Cloud Native Computing Foundation / KCD UK 2021

A message from our Charity Partner: Protect Earth

Although k8s clusters manage workloads dynamically, evidence shows that many clusters are still managed as "pets". In this talk Paul will examine how the k8s Cluster API lets us treat clusters more dynamically using GitOps. We will also explore a different analogy - Bonsai vs Coppice.

Microsoft recently developed a solution providing 5G to customers, running in on premises Kubernetes managed through Azure. This talk goes over what we did, and answers some of the interesting questions.

What is 5G anyway? Why would anybody want to buy this? Why is Kubernetes such a good fit for 5G? Why manage on premises software through Azure? With Kubernetes on the edge, how do you upgrade and install remotely? How does the networking work where you have edge, cloud, and radio networks, especially when you need fast networking, none of which is natively supported in Kubernetes?

Closing remarks from the organisers of the festival.

What if we can detect abnormal behavior in the application, container runtime, cloud & cluster environment using the same method? In this talk, we’ll present Falco, a CNCF project for runtime security.

We will show how to use Falco to tap into Linux system calls, the Kubernetes audit logs, and cloud events to provide low level insight into application and platform behavior, and how to write security rules to detect abnormal behavior.

Falco is also featured in the CKS exam curriculum, so this session should be useful not only for securing your cloud native infrastructure, but also in passing the CKS!

Join best-selling author Nigel Poulton and learn what Kubernetes is, why it's central to the future of cloud-native infrastructure and applications, and what it means to your career. The live session will include live Q&A where all questions are good questions.

The world of Kubernetes security can seem a bit daunting when you're getting started, with a load of areas to look at and a panoply of tools that can be used.

From authentication, to authorization, workload security and network policies, there's a lot to think about. This talk will help you work out where to start, give you some ideas on what's likely to be important for your cluster and talk about some of the key open source projects you can use to keep your environments secure.

If you're running your container workloads on AWS EKS orchestration platform and you are trying to dynamically provision workload resources based on the current load, you might find yourself in a position where limitations and rules of node group scaling might feel a bit too rigid.

This talk will focus on an interesting node lifecycle management solution from AWSlabs called Karpenter, which is an alternative approach to probably the most frequently used Cluster Autoscaler. Is this a better and more efficient way of allocating worker node resources? Would that get you around some of the node group constraints?

The project hasn’t reached GA stage yet and still has to solve some goals from the roadmap, but Marko thinks it has a lot of potential. We will look into what the current release has to offer and how is it dealing with this challenge of improving efficient dynamic workload provisioning.

Did you know that the UK is one of Europe's biggest contributors to open source and is the 5th biggest contributor to the CNCF?

In this talk, Amanda will introduce OpenUK, its recent OpenUK Report and survey, and will describe why governance, sustainability and open technology is so important. She will review how Brexit and geopolitical shifts have impacted open source technology, and provide information on training and mentoring programs, as well as available apprenticeships and kids camps.

Kubernetes is a powerful and highly configurable tool, but by default it's extremely insecure. In this live hacking session, I'll show how an attacker can expand the blast radius of an application exploit through to control of the entire cluster whilst demonstrating the misconfigurations which allow this to occur and showing how you can avoid these scenarios in the real world.

Welcome to Day 2 of Kubernetes Community Days 2021!

Is your idea of fun sitting in front of a camera, live streaming to the internet, debugging and fixing a broken Kubernetes cluster? Doubtful.

What if these Kubernetes clusters were intentionally broken by members of the Kubernetes community, tasked with making your chances of fixing said clusters as slim as possible?

Join us today to learn the key methods, tools, and takeaways David has learnt fixing over 50 Kubernetes, live on his series: Klustered

This whole story began with Docker. It began with Docker because developers simply loved it. It began with Docker because of the grass roots developer driven adoption of containers. It began with Docker because we needed to find new ways to deploy, run and manage applications using containers.

In this talk Hannah will reflect on the origin story of Kubernetes, and how Developer Experience is playing an increasingly important role in organisations today. Sharing stories of success (and sorrow) to help you as you build and launch your own platforms.

eBPF is quickly becoming one of the rising stars within the cloud-native observability and security ecosystem. eBPF is a Linux kernel sub-system that allows you to develop and execute sandboxed programs within the Linux kernel, without ever having to touch the kernel source code. eBPF has applications in the areas of networking, performance profiling, monitoring, and security.

In this talk, attendees will learn how they can get started with leveraging the power of eBPF in Kubernetes cluster security. We'll be starting with an introduction to eBPF and its architecture, then we'll learn how we can write our first eBPF program. From there, we're going to jump into some of the practical security applications of eBPF within the context of a Kubernetes. The possibilities are many, but time is unfortunately few - but by the end of this session you will be equipped with the requisite knowledge and inspiration to get started with eBPF in your own Kubernetes environments!

This talk will be about the importance of tracking dependencies in a large project like Kubernetes and about "depstat" which is a tool created to track dependency updates to the Kubernetes codebase. The Kubernetes repository receives many pull requests each day many of which bring dependency changes with them. Most of the time, the maintainers manually have to spot these changes, determine their effects on the overall dependency tree, and then ping the pull request authors to take action.

To avoid this and help better track the dependency updates, depstat was created. depstat is an upstream project which analyzes dependencies for go modules enabled projects. It currently runs as part of a prow job in the Kubernetes code repository and provides four crucial dependency-related metrics. "depstat" also provides the ability to analyze dependencies visually by creating a graph.

With the spread of micro services, it becomes a best practice to manage the authentication at the Edge (using an API gateway) instead of implementing it independently for each service. But this approach also introduces new challenges:
- how does the application know who the user is ?
- how can the application get more information about the user ?
- how can the application force a logout ?
- what about the authorization ?

In this talk, Denis will cover the different authentication mechanisms (OAuth, JWT, ...) and show how to overcome these challenges with practical examples and demos (passing user information using headers generated from claims, performing authorization with OPA, ...).

A message from our charity sponsor Stemettes.

The Cloud Native technology landscape keeps evolving and expanding at a rapid pace. Some technologies that were considered must-have a few years or a few months ago are soon being considered obsolete. The race to learn, explore and adapt the latest technology is always on and could seem exhausting. The one thing that is always there is the community.

Whether you are new to your cloud native journey or very experienced, the way to grow is by learning from the community around you. In this talk we will look at how community is more important than technology and how you can start your own community or expand and grow your existing community.

Teams delivering high quality experiences to customers are critical to your business and they need to be as productive, efficient and supported as possible. But with multiple teams in your organisation with differing requirements, how do you balance flexibility with complexity and support a platform that provides the tools required on-demand, whilst also minimising duplication and cognitive load?

In this talk, Paula will describe this “Platform Gap” challenge that many organisations face and provide recommendations on how to solve this by reviewing and improving team interactions. She will explain how your internal platform can be used to support this model whilst still focusing on delivering a delightful experience to the users of the platform through applying product management practices.

Lewis Denham-Parry from Cloud Native closes Day 1 with a special pub quiz.

The direction of travel of climate-intelligent hosting will spell the end for Kubernetes in its current form. Can the community save it? An overview of the issues currently being addressed for green hosting and what the big players are doing. Can Kubernetes keep up? Is it even possible for the orchestrator to survive in the new world?

In this talk Cheryl Hung discusses her journey inside CNCF, home of Kubernetes and one of the top open source foundations, some hard truths about community, and thoughts about the future of cloud native.

Setting up networking for one Kubernetes cluster can be a challenge but it becomes even more fun once you add multiple clusters into the mix.

In this talk we’ll go over the solutions that RVU (Uswitch) came up with to allow their applications to talk between clusters and the rationale behind them, from building their own tools like Yggdrasil for multi-cluster ingress to implementing other tools such as Cilium for multi-cluster services.

We’ll see what benefits and drawbacks the different approaches can have and also explore why we opted to avoid using a traditional service mesh to achieve our multi-cluster networking goals.

A software bill of materials, or SBOM, is a list of components that make up a given application. Think of it like a list of ingredients on food packaging. Understanding what the software you're running consists of is useful for lots of use cases, from license compliance to software supply chain security. Although not a new idea, we’re at the point where SBOMs are about to go mainstream.

In this talk we will:
* Quickly introduce SBOMs and the problems they solve
* Look at some of the competing standings like CycloneDX and SPDX
* Survey existing open source tools for working with SBOMs, with a focus on Kubernetes and the Cloud Native ecosystem
* Discuss what’s missing, including mature open source libraries, and what the community can do about it The audience should come away with a sense of where things might be heading and some interesting ideas and demos to experiment with.

In the fight against climate change researchers need to collect, analyse and communicate about vast amounts of data.

In this talk Katie will introduce you to the types of data being used to save the world and the importance of collaboration and open data in science.

Welcome to Kubernetes Community Days UK 2021

Over the course of two days we will share stories of people using these technologies, both successes and failures - through in-depth technical talks, demonstrations of open source projects and workshops. The full agenda and speaker line-up is shown below.

The original supply chain attack was described in Reflections on Trusting Trust 35 years ago. As attacks from SUNBURST to REvil abuse the same implicit trust relationship between consumers and vendors today, we ask ourselves: does cloud native have the answer?

We live demo supply chain compromises against containers and open source software, then detail a Kubernetes Software Factory approach based on work from the US Air Force and DoD to sign, seal, and deliver potentially hostile code safely to production.

In this talk we: - Demo assorted supply chain attacks against cloud native systems - Showcase work to build a Kubernetes Software Factory with Tekton - Deep dive on signing and verification approaches to securely build software with in-toto, TUF, SPIFFE, SPIRE, and sigstore - Detail future cloud native solutions to harden Kubernetes, builds, and infrastructure

Because friends don't let friends take raspberry pi's into pubs. As the world (hopefully) continues to open up, who wants to be sat at home / in the office / it's all the same thing?! Or if staying home suits you just fine, novelty is a great way to make learning even more fun.

The Pine64 / PostmarketOS / Mobian / Librem communities are doing great stuff bringing mainline linux to smartphones. A k8s cluster in your pocket is now yesterday's reality. All and every free moment can now be spent studying for the CKx exams, if you have a few hundred pounds spare and the desire to do so.

Having explored the art of the possible with k8s/qemu/stock android more recently Ewan has been doing stupid stuff in the Mobian ecosystem on Pinephone & Oneplus6. A portable way to experiment and explore k8s, CNI deps on kernel names, and more! But let us remember what's key: a k8s lab that is pub ready!

No description provided.

No description provided.