The author | hai-yang ding Chen Youkun Li peng Sun Jianbo
News of the industry
CNCF published the blog post “Demystifying Kubernetes as a Service — How Alibaba Cloud Manages 10,000s of Kubernetes Clusters” on its official website. This long article systematically introduces the achievements of Alibaba in Kubernetes from the perspective of why a large number of K8s clusters are needed and how to efficiently manage these clusters.
- GitHub wants to set up a subsidiary in China
Earlier this year, Github reportedly blocked Github accounts in Iran, Syria, Crimea and other regions. With the current us-China trade war in the background, The company behind Github needs to prepare for many possibilities. One question is: Can a Chinese subsidiary really help Microsoft and Chinese developers in the heat of a trade war? However, the open source movement has contributed to current IT technology over the years, and Github is (still) the best place to gather developers. I think every responsible developer, regardless of nationality, should think about what the future holds and prepare for IT.
Important upstream developments
Kubernetes
- Support external signing of service account keys
At present, the K8s Apiserver still reads the keys of the service account from the hard disk and stores them in memory when running. Given that Apiserver now supports authentication and issuance of projected Volume Tokens, we can consider starting to support external issuance and verification of tokens through the API.
- Certificated API improvements
CSR (CertificateSigningRequest) support multiple signer.
Knative
Knative v0.11.0 was released on December 10th. The following two articles will give you a quick overview of the new version:
- Knative Serving version 0.11.0 changed
- Read new Knative Eventing V0.11.0 features
Istio
Istio1.5 under development, code freeze scheduled for January, release in February.
- The much-anticipated Mixer V2 is under development: the Telemetry V2, which uses V8, is expected to reach alpha in version 1.5;
- Introducing better transport security: Istio uses mTLS to provide transport security between workloads within the grid. But some of the architectural choices for Istio today lead to considerable implementation complexity, design confusion, and protocol conflicts. This Proposal points out some existing difficulties and explores possible solutions.
Other content updates:
-
The community’s new Istio Meta API supports Envoy routing: Envoy Extensions, where the author of the Protocol filter only parses metadata (headers) and exposes attributes to the framework; The framework can route traffic entirely based on attributes without any knowledge of the protocol. The proposal is in very early stages of discussion;
-
Istio Config API Versioning Design: Starting with 1.11, Kubernetes supports specifying multiple versions in CustomResourceDefinition (CRD). Conversion Webhook support was in beta in 1.15 and is expected to stabilize in 1.16. Currently, only one version of Istio API is available. As Istio apis become more and more mature, multiple versions need to be supported for each Istio API. This will allow Istio to improve the API while still supporting users who may be using older versions of the API.
Open Source Project Recommendation
- ansible/awx
This is an open source implementation of Red Hat’s internal Ansible Tower system for those interested.
- oam/admission-controller
K8s Admission Controller is an open source project for OAM spec verification. The K8s Admission Controller is designed for OAM spec verification. It can also be used to learn how to write a K8s Admission Controller.
Recommended reading of the Week
AWX is an open source implementation of Ansible Tower, a core component of Red Hat’s Ansible platform for automation, similar to Fedora and RHEL. This article uses an Operator to create and manage a trial version of Ansible Tower.
- Develop a Kubernetes Controller in Java
How to use Kubernetes Java SDK to develop Kubernetes Controller.
- Chaos Engineering: The History, Principles and Practice
Chaos engineering is the best practice to find problems in large-scale complex systems. This paper systematically introduces the history, principles and problems needing attention in practice of chaos engineering. www.gremlin.com/chaos-engin…
- What I learned from Reverse Engineering Windows Containers
Windows was a bit behind when Docker started the container technology bandwagon, but not surprisingly, Microsoft soon released container technology for Windows. In addition to some official documents, technical details about Windows Container are few. In this paper, the author uses reverse Engineering to parse some details about Windows container processes, file calls, system calls, etc. Those who are interested in this aspect should not miss it.
- Highlights from KubeCon US and Re:Invent 2019 + Live WKP Demo
ReInvent Yourself Weaveworks has summarized some highlights of KubeCon US and ReInvent: 2019, but also promote yourself.
- Here’s why Virtual Pods Perform Better than Bare Ones
VMware announced Project Pacific at VMworld. According to their blog, the Pacific Project’s Native Pods, implemented through virtualization, offer an 8% performance improvement over Kubernetes’ Pods on physical machines (bare-metal)! This content is eye-catching because it is not very logical. This article explains the reason for this performance improvement, which is simply the use of NUMA.
- The Path to Knative Serverless: How to achieve Application Hosting with zero Operation and Maintenance and low cost?
As the most popular Severlesss orchestration engine, one of the core capabilities of Knative is its concise and efficient application hosting service. Ali Cloud engineers explained this in detail in the share.
“Alibaba Cloud originators pay close attention to technical fields such as microservice, Serverless, container and Service Mesh, focus on cloud native popular technology trends and large-scale implementation of cloud native, and become the technical circle that knows most about cloud native developers.”