- Hosted by @mauilion
- Recording date: 2019-12-13
- 1.17 is out!
- Check out the release retrospective if you're interested in seeing how the sausage is made
- There is a performance regression
- to try 1.17 in kind!
- kubernetes podcast covers the release with Guin!
- Azure get's an ALB
- Great doc by Daniele Polencic on troubleshooting deployments
- kube-state metrics new release! release notes
- Stackrox dives into new features in 1.17
- My presentation at blackhat with Ian Coldwater is finally up!
- The Podlets!
- Sidecar containers
- Show Outline:
-
The parts and the config reference
-
kubelet tgik.io/086
- client/server auth
- cri and all the other c*i integrations
- kubelet api https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/server/server.go
- configz
- metrics
- theory of operation
- static pods
- PLEG
-
kube-proxy tgik.io/090
-
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/
- auth to apiserver
- iptables
- ipvs
- services
- theory of operation
- configz
- metrics
-
kube-controller-manager tgik.io/093
- init code
- controller code
- control loops!
- attachdetach
- bootstrapsigner
- cloud-node-lifecycle
- clusterrole-aggregation
- cronjob
- csrapproving
- csrcleaner
- csrsigning
- daemonset
- deployment
- disruption
- endpoint
- endpointslice
- garbagecollector
- horizontalpodautoscaling
- job
- namespace
- nodeipam
- nodelifecycle
- persistentvolume-binder
- persistentvolume-expander
- podgc
- pv-protection
- pvc-protection
- replicaset
- replicationcontroller
- resourcequota
- root-ca-cert-publisher
- route
- service
- serviceaccount
- serviceaccount-token
- statefulset
- tokencleaner
- ttl
- ttl-after-finished
- disabled by default:
- bootstrapsigner
- endpointslice
- tokencleaner
-
⚠️ can be skipped!⚠️ - theory of operation
- leader election!
- metrics
-
kube-scheduler
- https://kubernetes.io/docs/concepts/scheduling/kube-scheduler/
- auth to apiserver
- theory of operation
- https://kubernetes.io/docs/concepts/extend-kubernetes/poseidon-firmament-alternate-scheduler/
-
⚠️ can be skipped!⚠️ (So not a security thing!) - leader election!
- direct scheduling
- multiple schedulers!
- configurable!
- metrics
-
kube-apiserver
- auth to etcd
- Other neat etcd tricks!
- auth to kubelet
- How the apiserver handles authentication docs
- certs, jwts, tokens
- Kubernetes components
- People and bots
- How the apiserver handles authorization docs
- [x]
- Admission Control docs
- builtins
- PSP
- Exploring the API.
- theory of operation
- ha docs
- internal apiserver lb
- external apiserver lb
- kubectl get --raw /metrics
- auth to etcd
-
-
General systems stuff.
- show direct scheduling!
- The ways that each are configured/configurable.
- The access patterns for each.
- The authentication mechanisms for each.
- What even is edge vs level triggered?
- What is a watch?
- Why is all this so darn stable?
-