Cloud-Native: Containers & Kubernetes
Wednesday, December 9, 2020
The move to microservices introduces more complex applications and new ways of thinking about architecture. API Gateways help manage this complexity of running multiple services while making sure security, scalability, and availability are always top of mind. But in this new world, with new development patterns being implemented in production, how is the role of the API Gateway changing?
In this talk, Marco explores the role of gateways in this new world of microservices and where they fit into modern application architecture. He will cover:
- Deep dive of API Gateways in application architecture
- Best practices for API Gateways with service mesh and serverless
- Real-world examples of users who are leveraging this new pattern to scale their services.
Marco will demo these concepts using Kong, an open source API Gateway that uses these new patterns.
In the world of microservices, everything gets a bit more complicated. In this session, you’ll learn how to drastically reduce your application footprint by relegating observability, security, and network resiliency to the purview of the service mesh. By separating application logic from network functions, you can focus on what matters: your business logic. Learn how Istio can help you succeed.
API prototyping can become a time-consuming process, even when you're looking for a quick solution to validate your concept and not prepared to invest any considerable effort. There are multiple potential solutions to this problem, such as creating a testing environment with AWS using API generators, etc. In this talk, we compare the relative cost, both in terms of time commitment and financial expense, of a custom-built API test environment with AWS and a customizable Backend or Database as a Service platform such as Backendless. We will discuss how developer pain points such as the speed of prototyping and testing as well as the desire for instant gratification can be addressed with either solution. We will also examine deployment and scalability with each solution to provide an understanding of what comes after the prototyping stage is complete.
Everybody loves Microservices, but we all know how difficult it is to make it right. Distributed systems are much more complex to develop and maintain, and over time, we even miss the simplicity of old monoliths. In this talk, I propose a combination of Infrastructure, architecture, and design principles to make your microservices bulletproof and easy to maintain with a combination of high scalability, elasticity, fault tolerance, and resilience.
This session will also include a discussion about some microservices blueprints like asynchronous communications, how to avoid cascading failures in synchronous calls, and why you should use different storages according to the use case: Document Databases to speed up your performance, RDBMS for transactions, Graphs for recommendations, etc.
Observability contains many aspects - metrics, logging, tracing, alerts, and more. There are so many open-source tools to accomplish these tasks but which are considered the right ones? And what are the best practices?
In this session, we’ll discuss why observability within distributed systems is essential to understand how your application is performing and ensure reliability at all times. We’ll also review the most popular open-source monitoring tools, and explain the Whys, Whats, and Hows in your observability journey.OPEN TALK: The Open-Source Observability Playbook
Managing batch ML jobs is a central competency for Data Science (DS) teams in the ad tech space. According to PWC research, digital ad spend in the US has increased by 16.9% to $57.9 Billion in the first half of 2019. Worldwide digital ad spend is expected to reach over $375 Billion by 2021. To deal with this growth, DS teams need flexible tools.
We present our k8s-workqueue system. A pluggable scheduling mechanism for ML Kubernetes workloads where tens of thousands of models are built every day on our platform. The focus on simplicity, led us to the design of this system that combines familiar features of traditional cron jobs and containers, with the power of the Kubernetes API.
We bring back the lessons learned from our k8s-workqueue system. This system has been managing ML batch jobs on our Kubernetes API/Clusters for the past 2 years. These lessons are about building, operating and maintaining hundreds of product-impacting jobs. These are ML centric and data heavy production workloads.
Securing APIs deployed in Kubernetes implies securing the infrastructure but also the APIs themselves. Having a perfectly setup cluster, with all possible protections in place unfortunately is only one aspect of the recent OWASP Top10 for API Security. Other issues such as data leakage, mass assignment or broken authentication must be handled at the application level.
Learning from other’s mistakes:
The publication of the OWASP API Security Top 10 marks a corner stone in the API Security history. Finally, there is a global recognition that applications based on APIs require different protection. In the past year or so, more than 200 breaches have been published on apisecurity.io. Some very well known names are on that list: T-Mobile, Facebook, and Uber to name a few. What did they do wrong? How can we learn from their mistakes and take an approach that prevents most common API security issues.
The Kubernetes specifics:
API security is not specific to Kubernetes. But Kubernetes deployments, usually created to run microservices-based, decoupled applications, make some API security worse. To start with, the sheer number of APIs to manage and protect. In Kubernetes deployments, everything is an API. Enterprises end up having to protect 1000's of endpoints, and to make it worse, those endpoints get re-deployed very frequently. DevSecOps anyone?
Pragmatism is key:
Our goal in this talk is to share pragmatic, direct actionable best practices. We present a methodology to “pick your battles” and focus on the most critical issues first. You will leave this with either the great satisfaction that you’ve already done a good job to protect your APIs or an actionable TO-DO list to address immediate issues.
The open source software community continuously supports and advances the adoption of CI/CD best practices and toolsets.
For example, the CD Foundation serves as a vendor-neutral home of many software projects within CI/CD space, such as:
1) Jenkins X, a Kubernetes-native continuous delivery solution for cloud applications. This project uses a completely new architecture and code base in comparison with the original Jenkins project.
2) Spinnaker, an open source, multi-cloud continuous delivery
3) The Tekton Pipelines project, which provides Kubernetes-style custom resources for declaring continuous integration and delivery pipelines. Spinnaker can use Tekton as its pipeline engine.
4) And more
What’s more is that the open source community is helping to define shared terminology, open standards, and abstractions for CI/CD to help enterprises increase performance and software delivery. These resources help to assist with interoperability between CI/CD components, and also promote innovation in the areas that can provide the most value to the business.
This talk outlines important initiatives taking place and ways to tap into community resources and get involved so we can all work together to accelerate CI/CD adoption around the world.
Attendees will learn:
- A brief overview of multiple open source projects and how the community is working toward interoperability between them to serve as a model for the future of software.
- Take a look at the goals of the open source community today and key initiatives such as CI/CD landscape, security, diversity and MPs.
- How to get involved in open source projects to drive forward the direction of CI/CD and make software delivery better for everyone.