CloudNativeCon + KubeCon Europe 2017

The latest releases of the Alertmanager introduced a high availability mode. Frederic will guide you through the contract of Prometheus and Alertmanager and why developing the high availability mode is unique to the problem the Alertmanager solves by giving an introduction into the principles used to implement it.

Do you want to increase the density of your Kubernetes workers? We have run some experiments with Kubernetes workers in LXC containers managed by LXD. Come to hear our experience and challenges during the experiment!

No application is an island. Most applications interact with a diverse set of services, not all of which run on a Kubernetes cluster. How do you manage access to both on and off cluster resources? Join Gabe Monroy, CTO of Deis, for a discussion about service catalogs, explicit service bindings, and how they can help you rationalize heterogeneous computing environments. We will end with a demo of Steward, an open source service broker for Kubernetes.

While Prometheus's built-in storage does not support long-term data retention and durability, Prometheus provides nascent interfaces for integration with external long-term storage systems. This talk explains how these interfaces work, and how you can integrate with them to create custom long-term storage solutions. It will also showcase some real-world integration examples and highlight the key challenges in implementing them.

Currently many, if not most, people in the Kubernetes community are writing YAML configuration files by hand, using the data format designed for the API. These files contain a great deal of repetition in any non-trivial environment and writing the data by hand is error prone without the ability to create higher-level abstractions. This Birds of a Feather session would look to discuss this problem, and what higher-level tools may help solve it in the future. In particular we would talk about:

* Why different types of users might prefer different interfaces
* The pros and cons of domain specific languages
* The advantages of abstractions
* The argument that you should just "use a proper programming language"

Open Source Software underpins the internet and many enterprises, but has repeatedly proven itself vulnerable to accident and tampering. High impact exploits lead us to question our unreserved trust in Open Source, and the wisdom of its proliferation is being questioned. As we fight to continuously secure millions of servers against these waves of attacks, have we found a crucial panacea in containers?

This talk examines the anatomy of major vulnerabilities, demonstrates their applicability to containerised applications, and explores container native security tooling throughout the pipeline.

Serverless is getting lots of attention lately. It is positioned as the next evolution for building distributed applications, going beyond container based systems and letting developers build applications workflows based on triggers and events. The three main public clouds (GCP, Azure and AWS) all have serverless offerings. In this talk we will introduce kubeless, a serverless framework built on top of Kubernetes. It allows Kubernetes users to define functions that are dynamically injected in container runtimes and exposed via HTTP or event triggers. Events are managed by Apache Kafka while HTTP triggers are exposed with Kubernetes services. It is an open source clone of Google cloud functions, and provide similar capabilities than AWS lambda. We will explain kubeless architecture, show how we leverage ThirdPartyResources and an in-cluster controller. Above the interest of serverless, this architecture shows the power of Kubernetes and how it can be used as a platform to build new systems quickly.

To run mission critical applications on your own datacenter you need high availability on every part of the system. In a kubernetes cluster, this includes your controllers, etcd, and even the load balancers. This talk will describe about setting up high availability mechanisms for Kubernetes Controllers and load balancing nodes. It will also cover creating highly available etcd, worker nodes, and other components necessary in a functioning cluster based on a real world project.

A key to Prometheus's success is its operational simplicity. It takes only minutes to get a server with a meaningful configuration up and running from scratch. However, once you need to run your Prometheus server a bit hotter, you will quickly find yourself practicing the dark art of tuning Prometheus command line flags. This talk will shed some light on how to handle various scenarios: How to run Prometheus on a tiny machine or how to utilize a large amount of RAM. How to optimize for very high ingestion rates or for a lot of time series. How to get the most out of your old spinning disk or how to limit the wearout of your expensive SSD. There will also be a sneak preview of ongoing efforts to reduce the required amount of flag tuning.

Extensibility is one of the major selling points of Kubernetes. Cluster Federation is built on the same spirit, but the tooling provided in the form of libraries and framework to build federated controllers is quite different than the tooling provided to build Kubernetes controllers. In this talk, we will show you the tools and techniques provided by Cluster Federation to write your own federated controllers. We will also show you the steps involved in building a federated controller by building one during the talk.

When running Kubernetes on Kubernetes, in order to ensure end-to-end encryption, we were confronted with the challenge to route TLS traffic directly to the pods. With one ingress only per cluster, that was not possible with the existing solutions.

To solve this problem, we created K8SNIff as an open source project on github: https://github.com/kubermatic/k8sniff. K8SNIff is a small ingress server that will accept incoming TLS connections, and parse TLS Client Hello messages for the SNI Extension. If one is found, K8Sniff will forward that connection to the pod.

In this talk, participants will learn how easy it is to implement your own logic on top of the Kubernetes API. Moreover, we will give practical examples for the use of K8SNIff.