The first day of KubeCon + CloudNativeCon was an exciting one. Especially for our cloud staff engineer, Braden Wright, who is representing Root Level Technology at the event.
Braden attended a few keynotes and provided feedback for a few talks.
Braden mentions the talk “wasn’t very good. Basically, a need to know about external data and need a way to control who accesses. Reminds me of what Palo Alto was addressing with DataCenters with NGFW’s.”
Braden wasn’t a fan of this talk either.
“Only 1 interesting slide about using K8s to manage other K8s clusters / management layer.”
“Envoy Deep Dive was freaking packed, the room was so full that people had to sit on the floor,” says Braden. “Deep dive was the first good talk in my opinion. Provided nice details about what’s coming, different ways of running, optimizations, etc.”
- In large Istio deploys, 80-90% of memory consumed by Istio/Envoy is for stat
- Envoy can be deployed in any way that a L7 proxy can
- Sidecar approach has a lot of talk because of K8s/Istio. Today, there are more production installs running on Standalone Envoy
- One big issue that needs to be solved is Istio passes around configuration details about the entire mesh. There is work being done to either: (A) be more declarative so you get only the Configuration you need, or (B) lazy load configuration. This year we should start to see more topics about optimizing Envoy running, and running at large scale.
- While Envoy helps hide the implementation of cluster wide concerns like timeouts/circuit breaking, these setting can easily be overridden via headers in http request to make testing different configurations easier.
“Rightsize Your Pods with Vertical Pod Autoscaling – Beata Skiba, Google was a good talk.”
Right sizing your pods currently is not an easy task.
“It should be in beta any day now, while its not ready for production use I think it could be really useful to run in ‘OFF’ mode, in this case VPA will give you recommendation for `resource requests`. In `OFF` mode its only recommendations but won’t do anything destructive. This could be a really great way to help you right size your pods until VPA becomes stable and trusted for destructive tasks.” says Braden.