Talk log from KubeCon LA

clux November 06, 2021 [software] #rust #kubernetes

First KubeCon in a while I haven't done anything for (didn't even buy an ticket). This post is largely for myself, but thought I'd put some thoughts here public. All talks referenced were recently published on the CNCF youtube channel, and the posts here are really just my notes (make of them what you will).

My interest areas this kubecon fall broadly into these categories;

sorted in order of interest (grouped by category):

Observability

Using SLOs for Continuous Performance Optimizations

keptn and its evented automation system does seem really good. treats SLOs as first class things. higher level abstraction than other CD systems. no need to write automation systems.. pretty new (cncf sandbox). I should try it.

Keptn Office Hours also goes into a lot of details here for this.

Evolving Prometheus for More Use Cases

Bartek on latest news:

Thanos remote-read to help federated setups. Via G-Research. But remote_write more popular. Can set prometheus to only remote_write recording rule results!

Upcoming: ingestion scaling automation; HPA scaling scraping via dynamically assign scrape targets. High density histograms.

What You Need to Know About OpenMetrics

prometheus + its exposition format is a global standard. Now big collaboration on new standard.

largely the same; but some cleanups and new features.

prometheus conformance program (vendors need to do things to get "Prometheus Compliant" logo) separate talk:

EBF Superpowers

"observability / networking sidecars needs yaml, but ebpf is kernel level."

linkerd people go into limitation of ebpf as a "mesh" in this thread (link dead, rip twitter):

twitter Oct 27, 2021 @wm: Was a little bummed to see this article earlier this week from some people I respect, which promotes things that I I believe are not the future of cloud native security.

similar overview to rakyll's eBPF in Microservices Observability, which additionally notes the distribution problem with ebpf at the end.

Understanding Service Mesh Metric Merging

How scraping works with istio (to ensure you get app + proxy) from meshday. Awkward, but ok.

Effortless Profiling on Kubernetes

kubectl flame - creating a container on the same node as target container with profiler binaries (sharing process ids + ns and fs). => can use capturing tools like py-spy/async-profiler to capture flamegraphs without touching running containers it then runs kubectl cp's the thing out to disk and cleans up thing (no rust support though)

might be obsolete / rewritten with ephemeralContainers (no need find node and grab ps/ns/fs stuff) prodfiler does something similar as a service

Misc Tech

Leveraging WebAssembly to Write Kubernetes Admission Policies

Kubewarden! Rust dynamic admission controller using kube-rs with WASM. No DLS. OCI registry to publish policies. Runs all of them through the policy server.

Should test this out properly. Looks like less of a hassle than OPA/gatekeeper.

Edge Computing using K3s on Raspberry Pi

nice up to date tutorial to look into in case of apocalypse.

Allocation Optimizer for Minimizing Power Consumption

using science on cpu power usage based on cpu utilization %.

Shifting Spotify from Spreadsheets to Backstage

great service catalog. tons of plugins. costs. trigger incidents. probably better than opslevel? but backstage needs to be in-cluster. also wants to do things that keptn wants to do.

Building Catalogs of Operators for OLM the Declarative Way

OLM craziness on top of controllers. opm serves a registry of controllers in a catalog...

Faster Container Image Distribution

tared image distribution problematic coz you have to download all of it. so two new systems:

and

What We Learned from Reading 100+ Kubernetes Post-Mortems

nice quick failure stories

TL;DR: use good validation and good CD.

From Storming to Performing: Growing Your Project's Contributor Experience

matt butcher. 4 stages on how they apply to OS:

at all stages; people are still volunteers, be kind, thank them, give them something (responsibility / status) if possible sometimes people need to step down. steps are not hard-delineated

triage maintainer could be a good idea.

Kubernetes SIG CLI: Intro and Updates

scope: standardisation of cli framework / posix compliance / conventions - owns kubectl kui, cli-runtime cli-experimental cli-utils, krew kustomize

Measuring the Health of Your CNCF Project

Via CNCF project-health and devstats cncf dashboards. Project health metrics:

Turn Contributors Into Maintainers with TAG Contributor Strategy

produces templates, guide for governance (already used it!)

Design Up Front: Socializing Ideas with Enhancement Proposals

On enhancement proposals / RFCs. key takeaways were good:

CNCF Technical Oversight at Scale

creates TAGS (technical advisory groups). help cncf projects incubate/graduate.

Technical Oversight Committee

a public meeting. interesting just to get an overview of its goals. good links and reasonable goals (discussion was ok):

CNCF Tag-Runtime

Useful because it's the TAG that seems likely for kube-rs donation. dims is a liaison!

Kubernetes SIG Docs

....is apprently mostly hugo + netlify. they have a contributor role of a PR wrangler (and rotate that).

Miscellaneous Notes