Pizza time

Yesterday I attended a meetup event in Seville organized by the SVK (seville kubernetes) group. The event was held in the offices of Bitnami, now a VMware business.

The agenda for the event consisted in a couple of talks strongly focused on kubernetes, both of which interested me personally.

First one was Deploying apps with kubeapps, a talk by Andres Martinez Gotor, engineer at Bitnami. He presented the kubeapps utility, which is an application dashboard for kubernetes developed by Bitnami. We got a variety of information, from how to use kubeapps, to how this integrates with helm/tiller, and how this works in a multi-tenant enabled cluster. Some comments were added from the security point of view, things to take into account, etc. In general, kubeapps seems easy to install and use, and enables end users to easily deploy arbitrary apps into kubernetes.

My feeling during the talk was that this technology is quite interesting for several use cases, including ours in Toolforge, where we allow users to run arbitrary (mostly webservices) apps in the platform. Enabling operations that doesn’t require users to dive into a terminal is always welcomed, since we offer our services to a wide range of users with very different technical backgrounds, knowledge and experience.

Talk

Next talk was A kube-proxy deep-dive, by Laura Garcia Liebana, engineer and founder of Zevenet. She started the talk by giving an overview on how docker uses iptables to set up networking and proxying. As she pointed out, the way docker does it has a direct influence on how kubernetes does the default networking, in the iptables-based kube-proxy component. On the many ways we have for load-balancing and network design for this kind of environments, kube-proxy uses by default an iptables ruleset that is not very performant. It generates about 4 iptables rules per endpoint which is not great for a kubernetes cluster with 10k endpoints (you would have 40k iptables rules in each node). It was mentioned that some people are using the ipvs-based kube-proxy component to gain a bit of performance.

But Laura had an even more interesting proposal. They are developing a new tool called kube-nftlb, which is a kube-proxy replacement based on nftlb, which is a load-balancing solution based on nftables. It seems kube-nftlb is still in the development stage, but in a live-demo she showed how the nftables rulesets generated by the tool are way more performant and optimized than those generated by kube-proxy, which results in greatly improved scalability of the kubernetes cluster.

After the talks, some pizza time followed, and I greeted many old and new friends. Interesting day! Thanks Bitnami for organizing the event and thanks to the speakers for giving us new ideas and points of views!