Putting GO-JEK Tech in an International Map
KubeCon + CloudNativeCon 2018 @Shanghai Recap
Last month, the GO-JEK Cloud Foundation team (Giri Kuncoro, Iqbal Farabi and Vijay Dhama) flew to Shanghai — China, to speak at the largest Kubernetes and Cloud Native conference in the world. Called KubeCon + CloudNativeCon 2018. It is the first Kubernetes and Cloud Native conference ever to be held in Asia.
2500 attendees filled the Shanghai Convention and Exhibition Shanghai to hear the latest news on Cloud Native Computing Foundation (CNCF), Kubernetes, and associated projects. We had some awesome learnings, made new friends in the community as well as an unforgettable experience speaking in front of 100+ audience. Such a roller-coaster adventure!
Through this article, we would like to share what we have learned from several interesting sessions that we attended as well as our amazing experience being the speakers in such a big international tech event. For the full detail of the event, go over to their YouTube Channel and start scrolling to gain myriad of new knowledge!
Our First KubeCon Impression
As we all know, China has blocked Google, Facebook, Twitter, etc, and with this in mind, we thought, how is it possible to live without Google and all those sites for a week. Turned out the event was very memorable that we survived a week not accessing all those sites.
All sessions that we attended were very technical yet super amazing because everything was well-prepared by the speakers and the organizers. A “hallway track” concept was applied in the conference. This unique concept encourages us to learn something new by talking to other people.
In this “hallway track,” we even had the chance to talk to Brendan Burns, the Kubernetes co-founder! We were so excited, a mandatory wefie is definitely on the agenda!
There were tons of sessions conducted at the same time, we learned that it’s important to pick a session that allowed us to discuss the materials with the speakers after the talk was finished. Since we knew that all the sessions are going to be on YouTube anyway, we focused on sessions that can create a direct impact on our GO-JEK Kubernetes and Datacenter cases.
The Cool Keynotes
Dan Kohn, the CNFC director said in his keynote that he picked China for Kubecon this year (and also next year) because the country is the third largest contributor in the cloud native open source community, despite being unable to access various resources hosted on Google.
During the keynote, CNCF also gives a recognition in form of an award to Harbor, the first incubating project from VMware and China which is a trusted cloud native registry project that extends Docker distribution with security and identity management.
That was definitely a cool keynote, however, the coolest one was Vicki Cheung’s from Lyft.
She provided a very insightful experience on Lyft’s journey to adopt Kubernetes as a platform of choice for Lyft and how they are migrating production traffic. Lyft has been running 40,000+ EC2 instances, migrating all of them is a big challenge.
The Lyft infrastructure team produces toolings that help deployment to Kubernetes easier, but in order to take advantage of community and avoid too much abstraction, developers are also given access to the cluster through kubectl.
The rest of the keynotes were also great, including future of serverless (nodeless Kubernetes) by Brendan Burns, the Kubernetes co-founder that we took a selfie with earlier!
The Anticipated GO-JEK Talks
Giving two talks at Kubecon was our main purpose to visit Shanghai. As the GO-JEK Cloud Foundation team, we delivered two talks about Benchmarking Various CNI Plugins and GO-JEK Kubernetes Journey.
To be chosen as one of the speakers during the conference we need to submit a proposal that went through a competitive screening.
To give you a glimpse of our talk, we had a total of 15 people who approached us to offer collaboration after we delivered our materials. It was very exciting! We have written a separate article to summarize the content of our talks/experience for you to read.
The part that we still couldn’t believe is that we were featured on the main event page, along with 17 other speakers.
Cluster Lifecycle SIG
We are very interested to contribute here, as we have been using the tools from SIG, such as kubeadm, kops, kubespray.
We are also adopting Cluster API which will be on alpha end of this month for our Kubernetes service. The group is initiating another interesting tool called etcdadm which will help bootstrapping ETCD cluster easily in both internal or external environment.
Kubebuilder SDK to Extend Kubernetes
This session was given by our old friends from VMware and Google, which is on Kubebuilder. The framework could really simplify building up Kubernetes APIs using custom resource definitions (CRD), as opposed to writing a lot of boilerplate and creating CRD from scratch.
Securely Manage Kubernetes Secrets with Secrets
The session was delivered by Google security engineer. According to him, storing secret in Kubernetes with plain text and default base64 encoding is definitely bad. The attacker could extract the secret stored in ETCD offline very easily.
It is highly recommended to back Kubernetes secret using KMS plugin i.e. Vault, which will implement enveloped keys. This is an experimental feature in v1.12.
Configuring Kubernetes Cluster on Next Level
This session was presented by a 19 year old Finnish, Lucas Käldström, who is also the lead of SIG cluster lifecycle. The talk was very inspiring!
There is work in progress of taking out major Kubernetes components (i.e. kubelet, apiserver, controller, etc.) from the main monorepo and generalize the config flags, since adding/removing flags for new release becoming a hassle. The effort is initiated by implementing ComponentConfig.
During the presentation, he also talked about a proposal for etcdadm and the upcoming KEP for it.
Model and Operate Datacenter by Kubernetes at eBay
This was one of the most interesting talks in Kubecon. The speakers gave a brief overview of how Kubernetes cluster is used to manage data centers at eBay.
They have utilized Kubernetes custom resources to define the network, AZ’s, racks etc. Using a single Kubernetes cluster to manage all the resources in data center including other Kubernetes clusters is a novel way to do capacity planning, debug issues and view data center as a whole.
Monitoring at eBay
This is one of the good case studies that monitors 30+ Kubernetes clusters at eBay, with federated prometheus and central eBay Kubernetes to manage all Kubernetes clusters. They also started adopting automation when an issue arises with AIOps, i.e. anomaly detection and auto-remediation.
Safely Upgrading Kubernetes Clusters
Upgrading cluster has always been a challenge in Kubernetes. To safely upgrade, we need to upgrade minor version one by one.
For example, to upgrade from 1.9 to 1.12, we need to upgrade from 1.9 to 1.10, 1.10 to 1.11, and finally 1.11 to 1.12.
There was a new proposal to add support to safely downgrade as safety net when an upgrade fails. Another important thing to note is that there is no easy way at the moment to upgrade ETCD cluster, we have to ready for worst case by taking backup manually.
Containerd & CoreDNS DeepDive
The Containerd session talked about its inner working. Delivered by the main contributor of Containerd, the speaker described the architecture, service interface and the plugin model. He also provided a deeper look at how this industry-standard container runtime handles OCI image metadata and content links as well as a closer look on Snapshotter design for plugins.
The other session was about CoreDNS and it was given by the maintainer. He explained that the plugin-based architecture adoption is there to make it easier for the community whenever they want to extend CoreDNS beyond its features.
We learned a lot of cool features of CoreDNS such as IP based service discovery (i.e. give DNS forwarder A for IP X, DNS forwarder B for IP Y). We also learned about creating a custom coreDNS plugin.
Mission: Be the Indonesian Kubernetes Ambassador
The reason why we attended this event was because we want to introduce Kubernetes to a wider community in Indonesia. We want to do this because we realize that Kubernetes needs more contributors on documentation and test infrastructure, that’s why we want to encourage Indonesians to use it more.
After the event, we learned that there is a possibility for CNCF to sponsor Kubernetes meetup in Jakarta. It is also possible for us to be the Kubernetes ambassador with a mission to promote cloud native adoption in Indonesia.
The Next Step
During the event, we gained lots of knowledge and we would like to share it with you! That’s why we came up with these initiatives:
- We will start Jakarta Kubernetes Monthly Meetup. Indonesia has already 380+ members in Kubernetes local community, but not very active yet. Once we get more active, we will apply for ambassador role and CNCF sponsorship.
- We will write a comprehensive academic/research paper for CNI Benchmark experiments and analysis, conduct peer review and submit to popular journals, i.e. ACM sigcomm.
We will definitely submit a proposal again for the next KubeCon in Barcelona, Shanghai, or San Diego. It’s been a fun and great learning experience for us, we hope to see you there!
Cheers,
Giri, Iqbal, and Vijay
The CloudFoundation Team
