Containers
Advanced BPF kernel features for the container age
BPF is becoming ubiquitous in today's modern container environments and thanks to the fast pace of innovations from Linux kernel developers in the BPF subsystem, cloud native networking software such as Cilium is able to bring these extensions to a mainstream user base for improving throughput, latency and reliability of workloads and services. This talk provides a deep dive on recently added BPF kernel as well as Cilium extensions for Kubernetes environments which significantly reduce application tail latencies with the help of the earliest departure time (EDT) model for egress bandwidth management. Furthermore, recently added BPF redirection helpers are discussed which offer a low-latency switch into Pod network namespaces. Last but not least the talk also covers how Cilium's BPF kube-proxy replacement improves reliability for its high-performance XDP-based north-south service load-balancing through a BPF-based Maglev consistent hashing implementation. We'll discuss our path towards implementing these features, our lessons learned as well as future follow-up work.
Additional information
| Type | devroom |
|---|
More sessions
| 2/7/21 |
Operator SDK is a solid foundation for building robust applications for Kubernetes; one of such applications is the VM import operator (https://github.com/kubevirt/vm-import-operator) allowing Kubernetes administrators to easily import their oVirt-managed virtual machines to KubeVirt. In this talk, the speaker will show how his team used Operator SDK to build the VM import operator and how that operator can be used.
|
| 2/7/21 |
What are we going to do without Docker inside Kubernetes clusters?
|
| 2/7/21 |
Containers are a central point for the MariaDB buildbot (buildbot.mariadb.org). In fact, almost all our builds run in Docker containers. In this short presentation, I will talk about the container environment used in order to build MariaDB from source both on Linux and Windows. Then, I will present some of the challenges associated with running Windows in a Docker container and finally I will focus on some of the advantages of having a container based continuous integration infrastructure.
|
| 2/7/21 |
On most POSIX systems including Linux file ownership can only be changed globally, i.e. for all users through the chown*() syscall family. In this talk we will introduce idmapped mounts. Idmapped mounts allow to change the ownership of files under the mounts they appear in.
|
| 2/7/21 |
DBaaS is the fastest growing way to deploy databases. It is fast and convenient and it helps to reduce toil a lot, yet it is typically done using proprietary software and tightly coupled to the cloud vendor. We believe Kubernetes finally allows us to build fully OpenSource DBaaS Solution capable to be deployed anywhere Kubernetes runs - on the Public Cloud or in your private data center. In this presentation, we will describe the most important user requirements and typical problems you would ...
|
| 2/7/21 |
Although Kubernetes is the leading container orchestration solution, it does not necessarily solve all container management-related challenges that one might face. Leaving fashions aside, some other technologies may actually be a better solution for some use cases and projects. Kubernetes is actually a very complex technology, with limited support for multi-tenancy and lacking secure isolation between tenants. Kubernetes does not offer cloud-like self-service provision features for users either. ...
|
| 2/7/21 |
Until now, you could define seccomp policies in Kubernetes to allow or deny system calls but not much more. The new Seccomp Notify feature in Linux 5.9 will enable more complex policies and the ability to write your own agents to handle new use cases in Kubernetes. Attend to find out why and how!
|
