Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Well-Architected Kubernetes

Well-Architected Kubernetes

Open-Source and Well-Architected Kubernetes, as presented on Devoxx Morocco 2024

Julio Faerman

October 03, 2024
Tweet

More Decks by Julio Faerman

Other Decks in Technology

Transcript

  1. Kubernetes 1.29/30 https://github.com/kubernetes/kubernetes • Gateway API • Sidecar Containers •

    In-Place Updates • Common Language Expression • Structured Authorization Configuration • Priority and Fairness for API Server • ReadWriteOncePod • User Namespaces • Nftables Firewalls • Dynamic Resource Allocation • SwapBehavior: LimitedSwap • Routing Preferences for Services
  2. ✓ VirtualMachineInstance ✓ VirtualMachineInstance ReplicaSet ✓ virtctl and kubectl ✓

    virthandler ✓ nodelabeler ✓ virtlauncher ✓ libvirt + qemu https://github.com/kubevirt
  3. ✓ Memory Overcommit ✓ Non-disruptive vertical scaling ✓ Disaster Recovery

    ✓ Data Protection ✓ Observability ✓ Ecosystem Partners https://github.com/kubevirt
  4. Quay Image Registry • Replication • Clustering • Scanning •

    RBAC • Tagging • Web UI https://github.com/quay/quay
  5. Ignition • Cloud Boot • Pre-OS ◦ initramfs • Declarative

    ◦ FS ◦ Network ◦ Security • Idempotency https://github.com/coreos/ignition
  6. • Open-Source • Container-First • Secure ◦ Minimal ◦ Immutable

    ◦ Transactional ◦ Automatic Updates ◦ Encrypted ◦ PolicyKit, SELinux, Exec-Shield … • Flexible ◦ Architecture ◦ Cloud Provider https://github.com/coreos
  7. Istio ✓ Service Mesh ✓ Traffic Management ◦ Load Balancing

    ◦ Traffic Shaping ◦ Fault Injection ◦ Resiliency ✓ Service Discovery ✓ Security ✓ Observability ✓ Policy Enforcement ✓ Multi-Cluser Multi-Mesh https://istio.io/
  8. StackRox • Threat Detection and Prevention • Runtime Policy Enforcement

    • Image Scanning • Automated Compliance • Network Visibility • CI/CD Pipeline • Reporting and Visualization • Response Management • API & Integrations https://github.com/stackrox/stackrox
  9. Keycloak ✓ Single Sign-On ✓ User Federation ✓ Social Identites

    ✓ Oauth, OpenId, SAML, … ✓ Role Based Access Control ✓ User Management ✓ Clustered and Scalable ✓ Auditable ✓ Multi-tenant ✓ Extensible https://github.com/keycloak/keycloak
  10. Open Data Hub • Jupypter Lab • Elyra • Apache

    Airflow • Kubeflow Pipelines • Apache Spark • Minio • Kserver • Kueue https://github.com/opendatahub-io
  11. Knative • Serverless Deployments • Routing & Traffic Management •

    Automatic Scaling • Revision Management • Event-Driven • Extensible Architecture • GitOps Ready https://knative.dev/docs/
  12. About Julio https://faermanj.com/ Helping people with open-source projects and tech

    jobs. All projects mentioned today, except ACK and Karpenter, are supported components of Red Hat OpenShift, where I work as a software engineer.