Cloud Native Computing Foundation / Cloud Native Rust Day EU 2021

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Allocating Less: Really Thin Rust Cloud Apps - Evan Chan, UrbanLogiq

In this talk I discuss in depth one of the key selling points of Rust for cloud native apps: creating really thin and fast apps or infrastructure layers. To do this, it is important to review and examine the memory allocation choices that we can make in Rust, and how to optimize them and data structures to ensure our Rust apps can reach the ceiling they are capable of.

- Why use Rust for thin cloud apps?
- Review memory usage in Rust
- How to profile Rust apps for memory usage
- Where to look for memory allocations in Rust apps
- Improving rust heap usage through better APIs, improving serialization, getting rid of clones, flattening data structures, etc.
- The effect of switching memory allocators (ie jemalloc) and why you might want to, or not
- A study of JSON processors: memory usage
- Different benchmarking stats to use for memory
- Traits and trait objects: how to avoid allocations and speed up performance (enum-dispatch and friends)

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Apache Teaclave (incubating): An Open Source Universal Secure Computing Platform in Rust - Mingshen Sun, Baidu

Apache Teaclave (incubating) is a universal secure computing platform written in Rust, making computation on privacy-sensitive data on cloud safe and secure. Teaclave adopts multiple security technologies to enable secure computing, in particular, Teaclave is written in Rust to prevent memory-safety issues. It uses Intel SGX to serve the most security-sensitive tasks with hardware-based isolation, memory encryption and attestation. Teaclave is a function-as-a-service platform. With many built-in functions, it also supports a wide variety of tasks on sensitive data like privacy preserving machine learning, private set intersection, etc. Unlike traditional FaaS, Teaclave supports both general secure computing tasks and flexible single- and multi-party secure computation. In this talk, Mingshen will talk about the background, design and how Rust empowers Teaclave's implementation.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Building Cloud-native applications with Rust - the good, the bad and the ugly - Luca Palmieri, TrueLayer

Rust has built a reputation as an excellent systems programming language. Yet more than a few companies have chosen to bet on Rust for a completely different type of software: Cloud-native applications. What does Rust have to offer compared to other established languages (e.g. Java, C#, Python, Golang) when it comes to APIs and message consumers? The talk will walk you through TrueLayer's experience. We will cover what convinced us that Rust was a viable option for our latest product (spoiler - not just performance!), the issues and annoyances we experienced along the way as well as what we believe to be some of its intrinsic limitations for the backend development usecase.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Cloud Native Rust Workshop: Let's go parallel with Rust - Florian Gilcher & Sabree Blackmon, Ferrous Systems GmbH

In this session, we are going to build a small Rust server together. We’ll start with a simple server that accepts and delivers data through a simple TCP protocol.

Then, we will start using threads to parallelise the process. After that, we will rewrite the same project in an async fashion.

This way, you will get a basic feel for Rust and its concurrency features.
To follow the session, I recommend that have Rust installed through https://rustup.rs (rustup may also be available in your distributions package manager) and have rust-analyzer set up.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Cloud-native security in Rust with Keylime - Lily Sturmann, Red Hat

Keylime is a CNCF hosted, open source project that provides a highly scalable remote boot attestation and runtime integrity measurement solution. In early 2021, the Keylime team is wrapping up porting a key component of Keylime, the remote node cryptographically proving its security, from Python to Rust. This session presents an overview of Keylime with a focus on Rust as natural fit for this cloud-native security project.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keyhouse: Production-ready Key Management Service in Rust - Maxwell Bruce & Sergey Shekyan, ByteDance

In this talk, Max and Sergey from ByteDance security team will share their experience of building a production-ready key management system using Rust. It uses Spire to establish mutual trust with the customers and other components, which adds up to the already unique combination of being the only OSS production-ready KMS written in Rust. The system is nearly self-contained, with the exception of the storage system, which is ETCD at the moment. Compared to go its predecessor which is written in Go, keyhouse uses much less memory and CPU cores to secure a large amount of user data. Keyhouse will be open sourced on Github very soon.

Acknowledgment:
We thank Yu Ding as a 3rd author. He will not be a presenter but he contributed significantly to keyhouse.

Yu Ding is a security researcher and engineer. His research interest is security issues around Intel SGX and building security-critical systems. He is a zealot of security oriented software development and dedicated to build a memory safe world.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Leveraging State Machines to Build Operators in Rust - Kevin Flansburg, Moose Consulting

This talk will introduce and demonstrate Krator, a crate for building state-machine-based Operators in Rust. Last fall, the Krustlet team developed a state machine API for describing the Pod lifecycle for their Rust implementation of Kubelet. Based on interest from the community, this API was split out into a new crate (Krator) to allow it to be used to implement arbitrary Operators. First, the talk will walk through the process of developing a simple Operator with Krator, including a live demo. Next, it will explore the API in more detail, including design decisions that were made and how it meshes well with many Kubernetes design philosophies. Finally, it will outline some new and interesting Operator functionality that has been introduced, beyond what was needed to support Krustlet.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Lightning Talk: Streaming Video from WebXR content using Servo - Alan Jeffry, Servo Project

Servo is an embeddable web engine written in Rust, which for a long time was The Other Big Rust Program. One of the strengths of Servo is its ability to deliver immersive content using WebXR and WebGL. This talk introduces the Servo GStreamer plugin, which allows web content to be streamed to low-end devices, including streaming 360 video from WebXR content.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Opening Remarks - Sabree Blackmon, Technical Lead, Ferrous Systems GmBH; Chris Aniszczyk, CTO, Cloud Native Computing Foundation

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Panel Discussion: Rust in the Cloud - Moderated by William Morgan, Buoyant; Ashely Williams, Rust Foundation; Oliver Gould, Buoyant; Carl Lerche, Amazon; Paul Howard, Arm

Speakers: Paul Howard, Ashley Williams, Oliver Gould, Carl Lerche
In this discussion, panelists from several areas in the intersection of the Rust and Cloud Native communities will discuss what's next for the Rust in the cloud. Questions will cover both social and community aspects (e.g. the parallels between cloud native and Rust community ethos), the technical (e.g. the introduction of async/await), and the subjective (e.g. is there anything else Rust needs in order to be successful in the cloud space?).

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Parsec: A New Platform Abstraction for Security - Hugues de Valon, Arm

Parsec is the Platform Abstraction for Security, an open-source initiative that aims to create simple, standardised, ergonomic software interfaces for interacting with hardware-backed security features on any platform in any programming language. Parsec enables key management and cryptographic services to be consumed on rich, multi-tenant platforms to protect Cloud Native deployments in a way that is agnostic with respect to the underlying hardware. This talk will give an overview of the Parsec project as well as its involvement in the Rust community making it easier to interface with HSMs, TPMs and PSA Crypto!

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Rust-based, Secure and Lightweight Container Runtime for Embedded Systems - Manabu Sugimoto, Sony Group Corporation

Linux container is a lightweight virtualization technology that provides isolation and containment for applications. Recently, the container has been adopted by embedded systems because the mechanism is attractive to resource-constrained systems. Unfortunately, the existing container runtimes such as runc do not provide sufficient security and performance for mission-critical embedded systems. This talk presents a rust-based container runtime for embedded systems that enables the container to run at high speed while reducing the runtime memory usage. The runtime has an original fast-startup mechanism that starts the container by leveraging the pre-created container. Furthermore, the runtime offers a fine-grained access control using the new seccomp notify feature. The evaluation shows that the runtime launches the container 7.4x faster with 4.4x less memory usage than runc.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

The Rust Borrow Checker - A Deep Dive - Nell Shamrell-Harrington, Microsoft

The Rust compiler's borrow checker is critical for ensuring safe Rust code. Even more critical, however, is how the borrow checker provides useful, automated guidance on how to write safe code when the check fails. Early in your Rust journey it may feel like you are fighting the borrow checker. Come to this talk to learn how you can transition from fighting the borrow checker to using its guidance to write safer and more powerful code at any experience level. Walk away not only understanding the what and the how of the borrow checker - but why it works the way it does - and why it is so critical to both the technical functionality and philosophy of Rust.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

The Rusty Boat - Matt Butcher & Taylor Thomas, Microsoft

One year ago, our team released Krustlet, a Kubernetes Kubelet implementation for running WASM modules written in Rust. Since then, we've spent plenty of time out on the frontier, implementing full Kubernetes functionality, all in Rust. In this session, we'll cover why we chose Rust and what the benefits and rough edges are. Using code from Krustlet as a practical backdrop, we'll show you how we wrote the core components of Kubelet from scratch and by leveraging various community crates (including gRPC, controllers, volume mounting, and more!) to highlight how you can also use Rust for your next Cloud Native project.

Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Why the future of the cloud will be built on Rust - Oliver Gould, Buoyant

For consideration as a keynote. In this presentation, Oliver Gould, creator of Linkerd---the first CNCF project to incorporate Rust, and a major driver of the early Rust networking ecosystem---will present an argument that the future of cloud software and the cloud native ecosystem will be tied to the Rust programming language. Oliver will argue that, while Go is the lingua franca of the *current* cloud native ecosystem, Rust will be the lingua franca--or at least one lingua franca---of the *future* ecosystem. He will draw parallels between the constraints of cloud environments, the core principles of the cloud native ecosystem, and the principles of Rust itself, grounded in concrete examples from Linkerd's Rust proxy as well as other projects. Finally, he will present a roadmap for the future of Rust in the cloud native world, both as captured by the CNCF ecosystem and beyond.