I started to explore Kubernetes as a means of running AI workloads a year ago, first for reference, and then for training. In the meantime, Kubernetes turned 5 years old. Several cloud providers now have their own managed Kubernetes with serverless container offerings, and entire new platforms are built on top of Kubernetes. I’m heading to the KubeCon/Cloud Native Conference in San Diego next week, and I’m trying to figure out exactly what I want to learn and who I want to meet.
The CLI-SIG maintainers are providing a kubectl development workshop which will give us a look into the code base and also clarify the kubectl structures and conventions. Anyone who knows Kubernetes knows that everything in the Kubernetes object world can be declared using kubectl, so this workshop is near the top of my list. If you plan to participate, bear in mind that you will need to install a lot of prerequisite software before the workshop. If you don’t want to do that much preparation, you might check out the SIG-Architecture talk about the future of Kubernetes that is scheduled for the same time.
My next suggestion would be the Deep Dive into Cloud Provider Azure session led by Pengfei Ni of Microsoft and Brendan Burns, who co-created Kubernetes at Google and then moved to Microsoft. Burns’s conceptual article, “The Future of Kubernetes is Serverless,” clarifies the difference between PaaS, containers, and the “serverless experience of running containers that is Kubernetes” (his words). He promises to discuss the next version of Kubernetes (v1.17) from both a work and a design standpoint, so that is a must-see.
There will be several talks on security, including “The State of Kubernetes Security” by Security-SIG and “The Devil in the Details,” which explains how a Security Audit work group found and addressed 37 new vulnerabilities. There will also be talks on how Kubernetes components communicate securely within the clusters and how to do activities such as copying files securely between containers. But the two most interesting ones from a user perspective might be:
Knative – The Security Platypus?
This will demonstrate Knative’s unique approach and cutting edge security practices for serverless, which is a bigger topic than either serverless or Kubernetes.
How Yelp Moved Security from the App to the Mesh with Envoy & OPA
This will explain how you can offload many of the security conformances in an app’s underlying platform in order to free app developers from stringent constraints and protect novice developers who may be unfamiliar with security practices at the app level.
Helm is essential for Kubernetes, even if it is not GA-ed yet. There are only two talks about Helm on the schedule: an introduction to Helm for newbies and a deepdive talk for those of you who are “deep down the highway to Helm.”
Last but certainly not least, there are several sessions about operators. When installing, provisioning, tooling, or automating anything on Kubernetes, it is done through the operator framework, which is a way of extending the Kubernetes API for custom resources. There will be a talk on “WIGM and Why You Want an Operator,” another called “Don’t Build an API, Build a CRD,” and a panel on the State of the Operators: Hubs, Frameworks, SDKs, and beyond.
There is even more beyond this: new platforms for Kubernetes with service mesh/proxy and networking, and even new innovations in SIG-storage. There will also be point solutions and new component demonstrations for the first time at Kubecon. But enough talking. Happy exploring!
