Edited at

builderscon tokyo 2018 参加メモ

More than 1 year has passed since last update.


Envoy internals deep dive

https://builderscon.io/tokyo/2018/session/838113b5-ea55-40ae-8ef5-eb461e7b97a2

https://speakerdeck.com/mattklein123/kubecon-eu-2018


Kubernetes で実現するインフラ自動構築パイプライン

https://www.slideshare.net/YusukeNojima3/kubernetes-113294927


Building and operating a service mesh at mid-size company

https://builderscon.io/tokyo/2018/session/4bf634b9-cc92-4499-ba50-3ff6304e4657

https://blog.envoyproxy.io/service-mesh-and-cookpad-ba4d5d915dbd

Expeditor

aws-xray

envoy

kumonos

lyft/discovery

sds

Prometheus + Grafana

vizceral

  * promviz

  * promviz-front

wait-side-car


Sustainable Kubernetes -Observability, Security, and Usability-

https://builderscon.io/tokyo/2018/session/d5a623d0-905f-4b25-8f70-cbf76afe9623

https://speakerdeck.com/mumoshu/sustainable-kubernetes

https://github.com/weaveworks/flux


知らなかった、時に困るWebサービスのセキュリティ対策

https://builderscon.io/tokyo/2018/session/d16eb388-2916-421c-85d6-47faf23238e2

https://speakerdeck.com/tnmt/where-do-we-start-with-information-security


Istio: Weaving a Secure Service Mesh

https://builderscon.io/tokyo/2018/session/b07f7cee-0cd0-4f44-a9fd-3357e7569493

https://docs.google.com/presentation/d/1DOvrP3jhUurK3E1NtG2DcRd31qeW65rj98vsspCAY7c/mobilepresent?slide=id.p


Understanding Microservices with Distributed Tracing

https://builderscon.io/tokyo/2018/session/4aea56c6-fba0-44d0-ac21-147eb121132b

Visualization

Instrumentation

RequestID

RideID

Trace

Span Context

Span

Performance & Optimization

OpenTracing

CNCF support

envoy

Open Tracing Homepage

Yuri'sOpenTracingTutorials

Dapper Paer

Orchestrated Chaos: Applying Failure Testing Research at Scale


Envoy externals and ideas

https://speakerdeck.com/seikoudoku2000/envoy-externals-and-ideas-builderscon-2018

https://speakerdeck.com/mirakui/being-healthy-dev-and-ops-in-cookpad

Distributed SPOF

Unhealthy dependency

https://qiita.com/seikoudoku2000/items/01450d9c413a0c487b8f

circut breakers

bulkheads

monitoring / obserbavility

Observability

https://qiita.com/seikoudoku2000/items/d4c6b41337f03df0e005

Data Plane

Sidecar proxy = data plane

Envoy Nginx, HAProxyなど

microservices必要な機能を提供

Control Plane

ステートレスなdata planeの集まりを分散システムへと変化させる存在

  動的な設定情報の変更

  Envoyの場合は、xDSと呼ばれるAPIが定義されている

  人間がその役割をする場合もある(人力、内政)

  Istio, Nelson, Envoy manager, ...

Envoyの設定概要

静的なconfigurationとAPIによる動的なconfigurationがある

Fault Injection

Observablility / Distributed tracing

NewRelic, DataDogも同じ機能をリリースしてる

https://speakerdeck.com/cwsakamoto/kubernetes-on-aws-at-chatwork


全てのエンジニアに知ってもらいたいOSの中身について

https://builderscon.io/tokyo/2018/session/c0a3ca54-16eb-4537-a9b9-9fe4826f78c3

https://speakerdeck.com/ariaki/os-that-we-should-know


高集積コンテナホスティングにおけるボトルネックとその解法

https://builderscon.io/tokyo/2018/session/742b60e7-dfc4-4537-9ad2-81c4307974f7

https://speakerdeck.com/pyama86/gao-ji-ji-kontenahosuteinguniokerubotorunetukutosofalsejie-fa


Multicloud deploy with Spinnaker

https://builderscon.io/tokyo/2018/session/e3b9f6e2-7fc8-44fa-bb4f-238144e5cd1b


Building Self-Hosted Kubernetes

https://builderscon.io/tokyo/2018/session/0e224762-b349-4d44-9ece-6f2d8b2f2e4b

最低限必要なコンテナ

ukube-apiserver

kube-scheduler

kube-controller-manager

cloud-controller-manager

etcd

kubelet

kube-proxy

clusterDNS

STATIC POD ... kubeletが直接管理するPod

kubelet --pod-manifest-path=/path/to/manifest

bootstrap cluster

Tectonic

Kubeadm


Webアプリケーションエンジニアが知るべきDNSの基本

https://builderscon.io/tokyo/2018/session/d3e82c21-922f-4a69-bd3c-288e82d5ac69

https://speakerdeck.com/mamy1326/basics-of-dns-that-application-engineers-should-know-1


つらくないマルチテナンシーを求めて: 全て見せます! SmartHR データベース移行プロジェクトの裏側

https://builderscon.io/tokyo/2018/session/5485dc21-810e-4d12-9102-30b2812cd64f

https://speakerdeck.com/purintai/builderscon-2018


RDB THE Right Way ~壮大なるRDBリファクタリング物語~

https://builderscon.io/tokyo/2018/session/ddba9bd5-819e-489e-9123-04d2291d506e

https://speakerdeck.com/soudai/rdb-the-right-way


Extending Kubernetes with Custom Resources and Operator Frameworks

https://builderscon.io/tokyo/2018/session/c13209ac-ea4a-4f71-b748-fe9fcebcda9a

The Problems

Dynamic self-healing environment

Kubernetes provides building blocks, not complete solutions

New API and constructs

Ext: Memecached

Memcached needs client side load balancing

Needs some kind of service discovery(IPアドレスリスト)

Don't want to update application code

Want to Support replication + sharding topologies

Depoy memcached

Deploy a proxy ussing a Deployment

COnfigure proxy using a ConfigMap

When backends change create new ConfigMap and trigger a rolling-update for the proxy.

How do we support an application like memcached?

A Quick Kubernetes API Primer

API Objects

API Version

Kind

Metadata

Name

Labels

Owner References

The Spoke(API) and the Wheel(Client)

Controllers

observe -> diff -> act -> ...loop

API Server -> watch -> diff -> update -> API Server

Built in CLients

api-server ->

kubelet

kube-proxy

kube-controller-manager

kube-scheduler

Kubenetes controller

When run Deployment

Deployment Controller -> ReplicaSet

ReplicaSet Controller -> Pod

Scheduler -> Pod をスケジューリング

Kubelet -> Pod をコンテナ作成

Kubelet -> Run Docker

Extending Kubernetes

Need a place to store state - Data

Need to do something - Logic

Custom Resource Definition (Data)

Type definition for a custom type

Allows the same CRUD + WATCH

Can describe higher level constrcts

Controllers (Logic)

Typically runs in the cluster

Uses the Kubernetes API

One idiomatic client

client-go

Many generated client libraries

Go, Python, Java...etc

Client-go

Most featureful

Used by Kubernetes built-in components

More like a controller framework than a client library

Operator Frameworks

Provide a simplified controller API

Rely on code generation to provide API clients for CRDs

Frequent Requests

Controllers can potentially run often

Easy to overload the API server

Some GETS cound be X00MB of data

Concurrent Updates

Overwriting object state

The API Server isn't a database

No transactions

operator-sdk

Built by former CoreOS developer at Redhat

Quick and dirty

Provides support for one controller per process

Caching of watched objects w/ client-go

Serial updates per CRD object

Architecture Pattern

Reuse Built-in Objects

Services Deployments, Configmaps, Secrets

Built on the logic of other controlelr

..

Use Multiple Controllers

Multiple Contollers per process

Reuse caches, informers etc...

Keep controllers simple

Each controller manages/writes to one controler

...

kubebuilder

Built by k8s delveoper at Google

More robust

Helps manage filecycle of generated code

Support controller

...