KubeCon China 2024 Adventure
Ryan Yin
Preface
I had known for a while that KubeCon China would be held in Hong Kong this year, and while I was interested, I initially got deterred by the steep price of KubeCon tickets.
Sometimes you just have to believe in the magic of luck. By a twist of fate, I learned about KubeCon’s ‘End User Ticket Program’ from my friend @Kev and snagged a ticket for free. I also invited three friends from the 0xFFFF Community,@Chever-John,@0xdeadbeef, and@MingLLuo, to join in. We rented an Airbnb in Hong Kong, explored quite a few places in the city, and had a fruitful trip.
I also tried to invite other friends and colleagues, but they couldn’t make it for various reasons, which was a bit of a bummer.
TL;DR
This post is heavy on images and some non-technical content. For friends who are more interested in the tech side, let me give you a quick summary.
After returning from KubeCon, I also watched some other CNCF conference videos, and these are the ones that left an impression:
- Keynote: Cloud Native in its Next Decade - KubeCon Europe 2024: Discussed the future of CloudNative, drawing conclusions similar to what was heard live at KubeCon China.
- Another Choice for Istio Multi-Cluster & Multi-Network Deployment Model - KubeCon Europe 2024: Addressed the pain points of Istio’s multi-cluster solutions and introduced China Mobile’s solution. I’ve always wanted to try multi-cluster solutions but hesitated due to concerns about manageability. This video provided some inspiration.
- DRA in KubeVirt: Overcoming Challenges & Implementing Changes - KubeCon Europe 2024: DRA is a new API in K8s, and this talk showed how to use it in kubevirt to solve some issues. It’s evident that K8s has introduced quite a few new things in recent years.
Based on the three-day experience at KubeCon China and the content of the videos above, here’s my take:
- Almost everyone discussing networking was talking about eBPF, Envoy, and Gateway API.
- Istio’s Ambient Mode attracted many companies that had previously given up on service meshes due to sidecar performance issues.
- Karmada’s multi-cluster management solution has been put into practical use by many companies and was a frequent topic of discussion.
- There were also quite a few talks on AI and WASM, but I found them a bit boring as I’m not very interested in those areas.
- Companies like NIO and China Mobile are trying to apply K8s in edge computing scenarios (smart cars, communication base stations), which seems a bit distant from ordinary internet companies.
- What will the next decade of cloud native look like?
- Technologies like Kubernetes and Service Meshes, which emerged over the past decade, have now become “Boring but useful infrastructure” and will serve as the foundation for other cloud native technology trends, widely used but not undergoing much change themselves.
- Technologies such as AI, eBPF, WASM, and Rust will mature over the next decade, replacing Kubernetes’ current position.
The KubeCon China 2024 conference videos will be added to the following YouTube Playlist for those interested to watch:
- KubeCon + CloudNativeCon + Open Source Summit + AI_dev China 2024 - Youtube The PPTs related to the videos can be downloaded here:
- KubeCon China 2024 - Schedule
Technical Insights
My main focus at the conference was on topics related to Istio and Gateway API. I’ve been researching Istio’s Ambient Mode recently and wanted to gain a deeper understanding of the implementation details and trade-offs from the conference.
The three days of talks met my expectations well. Core contributors to Istio/Envoy Gateway/Ingress Controller shared the latest advancements in these projects, as well as implementation details and future development directions.
Ambient Mode is in beta and was a focal point for me. Here are some key points I’ve gathered:
- istio/ztunnel: A userspace L4 proxy that only
handles L4 traffic.
- ztunnel establishes connections separately with upstream and downstream, turning a single connection into three (A <=> ztunnel <=> ztunnel <=> B), which incurs performance overhead.
- Since all traffic is forwarded through ztunnel, updating it can cause a brief traffic interruption. A good solution might be to use a recreate update strategy and roll out updates to all nodes in a node group.
- ztunnel’s use of the HBONE protocol enforces mTLS, which cannot be turned off, adding performance overhead in scenarios where security is not a concern.
- istio/proxy: An L7 proxy based on Envoy, deployed
separately as a waypoint in ambient mode to handle L7 traffic.
- In the waypoint architecture, the proxy and the upstream/downstream Pods are likely on different nodes, leading to an additional network hop compared to the sidecar model, which may result in performance loss and increased cross-Zone traffic.
- Both the waypoint and sidecar are envoy, and the goal is to reduce the number of envoy containers to decrease resource consumption.
And some other solutions:
- kmesh: Similar to Ambient Mode in architecture, it uses eBPF exclusively for the L4 proxy, offering better performance as eBPF modifies network packets directly in the kernel space without establishing separate connections with upstream and downstream. Also, eBPF program updates do not interrupt traffic.
- cilium service mesh: Features a per-node
proxy with L7 envoy proxy running on each node, unlike the waypoint deployed separately
via deployment. However, it has some issues:
- The per-node proxy cannot flexibly adjust resource usage, potentially leading to resource wastage.
- All traffic on the same node is processed by the same envoy proxy, unable to achieve namespace-level traffic isolation like the waypoint.
- It is tightly bound to cilium cni and can only be used with cilium cni.
- It is said to be more complex to use?
Overall, KubeCon was a great opportunity to learn about the latest trends in the industry, meet developers of projects, and network with other tech professionals. It helped broaden my technical horizons, maintain my enthusiasm and motivation for technology, and avoid being insular in my company’s business.
Itinerary
Accommodation
Since we were staying in Hong Kong for three days, accommodation was a necessary consideration. My friends, who had experience with travel and lodging, helped us find an Airbnb not far from the conference venue. The experience was quite pleasant; the room was clean, tidy, and had a certain charm. Although I found it a bit small, my friends said this space is the standard for a family of three or four in Hong Kong and was much better than hotels in the same price range.
Day 1
Even though we booked our accommodations in advance and did some homework, we hit a snag
on the first day – persistent rain in Shenzhen led to @Chever-John’s flight being canceled
outright, and even the replacement flight was delayed. He arrived at the venue on time,
but he had only slept for two hours and didn’t get to stay at the hotel he booked in
Shenzhen the night before. On the first day, he seemed pretty out of it during the
sessions. But hey, no worries – ~at least I got to enjoy the talks to the fullest.
Back to the main event, after picking up our badges, we kicked off our three-day KubeCon China adventure.
The technical content has been summarized earlier, so here I’ll just share some photos.
The main hall corridor, not a bad view of the sea
The corridor leading to various meeting rooms, the hotel service was spot on
Tea break during lunch, well-fed and watered
Chilled drinks were also on the house, awesome
Several bigwigs discussing the future of Istio and Gateway API
In the evening, @Mingluo took us on a tour of the Eslite bookstore in Hong Kong. The bookstore had several floors, but there weren’t many books that caught my interest.a
Afterward, we visited a bunch of electronic malls and anime merchandise stores, which was quite an eye-opener for me.
The cover of 'The Child I Pushed'
Another book cover
Lots of anime piano scores, including 'April is My Lie'
Not sure where we ended up, anime merchandise everywhere
Light novel bookstore 1
Light novel bookstore 2
Light novel bookstore 3
That’s about it for day one – a bit of tech talk, some evening exploration in Hong Kong, and then back to rest.
Day 2
Loads of CNCF stickers, free to take, and I grabbed some for my colleagues too
My collection of CNCF stickers
The day started with a talk by Huawei, introducing the innovative solution of Kmesh. The technical details were presented very well. If you want to check out the PPT and video, head over toRevolutionizing Service Mesh with Kernel Native Sidecarless Architecture - Xin Liu, Huawei Technologies Co., Ltd.
Huawei presenting Kmesh
How Kmesh achieves hot updates without disconnecting using eBPF
I also listened to Mr. Jintao Zhang’s talk onA Decade of Cloud Native Journey: The Evolution of Container Technology and the Kubernetes Ecosystem - Jintao Zhang, Kong Inc.
Jintao Zhang, a veteran in the industry, has been playing with Docker since early days
In the evening, we took a casual walk and explored the city, checking out the night view by the Hong Kong seaside.
Hong Kong's night scenery, quite bustling
Bright lights and bustling crowds
Came across the Commercial Press on the way
Day 3
The highlight of the morning on the third day was the interview with Linus. Getting to see him in person made my trip complete!
Linus
There weren’t many topics that caught my interest on the third day. After Linus’s interview, I just wandered around, took a group photo with a few friends, and then took the subway home.
Our group selfie
Our PC and Shark selfie
A friend of mine attended a TiDB talk, and the PPT looked pretty interesting, lol.
TiDB
After three days of walking around the project exhibition hall, I scored four canvas bags, three T-shirts, and a bunch of other small gifts. The food and drinks were more than enough, no need to mention that. Also, I’ve read online that the service industry in Hong Kong has a bad attitude, but this hotel might have been of a higher star rating, and the experience was quite good.
All in all, the experience was quite enjoyable, and I’d love to come back next year if I have the chance! Love you, KubeCon China & Hong Kong!