KubeCon + CloudNativeCon North America 2019

Freddie Mac is one of the two mortgage loan corporations in the United States managing trillions of dollars of assets across the country. Our infrastructure is spread across different Kubernetes providers, hardware load balancers, and large swaths of virtual machines. In this talk, we describe our service mesh adoption journey in a highly regulated financial compliance environment. We will discuss both greenfield and brownfield environments, to gain full visibility and traffic management capabilities using Istio/Envoy. We will highlight the changes to our GitOps development workflow, changes to our age old organizational practices, and how the service mesh journey forced us to foster deeper co-operation between traditionally siloed security, platform and application development teams as we tried to weave a mesh over the old and new.

A service mesh is an increasingly necessary tool when running and debugging modern applications. But what do you do when there’s a bug in the mesh itself?

Paybase offers the most flexible, developer-native, API-driven solution for payments, compliance and risk. They use the Linkerd service mesh to process all requests that come through their complex system of microservices, where it is highly useful for out of the box gRPC load balancing which allows Paybase to scale their application.

In this talk, Ana and Risha will talk about different Linkerd bugs that Paybase encountered after deploying Linkerd to their staging environment, and how they worked with the Linkerd maintainers to track them down and squash them.

This talk also explores the relationship between companies that rely on open source software and their interactions with maintainers in the path to getting bugs fixed.

In large clusters, some applications attempt to consume a majority of shared resources. These "noisy neighbours" cause performance degradation for other workloads in the cluster. At this time, Kubernetes has mechanisms to mitigate this behaviour for CPU and memory only. This talk discusses methods for extending fine-grained resource control on other shared resources, such as block and PCIe I/O, shared CPU caches, and others. It demonstrates how to utilize extensibility points of CRI-O and containerd runtimes to achieve fine-grained resource control. The talk also presents an approach for evolving this method into an extensive and fully dynamic resource management solution for Kubernetes.

Agenda
- Problem Statement: different types of "noisy neighbours"
- Resource management on kernel, OCI, and Kubernetes levels
- Stitching the pieces together: dynamic container resource management

The Kubernetes operator pattern has revolutionized the way applications are deployed and managed in Kubernetes, but much of the tooling around building operators has focused on easing development in Golang. The Kubernetes Operator Pythonic Framework (kopf) levels the playing field, bringing much of the tooling to the Python ecosystem, and expanding it in several areas. Kopf provides powerful, high-level abstractions that make it simple to write Kubernetes operators in Python, allowing you to focus on your application logic without needing to dive headfirst into Kubernetes internals. In this talk, you will learn how to make your own Kubernetes operators in a few lines of Python code, and how to bring your own domain entities directly to Kubernetes.

A close look at the CoreDNS extension points for developers. Learn how to customize build custom DNS applications based on CoreDNS, including: * Building a custom CoreDNS binary that includes external plugins * Building a specialized binary that uses CoreDNS as a library * Building your own CoreDNS plugin

Please bring your laptop fully charged as we will have limited charging stations available in the room.

Please complete the following steps ahead of time to make your tutorial easier: https://gist.github.com/DirectXMan12/ad7b35327c2816125a45cdc11ff78476

Come learn how to quickly get off the ground running with building an operator using KubeBuilder v2!

Come write a Kubernetes-style API to manage a bespoke application, complete with declarative validation and defaulting. Discover what kind of requirements go into an API type, and how to write API types that work and feel like they're part of Kubernetes, and can be easily consumed as part of a larger system.

Once you've got an API type, you'll make use of the new server-side apply functionality to make implementing your core logic a breeze, and learn how to think about writing well-behaved controller logic that deals with different interactions with other parts of Kubernetes.

Finally, you'll learn how to actually run your controller locally for development and on a remote cluster for production.

Please bring your laptop fully charged as we will have limited charging stations available in the room.

This session targets data scientists and ML engineers who want to leverage Kubernetes to scale up their Machine Learning experiments. Attendees will learn a) the basics of Kubeflow, the ML toolkit for K8s, and b) how to build and deploy complex data science pipelines on-prem and on the Cloud with Kubeflow Pipelines.

The tutorial will focus on two essential aspects:
1. Low barrier to entry: deploy a Jupyter Notebook to Kubeflow Pipelines on the cloud using a fully GUI-based approach. This workflow enables data scientists to exploit the scaling potential of K8s - no CLI commands, SDKs, or K8s knowledge required.
2. Reproducibility: automatic data versioning and volume snapshots will enable full reproducibility and collaborative development, as well as fine grained analysis and visualizations after pipeline executions.

Setup: must bring own laptop. Qwiklab/GCP credits will be provided

Please bring your laptop fully charged as we will have limited charging stations available in the room.

This is an entry-level tutorial session for both application developers and system administrators interested in building and managing Operators for Kubernetes environments. It is designed for those who have a basic knowledge of Kubernetes and want to learn how to apply domain or application-specific knowledge to automate common operational tasks.

Attendees will understand the past difficulties with building Operators with existing client-libraries and discover how the Operator Framework can ease development workflow.

Step-by-step guidance will be given on the process of creating real-world Operators with Go, Ansible and Helm charts while mastering methodologies, design patterns, and strategies that can assist in avoiding common pitfalls.

Attendees will use the Operator Lifecycle Manager (OLM) to define, install and upgrade Operators as well.