Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Kodie Glosser, Tyler Lisowski
2023-04-21
tldr - powered by Generative AI
The presentation discusses the process of introducing a new cluster CA in a Kubernetes environment and updating server-side components and certificates to avoid downtime and maintain security.
- Introducing a new cluster CA is necessary for security and compliance purposes
- The process involves updating server-side components and certificates in a well-defined multi-step process
- Cross-signed CA certificates are used to maintain existing MTLS connections
- The new CA is rolled out across all server-side components
- The client and server certificates are updated to be issued from the new CA
- The cross-signed new CA certificate by the old CA is included in the chain to validate existing MTLS connections
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Jim Bugwadia, Jayashree Ramanathan, Anca Sailer, Robert Ficcaglia
2022-10-27
Kubernetes policies can help simplify management particularly of multiple clusters, scale Day 2 operations, and automate security and resiliency and software engineering concerns, thereby optimizing cost of operations. Policies also serve as the building block to help enforce multi-cluster governance and deliver continuous compliance and readiness for audits. The Kubernetes Policy Working Group (WG) focuses on defining overall architecture recommendations and guidance on both current policy related implementations as well as future policy related proposals in Kubernetes. Join this session to find out about the working groups current and upcoming projects, and also learn how you can get involved to learn and contribute.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Joshua Packer
2022-10-27
tldr - powered by Generative AI
Open Cluster Management simplifies multicluster container orchestration by providing a vendor-neutral solution for managing Kubernetes clusters.
- Open Cluster Management is a CNCF Sandbox project that enables users to manage multiple Kubernetes clusters
- It works with almost any CNCF compliant distribution and is vendor-neutral
- The project provides inventory of clusters, distribution of work, policy configuration, and application add-ons
- The hub-spoke architecture of Open Cluster Management allows for centralized management of a fleet of clusters
- The manage cluster kind is a representation of the fleet that can be queried against in Kubernetes
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Dolis Sharma
2022-10-26
tldr - powered by Generative AI
The presentation discusses the benefits and challenges of Infrastructure as Code (IAC) and how Crossplane can address these challenges by using Kubernetes API to provision and manage infrastructure.
- IAC eliminates human errors and reduces costs by automating infrastructure deployment and management
- Configuration drift can occur in manual deployment and management, which can jeopardize deployment cycles and increase project vulnerability
- Crossplane uses Kubernetes API and declarative approach to automate infrastructure deployment and management, ensuring consistency and alignment between developers and operations
- However, there are security risks associated with IAC, and bridging the gap between DevOps and SecOps can be a challenge
- Crossplane addresses these challenges by using Version Control configuration, providing visibility and applying guardrails and rules
- Crossplane can create infrastructure and policies using simple YAML files, such as EC2 instances and S3 buckets
- Composite resources can be used to create more complex infrastructure, such as EKS clusters
- Crossplane extends the functionality of Kubernetes clusters and provides self-service to developers
Conference: Cloud Native SecurityCon North America 2022
Authors: Mohan Atreya
2022-10-24
tldr - powered by Generative AI
The presentation discusses the challenges of managing RBACs and access control in Kubernetes at scale and introduces an open-source project called Periscope to automate the process.
- Managing RBACs and access control in Kubernetes at scale is a challenge for organizations with hundreds of clusters and developers.
- Manual management of RBACs is impractical and requires automation to ensure the right people have access to the right things.
- Periscope is an open-source project that automates RBAC management and access control in Kubernetes.
- Periscope allows for secure access to clusters behind a firewall and dynamically injects RBACs just in time.
- Periscope also provides strong authentication for all user access and allows for governance and compliance by tracking commands run against clusters.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Vince Prignano, Yuvaraj Balaji Rao Kakaraparthi
2022-05-19
tldr - powered by Generative AI
Cluster API is a declarative lifecycle management tool for Kubernetes clusters that uses Kubernetes primitives. It aims to provide a common language and interface for managing Kubernetes clusters across different infrastructure providers.
- Cluster API is a tool for declarative lifecycle management of Kubernetes clusters using Kubernetes primitives.
- It aims to provide a common language and interface for managing Kubernetes clusters across different infrastructure providers.
- It consists of a management cluster and a workload cluster.
- The management cluster is the Kubernetes cluster used for managing other Kubernetes clusters.
- The workload cluster is the Kubernetes cluster being managed by Cluster API.
- Cluster API has plugable infrastructure providers for different environments.
- It allows for high-level operations like scaling and auto-scaling of clusters.
- VMware Tanzu is entirely built on Cluster API.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Charles Pretzer
2022-05-18
tldr - powered by Generative AI
Setting up multi-cluster failover with service mesh
- The workshop repository is located at github.com/buoyantio/service-mesh-academy
- Participants need to check out the multi-cluster failover directory
- The workshop requires two clusters named east and west
- The readme file contains all the necessary steps to set up the failover configuration
- Injecting resources like deployments and stateful sets is possible with linkerd inject
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Stephen Chan, Weibo He
2021-10-13
tldr - powered by Generative AI
Airbnb's experience of building a multi-cluster/multi-environment service mesh on top of Istio
- Airbnb migrated from monolith architecture to SOA and majority of workloads from EC2 to Kubernetes
- Legacy in-house service mesh no longer met their needs
- Adopted Istio as the foundation for their next generation service mesh
- Established confidence in Istio and started full speed migration
- Multi-cluster requirement led to adoption of external control plane and flat network model
- Multi-environment support includes multi-tier mesh, mesh expansion, and external services