[Cover Image Credits: KCD Chennai]
Attending KCD Chennai was a fabulous experience. I got to connect with folks who I knew from the Twitter tech community. The day started with registrations and a brief on the agenda of the planned talks throughout the day.
After the kick-off by the organizers, the event officially commenced with an interesting panel discussion revolving around the nuances of platform engineering. The discussion began with understanding - what is cloud-native, the need for Kubernetes clusters, does it fit your use case.
The discussion was more open-ended and opinions were shared both from experience and hypothetically addressed when it came to standardization in multi-cloud strategy and challenges. Leading with the ideas for automated application deployment and package management and the emerging need for internal developer portal with organizations which was backed with the net value add it provides for certain abstractions.
Followed by 2 energizing keynote addresses:
Need for Cloud Native Push by Vishnu Sharma
- Navigating through the cells of lifecycle management, agile development, increased velocity to fasten the deployment cycles, and orchestration of workloads - Vishnu explained the essence of how cloud native is fueling customers' business imperatives, helping integrate next-gen technologies and making businesses future-ready.
Taking control of the reliability of your cloud-native services by Uma Mukkara
- Uma took us through the details of DevOps Challenges, Retaining reliability, performing chaos on Cloud Native services to ensure better resilience through the process of how chaos is done, what approaches are to be considered while doing chaos, how to achieve chaos maturity and how resiliency score is supposed to be measured and by bursting some myths.
We then had a small break for some tea/coffee and biscuits. It gave us a chance to interact with speakers, other attendees and participate in the Quiz. There were Tata Communications, Nginx, Snappy Flow, Talentship and Zoho booths.
After the break, the sessions resumed with the talks for the day:
Anand @anafrajosep shared on ArgoCD GitOps in a multicluster setup using Open Cluster Management (OCM).
- He explained how using the OCM approach, applications can be easily deployed to all of the clusters, a subset of clusters based on filters, or certain selected clusters enabling consistent configuration management in a multicluster or multi-cloud environment.
Sidecar pattern in KEDA to provide better security and access control using Azure AD Workload Identity by Karthikeyan
Karthikeyan talked about autoscaling in general - HPA, VPA, differences and the need for Event-driven scaling. Although his talk focused on Azure AD Workload identity, the pattern he explained could be easily replicated for other identities as well. He then shared the benefits of using the sidecar pattern and Azure AD Workload Identity in serverless architectures and how to set up KEDA to use a sidecar with Azure AD Workload Identity.
He also shared a little bit about his book Developers-Road-ahead which has his lessons on becoming an architect.
Securing Kubernetes: Best practices and effective strategies by Nilesh @Nilesh_93
Nilesh talked about the Kubernetes attack surface layers, different sources of access that can be gained for exploitation, and how to go about securing the Kubernetes control plane by implementing hardened RBAC and network policies, leveraging security contexts and pod security policies, and integrating with identity and access management systems.
Configuration scanning with Checkov, Conftest, Kubesec
Image vulnerability scanning (Trivy)
Container hardening (remove shell as part of start-up probe, make file system read-only, run as NonRoot)
We then broke for lunch. I took a small walk around and clicked a few pictures. Back with high spirits after eating food, we went back to the main hall for the next series of talks.
TcpDumping your pods using Kubesniff and Wireshark by Leon
Leon talked about how tcpdumping is more commonly done on nodes compared to pods. He shared details on the available tools that can be used for tcpdump - kubesniff, wireshark, kubeshark, tshark, sysdig
He highlighted the key aspected of traffic analysis, network forensics, and how packets can be followed visually through wireshark, and explained the terms like - SYN, ACK, and FIN.
He also briefly shared on Gloo Edge, Envoy-based API Gateway that provides a Kubernetes CRD to manage Envoy configuration for performing traffic management and routing.
Constructing a Heterogeneous K8S Control Plane with Konnectivity by Tamil
Tamil started by sharing about the Kubernetes control plane, communication between controller and worker node and how it needs to be bidirectional along with the need to be within the same datacenter, L2/L3 network domain.
He further explained the benefit of disaggregated design that provides cluster administrators with a much higher available environment, in turn securing controller components and allowing tenants to manage their data plane with self-service node resources and computing environment.
Encrypting Secrets in Kubernetes Clusters using KMS by Chirag
@chiragkyal and Swarup @SwG_Ghosh
- Chirag and Swarup shared the process of leveraging the Kubernetes KMS feature for protecting secrets against attacks like etcd compromise and host compromise
The Cornerstone of Modern Data Engineering by Abhishek
- Abhishek took us through the Modern data stack components, Data Orchestration, and tools used in Data Acquisition, Integration, Analytics and Activation.
From Chaos to Calm: Improving Service Mesh Reliability by Atulpriya
@TheTechMaharaj- Demo showcased the use of @LitmusChaos along with @KialiProject to enable Observability and Reliability on service mesh
Hitchhiker's Guide To Kubernetes Networking by Abdul
- Abdul Underlying networking key constructs explained with examples (v-eth pairs, bridges and iptables)
Leveraging OIDC to Secure Kubernetes Clusters by Akanksha
- Akanksha shared about OIDC setup and configuration with Kubernetes, the authentication workflow, and the benefits of using OIDC as compared to other authentication mechanisms.
Pranav @theBeginner86 shared how Meshery is revolutionizing Kubernetes operations, enabling seamless orchestration across multiple environments.
Rohit @ghumare64 and Vinuja @VinujaKhatode talked about how Kubernetes acts as a catalyst in the evolution of MLOps and discussed how Kubeflow simplifies ML workflows on K8s, offering scalability & portability.
Unlocking the Secrets of Cluster API and Its Providers by Aniruddha @aniruddha_2000 & Subhasmita @iam_subhasmita
- Subhasmita and Aniruddha made us understand why clusters need to be managed and how to Bootstrap Kubernetes clusters effectively by sharing provider examples. More details on Concepts - The Cluster API Book (k8s.io)
Despite being a packed event, organizers made sure that the talks were well-paced and that there were enough breaks and opportunities for candid interactions among the attendees.
Many thanks to the organizing team of @kcdchennai for making #KCDChennai2023 memorable and awesome for us!
Follow #KCDChennai2023 - Twitter Thread for all updates shared by organizers, speakers, and fellow attendees.