KubeCon + CloudNativeCon Europe 2018

cert-manager is a new project, built to replace kube-lego and make x509 certificates first class citizens in Kubernetes. Using custom resource definitions to introduce the concept of Issuers into a cluster, end-users can request signed TLS certificates from an ACME server (e.g. Let’s Encrypt), a signing key pair, Hashicorp Vault, or your organisations custom CA through its extensible design.

This talk presents cert-manager and demonstrates its new features over its predecessor, and specifically our approach to migrate thousands of users from kube-lego to the new custom resource backed system, without hindering future cert-manager functionality or effecting production users. At the end, we’ll go over the roadmap and future plans for the project, as well as how you can get involved!

At Oath (yahoo), we operate one of biggest on-prem kubernetes cluster. We manage about dozen kubernetes clusters and 7000+ pods are running across the dozen clusters, major application such as Yahoo Sports, Yahoo Finance are powered by kubernetes. Managing at scale has its own challenges, in this talk we will cover 101 Ways to “break and recover” kubernetes cluster.

Federation is typically thought of as the only way to do multi-cluster operations, but that's not the case. I explore more secure and scalable methods for connecting clusters together. This is key to hybrid scenarios where you want two or more clusters set up in a consistent way, and then deploy an application in all regions or on all clouds.

I will dive deep into sharing RBAC roles and resource limits, plus setting up the same namespaces with important default config like Pod Security Policies.

Before the arrival of Cloud Native, IT departments frequently treated each component--a service/application, a virtual machine, or a bare metal server--as a special, fragile entity that required the utmost of care.

Kubernetes, and more broadly Cloud Native, presents us with better ways to handle our infrastructure. For example, when we need to upgrade to a newer Kubernetes version, we can use automation and tooling to create a new cluster and migrate existing workloads over to it.

In this talk, Andy will describe different strategies for moving workloads between clusters. He'll show you how to use tools such as Ansible and Kubeadm to quickly install a new cluster, along with Heptio Ark to back up one cluster and restore into a new one. Andy will also demonstrate how you can perform zero-downtime migrations using Envoy for cluster ingress, traffic shifting, and some DNS “magic.”

Cloudbursting is one of the most useful features of cloud computing for applications with high traffic volumes during only some hours in a day, or only during some days in a month.
Kubernetes as of release 1.9 supports both application auto-scaling based on metrics such as CPU utilization and cluster node auto-scaling based on application workload (pods) needs.
Kubernetes also supports cluster federation, which enables binding of multiple clusters into a single observable unit from the point of view of a user.
This presentation will discuss how we’ve used these features to reliably burst from a priority/low cost cloud cluster to another, using Kubernetes. We’ll introduce a possible spec, a reference design, discuss the missing pieces and a provide a demo.