I wrote a little bit about how to do deployment updates without serving errors in #Kubernetes.
Since I don't have a blog, I'll just tweet.
You have some pods, and maybe an load-balancer, too. You want to update the deployment. How to do this "best" in K8s today?
1/
If *I* get confused by #Kubernetes kube-proxy iptables rules, then surely other people do, too. So I documented them in the form of a flowchart.
Any ideas how to make this more comprehensible are welcome.
docs.google.com/drawings/d/1…
Coders often talk about refactoring, but I'd like to see more "prefactorings" - refactoring done to make a subsequent change simpler. Put these into their own commits (or even PRs!) which are verifiably "no-impact". Use them to make your "real" change more obvious and surgical.
A little something I threw together. Work in progress, feedback welcome.
I have seen too many people fail to reason about or communicate clearly about how #kubernetes clusters integrate with their larger network.
speakerdeck.com/thockin/kube…
I've updated my slides on reconciliation in #Kubernetes.
I fixed a few bugs and added a section on finalizers and custom resources.
Somehow it is almost 100 slides, but it's mostly animation, so don't be scared.
speakerdeck.com/thockin/kube…
Kubernetes 1.27.0 has landed. Congrats to all the contributors and super thanks to the hard-working release team.
Now, on to 28!
github.com/kubernetes/kubern…
I believe in the Broken Window Theory for APIs.
Once you allow bad designs into an API, they serve as permanent examples that it's OK to cut corners.
:(
API design deserves attention.
Kubernetes the project doesn't always take a strong stand on how to use it. After a conversation this week I'd like to share one nugget: don't share namespaces.
Most selector-based constructs are bounded by the namespace. If you don't trust someone, don't share an NS with them!
Hey Mozillans? Mozillians? Mozillers? ..people who got bad news.
First, that sucks. Sorry to hear it.
Second, if you are interested in applying at Google, especially Google Cloud, ESPECIALLY Kubernetes and GKE... My DMs are open. Happy to talk, advise, or whatever you need.
A quick something I threw together after a conversation today. I have been meaning to do this for a long time.
speakerdeck.com/thockin/kube…
A very brief look at what we mean when we talk about "reconciliation" in #Kubernetes.
I hope it is useful!
Kelsey, Thank you for everything you have done for Kubernetes and all of the market spaces you have touched. You have an inimitable energy and your insights are like laser beams to the heart of so many issues.
Congratulations and best luck.
I've mostly stayed away from tech topics the last few weeks, for fairly obvious reasons. I'm going to pause that today, because I am proud as hell of the teams and customers behind this one.
15,000 node mega-clusters on GKE.
cloud.google.com/blog/produc…#GKE @GCPcloud
Another one (first draft).
Specifically focused on how to bring traffic into your cluster from "elsewhere".
Feedback welcome.
speakerdeck.com/thockin/brin…
GKE Private Clusters is now Beta!
You can now create fully managed #Kubernetes clusters without requiring public IPs on your nodes.
Thanks to all involved, and to all you EAP customers who give such great feedback.
cloud.google.com/kubernetes-…
I am honestly very excited about #Anthos. I think it strikes a cool balance between OSS technology and managed solutions, starting with a premise I have come to accept as truth - hybrid is reality, and will be for a long time, if not forever.
#GoogleNext19
w00t! Kubernetes v1.10.0 just landed.
github.com/kubernetes/kubern…
This makes 11 releases in less than 3 years. Exhausting! Nice work to the release team. Serious super-heroes, every one.
I'm excited to see GKE Autopilot launch today! I think that this will be an even easier, more streamlined option for a LOT of users to operate. I know I will be moving my tiny personal cluster to it. :)
cloud.google.com/blog/produc…
To celebrate the 5th birthday of #Kubernetes, I'll be doing an AMA on Reddit tomorrow at 12:30pm California time.
teddit.net/r/kubernetes
Bring your hardest and most random questions, and I'll do my best to get them answered (not that I don't do "random" here :)
A lesson that I keep learning over an over.
Avoiding complexity isn't about saying no to hard things or things that seem "niche" or controversial. It's about saying no to obvious, easy things because eventually it all adds up.
I feel like I used to be better at my job than I am now. Faster. Sharper. More insightful, more decisive.
I think what is really happening is that I used to be more confident in my first impressions, and less willing to question myself. Now I know how big of a moron I am.
I am a visual-thinker, so I really appreciate diagrams. I spent a bit of time thinking about pod probes in Kubernetes and drew it up.
speakerdeck.com/thockin/kube…
If you write a tool that takes pathname arguments, and one of those paths is a directory, and the presence or absence of a trailing slash matters, there's a special place in hell for you.
Kubernetes w/ static pod IPs is like peanut-butter and potatoes. Potatoes resemble apples in some ways, but they are not apples. Using them like apples is likely to disappoint.
I'd love to hear about why people NEED to have static IPs? It's 180 degrees from "cloud native".
Lessons about API design that I internalized thru k8s.
1) Breaking changes are easy to do by mistake
2) Explicit > implicit
3) Don't make nothing mean something
4) Version skew is hard
5) Painting yourself into a corner is easy
6) Think hard before guaranteeing non-empty lists
Go Workspaces support for the Kubernetes repo has merged. All of the crazy GOPATH crap is gone.
I am 100% sure this will cause some downstream pain. If you are impacted, please let me know.
A big "thank you" to everyone who works on Kubernetes!! That includes docs and tests and tools and releng and community and outreach and education and everything else.
Kubernetes crossed 100,000 issues/PRs a few hours ago! That is 100,000 times the project has been improved by contributors like you. Thank you all for contributing :tada:
Best prop at KubeCon. I told them that if they gave it to me I would walk around all week and send people to their booth. They were not buying it. I am not going home with a shield.
#Kubernetes people! I need your help.
One of the hats I wear is the "infra workgroup", wherein we attempt to run the things that run the project (DNS, CI, web redirects). Our plate runneth over. We need more volunteers...
1/3
Borg "alloc" -> Omega "scheduling unit" -> Kubernetes "pod".
The name itself was from a brainstorm. Docker's logo is a whale. A group of whales is called a ...
Also, it was short.
The network model was explored in Borg a few years prior, but wasn't feasible at the time.
#Kubernetes v1.11.0 is released! MEGA thanks to the release team. This is our 12th consecutive release with no major explosions in the process.
kubernetes.io/blog/2018/06/2…
Wow, this iptables->nftables transition is bungled. Anyone using kubernetes on sufficiently new distributions that have iptables-1.8.x need to switch to iptables legacy mode.
The kernel impl changed and there's no stable API to it. So if you mix tool versions you are hosed.
The awesome @directxman12 and @misterikkit made these dope earrings for me for #KubeCon. Printed inside is the git hash of my very first commit to k/k.
I was touched, guys. Thanks.
At a hotel. 10 year old asks what happens if he picks up the phone: does it call someone automatically? He picks up the phone, curious. Puts it to his ear: "What's that sound?".
It dawn's on me that he has NEVER in his WHOLE LIFE used a wired phone.
Good piece on adopting microservices (or not!)
I dislike how people tend to conflate #Kubernetes with microservices, though. Kube can do monoliths, too. And stateful!
dwmkerr.com/the-death-of-mic…
4 years ago we started the @ciliumproject. Today, Google announced the availability of Cilium as the new GKE networking dataplane.
What a great honor for everyone who has contributed to the Cilium project and to eBPF overall.
The background story:
cilium.io/blog/2020/08/19/go…
Zoom is total trash. I should not need to download and run a random binary to have a working experience.
Google Meet works fine
MS Teams works fine
Zoom is a flipping MESS. Consumes 2x the CPU in the same circumstances and it is still unusable.
I am first to admit I am working on instinct and hand-waiving at least 50% of the time. The more "senior" I get, the less confident I am in what I say, most of the time.
Since #KubeCon is in San Diego, and (until now) Comic Con was the pinnacle of awesome SD cons, why not give them a nod and have a cosplay day at KubeCon?
What think? Can you imagine: Darth Vader presenting on how to use CRDs to control nuclear reactors? I'd go to that.
Great news: GKE now supports pod autoscaling based on custom metrics, including Pub/Sub queue. This was a frequently requested capability.
cloudplatform.googleblog.com…#Kubernetes keeps delivering. Congrats to all the people involved!
Best thing I have read all week:
"This proposal keeps the best parts of go get, adds reproducible builds, adopts semantic versioning, eliminates vendoring, deprecates GOPATH in favor of a project-based workflow, and provides for a smooth migration from dep and its predecessors."
What I love about #KubeCon: Finish your talk and then spend the next hour in the hallway discussing. :). Thanks everyone who came this year. 8000 of my best friends, all in one place.
Kubernetes people, especially contributors:
groups.google.com/g/kubernet…
We're moving a key piece of infrastructure - k8s.gcr.io - into community hands soon. We're pretty confident in our planning, but there's always a SLIGHT chance things go FUBAR. Feedback welcome.
This is one of those announcements that makes you think "wait, it wasn't GA?". Ingress is a very important (and ancient) API in Kubernetes and I am happy to see it FINALLY go GA. With some cool updates, no less.
After a long time in beta, @kubernetesio Ingress has gone GA in 1.19 🎉 Read more about how it impacts you, and your Ingress Controllers, on this blog by @MrBobbyTables 👉🏼goo.gle/3col1iT
Kubernetes v1.26.0 has been released. Congrats to everyone on the release team (seriously!) and everyone who helped build it.
github.com/kubernetes/kubern…
I feel like I spend all day telling people why the thing they are trying to do can't work. I hate it. I want to be able to offer more positive suggestions, but I don't often have them these days.
All the easy, obvious stuff is done. The current docket of ideas is HARD and UGLY.
GCP supports global load-balancing, across clusters and regions, but using it from #Kubernetes was tricky. Getting better! Check out this cool kubemci demo: piped.video/watch?v=0_Yt_1yI…
As I get ready to leave #kubecon, I just have to say one last thank you to everyone who made it happen. Planners, staff, program committee, speakers, and attendees, and everyone in between. It was humbling to be part of.
If someone from GitHub would like to see examples of how their code-review tooling utterly breaks down at scale, please ping me. I'd love to walk you thru some infuriating stuff.
Being an OSS maintainer is so much fun:
"It's clear I and others here won't change your mind. Maybe in the future someone else will inherit your position and make a different decision."
#Kubernetes image serving infrastructure is being converted from "accessible to Googlers only" to "community owned" RIGHT NOW.
Big props to @linusarver who has done most of the heavy lifting to automate and secure the process and the Google GCR team who have been super helpful!
I am sad to have to write this.
Kubernetes users & tool-builders:
PLEASE DO NOT try to regex match the random suffix of auto-named API objects. The format of that IS NOT specified.
Don't embed data into names and then parse it out later. That's LITERALLY what labels are for.
My #KubeCon is over. I just parted ways with the last dinner crew - old friends and new. Thanks to everyone for being awesome people and for keeping me excited and proud of this project for so long.
See you in Amsterdam!
I have used bash for 25 years and I *just* learned that "local" variables are dynamically scoped.
Despite the name, they aren't local by any sane definition.
And of course, k8s' build depends on this.
Sigh.