DiscoverPodCTL - Enterprise Kubernetes
PodCTL - Enterprise Kubernetes
Claim Ownership

PodCTL - Enterprise Kubernetes

Author: Red Hat OpenShift

Subscribed: 1,353Played: 15,548
Share

Description

Red Hat Kubernetes weekly technology podcast hosted by Brian Gracely (@bgracely) along with friends from the Kubernetes community. Focused on Containers | Kubernetes | Red Hat OpenShift | Cloud Native Applications | Microservices | PaaS | CaaS | DevOps.
88 Episodes
Reverse
Show Description: Brian and Tyler discuss some of the use-cases that businesses have for using Kubernetes. They review several public examples of Kubernetes uses, both in web scale and Enterprise environments. Show Notes:GitHub Goes All-In on Kubernetes (via TheNewStack)KubeCon / CloudNativeCon CFP is Due August 21stSegment 1 - Thank you for the great response to the initial show. Response has been very positive and we’ve already had like 8-10 people ask to be guests on the show. The challenge is to figure out what to do on show #2 or #3 since there is so much happening. So we’ve decided that for a while, we’re going to make sure that we cover all the fundamentals of containers and Kubernetes. Segment 2 - News of the WeekGitHub announces details of how they use Kubernetes AWS does not announce a Kubernetes services at AWS Summit in NYC KubeCon CFP is due by August 21stSegment 3 - How are companies using Kubernetes?daemonSets (instance on each node), replicaSets (specific # is always running), jobs (run to completion), statefulSets (stateful apps) vs persistent Volumes (stateful storage) Kubernetes Job Openings Customer sessions at Red Hat Summit OpenShift Commons Gathering (videos)  Kubernetes Case-Studies Segment 4 - How to Learn MoreFree Kubernetes Training from CNCF  Kubernetes by Example (Michael Hausenblas) How does the Kubernetes scheduler work? (Julia Evans) Kubernetes the Hard Way (Kelsey Hightower) Segment 5 - Question(s) of the Week Q1: What’s the right way to install Kubernetes? There seem like too many options. A1: Kubernetes: A Little Guide to Install Options Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://PodCTL.com
Show: 3Show Description: Brian and Tyler talk with Vincent Batts (@vbatts, Principle Software Engineer in the Office of Technology for Container Architecture at Red Hat) about the state of container standards - OCI, containerd, Moby, Linux vs. Windows containers, etc.Show Notes:Vincent Batts on GitHubOpen Container Initiative (OCI)CRI-O: Container Runtime InterfaceRelevant XKCDA Comparison of Linux Container Images Segment 1 - News of the WeekRed Hat and Microsoft announce partnership around Windows Containers and OpenShift and Azure, plus much more. Segment 2 - An Interview with Vincent BattsTopic 1 - Welcome to the show Vincent. Tell us what types of things you work on in the container community.Topic 2 - 2yrs ago, there was docker and rkt arguing about container standards, and the OCI emerged. Can you give us an update on where container standards are today? Topic 3 - What is this new concept called CRI-O, and how does it relate to Kubernetes? Topic 4 - Containers always used to be Linux-specific, but we’re starting to hear more noise around Windows containers. Is this Microsoft specific, or are standards groups working on this too?Segment 3 - Question(s) of the WeekQ1: What’s the difference between the Host OS and the Container OS, and do they need to be the same? A1: A Comparison of Linux Container ImagesFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://PodCTL.com
Show: 4Show Description: Brian and Tyler discuss the broad range of tools that are available to deploy, operate and manage Kubernetes environments. There are lots of options...Show Notes:PodCTL #4 - TranscribedKubernetes: A Little Guide to Install OptionsMonitoring OpenShift: Three Tools for SimplificationRolling Updates to Kubernetes - At MacQuarie Bank [video]Segment 1 - [News of the Week]VMware, Google and Pivotal announced a packaged version of the Kubo project, called Pivotal Container Service (PKS). CNCF continues to be the center of Enterprise IT with VMware, Pivotal joiningSegment 2 - Why do Open Source Projects often end up with so many installers? Segment 3 - What are some of the common types of tools for kubernetes installations?Install on your laptop (e.g. Minikube, Minishift, etc.)  Public Services (OpenShift Online, GKE, Azure Container Service, etc)Quickstart installer on a public cloud (e.g. Heptio, DO, kops, etc.)Kubernetes-specific installers (kubeadm, kubicorn, kargo, etc.)  Deployment scripts and variations on “runbooks” (e.g. Ansible, Chef, Puppet, etc.)Segment 4 - What are some of the Day 2 tools that are used with Kubernetes?Upgrade tools (e.g. 1-click, Operators, etc.) Monitoring & Management (e.g. Prometheus, Datadog, New Relic, Zabbix, SysDig, CoScale) - https://blog.openshift.com/monitoring-openshift-three-tools/ Logging  (e.g. EFK, Loggly, etc.) Application Frameworks - Save that for future shows!Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
Show Overview: Brian and Tyler discuss the basics of Linux containers. Show Notes:[TRANSCRIPTION] PodCTL Basics - Linux ContainersAn Introduction to Container TerminologyArchitecting Containers: User Space vs. Kernel Space Segment 1 - What is a Linux Container?Filesystem + Metadata (JSON) Segment 2 - How do Linux hosts interact (and isolate) Linux Containers?Host OS vs. Container OSContainer isolation Container security 101Segment 3 - How does a container interact with Networking and Storage?Pass-thru host detailsCNI - Container Native InterfaceNative container networkingStorage Volumes (static & dynamic)Segment 4 - Can any Application run in a Linux Container? Does it have to be modified?User namespace vs rootResource requirements Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl..com
Show: 5Show Overview: Brian and Tyler talk with Chris Aniszczyk (@cra, CTO/COO of CNCF, Executive Director of OCI) about the Cloud-Native Ecosystem, if there is a CNCF "stack", the CNCF process for project acceptance, and the growth vs. hype of Kubernetes.   Show Notes:[TRANSCRIPTION] PodCTL #5 - Understanding the Cloud-Native EcosystemCloud Native Computing Foundation (CNCF) HomepageCNCF LandscapeOpen Containers Initiative (OCI) HomepageKubeCon & CloudNativeCon - Austin, TX (Dec.6-8) News of the Week Mesosphere adds Kubernetes support to DC/OSMirantis claims that Kubernetes is OpenStack 2.0 Interview with Chris Aniszczyk Topic 1 - Welcome to the show. What hats do you wear at both the CNCF and OCI? Topic 2 - How do the CNCF projects and OCI projects work together? (example: why is rkt or containerd in the CNCF and not OCI?) Topic 3 - What is the role of the CNCF? Is there a CNCF stack?Can you talk about how projects get engaged with CNCF and the process of “official” vs. “incubation”, etc?Will it ever make sense to have a “certification” program for CNCF-associated offerings, or does that create too much overhead?Topic 4 - With so many projects being created, in different parts of the stack, where do you potentially see the next “official” projects coming from? Topic 5 - Can you give us your perspective on some of the noise recently around Kubernetes? Community Question of the Week:  Q: My company runs mostly pre-packed Windows applications. Is there anything that we can do with Containers or Kubernetes to help them?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show Overview: Brian and Tyler discuss the basics of how an application gets into a container, how to layer OS + applications + dependencies, how a container interacts with a container registry, and how container files different from Kubernetes manifests. Show Notes:[TRANSCRIPTION] PodCTL Basics - How to Containerize an ApplicationSetting up a DockerfileBuilding an OCI-compliant container with "Buildah"Deploying with Kubernetes ManifestsTopic 1 - How does a Container know what application to run?MetadataImage LayersTopic 2 - Can any Application run in a Container? Does it have to be modified?User namespace vs. RootResource requirementsTopic 3 - How does a Container interact with a Container Registry? Topic 4 - How does a Container tell Kubernetes about it’s Application needs (HA, Static IP, Storage, etc.)?Pods and ManifestsTopic 5 - Can a Containerized Application interact with other applications? How?Within a ClusterDNS Services / NetworkingKubernetes ServicesService Discovery frameworks Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 6Show Overview: Brian and Tyler talk about the technologies in “core” Kubernetes and the additional elements needed to evolve it into a more complete application platform.  Show Notes:[TRANSCRIPTION] - coming soon PodCTL #4 - All the Tools in the Kubernetes Toolbox PodCTL #3 - Making sense of container standards (including OCI)Kubernetes by ExampleNews of the Week:Oracle joins the CNCFHeptio takes Series B round of VC fundingJaeger (@JaegerTracing) and Envoy (@EnvoyProxy) become official CNCF projects.Topics 1 - What's included in Kubernetes (by default)? We’ve seen quite a bit of survey data recently that shows usage of Kubernetes is growing quite rapidly. If somebody says they are “using Kubernetes”, by default, what functionality do they have available to them?Topic 2 -  What core “platform” elements aren’t included with Kubernetes? Container Runtime (e.g. docker, rkt, oci)Container RegistryAdvanced NetworkingPersistent StorageMonitoring, LoggingBackup tools for Kubernetes or the applications running in Pods.Topic 3 - What are some of the standard ways to plug in those pieces?Container Runtime - CRI (Container Runtime Interface)Registry - Many 3rd-party optionsNetworking - CNI (Container Network Interface) Storage - CSI (Container Storage Interface)Logging / Monitoring - Sidecar ContainersTopic 4 - What does a company get with a "distribution" vs. "platform" vs. "public cloud service"?Tectonic (example)OpenShift (example)Google Container Engine (example)Question of the Week:Q: What is "pure" Kubernetes?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 7Show Overview: Brian and Tyler talk with Clayton Coleman (@smarterclayton, Lead Kubernetes Architect) and Derek Carr (@derekwaynecarr, Kubernetes Lead Engineer) about the Kubernetes development process, the role of SIGs, the process for deciding what gets included in a release, as well as an in-depth discussion about the extensibility of Kubernetes 1.8 Show Notes:The early days of KubernetesContributing to KubernetesKubernetes 1.8 featuresKubernetes 1.8 features (tracking spreadsheet)An Overview of Project "Istio"Topic 1 - Welcome to the show. Both of you are top contributors to Kubernetes, both also lead (or co-lead) some of the SIG/Working group. Can you give us a sense of your community involvement from a contributor and leader perspective? Topic 2 - Derek, you're on the nomination list for the Kubernetes Steering Committee. Chris Aniszczyk mentioned it a couple weeks ago, but what does that group do that’s different than SIGs? Topic 3 - When there are 100s of contributors and many different focus areas, what is the process for deciding what’s included or prioritized or dropped from a specific release? Topic 4  - Kubernetes 1.8 has a mix of Alpha, Beta and Stable features. What do you see as the key focus areas in this release? (e.g. RBAC, CRI-O, etc.) Topic 5 - How does Kubernetes look at the explosion of “tools” around core Kubernetes (deployers, application templates, application frameworks) and when to make those parts of the project or keep them separate?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
Show: 8Show Overview: Brian and Tyler talk with Jeremy Eder (@jeremyeder, Senior Principal Software Engineer at Red Hat) about the Kubernetes Resource Management Working Group, scaling Kubernetes environments, extending Kubernetes for high-performance workloads (HPC, HFT, Animation, GPUs, etc.), testing at scale and how companies can get involved. Show Notes:KubeCon 2017 (Austin) ScheduleOpenShift Commons Gathering (Austin, Dec.5th)Kubernetes Resource Management Working GroupContact the Resource Management Working GroupDeploying 1000 Nodes of Kubernetes/OpenShift (Part I)Deploying 2048 Nodes of Kubernetes/OpenShift (Part II)Topic 1 - Welcome to the show. You recently introduced the Resource Management Working Group within Kubernetes. Tell us a little bit about the group. Topic 2 - The group’s prioritized list of features for increasing workload coverage on Kubernetes enumerated in the charter of the Resource Management Working group includes (below). Let’s talk about some of the types of use-cases you’re hearing that drive these priorities.Support for performance sensitive workloads (exclusive cores, cpu pinning strategies, NUMA) Integrating new hardware devices (GPUs, FPGAs, Infiniband, etc.)  Improving resource isolation (local storage, hugepages, caches, etc.)  Improving Quality of Service (performance SLOs) Performance benchmarking APIs and extensions related to the features mentioned above Topic 3 - This is a broad list of areas to focus on. How do you determine what things should be kernel-level focus, Kubernetes-level focus, or application-level focus? Topic 4 - How do you go about testing these areas? Are there lab environments available? How will you publish methodologies and results?  Topic 5 - As you talk to different companies, do you feel like they are holding back on deploying higher-performance applications on Kubernetes now, or they are looking for more optimizations?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 9Show Overview: Brian and Tyler talk about Kubernetes Networking and Kubernetes Storage. Show Notes:Kubernetes Network PluginsKubernetes and StorageContainer Native StorageTopic 1 - Let’s talk about the challenges of networking with containers and some of the ways that Kubernetes addresses these challenges.There’s lots of different ways to network containers together. Kubernetes does some basic networking (by default), and then there are add-on options for more complex, secure scenarios.The role of DNS in Kubernetes networking (services, etc.) Kubernetes network plugins (CNI: container network interface) Ingress and Egress Routes, Services, Load Balancing Network Policy (fine-grained traffic control)  Topic 2 - Let’s talk about the challenges of storage with containers and some of the ways that Kubernetes addresses these challenges.There’s definitely a misperception that containers should only be used for stateless applications. Containers are (primarily) Linux, and Linux has well known concepts about how to interact with persistent storage. Containers need a way to interact with persistent storage in a model where it can be dynamically allocated. Kubernetes storage plugin proposal (CSI: container storage interface)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 10Show Overview: Brian and Tyler talk with Paul Morie (@cheddarmint, Principal Software Engineer @RedHat, Lead of Kubernetes Service Catalog SIG) about the evolution of the Open Service Broker API, integrating with external services, the role of Service Brokers, and use-cases to expand Kubernetes applications. Show NotesKubernetes Service Catalog SIGOpenShift Commons - Kubernetes Service Catalog Deep DiveKubernetes Service Catalog SIG (meetings, demos)Open Service Broker APITopic 1 - Welcome to the show. Before you got involved in the Service Catalog SIG, you worked on several other aspects of Kubernetes (security, etc.). Tell us about some of the things you’re been involved with? Topic 2 - Let’s go back to when the Open Service Broker API was announced. What was the purpose and how did it evolve to where it is now? Topic 3 - What are the basics of how the Service Broker / Service Catalog interacts with applications on Kubernetes and 3rd-party services? Example: How do we think about user/password/security credentials to a database?Example: Is the Service Broker in the data path as well as the control path? Example: Where would traffic auditing functions happen?Topic 4 - We saw a demo of the Service Catalog/Broker at Red Hat summit during an announcement with AWS, where is showed AWS services as part of the catalog. Previously, we’ve seen the CF Service Broker interact with Google or Azure services. Is the relationship between the broker and cloud-services “cloud specific”, or will things be interchangeable at all?Topic 5 - Beyond public cloud services, what other types of things might be interconnected or managed via the Service Broker?   Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl..com
Show: 11Show Overview: Brian and Tyler talk Julius Volz (@juliusvolz, @PrometheusIO co-founder, promcon.io founder) about the challenges that Prometheus solves, how it does monitoring and interacts with other systems, how it works with Kubernetes, and common-use cases and patterns. Show NotesPrometheus (homepage)Part II - Evolution of Prometheus, v2.0 (via The Cloudcast)PromCon and PromCon VideosPrometheus v1.0 on The Cloudcast (v1.0 launch)WeaveWorks Managed PrometheusRobust Perception Blog (Prometheus consulting)  Topic 1 - You created Prometheus a couple years ago at SoundCloud. What were the core challenges you were trying to solve?Topic 2 - For people new to Prometheus, what does it do (at a basic level) in terms of monitoring containers and applications?What can it monitor?What can it trigger other systems to do? Topic 3 - Prometheus is now part of CNCF. Is it a native Kubernetes service, or a sidecar application for containers, or a broad service that just runs on Kubernetes?Topic 4 - What are the basic things that most people use Prometheus to monitor for?  What are a few complex use-cases?  (application types, application frameworks, usage-patterns, etc.)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podtl.com
An Introduction to CRI-O

An Introduction to CRI-O

2017-10-3028:541

Show: 12 Show Overview: Brian and Tyler talk with Dan Walsh (@rhatdan, Consulting Engineer at Red Hat, container team lead) and Mrunal Patel (@mrunalp, Principal Engineer at Red Hat, OCI/runc maintainer) about the evolution of containers with Kubernetes, the creation of CRI-O, and the focus on container security and stability. We also discussed emerging projects like Skopeo, Buildah, Intel Clear Containers and Grafeas. Show Notes:CRI-O HomepageCRI-O BlogIntroducing CRI-O v1.0 (blog)Containers Project (Image, Storage)Project Buildah - A tool which facilitates building OCI imagesProject Skopeo - Work with remote images and registriesProject Grafeas - An open artifact metadata API to audit and govern your software supply chainIntel Clear ContainersTopic 1 - Welcome to the show. Why don’t you both introduce yourselves and tell us what areas you focus on.Topic 2 In past episodes, we’ve talked about the CRI-* concept in Kubernetes. We’ve also talked about the OCI standard for containers. So what is CRI-O?Topic 3 What problems does CRI-O attempt to solve for the container ecosystem? Topic 4 - How does CRI-O different from containerd and CRI-containerd?Topic 5 - How can people get CRI-O today? What are some of the things people can expect with CRI-O beyond v1.0? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 14Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes.   Show Notes and News:10 Layers of Container SecurityGoogle, VMware and Pivotal announced a Hybrid Cloud partnership with KubernetesGoogle and Cisco announced a Hybrid Cloud partnership with Kubernetes (and more)Docker adds support for Kubernetes to DockerEERancher makes Kubernetes the primary orchestratorMicrosoft announces new Azure Container Service, AKSOracle announced Kubernetes on Oracle Linux (and some installers)Heptio announces new toolsTopic 1 - Let’s start at the bottom of the stack with the security needed on a container host.Linux namespaces - isolation Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls SELinux (or AppArmor) - mandatory access controls cGroups - resource managementTopic 2 - Next in the stack, or outside the stack, is the sources of container content.Trusted sources (known registries vs. public registries (e.g. DockerHub) Scanning the content of containers Managing the versions, patches of container contentTopic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.Making a registry highly-available Who manages and audits the registry? How to scan container within a container? How to cryptographically sign images? Identifying known registries Process for managing the content in a registry (tagging, versioning/naming, etc) Automated policies (patch management, getting new content, etc.) Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.Does a platform require containers, or can it accept code? Can it manage secure builds? How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)? How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.) How to promote images to a platform? (automated, manual promotion, etc.)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 15Show Overview: Brian and Tyler continue their focus on Security with Marc Boorshtein (@mlbiam, CTO of @tremolosecurity), discussing Identity Management, Container and Kubernetes Authorization and Authentication, RBAC, and how IT teams evolve to manage security in more agile environments. Show Notes:PodCTL #14 - Security: Hosts, Registries, Content and Pipelines[Video] Identity Management and Compliance[Video] DevOps Identity Management[Website] Tremolo Security10 Layers of Container SecurityOpen Source k8s SSO projectOpen Source OpenShift Identity Manager projectTopic 1 - Let’s talk about User authentication in Kubernetes>Certificate Authentication OpenID Connect Reverse ProxyTopic 2 - Let’s dig into the various types of AuthorizationsOverview of RBAC (Role-Based Access Control) Mapping of Roles to Users and Groups Organizational ChallengesTopic 3 - Given that various people (Devs & Ops) interact with dashboards, how do we manage that Authentication? Topic 4 - How are organizations evolving to keep up with this more agile form of software development and the associated security challenges?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 17Show Overview: Brian and Tyler talk about CNCF Kubernetes Conformance, OpenShift 3.7 GA, and some common questions about day-to-day operations with Kubernetes. Show Notes:Cloud Native Computing Foundation Launches Certified Kubernetes Program with 32 Conformant Distributions and PlatformsRed Hat OpenShift Container Platform v3.7 goes GAKubernetes and OpenShift: Community, Standards and CertificationsTopic 1 - How do you deploy the underlying compute resources that are used as Nodes in a Kubernetes cluster?Topic 2 - If a Kubernetes environment has to scale, how do you grow out the computing (or other) resources?Topic 3 - When a new version of Kubernetes comes out, how do you manage to upgrade the environment?Topic 4 - What are the common things that the Ops team is tracking, monitoring, measuring in a Kubernetes environment? Topic 5 - What are some things that have changed, from an operational perspective, because a Container/Kubernetes environment and previous technologies (e.g. VMs)? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 17Show Overview: Brian and Tyler talk about the containers and Kubernetes news coming out of AWS re:Invent, as well as a look ahead to KubeCon in Austin. Show Notes:Amazon announced its much-anticipated Kubernetes service Amazon Elastic Container Service for KubernetesAmazon announced AWS Fargate “a technology that enables you to use containers as a fundamental compute primitive without having to manage the underlying instances.”Topic 1 - AWS re:Invent happened last week. Any news about Kubernetes?Topic 2 - The concept of “Bring Your Own Container” is evolving to “Bring A Workload that Runs in a Container” (Fargate, Microsoft ACI, etc.)Topic 3 - What can we expect at KubeCon this week?  What new trends are you seeing emerge, or are you looking to see if they have momentum?Evolution of User-ExperienceServerless standards?Adjacent projects to Kubernetes (backups, CI/CD, etc.)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 18Show Overview: Brian and Tyler talk with Gabe Monroy (@gabrtv, Lead Product Manager Containers @ Azure, CNCF Board Member) about a wide variety of projects and services that Microsoft is working on in the Kubernetes and CNCF communities - from Windows containers to Container orchestration to making it simpler for application developers. Show Notes:Azure Container Service (AKS)Azure Container Instances (ACI)Azure Draft (OSS project)Helm - Kubernetes Package Manager (OSS project)Azure Service BrokerVirtual Kublet (OSS project)Gabe Monroy’s Azure BlogTopic 1 - Welcome to the show. You joined Microsoft via the Deis acquisition. Let’s talk about some of the work you’ve been focused on since joining Microsoft.Topic 2 - Microsoft Azure offers several options to use containers and container services (ACS, AKS, ACI). Can we dig into each of those services?Topic 3 - Working on hybrid environments is becoming more important. Let’s dig into how Microsoft is expanding the capabilities of the Open Service Broker.Topic 4 - Help us understand what the Helm project and Draft project enable for developers.Topic 5 - One of the most frequent questions we get is around Windows-based containers. When will they be available, and what is Microsoft doing to make them easier to use? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show: 19Show Overview: Brian and Tyler talk how the Kubernetes community and technology have evolved in 2017, and make a few predictions for 2018 Show Notes:OpenShift Commons Gathering (videos): bit.ly/2BB3weVKubeCon (videos): bit.ly/2jczyn1Topic 1 - GETTING STARTED: People said that getting started w/ Docker Swarm was easier than Kubernetes. Kubernetes community created tools like Minikube & Minishift to run locally on the laptop, automation playbooks in Ansible, Katacoda have made it simple to have online tutorials, multiple cloud offerings (GKE, AKS, EKS, OpenShift Dedicated) make it simple to get a working Kubernetes cluster.Topic 2 - ENSURING PORTABILITY: Enterprise customers wants Hybrid Cloud environment. they need to understand how multiple cloud environments will impact this decision. The CNCF’s Kubernetes Conformance model is the only container-centric framework that can ensure customers that Kubernetes will be consistent between clouds.Topic 3 - INFRASTRUCTURE BREADTH: Other container orchestrators had ways to integrate storage and networking, but only Kubernetes created standards (e.g. CNI, CSI) that have gained mainstream adoption to create dozens of vendors/cloud options.Topic 4 - APPLICATION BREADTH: The community has evolved from supporting stateless apps to supporting stateful applications (and containerized storage), serverless applications, batch jobs, and custom resources definitions for vertical-specific application profiles. Topic 5 - SECURITY: There were concerns about K8S security. the community has responded with better encryption and management of secrets, and improved Kubernetes-specific container capabilities like CRI-O and OCI standardization. Topic 6 - PERFORMANCE: Red Hat (and others) have started the Performance SIG to focus on high-performance applications (HPC, Oil & Gas, HFT, etc) and profiling the required performance characteristics of these applications in containerized environments. Topic 7 - DEVELOPER EXPERIENCE: One of the themes of KubeCon was focusing on developer experience, and in just a few months we’re seeing standardization around the Helm format (for application packaging), Draft to streamline application development, Kubeapps to simplify getting started with apps from a self-service catalog. We also seen security model of non-root containers (vs. the Docker model of root-enabled containers).Topic 8 - APPLICATION EXTENSIBILITY: Kubernetes community decided not to reinvent the wheel, instead working with the Cloud Foundry Foundation to create the Open Service Broker API. Within a year, we’re now seeing implementations that have not only ported all the functionality to Kubernetes, but have extended it beyond Cloud Foundry’s previous capabilities to include support for external clouds (e.g. AWS, Azure, GCP), as well as additional services such as Ansible playbooks and other 3rd-party capabilities.Topic 9 - IMPROVING OPERATIONAL EXPERIENCE: As Clayton Coleman (Red Hat) discussed in his KubeCon keynote, companies like Red Hat are using their online environments to improve their operational experience and ultimate feed this knowledge back into the upstream products. Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
Show Overview: Brian and Tyler discuss the basics of Service Meshes, such as Istio, Envoy and Linkerd. Show Notes:Istio HomepageEnvoy HomepageLinkerd HomepageIntroduction to modern network load balancing and proxyingOpenShift Commons Briefing #103: Microservices and Istio on OpenShiftSidecars and a Microservices MeshVideos from CNCF / KubeConService Mesh is a layer that manages the communication between apps (or between parts of the same app, e.g. microservices) Just as applications shouldn’t be writing their own TCP stack, they also shouldn’t be managing their own load balancing logic, or their own service discovery management, or their own retry and timeout logic. - link Mesh: A group of hosts that coordinate to provide a consistent network topology. In this documentation, an “Envoy mesh” is a group of Envoy proxies that form a message passing substrate for a distributed system comprised of many different services and application platforms. - link Topic 1 - What is a Service Mesh?Service Discovery Routing Load-Balancing Fault Injection Circuit Breaking A/B Deployments Blue/Green Deployments Canary Deployments Traffic Limiting Tracing Security Services (e.g. Mutual TLS)Topic 2 - Didn’t developers build Microservices before Service Meshes?Topic 3 - How does a Container or Kubernetes interact with a Service Mesh?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
loading
Comments (2)

Andrew Way

Kubernetes

Nov 16th
Reply

ganesh kadam

Thanks for all your efforts. One of my friends asked me to subscribe to this podcast channel. I am regularly listening to these podcasts and it is helping me learn Kubernetes. Good content. Awesome discussions. Really helpful. Please keep up the good work.

Apr 23rd
Reply
Download from Google Play
Download from App Store