Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Joe Betz

2022-10-27

In Kubernetes 1.23 we integrated the CEL expression language into open source Kubernetes, making it possible to support the vast majority of CRD validation use cases without a webhook. This includes multi-field validation rules, immutability checks and more.  And this is just the beginning, we plan to extend admission control to support CEL expressions as well, which will make it possible to replace far more of those operationally troublesome webhooks with a much simpler alternative. We're convinced this leads to a better development experience for anyone extending Kubernetes. And more importantly, it makes cluster operations simpler and safer.  Learn about this future of Kubernetes extensibility from a contributor who has been involved in Kubernetes extensibility for over 5 years, including the projects to bring CRDs and Webhooks to GA, and who has been involved in improving the stability of Kubnernetes control planes in GKE for years.  In this talk I'll introduce CEL and how we've integrated it into Kuberentes and answer questions including: What can you do with CEL in Kubernetes today? What future features are planned? Can there really a future where webhooks are the exception instead of the norm?

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Chip Zoller, Dolis Sharma

2022-10-27

Kubernetes policy engine Kubernos can help with validation, mutation, and generation of rules in a Kubernetes cluster, as well as provide image verification and cost control. It can also automate tasks and set expectations for others.

• Kubernos is a policy engine for Kubernetes that can validate, mutate, and generate rules in a cluster
• It provides image verification and generates reports on violations
• Kubernos can help with cost control and automation
• It can set expectations for others and save time
• Real-life use cases include blocking bad pod requests and creating fine-grained RBAC

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Srinivasan Parthasarathy, Shubham Chaudhary

2022-10-27

You have a principled process for releasing your Kubernetes app that involves load testing, benchmarking and validation of service-level objectives (SLOs). But, will your app perform well when your cluster is subject to compute, memory, i/o, or network stress? In this talk, we will explore a novel approach that combines chaos injection for probing weaknesses in your Kubernetes infrastructure, with load testing, benchmarking and performance validation with SLOs for your app. The core thrust of our approach will be flexibility combined with simplicity. Your app may be cluster-local or externally exposed, may implement an HTTP or a gRPC endpoint, may have been specified using built-in or custom Kubernetes resources, may use any type of horizontal or vertical autoscaling, may use any CD/GitOps process for deployment, and you may be interested in probing your cluster by injecting compute, memory, i/o, network, or any other types of chaos. Regardless of these variations, this talk will demonstrate a dead simple way to automatically launch the unified “chaos + performance validation" experiment whenever the app is updated, and automatically notify an event receiver with metrics and SLO validation results once the experiment is completed.