Authors: Dan Daly, Nabil Bitar, Moshe Levi, Vytautas (Valas) Valancius, Nupur Jain
2022-10-28
tldr - powered by Generative AI
The presentation discusses how to map Kubernetes primitives to infrastructure and the role of platform reliability engineers in this process.
Kubernetes provides primitives for defining applications, but infrastructure operators need to map these primitives to actual infrastructure solutions.
Platform reliability engineers, or Kubernetes cluster operators, are responsible for mapping availability zones, security policies, load balancing, and metrics to infrastructure.
VMware's software-defined data center can be used to map Kubernetes constructs to vSphere clusters, NSX distributed firewall, NSX load balancer, and Wavefront for monitoring.
Pivotal Container Service (PKS) can be used to create a consistent and repeatable method for deploying a Kubernetes cluster.
Infrastructure Offload can improve Kubernetes performance by moving network policy, routing, and load balancing rules off of the compute platform and into the infrastructure.
The presentation discusses the importance of security in DevOps and Kubernetes and provides tips on how to ensure secure software development and deployment.
Source code analysis tools such as OASP can help analyze source code and compiled versions of code to find security flaws
Validating the source of code, build system, and artifact pushers can ensure trusted software development and deployment
Vulnerability scanning with tools like Claire and Trivi can help identify known CVEs
Immutable dependencies and ephemeral builds can mitigate attacks on code dependencies and build infrastructures
Observability through metrics and logging can help audit user and privilege changes and security events
Source code analysis tools such as OASP can help analyze source code and compiled versions of code to find security flaws
The presentation discusses the challenges of implementing cloud native and high performance computing (HPC) and how recent work is bridging the gap between the two.
Cloud native and Kubernetes have become popular in modern IT deployments, but challenges remain in areas where HPC can have a larger impact.
HPC involves aggregating computing power to deliver higher performance for solving large problems in science, engineering, and business.
HPC deployments require low latency, high throughput, and numeral awareness, which are not common in most deployments.
Advanced scheduling is also important for HPC deployments with millions of jobs and users with different software needs.
The speaker shares an anecdote about CERN's experience with transitioning to Kubernetes for their HPC needs.
High throughput computing is a similar paradigm to HPC, but focuses on the efficient execution of a large number of loosely coupled tasks.
The speaker highlights the similarities between high throughput computing and cloud native systems.