Day 2 was jammed packed with people and keynotes. Braden started his day at 9:00 am. The first keynote he attended was Save Yourselves! – Liz Rice, Technology Evangelist, Aqua Security. Which had some interesting tidbits. Like, how easy it is to Own a K8s cluster if you have a cluster admin role.
There was a talk last year about integrating OPA with Istio to control access to services, etc. So the idea of being able to write security policies for your services and also to control your cluster is really appealing. OPA is still really early, last year seems like there was progress but still experimental. Maybe, this is the year it gets to beta and is ready for POC work. Security definitely seems to be a bigger topic.
Keynote: Developing Kubernetes Services at Airbnb Scale – Melanie Cebula, Software Engineer, Airbnb was a phenomenal keynote!
“A lot of things Melanie discussed where problems I’ve noticed and tried to solve.” says Braden, “We recently had started from scratch with re-structuring some internal projects and took a lot of the same approaches. It was nice validation that we are doing things the right way.”
Even if we aren’t at the scale where it makes sense to do all the things discussed. Being aware of the pain points and where K8s can be DRY’d out and made more usable for developers should always be on the front of a good platform or DevOps teams’ minds.
Cortex – Infinitely Scalable Prometheus – Bryan Boreham, Weaveworks was another interesting talk.
With the release of Prom 2.0 last year, there were a number of talks. There weren’t as many this year. Cortex seemed interesting as scaling Prometheus is hard with native Prometheus. They went over their design/implementation.
“I really like that the talk also brought up Thanos, which is another solution to scale Prometheus,“ Braden said. “They are solving problems with similar design ideas. But at a high level, Thanos is using native Prometheus and adding on components to back it scalable and more usable.”
Where Cortex is actually using Prometheus but, in their code base. Prometheus is 1 process, so Cortex was described as a microservice-architectured Prometheus.
“It seemed to be further along, as long as it’s easy to install/maintain I’m really interested. Overall I like some of these approaches better than Thanos. One thing I am curious about is how they bring in updates to Prometheus since Thanos uses native Prometheus as new versions are released I think it should be fairly quick to upgrade (well at least non-breaking changes). For Cortex I assume the maintainers will have to upgrade as they see fit.” says Braden.