KubeCon + CloudNativeCon Europe 2018

At Weaveworks, we sometimes need more than the L3/L4 load balancing offered today with the Service abstraction. The Kubernetes Service & Endpoint objects have some extraordinary untapped powers: they can be used to build artisanal, high-level load balancing and session affinity schemes. This talk will go through a few examples: sharding across endpoints based on a layer 7 key, master endpoint election and demonstrate a tiny reverse proxy implementing service affinity using consistent hashing with bounded load.

In this talk, we present performance and scalability numbers from our open source implementation of the Maglev data-plane (part of Google’s load balancing architecture as defined in [1]) in fd.io/VPP, as well as extensions that leverage IPv6 and Segment Routing (SRv6LB [2]) in ways that improve the fairness and reliability for workload balancing in a Data Center. In systems like Kubernetes that serve a large number of connections to micro-service instances in containers, our analytical and experimental results show that processing with SRv6LB is more fairly balanced than with Maglev alone. This results in significantly faster overall response times for end users and more efficient utilization of compute resources, especially under very high load.

Have you been using Ingress-Nginx in your deployment and have features you wish to Contribute to the community, but are unsure how? Don't worry with the easy to follow session, you'll be up and running in no time.

This session is perfect for beginners or community experts alike who wish to get more involved with Nginx-Ingress.
https://youtu.be/GDm-7BlmPPg
From our demos, you'll learn:

1. How the ingress-controller works, from the internals to the templates.
2. How to add a simple feature, eg. Annotation, ConfigMap config change.
3. Building and Deploying the Ingress Controller and description of resources.
4. Configuring the Ingress Controller using Annotations and the Config Map.
5. Tips for Contributing back.

The Container Networking Interface, or CNI, is a standard for networking vendors and projects to integrate with Kubernetes. First released in 2016, CNI has become the default way to network a Kubernetes cluster.

In this talk, I'll explain why CNI is designed the way it is. I'll talk about how CNI is typically used in a Kubernetes installation, including some common and not-so-common gotchas and pain points. I'll go into detail about the best-practices for writing a CNI plugin with Kubernetes. I'll also discuss the future of the project, some possible improvements, and next steps for the ecosystem as a whole.

CNI promises container runtime systems the ability to swap in different third party networking plugins. With many 3rd party plugins available, it can be difficult to determine which, if any, are the best match for your system.

Angela and Usha will highlight their journey through the CNI ecosystem from adding support for CNI in Cloud Foundry to building “Silk” - their very own CNI plugin. Attendees will gain insight into the process of both deciding to and building a CNI plugin and considerations that must be made about how to integrate the plugin with existing platform concerns about networking and security.

Building a container network that is reliable, fast and easy to operate has become increasingly important in DigitalOcean’s distributed systems running on Kubernetes. Today’s container networking technologies can be restrictive as Pod and Service IPs are not reachable externally which forces cluster administrators to operate load balancers. The addition of load balancers introduces new points of failure in a cluster and hinders observability since source IPs are either NAT’d or masqueraded.

This talk will be a deep dive of how DigitalOcean uses BGP, Anycast and a variety of open source technologies (kube-router, CNI, etc) to achieve a fast and reliable container network where Pod and Service IPs are reachable from anywhere on DigitalOcean’s global network. Design considerations for scalability, lessons learned in production and advanced use cases will also be discussed.

The Container networking interface (CNI) project makes it really simple for container orchestrators to configure networking for containers. In this presentation, Anirudh Aithal will provide a detailed walkthrough of developing a plugin, from prototyping to integrating with orchestration frameworks such as Elastic Container Service (ECS) and Elastic Container Service for Kubernetes (EKS). We'll start with a brief introduction of CNI project and plugins. We will also review how CNI plugins enabled us to iterate fast on enabling cloud-native networking capabilities for containers such as routable IPs, network ACLs, firewall rules by provisioning elastic network interfaces on a per-container basis, without modifications to the orchestration framework itself. We will also review the best practices for developing a plugin including testing, logging, versioning and operationalizing the same.