Well-Architected Kubernetes

Transcript

1. Open-Source Well-Architected + Kubernetes Julio Faerman

2. How to demonstrate quality In systems architecture?

3. None
4. None
5. None
6. None

7. Isn’t that Kubernetes? https://github.com/kubernetes/kubernetes

8. Kubernetes 1.29/30 https://github.com/kubernetes/kubernetes • Gateway API • Sidecar Containers •

   In-Place Updates • Common Language Expression • Structured Authorization Configuration • Priority and Fairness for API Server • ReadWriteOncePod • User Namespaces • Nftables Firewalls • Dynamic Resource Allocation • SwapBehavior: LimitedSwap • Routing Preferences for Services

9. What else is our job?

10. The CNCF Landscape

11. Open-Source Well-Architected + Kubernetes Infrastructure Level

12. AWS Controllers for Kubernetes https://github.com/aws-controllers-k8s/community

13. “The cloud native control plane framework”

14. None

15. ✓ VirtualMachineInstance ✓ VirtualMachineInstance ReplicaSet ✓ virtctl and kubectl ✓

    virthandler ✓ nodelabeler ✓ virtlauncher ✓ libvirt + qemu https://github.com/kubevirt

16. ✓ Memory Overcommit ✓ Non-disruptive vertical scaling ✓ Disaster Recovery

    ✓ Data Protection ✓ Observability ✓ Ecosystem Partners https://github.com/kubevirt

17. Quay Image Registry • Replication • Clustering • Scanning •

    RBAC • Tagging • Web UI https://github.com/quay/quay

18. Ignition • Cloud Boot • Pre-OS ◦ initramfs • Declarative

    ◦ FS ◦ Network ◦ Security • Idempotency https://github.com/coreos/ignition

19. • Open-Source • Container-First • Secure ◦ Minimal ◦ Immutable

    ◦ Transactional ◦ Automatic Updates ◦ Encrypted ◦ PolicyKit, SELinux, Exec-Shield … • Flexible ◦ Architecture ◦ Cloud Provider https://github.com/coreos

20. Open-Source Well-Architected + Kubernetes Platform Level

21. Container Runtime Interface Implementation https://github.com/cri-o/cri-o https://github.com/etcd-io/etcd Distributed reliable key-value store

22. ETCD Performance Efficiency

23. Istio ✓ Service Mesh ✓ Traffic Management ◦ Load Balancing

    ◦ Traffic Shaping ◦ Fault Injection ◦ Resiliency ✓ Service Discovery ✓ Security ✓ Observability ✓ Policy Enforcement ✓ Multi-Cluser Multi-Mesh https://istio.io/

24. OpenTELemetry Tracing Metrics Alerts Logs Netflows https://github.com/open-telemetry

25. Tekton https://github.com/tektoncd https://github.com/argoproj/argo-cd

26. None

27. StackRox • Threat Detection and Prevention • Runtime Policy Enforcement

    • Image Scanning • Automated Compliance • Network Visibility • CI/CD Pipeline • Reporting and Visualization • Response Management • API & Integrations https://github.com/stackrox/stackrox

28. Open-Source Well-Architected + Kubernetes Application Level

29. Keycloak ✓ Single Sign-On ✓ User Federation ✓ Social Identites

    ✓ Oauth, OpenId, SAML, … ✓ Role Based Access Control ✓ User Management ✓ Clustered and Scalable ✓ Auditable ✓ Multi-tenant ✓ Extensible https://github.com/keycloak/keycloak

30. Eclipse Che Cloud Development Environment https://github.com/eclipse-che/che

31. Open Data Hub • Jupypter Lab • Elyra • Apache

    Airflow • Kubeflow Pipelines • Apache Spark • Minio • Kserver • Kueue https://github.com/opendatahub-io

32. Open-Source Well-Architected + Kubernetes Operations Level

33. https://github.com/aws/karpenter-provider-aws

34. None

35. Kubecost + OpenCost https://github.com/kubecost https://www.opencost.io/

36. Knative • Serverless Deployments • Routing & Traffic Management •

    Automatic Scaling • Revision Management • Event-Driven • Extensible Architecture • GitOps Ready https://knative.dev/docs/

37. About Julio https://faermanj.com/ Helping people with open-source projects and tech

    jobs. All projects mentioned today, except ACK and Karpenter, are supported components of Red Hat OpenShift, where I work as a software engineer.

38. ًﻼﯾزﺟ ًارﻛﺷ ؟ﺔﻠﺋﺳأ [@] faermanj [.com]