跳至主要内容

Kubernetes Community Day Taiwan (Day1)

  • 時間: Saturday, July 29, 2023, 10:00 AM – 05:00 PM CST
  • 地點:國立臺灣科技大學
  • 共同籌辦: COSCUP 2023

議程 / Sessions

Build and manage Wasm applications using container tools

講題簡介:

Wasm has emerged as a secure, portable, lightweight, and high-performance runtime sandbox for cloud-native workloads such as microservices and serverless functions. We will show how familiar container tools can be used to develop and share Wasm applications.

Today, there is a large ecosystem of battle-tested tools to create, manage, and deploy Linux container apps in both dev and prod environments. Developers want to use the same tools to manage their Wasm applications to reduce the learning curve and operational risks. More importantly, using the same tools would allow Wasm containers to run side by side with Linux containers. That enables the architectural flexibility to run some workloads (eg lightweight, stateless, transactional, scalable) in Wasm containers, and other workloads (eg long running, heavyweight) in Linux containers.

In this talk, I will cover how to create, publish, share and deploy real-world Wasm applications using Docker Desktop, Podman, containerd, and various flavors of Kubernetes. The examples will feature mixed container types to showcase how Wasm containers work side by side with existing Linux container apps.

Collaborative note: https://hackmd.io/@coscup/HkXcx1kjn

講師名: Hung Ying Tai

Hung-Ying is a pioneer in compiler optimization and virtual machine design. He is a prolific open source contributor, participating in many open-source projects, including WasmEdge, crun, solidity, and SOLL. Hung-Ying is also an active speaker and teacher. He is designing and teaching Solidity online courses in Taiwanese Mandarin.

Streamlining Microservices with Kong API Gateway: Simplifying Management and Enhancing Security

In a microservices architecture, client-side applications may be composed of dozens of different services. When handling external requests, each service must consider mechanisms such as authentication, authorization, caching, rate limiting, and more. Additionally, each service may use a different programming language and implementation approach, which can lead to increased development and management costs.

By adopting the API Gateway pattern, we can address these challenges. The API Gateway takes on the responsibility of handling request details, allowing services to focus on their business logic. Furthermore, managers can easily manage and monitor the running of APIs in the system through the API Gateway.

In this presentation, we will use Kong API Gateway as an example to demonstrate how to manage APIs and incorporate mechanisms such as authentication, authorization, caching, and rate limiting. We will also explore different architectural approaches with Kong and discuss their suitable use cases.

Collaborative note: https://hackmd.io/@coscup/ry8cx1ki2

講師名: RyanWang 往 SRE 前進的後端工程師

A Comprehensive Guide to API Gateways, Kubernetes Gateways, and Service Meshes

There is still a lot of confusion about API gateways, Kubernetes gateways, and service meshes. A lot of this is because:

People often mention these technologies with the same keywords, like canary deployments, rate limiting, and service discovery. All these technologies use reverse proxies. Some API gateways have their own Kubernetes gateways and service meshes and vice versa. There are a lot of articles/videos that compare the three technologies and conclude why one is better than the other. In this talk, I will try to explain these technologies and share how they fundamentally differ and cater to different use cases.

Collaborative note: https://hackmd.io/@coscup/ryt5xyJi3

講師名: Navendu Pottekkat

Navendu Pottekkat is a maintainer of Apache APISIX and other open source projects. He helps new contributors to open source by mentoring through the Google Summer of Code and Linux Foundation Mentorship Program. Navendu writes and talks about the cloud native ecosystem and his experience in contributing to, building, scaling, and maintaining open source projects.

數位發展部 Kubernetes 使用經驗

數位發展部積極發展並導入零信任、雲原生、容器化、DevOps等技術,會說明到數位部暨掛牌以來如何將服務轉移到雲端並導入Kubernetes。由於政府單位較少採用容器技術,數位部拋磚引玉,希望給各機關提供容器使用的參考,並探討如何解決相關稽核問題等。

Collaborative note: https://hackmd.io/@coscup/SJT5xyyon

講師名: 周詳

數位發展部資訊處解決方案架構師,畢業於交通大學資訊科學與工程研究所。

Deploy 1 thousand pods in my JUST laptop (w/ kwok)

Kubernetes is one of powerful tools for container orchestration. In fact, it is really a matter of scheduling to manage container. Thus sometimes we should test and demonstrate what we thought to deploy properly working before we deploy in the product.

However, mostly resource is limited to test it. Therefore, KWOK(Kubernetes WithOut Kubelet) is really helpful to deploy & schedule purpose. (https://github.com/kubernetes-sigs/kwok) And furthermore if you could save the resource, it could archive for Environmental Sustainability (https://github.com/cncf/tag-env-sustainability) as well!!!

So why don’t you start from today? 😃

Collaborative note: https://hackmd.io/@coscup/Sylsek1ih

講師名: Hoon Jo

Since his experience as a system/network IT vendor, he has been providing Tech Advisor and Container Architecture Design for all projects related to Kubernetes in the Megazone GCP Cloud team. He is also an admin of the Facebook ‘IT Infrastructure Engineers Group’ and an open source contributor.

He likes to share his knowledge, so he has written lectures for Ansible and Kubernetes on Inflearn/Udemy, and he thinks it is important to document his knowledge, so he has written books (『Practical Programming in Python for System/Network Administrators』, 『Elegantly Answerable』), 『Kubernetes/Docker for Building Container Infrastructure Environments』 (Gilbut), and contributed articles to IT magazines. He is also a CNCF Ambassador and NAVER CLOUD PLATFORM Ambassador, contributing to the spread of the Kubernetes ecosystem.

設計Kubernetes Controller與CRD的實踐 - 以網路為例

淺談Kubernetes Controller與CRD的一些設計思考思路,並且使用一個簡單設計的Network Controller來做為範例

Collaborative note: https://hackmd.io/@coscup/ryEseyki2

講師名: 黃宇強 Date Huang

Date Huang is the maintainer of DozenCloud Project, ARM64 VPS Project, and EZIO Project, bare-metal server massive deployment solution.

Speaking Experience: OpenStack Day Taiwan 2016-2017, Open Source Summit North America 2017, ISC High Performance Project Poster 2018, Hong Kong Open Source Conference 2019, OSC Tokyo 2019, COScon '19, TWNOG 4.0, COSCUP 2021

Strengthening Kubernetes Security

In this talk, we will be discussing the importance of securing your Kubernetes cluster and how you can do it using the powerful tool, “m9sweeper.” As the adoption of Kubernetes continues to grow, it has become more critical to prioritize the security of your cluster.

“M9sweeper” is an open-source security tool that is designed to detect and identify vulnerabilities and misconfigurations in your Kubernetes deployment. It offers a comprehensive set of checks that cover a broad range of security aspects, including network policies, access control, encryption, and pod security.

It has the potential of centralized monitoring of popular Kubernetes security tools Trivy, Gatekeeper, KubeSec, Kube-Hunter, Kube-bench, and Falco.

Collaborative note: https://hackmd.io/@coscup/BJPoxyki3

講師名: Koteswara Rao Vellanki

I’m an experienced DevOps Engineer at UST with over 4 years of experience in the IT industry. Prior to joining UST, I worked with HCL Technologies and Agathsya Technologies. I completed my Master’s degree in Computer Applications from Acharya Nagarjuna University, where I graduated with distinction. I have reasonable knowledge and expertise in DevOps tools, including containerization and orchestration technologies, and has a passion for solving complex problems to optimize business outcomes. I’m highly motivated, a quick learner, and always willing to go above and beyond to ensure successful project delivery.

Multi-Tenant ArgoCD in enterprise grade

As the company adopt more on Kubernetes, in order reduce the deployment effort, ArgoCD is introduced. During the introduction, the major challenge would be having DevOps teams to operate and mange while having distribution permission management with the context of compliance and security. The talk would go thought how to setup and extend ArgoCD to fulfill these requirement.

Collaborative note: https://hackmd.io/@coscup/Hkiie1ksh

講師名: Tony Yip

A DevOps Engineer from Hong Kong

Why we need a new deployment tool called Atmosphere?

In Vexxhost, we use Atmosphere to deploy all our production public clouds.

Atmosphere is an open-source solution that we develop to deploy OpenStack and Kubernetes.

After trying multiple deployment tools, we decide to build one by ourselves.

Now all of our public cloud and most of our private cloud are built and managed by Atmosphere.

In this session, we will share what’re the key points we try to resolve with Atmosphere.

Swe will share what’re the key points we try to resolve with Atmosphere. And why other methods not working for us.

And further, I will dive into this tool, and share how you can build and run it by yourself.

And finally deep dive into the technical part.

Collaborative note: https://hackmd.io/@coscup/r1Rjgyyin

講師名: Rico Lin

Rico Lin @ VEXXHOST