Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Shuo Chen
2023-04-19
tldr - powered by Generative AI
Databricks uses Kata Containers for hard multi-tenancy in Kubernetes clusters to provide strong isolation for performance-sensitive workloads such as Data Lakehouse. The case study discusses the challenges faced, trade-offs among security, performance, and cost, and how to work around the heterogeneity across different public cloud providers.
- Databricks is building a serverless platform for performance-sensitive workloads such as Data Lakehouse on Kubernetes clusters
- They need hard multi-tenant container isolation since each cluster runs code on behalf of multiple customers
- They chose Kata Containers, an open-source container runtime that provides strong isolation by running containers in micro-VMs
- They built a hard compute and network isolation layer among untrusted workloads in Kubernetes clusters leveraging Kata Containers, network policy, and network security group
- They share their first-hand experience on how they integrate Kata Containers with Kubernetes in production, highlighting the challenges they faced, difficult trade-offs among security, performance, and cost, and how to work around the heterogeneity across different public cloud providers
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Alvin Lin, Alan Protasio
2022-10-28
tldr - powered by Generative AI
The presentation discusses the current state and future plans for Cortex, a horizontally scalable, highly available, multi-tenant, long-term storage for Prometheus.
- Cortex is a microservices-based solution for storing large amounts of Prometheus metrics
- The presentation covers the architecture of Cortex and introduces three new features in the upcoming release
- The speaker encourages community involvement in contributing to Cortex's development and maintenance
- The presentation ends with a Q&A session
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Yiming Peng
2022-10-28
tldr - powered by Generative AI
The presentation discusses the functionalities and components of the Amway ecosystem and how to make it production-ready.
- The Amway ecosystem has various components such as circuit breaker, cluster and endpoint discovery, and even streamer.
- Capacity management, performance, scalability, security, and operational readiness are important factors to consider in making the Amway system production-ready.
- The Apprentice public roadmap is available on GitHub for customers to provide feedback and suggestions.
- The presentation emphasizes the importance of observability, reliability, and availability in building a solid request relative with high throughput and performance.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Chris Hein, Eric Ernst
2022-10-26
tldr - powered by Generative AI
The presentation discusses the use of Kata containers for stronger workload isolation in a multi-tenant environment.
- Multi-tenancy in a single interface can pose security risks
- Options for stronger isolation include sandboxed runtimes like Kata containers
- Kata containers use a virtual machine monitor to launch a minimally configured virtual machine for each container
- Networking is simplified with a v eth dropped into a network name space
- Per-tenant iptable rules are synced to the tenant control plane for added security