This year, Plesk decided to send a few people to KubeCon, the premier Kubernetes event in the world. There are no profile conferences in Russia on this subject. Of course, we talk about K8s, and everyone wants it, but so many companies practicing it in one place do not gather anywhere else. I happen to be one of the contributors as I am working on a platform based on Kubernetes.
About the organization
The scale of the conference is amazing: 7000 participants, a huge exhibition center. The transition from one hall to another took 5-7 minutes. At the same time there were 30 reports on various topics. There were a huge number of companies with their stands, some of them played a lot of good and some great prizes, and also handed out everything in the form of T-shirts, pens and other cute things. All communication was in English, but I did not experience any difficulties. If this is the only reason why you don't go to foreign conferences, feel free to go. English in IT is easier than ordinary English due to the abundance of familiar words that you write and read every day in code and documentation. There were no problems in the perception of the reports either. A lot of information was flashed into my head. By evening, I resembled a server that had been exploited by a buffer overflow and poured directly into the subconscious.
About reports
I want to briefly talk about the reports that I liked the most, and I would recommend watching them.
This report made a proper impression on me because it put pressure on a strong pain. We have a lot of disparate services, they are maintained and developed by different people in the team. We follow infrastructure as code approaches, but there are some unresolved issues. There is a repository with Ansible code, but the current state and inventory are stored by the developer running the script on the machine, there are also credits. Some of the information can be found in confluence, but it's not always obvious where. There is no place where you can just press a button and it will be good. It is proposed to make a description and put in the repository not only the code, but also deployment tools. Describe where to get state and credits, do make Install and enjoy the result. I would like more order in the services, I will follow the releases of CNAB, use, implement, convince. A good pattern for designing Readme in turnips.
A lot of information on the rake when writing operators. I consider the report a must-see for those who are going to write their own operator for Kubernetes. It takes into account all things like statuses, garbage collection, competition and everything. Very informative. I really liked the quote from the persistent volumes Kubernetes code:
K8s professes the complexity of integration for the sake of ease of implementation.
This report reveals in detail one of the main architectural elements of the cluster - the control plane, namely the set of controllers. Their role and architecture, the basic principles of creating your own controller are described using the example of existing ones.
One of the most original moments is the recommendation not to mask abnormal situations behind the correct behavior of the controller, but to change the behavior in some way to signal the system about problems.
A very interesting experience, a lot of information with recipes about what to consider when you have a really high load. They climbed well into Kubernetes, they support 50 clusters. We talked about all aspects of squeezing maximum performance. I recommend that you watch the report before making any technical decisions on clusters.
The report, after which I realized that Loki should definitely be tried for logs in the cluster and, most likely, stay with it. Bottom line: the elastic is heavy. Grafana wanted to develop a lightweight, scalable solution suitable for problem debugging. The solution turned out to be elegant: Loki selects meta information from Kubernetes (labels, like Prometheus), and lays out logs based on them. Thus, you can select pieces of the log by service, find a specific pod, select a specific time, filter by error code. These filters work without full text search. So, gradually narrowing the search circle, you can get to the specific error you need. At the end, the search is still involved, but since the circle is narrowed, there is enough speed without indexing. By clicking on it, the context is loaded - a couple of lines before and a couple of log lines after. Thus, it looks like searching for a file with logs and grappling on it, but a little more convenient and in the same interface as the metrics. Able to count the number of occurrences of a search query. The search queries themselves are similar to the language of Prometheus and look simple. The speaker drew our attention to the fact that the solution is not very suitable for analytics. I strongly advise everyone who needs logs to look at it, a very easy submission.
The processes of canary and blue-green deployment are very clearly shown. I advise you to look at the report for those who have not yet been imbued with it. Speakers will present a solution in the form of an extension for the promising ARGO CI-CD system. The English speech of the speaker from Russia is easier to listen to than the speech of the other speakers.
One of the most difficult aspects of cluster management remains the security configuration, in particular the access rights to resources. The built-in primitives of K8s allow you to customize the authorization as you like. How to painlessly keep them up to date? How to deal with what is happening with access rights and debug the created roles? This report not only provides an overview of several tools for debugging authorization in k8s, but also voiced general recommendations for building simple and effective policies.
Other reports
I will not recommend. Some were captain's, some, on the contrary, were very complex. I advise you to get into this playlist and see everything that is marked as keynote. This will allow you to take a broad look at the industry around Cloud Native Apps, and then you should press ctrl + f and search for keywords, companies, products and approaches of interest.
Here is a link to the playlist with reports, pay attention to it
About company stands
At the Haproxy booth, I was given a T-shirt for my son. I doubt that I will replace Nginx with haproxy in production because of this, but I remember them the most. Who knows what the new owners will do with Nginx.
There were short talks at the IBM booth all three days, and they lured people in by giving away an Oculus Go, Beats headphones, and a quadcopter. It was necessary to be at the stand for half an hour. Twice in three days he tried his luck - it did not fall out. VMWare and Microsoft also had short presentations.
At the Ubuntu booth, I did what everyone seems to do - take a picture with Shuttleworth. A sociable man, he was glad to learn that I have been using it since 8.04 and that the server has worked with it for 10 years without a dist upgrade without a single break (albeit without access to the Internet).
Ubuntu saws its MicroK8s - Fast, Light, Upstream Developer Kubernetes
I could not pass by the tired Dmitry Stolyarov, talked with him about the difficult everyday life of engineers supporting Kubernetes. He will delegate reading reports to his colleagues, but he is preparing some new format for presenting material. He urged to subscribe to Flant's channel on youtube.
A lot of money was invested in stands by IBM, Cisco, Microsoft, VMWare. Open source comrades had more modest stands. I talked to representatives of Grafana at the booth, they convinced me that I need to try Loki. In general, it seems that full-text search in the logging system is needed only for analytics, and Loki-level systems are enough for troubleshooting. Talked to the Prometheus developers. They do not plan to do a long storage of metrics and data downsampling. It is advised to look at cortex and thanos as a remedy. There are a lot of stands, it took a whole day to get around all of them. A dozen monitoring solutions as a service. Five security services. Five performance services. Dozens of UIs for Kubernetes. There are many who provide k8s as a service. Everyone wants their own piece of the market.
Amazon and Google have rented artificial grass rooftop patios and set up sun loungers there. Amazon handed out mugs and poured lemonade, and at the booth talked about innovations in working with spot instances. Google gave out cookies with the Kubernetes logo and made a cool photo zone, and fished for large enterprise fish at the booth.
About Barcelona
In love with Barcelona. I was there for the second time, the first time in 2012 on a sightseeing tour. This is surprising, but many facts surfaced in my memory, I managed to tell my colleagues a lot, I was a mini-guide. Clean sea air instantly relieved me of allergies. Delicious seafood, paella, sangria. Very warm, sunny architecture. Small number of storeys, a lot of greenery. We walked about 50 kilometers in these three days, we want to walk around this city again and again. All this after reports, in the evenings.
What is the most important thing to understand
I am very glad that I got the opportunity to attend this conference. She sorted out what had not been sorted out before. Inspired, made some things obvious.
The thought passed like a red thread: Kubernetes is not an endpoint, but a tool. Platform for creating platforms.
And the main task of the whole movement: build and run scalable applications
The main areas that the community is working on have crystallized. Approximately, as 12 factors for applications appeared at one time, a list of what and how to do for the infrastructure as a whole appeared. You can call it trends if you like:
- Dynamic environments
- Public, hybrid and private clouds
- Containers
- service mesh
- Microservices
- Immutable infrastructure
- Declarative API
These techniques allow you to build systems with the following characteristics:
- Loss-proof
- Elastic (adapted to the load)
- Serviced
- Observed (three pillars: monitoring, logging, tracing)
- Having the ability to roll out major changes often and predictably safely.
CNCF selects the best projects (small list) and drowns for such things:
- Sound Automation
- Open source
- Freedom to choose a service provider
Kubernetes is complex. It is simple ideologically and in parts, but complex as a whole. No one has shown all-in-one solutions. In the k8s market as a service, and in the rest of the market, the wild west: support is sold for both $50 and $1000 per month. Everyone goes deep into some part and digs into it. Someone in monitoring and dashboards, someone in performance, someone in security.
K8S, everything is just beginning!
Source: habr.com