KubeCon + CloudNativeCon EU 2020 recap

     

Last week saw KubeCon + CloudNativeCon Europe 2020 taking place fully remotely, rather than in-person in sunny Amsterdam. Here are my notes from the conference, and links to talks that I thought were worth mentioning!

Of course, I didn't attend all the talks, so this isn't an exhaustive list – here is the full schedule.

I've linked to the presentations on sched, and they should all be posted to YouTube shortly.

A note on swag: there was still some! Besides virtual swag (ebooks, colouring books (!?), screensavers…), companies took either a way socially-conscious approach to swag, by making it into a donation (to the WHO from PagerDuty, other companies to BlackGirlsCode, etc), or made it conditional to more engagement: a demo, raffles, quizzes. Makes sense; I imagine the shipping costs of sending stickers to thousands of people individually would be prohibitive.

Deployments

There are efforts underway to create an “Application” resource type that would cover several resources (Deployment, Service, etc), in a logical encapsulation of what makes “an application”. I'm a bit skeptical: applications have such different requirements and needs, does it make sense to have a unified application type? But worth keeping an eye on future progress! (It was mentioned in a keynote, but I don't remember which one exactly)

People wanting to go beyond Helm: Managing Applications in Production: Helm vs. ytt and kapp

My own criticism of Helm, from using Helm 2 a lot in anger was:

Helm 3, which took ages to be released, is a huge improvement. It basically fixes all the above (besides the templating language). Congrats to the Helm team 👏

More on these improvements, the migration story, and new features of Helm 3: Deep Dive into Helm

A super rad talk by Ellen Körbes about developer experience in Kubernetes environments: Toolchains Behind Successful Kubernetes Development Workflows

Tangentially related, a declarative approach to database migrations rather than usual imperative migrations: Still Writing SQL Migrations? You Could Use A (Schema)Hero

This is an extremely interesting take on database schema management, and one of the big highlights of this KubeCon for me. Would definitely recommend checking it out!

Money quote: “No one should want a service mesh.” Panel: Ask Me Anything About Service Mesh - Lin Sun & Daniel Berg IBM; Christian Posta, Solo.io; Oliver Gould, Buoyant; & Sven Mawson, Google

Which sums it up pretty well imo. If you need the benefits a service mesh brings, though, go ahead!

It looks like the consensus it that Linkerd really nailed the simplicity and ease of use (and Istio… Well, you do the maths). Oh, and Microsoft is also coming up with a new Envoy-based service mesh implementing their mesh management interface, which should be interesting to follow.

See also (very much multi-cluster oriented): Linkerd Deep Dive

And a super cool talk from the Linkerd about their CI/CD pipeline: Booting 5 K8s Clusters on Every Git Push: How Linkerd Leveled Up Its CI

The Linkerd folks use KinD and remote Docker (with DOCKER_HOST=ssh://...), which allows them to spin up a bunch of Kubernetes clusters for each PR. The Remote Docker idea in particular is really powerful – it allows you to bring your own resources to any CI build (they use Github Actions), so that you can for example build on a big beefy machine in your AWS account next to your ECR repos for excellently cached builds + super-fast ECR upload.

Other choice bits

The obligatory Monzo talk: Banking on Kubernetes, the Hard Way, in Production

Interestingly, hosted offerings have matured enough that if they were to start today, they would not self-host Kubernetes.

A great talk by Laurent Bernaille on DNS in Kubernetes: Kubernetes DNS Horror Stories (And How to Avoid Them)

I'm pretty sure there was already a similar talk by Datadog at last Kubecon, but DNS issues never cease to amaze!

Interesting data/experiences from DigitalOcean on cluster upgrades: 20,000 Upgrades Later: Lessons From a Year of Managed Kubernetes Upgrades

Notably, a warning about validating/mutating webhooks, and a hack to use mutating webhooks to mutate validating webhooks so that they don't apply to kube-system and block upgrades.

If you've ever logged into a k8s node and run and docker ps and wondered what the heck all these “pause” containers were… Wonder no more! Look Ma, No Pause!

Using shell as an operator: Go? Bash! Meet the Shell-operator

I thought this would be a fun talk in the spirit of “deploying kubernetes on a vacuum cleaner” (KubeCon 2018), but… They actually seem serious in their approach? I'm a bit scared.

You like rust? You'll like this! The Hidden Generics in Kubernetes’ API

And finally, some veeery scary things a Kubernetes-knowledgeable attacker can do to hide up in your cluster: Advanced Persistence Threats: The Future of Kubernetes Attacks

And that's it for my round-up of this year's talks!