud Native Apps Inside Out With a Service Mesh
Adam Zwickey & Liam White, Tetrate
https://www.youtube.com/watch?v=eLxx8WjmEdk
// removed from the app
Ingress & Service Discovery
• Eureka dependencies
• @LoadBalanced, @DiscoveryClient
• Eureka registries
Client-Side Load Balancing
• @LoadBalanced, @DiscoveryClient
• Ribbon, LB configs or implementations
Resiliency
• Hystrix / Spring Cloud circuit breaker
• Resilience4j
• Deps, Factory impl., Configs, Annotations
Security – Service to Service
• L7 to non-TLS
• TrustStore / KeyStore for Jars
Security – Request level
• ** varies widely**
13. KubeCon Europe 2021
GitOps
Flux
Stefan Prodan, Developer Experience Engineer, Weaveworks
https://www.youtube.com/watch?v=kuzZpKHLoVM
Promoted to incubation : 40k+ Contributions,
1888 Contributors, 14 Maintainers in 5
companies
Multi-source, Built-in-Secrets management,
Multi-tenancy, auto update to git, Multi-Cluster,
Observability
14. KubeCon Europe 2021
GitOps
BuildKit CLI for kubectl: A New Way to Build Container Images
Daniel Hiltgen & Patrick Devine, VMware
https://www.youtube.com/watch?v=vTh6jkW_xtI
DevX inner-loop %
kubectl build -t myapp:test . &&
kubectl delete pod -l app=myapp
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
selector:
matchLabels:
app: myapp
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: service
image: myapp:test
imagePullPolicy: Never
restartPolicy: Always
terminationGracePeriodSeconds: 0
15. KubeCon Europe 2021
Security
Notary v2: Supply Chain Security for Containers
Justin Cormack, Docker & Steve Lasker, Microsoft
https://www.youtube.com/watch?v=SZMbuirEQVU
19. KubeCon Europe 2021
Observability
Traces from Events: A New Way to visualize Kubernetes Activities
Bryan Boreham, Weaveworks
https://www.youtube.com/watch?v=g5tHHD4crtQ
20. KubeCon Europe 2021
Multi-Cluster
&
Multi-
Tenancy
Multi-Tenancy in Kubernetes: How We Avoided Clusters Sprawl With Capsule
Dario Tranchitella & Maksim Fedotov
https://www.youtube.com/watch?v=WWKat7NP0NM
Capsule is an operator allowing to introduce
a notion of multi-tenancy in Kubernetes
(absent by default).
What is a Tenant ?
Single CRD that defines a Tenant
21. KubeCon Europe 2021
Security
Hacking into Kubernetes Security for Beginners
Ellen Körbes, Tilt & Tabitha Sable, Datadog
https://www.youtube.com/watch?v=mLsCm9GVIQg