Operationalizing Kubernetes Sidecars in Production at Salesforce

Mutating admission webhooks have become a key part of every kubernetes cluster. It helped make the sidecar pattern ubiquitous. Salesforce embraced it by creating an open source framework for injecting sidecars. It did not take long for them to realize that webhooks should be written and deployed with great caution. This talk is about how Salesforce is using mutating admission webhooks for some of their most critical infra services in the Hyperforce architecture. They will cover the open source framework they developed and how it cuts down their cost of development and testing new webhooks. They will also talk about a new operator that allows them to rollout sidecars in a rolling update fashion. You will leave the talk, with a recipe for developing, maintaining and running highly available admission webhooks in production. Lastly, Salesforce will also talk about other alternatives of managing sidecars, challenges with managing and deploying them at scale and some potential solutions.