My notes on Kubernetes and GitOps from KubeCon & ServiceMeshCon sessions 2020 (CNCF)

9 min readNov 29, 2020

I am really glad I have booked off all 3 days (UK time meant 4–5 pm start) of Cloud-native KubeCon.

I have several years of experience working with Kubernetes and I am CKA and CKAD certified. Having delved into the abyss of true native GitOps CI/CD, and recently with The Service Mesh, I thought I was ready for this.

I believed, with my experience, I was reasonably well versed with the technologies, the vendors, and the Open Source community offering by now. Oh, how wrong I was.
This was so Q1 2020.

It should not be a surprise, looking at the (CNCF) Cloud Native Landscape — it is vast and growing yet.

Fortunately in my area of specialty — Microservices infrastructure orchestration (usually on GCP, keeping up with the fast-paced development on this space with podcasts and blog-reads did help, but I’m largely highlighting the need to set aside days to go through and digest this CNCF KubeCon & ServiceMeshCon content. Without distractions.

Here I am. Days later, still dealing with cognitive overload, taking time to process, and organize the areas of interest NOW and some areas of interest for LATER.
In doing so, I hope this now paves the way to a well-documented blog post, which you can follow-up on later as well.
Here is my calendar view for the duration of the event to give you an idea of the intensity. It is full-on, — you better take notes. You will miss sessions and will be playing catchup all the other spare time you may or may not have.
If that’s your job — that’s what you’ll do.

It does not capture ALL the sessions available, and I have very likely skipped some outside my immediate interest. Maybe something to revisit later, after a holiday or two.

My Interest in this CNCF 2020 Conference was to learn about new developments and best practices for ServiceMesh and the rollout. I have covered this topic recently in my blog post — worthy read if you too are considering “getting some of that” service mesh.

Otherwise, having experienced the full zen of cloud-native CI/CD GitOps — something I have also written about earlier this year, — I was keen to learn about Enterprise adoption of such practice. Additional developments and updates to the feature set were sought after as well.
i.e. fluxv2 for example now supports multi-repositories.
Fantastic. I can go home now. I was really keen on this.

First thing first. It’s 21st Nov 2020 as I write this, the CNCF Cloud Native Con is over. Most of the talks and video sessions that were presented will eventually find themselves on YouTube, by December 2020.

Here are the sections below of what I found interesting with some helpful about snippets as well, for quick reference.

My Session List of Interest

These sessions were really good and I recommend looking them up on YouTube when they get published by December 2020. This includes both the Breakouts and some from the ServiceMeshCon.

Standardizing Cloud-Native Application Delivery Across Different Clouds
Progressive Delivery Techniques with Flagger by Weaveworks (GitHub repo)
Absorbing Thanos Infinite Powers for Multi-Cluster Telemetry.
Discovered https://thanos.io/ toolkit! 😍
Thanos de-duplication of Prometheus (pull-based) metrics
gRPC calls
By Frederic Branczyk
Panel: End User Panel: GITOPS in the Enterprise -Real World Experiences — very interesting indeed. ❗️
Jaeger Deep Dive (CNCF September video)
A Walk Through the Kubernetes UI Landscape
Standardizing Cloud-Native Application Delivery Across Different Clouds
Helm: Past, Present, Future
Introduction to Autoscaling (Also look into AWS alpha release of Karpertner)
Open Policy Agent Intro
Stop Writing Operators
How to Multiply the Power of Argo Projects By Using Them Together
GitOps Is Likely More Than You Think It Is — Cornelia Davis, Weaveworks — very great coverage of GitOps, by the concept founders. Fantastic coverage of patterns, and best practices. Great talk.
Multi(Control Plane/Network/Mesh): A Practical MultiCluster Deployment
Service Mesh Specifications and Why They Matter in Your Deployment — Lee Calcote & Kush Trivedi, Layer5
Tutorial: Building an Enterprise Infrastructure Control Plane on Kubernetes
Automatically Making Dashboards Load 100X Faster. — quick winds on monitoring. (Monitoring team rejoice!)

The state of Cloud-native security

Palo Alto (Prisma Cloud — Twistlock)

Stackrox (Kubernetes Security Platform)

SysDig (Security & Monitoring)

Aqua (A Security solution on Kubernetes and other cloud platforms)

IDE Lens extension by Aqua — its alpha Lens Starboard integration. Works a treat❗️ https://github.com/aquasecurity/starboard-lens-extension Lens extension for viewing Starboard security information on the currently running containers. More https://github.com/aquasecurity/starboard

Release Helpers

Shipa

The session on gitOps was super helpful

Lots of positive vibe and noise around GitOps for the CI/CD — as an alternative to the traditional pipelines.

I am going to use argocd as our team is new to all of this k8s, git, and gitops, UI would help on the onboarding

Ideas and recommendations on the DIY GitOps app release promotion

Kustomize + Helm to pre-render template updating image tags etc per environment
jsonnet (data templating language) to update the container image tags

Other tooling recommendations on GitOps and Kubernetes from community
Toolsets to use that some KubeCon users mentioned

My Particular discoveries of Interest

Meshery
Service Mesh Performance comparison, The meshy does the SMI. Apples-to-apples comparison to a number of service meshes that are currently supported
The Talk: Service Mesh Specifications and Why They Matter in Your Deployment — Lee Calcote & Kush Trivedi, Layer5
OSM — Great talk and a demo with Open Service Mesh
Crossplane — provision cloud platform/ rep resources from within your Kubernetes cluster. Similar to terraform operator. It’s an add-on that supercharges your Kubernetes clusters enabling you to provision and manage infrastructure, services, and applications from kubectl
Harbor — mission is to be the trusted cloud-native repository for Kubernetes, docker container registry cache docs.
Microsoft Demo — shared in discussion — on GitOps workflow and process integration. Interesting modeling around GitHub architecture in the process. Great This session from the last Kubecon shows a project (from MSFT) that visualizes the delivery controller parts.
Spektate Tool
Debug application retrospection
Bedrock CLI — bedrock helps you automate, manage, and observe Kubernetes deployment operations based on Bedrock patterns and principles. GitHub repository here.
Checkov — terraform unit testing — a static code analysis tool.
And now Checkov runs Helm misconfiguration checking as well — blog here.

There. You made it

Oh yeah, if you’re still here, there is also a CNCF Survey 2020 on Cloud Native adoption — most certainly worth a read.

Alrighty, I think this will do.
Connect on LinkedIn or find me on Kubernetes Slack to continue this conversation.

Now that you-know-it-all, share the love. Hope you found it useful to like, share along with your colleagues.

Regs, JP

That’s the CNCF Ecosystem map. And that’s You (or Me) trying to explain how it all fits in nicely together and the use-cases … at the watercooler … to some poor chap who works in Application Design or whatever. Good luck. It’s so gonna happen.