Amsterdam's Kubernetes community is very alive!
A few weeks ago, I attended Kubernetes Community Days Amsterdam 2023, together with my colleague Robert Kloosterhuis.
Kubernetes Community Days Amsterdam is an annual event organized by the Kubernetes community to bring together developers, IT professionals, and enthusiasts who are interested in Kubernetes and other (related) CNCF technologies.
The event served as a taster for the very much expected KubeCon 2023, which will also take place in Amsterdam during the coming month of April. In this case, it happened in Westerunie, at Amsterdam’s Westerpark. The conference location consisted of two talk/workshop rooms, and a solution exchange a.k.a the booth section.
In the booth section, there was representation from consultancy companies, Kubernetes consumers (such as Rabobank), and product companies (such as Elastic, CircleCI, Solo.io, and Red Kubes).
(Please reach out if you know who took this picture.)
Although there was no offical main topic of the conference, I did feel like it was standarization, with other side-topics such as security, service mesh and eBFP.
Standarization
STOP BUILDING SNOWFLAKE UNICORNS
But, what does this exactly mean?
In today’s IT landscape it seems like every company is putting a large amount of effort on building their custom-made application platforms, applications, and web services, in order to enable them to run an operate their ultimate product.
Sarah Polan, field CTO EMEA at Hashicorp put a few examples on why this might be hapening, like Conway’ s law, and how architecture and design of a software system reflects communication patterns of the teams they build it. Of course this has to do with organization hierarchy as well of levels of proficiency in the teams that build the system. This applies both to software development as well as building of internal development platforms.
Although this is almost inevitable, Sarah also highlited the importance of standardizing in processes and methodologies o that all your software gets built and shipped in the same way, like the assembly line of a car factory.
It was interesting to hear Gijs Molenaar, engineer at Spotify, confirming some of the points Sarah raised. Spotify created a few custom made products, such as Hermes (a protocol on top of HTTP), or nameless, their own DNS system. While those products did help Spotify reach the point where they are now, they have realised they are very hard to mantain, and are migrating back to industry standards.
Networking & Security
Within the networking domain, both service mesh, and eBPF seemed to be hot topics, with an array of talks on it. The importance of standardizing on common patterns and toolsets is more emphasized than ever. Multi cluster deployments, and fragmented, microservices applications can have an affect on application’s performance. Proxyless service meshes (such as Cillium) have lower overhead than sidecar-proxy based ones, but a technology such as eBPF is not something trivial, and has to be studied accordingly in order to perform a good implementation of it.
There were also some interesting talks in security. I attended a workshop by Andrew Martin, CEO of controlplane.io. in which we had the opportunity to dive a bit in Kubernetes security, which is not a field I am very experienced with. The first exercise involved a container which was running with root access. What this means, is that the container has access to the host’s (node) filesystem. The "hack" involved getting into the node from the original pod.
When learning kubernetes, there is quite a bit to take in: containerization, ephemeral storages, pod to pod networking, load balancing… If doing it on premises, add many other factors to that list. As in many other parts in the industry, it is easy to overlook on security. While kubernetes does have some features with security in mind, at the end it is fundamental to understand how the container runtime interacts with the underlying host.
Other interesting topics
With loads of Star Trek references, Cherwin Nooitmeer, SRE at Rabobank, gave an interesting talk on Kubernetes in the Enterprise. He touched upon some points which I recognize from my own experience (+2 years dealing with Kubernetes in public entities). Nevertheless, the point which sparked my curiosity the most (and noticeably, many people in the room) was not enterpirse related. In this case, it was his strong statement about not templating YAML. My guess was that he was actually talking about Helm, and he was, in the other hand, praising Kustomize. The main point he was making is that, in Helm, you need to fill in the "values.yaml" file, which contains many variables you might not need to fill in, and you might need to look into parameters which you were not thinking to edit. I guess both Helm and Kustomize have their advantages/disadvantages. Maybe they should try ytt, with which you can do templating, but also patching through ytt overlays.
Additionally, I also loved seeing Gijs van der Voort, one of my former clients, Picnic sharing their story with Kubernetes (started in the cloud, moved to on-prem, back to the cloud). I also enjoyed talking to other consultancies, and dutch companies, about what they are doing in the Kubernetes space.
I’d like to close up with this image from Viktor Farcic (aka "The DevOps toolkit guy")
Watch the talks!
Day 1