logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Cici Huang
2023-04-20

tldr - powered by Generative AI

The presentation discusses the use of Common Expression Language (CEL) in Kubernetes to simplify validation and policy enforcement for Custom Resource Definitions (CRDs) and other use cases.
  • CRDs and other use cases require validation and policy enforcement that cannot be supported by structural schema and OpenAPI V3 validation
  • Webhooks have been the only solution for these use cases, but they are difficult to configure and can cause controlling outages
  • Common Expression Language (CEL) is a simpler solution that has been successfully integrated with Kubernetes data system for both CRD and native types
  • CEL comes with a standard library and an extended library, and it is easy to extend and embed
  • CEL can be used for validation, policy enforcement, and authorization checks
  • The presentation offers examples of CEL code and use cases, and it mentions future plans for mutating admission policy and client-side validation 2
Authors: Masaki Kimura, Takafumi Takahashi
2023-04-20

tldr - powered by Generative AI

Provisioning PVCs from Cross-Namespace Data Sources in Kubernetes
  • CSI provisional behavior is divided into five steps
  • The feature became Alpha in Kubernetes 1.26
  • The scope is only provision of PVC from close namespace data source
  • Currently supported data source is volume snapshot and persistent Emporium
  • In this feature, we plan to support any volume data source
Authors: Joe Betz
2023-04-18

Have you ever operated a Kubernetes cluster for multiple developers? If you have, you probably realized quickly that things are going to be a lot smoother if you could just enforce some basic conventions. Maybe all your services have a well defined endpoint for the liveness probe but developers sometimes forget to set it up. Or maybe developers should always use a semantic version tag on their containers and avoid :latest. Or maybe there is a deprecated Kubernetes API field and you'd like to ensure it is never used in your cluster. In this talk we will run through a series of easy solutions to help enforce conventions using only YAML. You have a lot more control that you might realize. Learn from a Kubernetes contributor involved in the development of numerous extensibility features including CRDs, admission webhooks and admission policies. We will show you some handy tricks and leveraging new features including new features like Validating Admission Policies alpha API introduced in 1.26.
Authors: Danny Clark
2022-10-28

tldr - powered by Generative AI

The presentation discusses the challenges of scaling Prometheus and offers a solution through a managed service that leverages Prometheus as a node agent.
  • Scaling Prometheus can be challenging due to issues with data aggregation and network failures
  • Existing solutions such as Federation, remote read, and Thanos require manual maintenance and expertise
  • A managed service that leverages Prometheus as a node agent can mitigate scaling issues and separate state and query concerns
  • The service forwards metrics data to a remote back end and leverages Kubernetes resource and Daemon set to achieve the setup
  • Google's Monarch provides the capacity needed to offer a prom ql compatible API and long-term retention of metrics
Authors: Stefan Schimanski
2022-10-27

CustomResourceDefinitions are driving the extension ecosystem around Kubernetes. This talk is about the search for the next step, a successor for CRDs in a post-operator world where service providers use CRDs as first-class API for the services they are building and offering to tenants. CRDs as we know them are installed in customer clusters, usually together with operators or controllers. With that they are under control of the users: - users can tweak the CRDs. - users are the ones updating and controlling the operators with all the complexity and pitfalls updating operators and APIs can have. This situation is not a good fit for today's problems, and it's mostly an artifact of how CRDs and their life-cycle were conceived years ago as a tool to add in-cluster concepts. This talk is about lifting CRDs up to be a first-class verhicle for APIs provided and consumed by different parties, without the operator-glue, in different clusters, standardized, securely and federated.
Authors: James Munnelly, Andrea Tosatto
2022-10-26

tldr - powered by Generative AI

Best practices for creating Kubernetes APIs using OpenAPI schemas
  • Breaking down the model into more resources
  • Writing a complete schema is required for V1 CRDs
  • Use Cube CTL explain to ensure a complete schema
  • OpenAPI schemas allow for validation and defaulting without expensive network round trips
  • Testing methodologies are important to ensure the resiliency of the controller and code in production
Authors: Hasan Türken, Muvaffak Onus
2022-05-20

tldr - powered by Generative AI

The presentation discusses the implementation of a Planet Scale provider in a composition with WordPress using Crossplane. The main point is to show how to create a managed service with cool features and how to use composition to create resources with configuration.
  • Planet Scale is a managed service with cool features based on open-source VTS project
  • Crossplane is used to implement a Planet Scale provider in a composition with WordPress
  • Composition is used to create resources with configuration
  • The presentation provides step-by-step instructions on how to implement the Planet Scale provider and use it in a composition with WordPress
Authors: Alper Rifat Ulucinar
2022-05-18

tldr - powered by Generative AI

The talk discusses the performance issues related to the API server when installing thousands of CRDs and how to troubleshoot them using profiling tools. It also provides insights into the mechanics of CRDs and tips for getting changes into upstream.
  • Custom resources are used to extend the K8s API server with a declarative API
  • Initial attempts to install thousands of CRDs revealed severe performance issues related to the API server
  • Profiling tools can be used to troubleshoot API server performance issues
  • Real world data can help pinpoint the root causes of scaling issues
  • Insights into the mechanics of CRDs are provided
  • Tips for getting changes into upstream and moving the ecosystem forward are shared
Authors: Stephen Kitt, Laura Lorenz
2021-10-15

tldr - powered by Generative AI

The presentation discusses the Multi-Cluster Service API (MCS API) and its implementation in Submariner, a tool for connecting Kubernetes clusters across different networks and clouds.
  • The MCS API is a standardized way of managing services across multiple Kubernetes clusters.
  • Submariner is a tool that implements the MCS API and allows for easy connectivity between clusters.
  • The presentation demonstrates how to set up a headless service in Submariner and access it from a different cluster.
  • Other community projects, such as Istio and SIG Network's Gateway API, are also implementing parts of the MCS API.
  • The audience is invited to try out Submariner and get involved in the development of the MCS API and other multi-cluster projects.
Authors: Stefan Schimanski, Joe Betz, Federico Bongiovanni, Abu Kashem
2021-10-15

We will have at least 2 deep dive topics in this session. It will be mostly focused around Server Side Apply and the how can client-go and other clients use apply server side. We might cover also several other topics around extensibility using CRDs and Webhooks, touching on the deprecation of v1beta1 and related issues. Additionally, we will remind everybody attenting about the structure of the sig, our areas of coverage, our regular meetings, the places where you can find us to chat, and how to become a contributor.