22 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro: Harbor - Enterprise Cloud Native Artifact Registry - Alex Xu & Steven Ren, VMware
As container technology becomes widely adopted in the industry, how to manage containerized applications poses new challenges to platform engineers. One of the challenges is to securely and efficiently manage containerized application packages with either container image or Helm Chart format. Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. In this presentation, we will focus on the management of container images and Helm Charts through Harbor. We will review and provide solutions to the challenges faced by organizations, including RBAC (Role-Based Access Control), content replication, pluggable vulnerability scanning, large scale content distribution, content trust (notary), webhook, tag retention, online GC and DevOps integrations, etc.. Real-world use cases will be discussed in the session. Of course, fantastic demos will be shown to let you easily understand the related use cases.
https://sched.co/Zewj
Intro: Harbor - Enterprise Cloud Native Artifact Registry - Alex Xu & Steven Ren, VMware
As container technology becomes widely adopted in the industry, how to manage containerized applications poses new challenges to platform engineers. One of the challenges is to securely and efficiently manage containerized application packages with either container image or Helm Chart format. Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. In this presentation, we will focus on the management of container images and Helm Charts through Harbor. We will review and provide solutions to the challenges faced by organizations, including RBAC (Role-Based Access Control), content replication, pluggable vulnerability scanning, large scale content distribution, content trust (notary), webhook, tag retention, online GC and DevOps integrations, etc.. Real-world use cases will be discussed in the session. Of course, fantastic demos will be shown to let you easily understand the related use cases.
https://sched.co/Zewj
- 2 participants
- 32 minutes
22 Sep 2020
The Common Configuration Scoring System for Kubernetes Security - Julien Sobrier, Octarine
The Common Vulnerability Scoring System (CVSS) is widely used to score vulnerabilities found in docker images. But how do you score the risk level of an entire workload, with its runtime configurations, network configurations, Pod Security Policy, privileges and capabilities added, etc.?
Julien will explore the Kubernetes Common Configuration Scoring System (KCCSS), an open-source framework to calculate risk scores for Kubernetes workloads, and kube-scan, an open-source scanner that implements the KCCSS. Based on CVSS, it categorizes risks associated with each runtime setting while considering how settings affect one another, and offers a global risk score for each workload—not just for individual settings. Attendees will learn how the KCCSS works, how it’s being used by end users for DevSecOps, and best practices for bullet proofing their own K8s applications.
The Common Vulnerability Scoring System (CVSS) is widely used to score vulnerabilities found in docker images. But how do you score the risk level of an entire workload, with its runtime configurations, network configurations, Pod Security Policy, privileges and capabilities added, etc.?
Julien will explore the Kubernetes Common Configuration Scoring System (KCCSS), an open-source framework to calculate risk scores for Kubernetes workloads, and kube-scan, an open-source scanner that implements the KCCSS. Based on CVSS, it categorizes risks associated with each runtime setting while considering how settings affect one another, and offers a global risk score for each workload—not just for individual settings. Attendees will learn how the KCCSS works, how it’s being used by end users for DevSecOps, and best practices for bullet proofing their own K8s applications.
- 1 participant
- 29 minutes
22 Sep 2020
Uncharted Territories: Discovering Vulnerabilities in Public Helm Charts - Hayley Denbraver, Snyk
CNCF projects are making investments in security (including the recently open sourced security audits of both Kubernetes and Helm). Helm is an interesting case study because both the security of Helm as a tool and the security of Helm Charts are important considerations for users. What do we know about the security of individual Helm Charts, what can we find out, and how does that change how we approach the project? All these questions and more will be addressed as we plot course to Helm Chart security.
CNCF projects are making investments in security (including the recently open sourced security audits of both Kubernetes and Helm). Helm is an interesting case study because both the security of Helm as a tool and the security of Helm Charts are important considerations for users. What do we know about the security of individual Helm Charts, what can we find out, and how does that change how we approach the project? All these questions and more will be addressed as we plot course to Helm Chart security.
- 1 participant
- 32 minutes
15 Sep 2020
Amazon EKS has quickly emerged as a leading choice for machine learning workloads. In this session, we’ll walk through some of the recent ML related enhancements the Kubernetes team at AWS has released. We will then dive deep with a walkthrough of the TorchElastic Controller for Kubernetes, a new open source collaboration between the Kubernetes team at AWS and the PyTorch team at Facebook, the TorchElastic Controller for Kubernetes, which addresses these limitations and unlocks new capabilities with PyTorch built models and Kubernetes distributed training, including the ability to train on EC2 Spot instances, run jobs that are resilient to hardware failures, and dynamically scale jobs based on cluster resource availability. For more information, read the launch blog: https://aws.amazon.com/blogs/containers/fault-tolerant-distributed-machine-learning-training-with-the-torchelastic-controller-for-kubernetes/
- 1 participant
- 12 minutes
15 Sep 2020
Ever run code in CI/CD and builds pass only to fail during deployment? This presentation will discuss the advantages of Smoke Test patterns in CI/CD pipelines using Infrastructure as Code (IaC). Learn how teams can leverage automation to ensure apps are tested live in target environments which provide valuable insights pre-deployment. Angel will demonstrate how to leverage IaC to provision infrastructure, deploy apps, test then destroy all the resources created in a single CI/CD pipeline run.
- 1 participant
- 16 minutes
15 Sep 2020
Dell EMC Enterprise Storage and Data Protection solutions come with all the required Kubenernetes integrations for workload deployment, data management and protection as well as migration across the hybrid cloud. In this three-part demo we will cover some key enterprise capabilities of the Dell EMC storage and data protection solutions for Kubernetes workloads. The first part covers how CSI snapshots can be used to repurpose production data for test and dev environments. The second part shows the deployment of a YugaByte database based application deployment using VVOLs on PowerStore with VMware Tanzu Kubernetes Grid. Finally, in the third part, we show complete application protection of a MYSQL workload with application consistency and use the backup copy to spin the entire app on a new Kubernetes cluster all on AWS.
- 2 participants
- 15 minutes
15 Sep 2020
Join Elastic for our virtual demo session, get access to custom content, grab exclusive virtual swag, and chat with real people.
In this video, we’ll give a quick introduction to Elasticsearch (the free and open, scalable, and highly-available search engine and datastore) and how it powers use cases like Enterprise Search, Observability, and Security.
We’ll demonstrate how the applications that power Elastic Observability (Logs, Metrics, APM, and Uptime) consolidate the event streams from your Kubernetes, cloud and physical infrastructure, Prometheus, and other CNCF projects and services with your application traces in a fast, scalable, and unified data store.
Learn how to spin up an Elastic Stack cluster with Elastic Cloud on Kubernetes (ECK), the official operator for orchestrating Elasticsearch on Kubernetes for day one, day two, and beyond.
In this video, we’ll give a quick introduction to Elasticsearch (the free and open, scalable, and highly-available search engine and datastore) and how it powers use cases like Enterprise Search, Observability, and Security.
We’ll demonstrate how the applications that power Elastic Observability (Logs, Metrics, APM, and Uptime) consolidate the event streams from your Kubernetes, cloud and physical infrastructure, Prometheus, and other CNCF projects and services with your application traces in a fast, scalable, and unified data store.
Learn how to spin up an Elastic Stack cluster with Elastic Cloud on Kubernetes (ECK), the official operator for orchestrating Elasticsearch on Kubernetes for day one, day two, and beyond.
- 1 participant
- 11 minutes
15 Sep 2020
Using Kubernetes and GitLab you can build a multi-team platform for streamlining CI/CD, policy management and developer onboarding across your organization and teams. We will demo common developer, operator, and security engineer tasks to show how the patterns can improve your company’s software delivery performance.
- 2 participants
- 14 minutes
15 Sep 2020
Performance has never been more important than in a cloud-native world. Cloud-hosted resources cost money and a slow-loading application can cause a suboptimal ROI. Have you taken the time to tune your Kubernetes ingress controller and proxy? Many organizations don't until it's absolutely necessary, and most users will typically run a default, out-of-the-box configuration.
In this demo, we benchmark five popular ingress controllers and put them head-to-head against each other with their default configurations:
Envoy
HAProxy
NGINX
NGINX Inc.
Traefik
We measure their average requests per second, latency percentiles, and user-level CPU usage; We monitor for any errors that are produced in order to go beyond performance and test reliability. You can verify the results yourself by downloading the GitHub repository and reproducing our tests. Who will come out on top? Watch the demo to find out.
In this demo, we benchmark five popular ingress controllers and put them head-to-head against each other with their default configurations:
Envoy
HAProxy
NGINX
NGINX Inc.
Traefik
We measure their average requests per second, latency percentiles, and user-level CPU usage; We monitor for any errors that are produced in order to go beyond performance and test reliability. You can verify the results yourself by downloading the GitHub repository and reproducing our tests. Who will come out on top? Watch the demo to find out.
- 1 participant
- 15 minutes
15 Sep 2020
Learn how to utilize the Kubernetes Container Orchestration software in conjunction with an open source stateful application deployment solution called KubeDirector. In addition you will see ways to manage multi-cloud and hybrid-cloud based deployments of Kubernetes clusters using these tools.
- 3 participants
- 14 minutes
15 Sep 2020
Organizations are experiencing fragmented visibility; inconsistent user experiences; and significant complexity in application consumption, deployment and management. See how IBM Cloud® Satellite™ gives you the ability to use IBM Cloud services anywhere — on IBM Cloud, on premises or at the edge — delivered as a service from a single pane of glass controlled through the public cloud.
- 2 participants
- 15 minutes
15 Sep 2020
An all-demo, live, non-stop, whirlwind tour of OpenShift 4.5 based on Kubernetes 1.18. Touching on multi-cloud management, Knative (OpenShift Serverless), Kafka (Red Hat AMQ Streams), Tekton (OpenShift Pipelines) and KubeVirt (OpenShift Virtualization) where VMs and Pods live side by side.
- 3 participants
- 15 minutes
15 Sep 2020
This session provides a brief tour of some of the enterprise-grade capabilities available for Kubernetes on Azure, including how to apply Kubernetes best practices, manage secrets, troubleshoot difficult issues, and manage heterogeneous Kubernetes environments across cloud and edge with Azure Arc.
- 1 participant
- 13 minutes
15 Sep 2020
This demonstration highlights Lens – the Kubernetes IDE – an open source project that brings multi-cluster management into the mainstream and greatly simplifies the experience for developers working with Kubernetes and cloud native apps.
Since its launch in March 2020, Lens has quickly garnered widespread adoption. With a growing community of 35,000 users and 7,000 stargazers on GitHub, it’s one of the top trending open source projects in the cloud native ecosystem. According to publicly available data, some of the largest companies in the world are using Lens, including Adobe, Apple, Rakuten, TIM and Zendesk.
Lens enables users to easily manage, develop, monitor, debug, and troubleshoot their apps across multiple clusters in real time. It supports any certified K8s distribution on any infrastructure. Lens is a standalone desktop app for MacOS, Windows and Linux. Users may download and install the software free of charge, and the source code is available on Github under the MIT license.
Since its launch in March 2020, Lens has quickly garnered widespread adoption. With a growing community of 35,000 users and 7,000 stargazers on GitHub, it’s one of the top trending open source projects in the cloud native ecosystem. According to publicly available data, some of the largest companies in the world are using Lens, including Adobe, Apple, Rakuten, TIM and Zendesk.
Lens enables users to easily manage, develop, monitor, debug, and troubleshoot their apps across multiple clusters in real time. It supports any certified K8s distribution on any infrastructure. Lens is a standalone desktop app for MacOS, Windows and Linux. Users may download and install the software free of charge, and the source code is available on Github under the MIT license.
- 2 participants
- 7 minutes
15 Sep 2020
"Stateful workloads are a challenge. Kubernetes, containers, and a number of other cloud native technologies are built on the assumption of ephemeral workloads.
That means a lot of extra work goes into making databases, and other stateful components work on Kubernetes. One source of extra work is that apps are often made of multiple components. Apps have statefulSets, Services, PVs, and a number of other resources that when composed together, define them.
The second source of extra work is that every app has its own procedure for getting backed up (and restoring). App-data management simplifies these problems. That’s two big ideas. One is that the parts that make up an app should be stored along with snapshots. The next is that with the right snapshot technique, most apps can share the same procedure for backing up and restoring.
This talk demos Jenkins being cloned. We’ll discuss how programmatic APIs could potentially enable more robust CI and testing for stateful workloads in the cloud."
That means a lot of extra work goes into making databases, and other stateful components work on Kubernetes. One source of extra work is that apps are often made of multiple components. Apps have statefulSets, Services, PVs, and a number of other resources that when composed together, define them.
The second source of extra work is that every app has its own procedure for getting backed up (and restoring). App-data management simplifies these problems. That’s two big ideas. One is that the parts that make up an app should be stored along with snapshots. The next is that with the right snapshot technique, most apps can share the same procedure for backing up and restoring.
This talk demos Jenkins being cloned. We’ll discuss how programmatic APIs could potentially enable more robust CI and testing for stateful workloads in the cloud."
- 1 participant
- 15 minutes
15 Sep 2020
In this hands-on demonstration we take a look at Open Policy Agent (OPA). Creating a policy, testing it with the OPA sandbox syntax checker, deploying it into a cluster and testing it. We also then look at how this fits into Prisma Cloud and a whirlwind tour of some more features.
- 1 participant
- 11 minutes
15 Sep 2020
K3s is Rancher's CNCF-certified lightweight Kubernetes distribution designed for resource-constrained environments like IoT and the edge. It's fast and versatile, and to demonstrate, Sheldon Lo-A-Njoe from Rancher Labs has built a 6-node Raspberry Pi cluster into a Pelican case, complete with a video display and programmable LEDs. In today's demo he'll give a quick walkthrough on installing and using K3s with an introduction to Rancher for managing it. He follows this with a deployment of the chaos engineering tool KubeInvaders that uses the LED array to show the creation and deletion of Pods while shooting down an attacking alien horde. It's everything you can imagine - cool, awesome, informative, and fun, and you'll walk away from it with a smile and an understanding of not only how pervasive Kubernetes will become in the near future, but also for how ready Rancher and K3s are to meet you there.
- 1 participant
- 15 minutes
15 Sep 2020
"Before using the Tanzu Kubernetes Grid (TKG) Service for vSphere, it helps to have an
understanding of the Kubernetes architecture and the underlying technology, the Cluster API,
that makes TKG possible. We’ll start at the lowest layer and then zoom out, we will paint a
picture of how all these technologies are interconnected.
Afterward, find out how to use VMware Tanzu Mission Control (TMC) to centrally manage data
protection on your Kubernetes clusters across multiple environments. Easily back-up and
restore Kubernetes clusters and namespaces.
Learn more at: https://tanzu.vmware.com"
understanding of the Kubernetes architecture and the underlying technology, the Cluster API,
that makes TKG possible. We’ll start at the lowest layer and then zoom out, we will paint a
picture of how all these technologies are interconnected.
Afterward, find out how to use VMware Tanzu Mission Control (TMC) to centrally manage data
protection on your Kubernetes clusters across multiple environments. Easily back-up and
restore Kubernetes clusters and namespaces.
Learn more at: https://tanzu.vmware.com"
- 3 participants
- 15 minutes
11 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenTelemetry Auto-Instrumentation Deep Dive - Carlos Alberto Cortez & Alex Boten, LightStep
Auto-instrumentation allows users to monitor their applications without the need to modify the code base, and immediately start gathering observability data . As part of the OpenTelemetry initiative (resulting from the merge of OpenTracing and OpenCensus), auto-instrumentation libraries will become a core feature, and will be offered across different languages (Java, Python, Ruby, Node.js, .Net, etc). In this deep dive you will learn about the architecture of these auto-instrumentation libraries, out-of-the-box OSS libraries integrations (such as Spring, Django or Rails); how to configure them to export telemetry data to different tracing and metrics backends (such as Jaeger or Prometheus), as well as interesting challenges, such as the possibility to share OSS integrations between auto and manual instrumentation.
https://sched.co/Zein
OpenTelemetry Auto-Instrumentation Deep Dive - Carlos Alberto Cortez & Alex Boten, LightStep
Auto-instrumentation allows users to monitor their applications without the need to modify the code base, and immediately start gathering observability data . As part of the OpenTelemetry initiative (resulting from the merge of OpenTracing and OpenCensus), auto-instrumentation libraries will become a core feature, and will be offered across different languages (Java, Python, Ruby, Node.js, .Net, etc). In this deep dive you will learn about the architecture of these auto-instrumentation libraries, out-of-the-box OSS libraries integrations (such as Spring, Django or Rails); how to configure them to export telemetry data to different tracing and metrics backends (such as Jaeger or Prometheus), as well as interesting challenges, such as the possibility to share OSS integrations between auto and manual instrumentation.
https://sched.co/Zein
- 2 participants
- 36 minutes
11 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Production Multi-node Jobs with Gang Scheduling, K8s, GPUs and RDMA - Madhukar Korupolu & Sanjay Chatterjee, NVIDIA
With the growing scale of DL and ML applications, distributed execution of jobs across multiple nodes becomes increasingly critical -- to solve bigger problems faster -- as illustrated by the recent MLperf results. However running such workloads in a production K8s cluster shared by multiple jobs/users has several challenges. In this talk, we’ll give an overview of this area -- including distributed Tensorflow, Pytorch, Horovod, MPI -- and the use of GPU nodes with NCCL and RDMA for accelerated performance. We’ll describe our end-to-end flow for multi-node jobs in K8s including gang scheduling, quotas, fairness and backfilling implemented in our custom scheduler for GPUs. Our cluster includes high-speed networking through RoCE and SR-IOV / Multus CNI. We’ll share our design choices, learnings and operational experience including failure handling, performance and telemetry.
https://sched.co/ZejQ
Production Multi-node Jobs with Gang Scheduling, K8s, GPUs and RDMA - Madhukar Korupolu & Sanjay Chatterjee, NVIDIA
With the growing scale of DL and ML applications, distributed execution of jobs across multiple nodes becomes increasingly critical -- to solve bigger problems faster -- as illustrated by the recent MLperf results. However running such workloads in a production K8s cluster shared by multiple jobs/users has several challenges. In this talk, we’ll give an overview of this area -- including distributed Tensorflow, Pytorch, Horovod, MPI -- and the use of GPU nodes with NCCL and RDMA for accelerated performance. We’ll describe our end-to-end flow for multi-node jobs in K8s including gang scheduling, quotas, fairness and backfilling implemented in our custom scheduler for GPUs. Our cluster includes high-speed networking through RoCE and SR-IOV / Multus CNI. We’ll share our design choices, learnings and operational experience including failure handling, performance and telemetry.
https://sched.co/ZejQ
- 2 participants
- 33 minutes
8 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive Into Building a Secure & Multi-tenant SaaS Solution with NATS - Wally Quevedo, Synadia
The NATS project turns 10 in 2020, and what started as a simple and high performance messaging system written in Go to build event-driven architectures using Pub/Sub, has since then evolved into a component that can allow the seamless communication of streams & services across multiple regions, thus simplifying further the stack required to deploy globally available services. In this talk, you will learn from one of the maintainers of the project how to create applications in Go that take advantage of NATS messaging and security features by demonstrating how to implement a minimal chat application that is secure and globally available.
https://sched.co/Zext
Deep Dive Into Building a Secure & Multi-tenant SaaS Solution with NATS - Wally Quevedo, Synadia
The NATS project turns 10 in 2020, and what started as a simple and high performance messaging system written in Go to build event-driven architectures using Pub/Sub, has since then evolved into a component that can allow the seamless communication of streams & services across multiple regions, thus simplifying further the stack required to deploy globally available services. In this talk, you will learn from one of the maintainers of the project how to create applications in Go that take advantage of NATS messaging and security features by demonstrating how to implement a minimal chat application that is secure and globally available.
https://sched.co/Zext
- 1 participant
- 30 minutes
8 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Neuro-Inclusivity: The Future of the Tech Industry - Kiran "Rin" Oliver, Independent & Leena Haque, BBC
According to a 2018 report from Tech Nation, 83% of the tech community in the UK believe their biggest challenge is accessing skilled workers. Too many talented people are going unnoticed by recruiters. As a result, there’s been much focus on attracting talent of all ethnicities and genders, but there’s a growing view emerging that more needs to be done in the area of neurodiversity. Many cloud native companies are answering this issue by creating initiatives to hire neurodivergent people. Often, an entire division of recruiting/HR is dedicated to sourcing these individuals. There’s just one problem: They don't actually know what to do next. This panel will go into those next steps, in particular, focusing on on-boarding, retaining, and creating a welcoming work environment for neurodivergent individuals in today’s Kubernetes-based, cloud-native landscape.
https://sched.co/ZekX
Neuro-Inclusivity: The Future of the Tech Industry - Kiran "Rin" Oliver, Independent & Leena Haque, BBC
According to a 2018 report from Tech Nation, 83% of the tech community in the UK believe their biggest challenge is accessing skilled workers. Too many talented people are going unnoticed by recruiters. As a result, there’s been much focus on attracting talent of all ethnicities and genders, but there’s a growing view emerging that more needs to be done in the area of neurodiversity. Many cloud native companies are answering this issue by creating initiatives to hire neurodivergent people. Often, an entire division of recruiting/HR is dedicated to sourcing these individuals. There’s just one problem: They don't actually know what to do next. This panel will go into those next steps, in particular, focusing on on-boarding, retaining, and creating a welcoming work environment for neurodivergent individuals in today’s Kubernetes-based, cloud-native landscape.
https://sched.co/ZekX
- 2 participants
- 30 minutes
8 Sep 2020
"Cloud adoption & DevOps methodology are dramatically changing how forward-looking organizations innovate today. In the midst of this transformation, Security owners are finding that the traditional methods of integrating security into this new world is not keeping pace with the highly agile continuous software delivery model. The traditional perimeter, on-premises or hardware-based security controls are often perceived as inhibitors to the speed & agility our modern-day developers require.
Codify your security policy at the beginning of the software journey. Include security and policy as part of your DevOps culture by using the tools & platform your developer already uses, enabling security to become a shared responsibility for the entire organization.
The best part? This Policy as Code will be enforced across the infrastructure (Kube, VMs, ADC, Firewalls, and Clouds)!"
Codify your security policy at the beginning of the software journey. Include security and policy as part of your DevOps culture by using the tools & platform your developer already uses, enabling security to become a shared responsibility for the entire organization.
The best part? This Policy as Code will be enforced across the infrastructure (Kube, VMs, ADC, Firewalls, and Clouds)!"
- 1 participant
- 15 minutes
8 Sep 2020
This video takes you on what a typical flow would be like for a developer using GitLab. This technical demonstration uses Amazon EKS (Elastic Kubernetes Service) as the deployment environment. We cover areas such as issue creation, Merge Request creation, Auto DevOps pipeline, Merge Request life cycle, Review App, Security static and dynamic scans, advanced deployment techniques, and staging and production rollout, environment and application monitoring and rollback, among others.
- 1 participant
- 15 minutes
8 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tracing is For Everyone: Tracing User Events with GraphQL and OpenTelemetry - Nina Stawski, Splunk
There's been a lot of talk about the importance of observability and tracing for microservice-based applications. The use cases involved are focused on backend engineers and DevOps. But what about us front-end engineers? Often, we get blamed first when something breaks and the lack of consistent observability tools makes it difficult to debug issues. With the emergence of OpenTelemetry for JavaScript, more front-end developers are looking to instrument their code and connect their traces with the backend. A growing number of teams are adopting GraphQL as their interface between UI and backend as well. This talk will illustrate the process of setting up your app for tracing with OpenTelemetry, show what’s common in GraphQL instrumentation compared to other libraries and describe the potential pitfalls of the approach. Building on that, we will discuss how tracing affects user experience.
https://sched.co/ZeiJ
Tracing is For Everyone: Tracing User Events with GraphQL and OpenTelemetry - Nina Stawski, Splunk
There's been a lot of talk about the importance of observability and tracing for microservice-based applications. The use cases involved are focused on backend engineers and DevOps. But what about us front-end engineers? Often, we get blamed first when something breaks and the lack of consistent observability tools makes it difficult to debug issues. With the emergence of OpenTelemetry for JavaScript, more front-end developers are looking to instrument their code and connect their traces with the backend. A growing number of teams are adopting GraphQL as their interface between UI and backend as well. This talk will illustrate the process of setting up your app for tracing with OpenTelemetry, show what’s common in GraphQL instrumentation compared to other libraries and describe the potential pitfalls of the approach. Building on that, we will discuss how tracing affects user experience.
https://sched.co/ZeiJ
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
20,000 Upgrades Later: Lessons From a Year of Managed Kubernetes Upgrades - Adam Wolfe Gordon, DigitalOcean
Upgrading to a new release is one of the most disruptive operations we regularly inflict on our Kubernetes clusters. There are multiple strategies for doing an upgrade, but they all require rescheduling workloads and restarting cluster components. We started offering upgrades on our managed Kubernetes platform, DigitalOcean Kubernetes Service (DOKS), in May 2019. Since then, our customers have kicked off about 20,000 automated patch and minor release upgrades on their clusters. Most of those upgrades went well, but some didn't and we've learned a few things from the ones that went wrong. In this talk we will share lessons from a year of automated Kubernetes upgrades: what we got right, what we got wrong, workloads that caused us trouble, and changes we've made to make the process smoother. We hope these lessons will help others avoid pain in their Kubernetes upgrades.
https://sched.co/ZepW
20,000 Upgrades Later: Lessons From a Year of Managed Kubernetes Upgrades - Adam Wolfe Gordon, DigitalOcean
Upgrading to a new release is one of the most disruptive operations we regularly inflict on our Kubernetes clusters. There are multiple strategies for doing an upgrade, but they all require rescheduling workloads and restarting cluster components. We started offering upgrades on our managed Kubernetes platform, DigitalOcean Kubernetes Service (DOKS), in May 2019. Since then, our customers have kicked off about 20,000 automated patch and minor release upgrades on their clusters. Most of those upgrades went well, but some didn't and we've learned a few things from the ones that went wrong. In this talk we will share lessons from a year of automated Kubernetes upgrades: what we got right, what we got wrong, workloads that caused us trouble, and changes we've made to make the process smoother. We hope these lessons will help others avoid pain in their Kubernetes upgrades.
https://sched.co/ZepW
- 1 participant
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
34 Truths We Learned About Kubernetes and Edge - Saiyam Pathak, Walmart Labs & Karthik Gaekwad, Oracle
Running Kubernetes on the Edge has gained a lot of popularity this year, but it is still complicated to develop, deploy, and maintain at scale. In this talk, the speakers will demo how to run Kubernetes on Raspberry Pi clusters at scale from their experiences at Walmart Labs and Oracle Cloud. They will demo machine learning use cases on Raspberry Pi's using the K3s distribution. Further, they will go into details of why K3s might be a good fit for k8s running on edge scenarios, how it is different from the regular kubernetes distribution, and how it works under the hood. Talk outline: Introduction to kubernetes and Edge computing Problems faced with Edge devices involving kubernetes K3s solutions for the Edge Demo: Running kubernetes on Raspberry Pi's using k3s Challenges using k3s on edge devices Speaker Recommendations for kubernetes on edge
https://sched.co/ZeoY
34 Truths We Learned About Kubernetes and Edge - Saiyam Pathak, Walmart Labs & Karthik Gaekwad, Oracle
Running Kubernetes on the Edge has gained a lot of popularity this year, but it is still complicated to develop, deploy, and maintain at scale. In this talk, the speakers will demo how to run Kubernetes on Raspberry Pi clusters at scale from their experiences at Walmart Labs and Oracle Cloud. They will demo machine learning use cases on Raspberry Pi's using the K3s distribution. Further, they will go into details of why K3s might be a good fit for k8s running on edge scenarios, how it is different from the regular kubernetes distribution, and how it works under the hood. Talk outline: Introduction to kubernetes and Edge computing Problems faced with Edge devices involving kubernetes K3s solutions for the Edge Demo: Running kubernetes on Raspberry Pi's using k3s Challenges using k3s on edge devices Speaker Recommendations for kubernetes on edge
https://sched.co/ZeoY
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Hard Multi-tenancy Solution: Use Case, Challenges and Work - Xiaoning Ding & Qian Chen, Futurewei
Multi-tenancy enables multiple organizations or teams to share the same cluster. There are different proposed multi-tenancy models in Kubernetes for different use cases, from soft-tenancy models where tenants trust each other to hard-tenancy models with no trust among tenants. In this session, Xiaoning and Qian will share their use case of multi-tenant Kubernetes, where they share clusters with public cloud users. There is no trust among these users and a strong isolation among tenants is a must. They will talk about the use case, challenges, work, and also experience and lessons they learned from building such a hard multi-tenant cluster. And they will conclude the talk with a demo.
https://sched.co/ZemB
A Hard Multi-tenancy Solution: Use Case, Challenges and Work - Xiaoning Ding & Qian Chen, Futurewei
Multi-tenancy enables multiple organizations or teams to share the same cluster. There are different proposed multi-tenancy models in Kubernetes for different use cases, from soft-tenancy models where tenants trust each other to hard-tenancy models with no trust among tenants. In this session, Xiaoning and Qian will share their use case of multi-tenant Kubernetes, where they share clusters with public cloud users. There is no trust among these users and a strong isolation among tenants is a must. They will talk about the use case, challenges, work, and also experience and lessons they learned from building such a hard multi-tenant cluster. And they will conclude the talk with a demo.
https://sched.co/ZemB
- 2 participants
- 41 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Journey Through Kubernetes Admission Controller Taxanomy - Morgan Bauer & Srinivas Brahmaroutu, IBM
Kubernetes admission controllers are plugins that govern and enforce how the cluster is used. They can be built-in to the APIServer, or webhooks that are customizable to your needs. Admission webhooks help you do some really cool stuff, there are two kinds of webhooks, validating and mutating. In this talk we will go thorough the taxonomy of Admission Controllers, providing examples of each type, and how to use them. There are many built-in to kubernetes, and they are optional to use. Others are webhooks that can be run external to the cluster. We will detail the differences between mutating and validating webhooks, and when to use each. During our talk we will examine the difficulties and complications and propose resolutions. We will show code examples to help write your own in the future. Join us on a journey through existing Admission Controllers before you write your own!
https://sched.co/Zejr
A Journey Through Kubernetes Admission Controller Taxanomy - Morgan Bauer & Srinivas Brahmaroutu, IBM
Kubernetes admission controllers are plugins that govern and enforce how the cluster is used. They can be built-in to the APIServer, or webhooks that are customizable to your needs. Admission webhooks help you do some really cool stuff, there are two kinds of webhooks, validating and mutating. In this talk we will go thorough the taxonomy of Admission Controllers, providing examples of each type, and how to use them. There are many built-in to kubernetes, and they are optional to use. Others are webhooks that can be run external to the cluster. We will detail the differences between mutating and validating webhooks, and when to use each. During our talk we will examine the difficulties and complications and propose resolutions. We will show code examples to help write your own in the future. Join us on a journey through existing Admission Controllers before you write your own!
https://sched.co/Zejr
- 3 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Accelerating Drug Discovery by Competitive Cooperation Through Open Source - Bill Mulligan, Kubermatic & Camille Marini, Owkin
Historically, pharmaceutical companies have kept their machine learning (ML) models and data strictly confidential. The EU/EFPIA IMI2 Joint Undertaking funded “MELLODDY” (Machine Learning Ledger Orchestration for Drug Discovery, Grant n° 831472) initiative, a 3 year 18.4M EUR effort, brings together 10 leading pharma companies and 7 tech partners to build a new collaborative ML platform that boosts drug discovery model development while addressing both security and privacy preservation concerns (including commercial confidentiality). Kubernetes provides the consistent computing infrastructure across companies ensuring that data owners maintain control while running the common ML software and sharing the resulting models. This project demonstrates the potential of Kubernetes to accelerate drug discovery and enable cooperative competition in IP-sensitive industries. https://www.melloddy.eu/ https://www.imi.europa.eu/projects-results/project-factsheets/melloddy
https://sched.co/ZetX
Accelerating Drug Discovery by Competitive Cooperation Through Open Source - Bill Mulligan, Kubermatic & Camille Marini, Owkin
Historically, pharmaceutical companies have kept their machine learning (ML) models and data strictly confidential. The EU/EFPIA IMI2 Joint Undertaking funded “MELLODDY” (Machine Learning Ledger Orchestration for Drug Discovery, Grant n° 831472) initiative, a 3 year 18.4M EUR effort, brings together 10 leading pharma companies and 7 tech partners to build a new collaborative ML platform that boosts drug discovery model development while addressing both security and privacy preservation concerns (including commercial confidentiality). Kubernetes provides the consistent computing infrastructure across companies ensuring that data owners maintain control while running the common ML software and sharing the resulting models. This project demonstrates the potential of Kubernetes to accelerate drug discovery and enable cooperative competition in IP-sensitive industries. https://www.melloddy.eu/ https://www.imi.europa.eu/projects-results/project-factsheets/melloddy
https://sched.co/ZetX
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Advanced Logging with Fluent Bit - Eduardo Silva, Arm Treasure Data & Wesley Pettit, Amazon
Fluent Bit is a Fluentd sub-project that aims to solve the newest challenges in the cloud-native space. In this deep dive session, we will talk about its architecture, how data workflows operate and the ability to perform advanced stream processing on the edge. You will learn how to gather data value using the new SQL engine, data snapshots, aggregation windows, and basic machine learning.
https://sched.co/Zexe
Advanced Logging with Fluent Bit - Eduardo Silva, Arm Treasure Data & Wesley Pettit, Amazon
Fluent Bit is a Fluentd sub-project that aims to solve the newest challenges in the cloud-native space. In this deep dive session, we will talk about its architecture, how data workflows operate and the ability to perform advanced stream processing on the edge. You will learn how to gather data value using the new SQL engine, data snapshots, aggregation windows, and basic machine learning.
https://sched.co/Zexe
- 2 participants
- 40 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Advanced Persistence Threats: The Future of Kubernetes Attacks - Ian Coldwater, Heroku & Brad Geesaman, Brad Geesaman Consulting
What would happen if your cluster was successfully compromised by an attacker who understands Kubernetes at a deep level? How could they attempt to avoid detection, cover their tracks, achieve full cluster access, obtain persistence, steal credentials, and launch additional attacks in your environment? As Kubernetes grows in popularity, the sophistication of attackers will improve, and security by obscurity will no longer be sufficient. Cluster operators need to be aware of what a skilled and knowledgeable attacker can be capable of. Let’s explore the dark corners of clusters and shine a light on how features such as ephemeral containers and validating webhooks can be used to maliciously mutate pods, exfiltrate data, deploy “shadow” control planes, and more. The audience will learn how to detect these advanced approaches and how to prevent these attacks using practical, proven methods.
https://sched.co/ZesN
Advanced Persistence Threats: The Future of Kubernetes Attacks - Ian Coldwater, Heroku & Brad Geesaman, Brad Geesaman Consulting
What would happen if your cluster was successfully compromised by an attacker who understands Kubernetes at a deep level? How could they attempt to avoid detection, cover their tracks, achieve full cluster access, obtain persistence, steal credentials, and launch additional attacks in your environment? As Kubernetes grows in popularity, the sophistication of attackers will improve, and security by obscurity will no longer be sufficient. Cluster operators need to be aware of what a skilled and knowledgeable attacker can be capable of. Let’s explore the dark corners of clusters and shine a light on how features such as ephemeral containers and validating webhooks can be used to maliciously mutate pods, exfiltrate data, deploy “shadow” control planes, and more. The audience will learn how to detect these advanced approaches and how to prevent these attacks using practical, proven methods.
https://sched.co/ZesN
- 2 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
An Open Platform for Trading Interconnected Equities and Assets - Walid Ali, Google
Asset Trading (Stocks, Commodities...) fuses various data sources, stat & ML models & visualization tools. K8s and Kubeflow massively scale to thousands of models, brokerage organizations & analysts We illustrate how K8s handles Stock Trading by creating two clusters (Dev & Prod) to handle: -Thousands of stocks where ticker info are ingested, processed and stored in Stateful Cassandra. -Legacy MS SQL Server accessed through containerized .NET apps. -Live Tweets are analyzed using NLP tools -News Feeds are analyzed through Thomson Reuters Eikon -Industrial sectors statistical analysis -ML Models predicting asset pricing, trained through Kubeflow &TFJobs -Inference through R-based pods, and ML models deployed through Seldon A Jenkins server handles CI/CD for automating model training and deployment. Scaling is carried out via Namespaces, RBAC, Net Policies & Resource Constraints.
https://sched.co/Zek0
An Open Platform for Trading Interconnected Equities and Assets - Walid Ali, Google
Asset Trading (Stocks, Commodities...) fuses various data sources, stat & ML models & visualization tools. K8s and Kubeflow massively scale to thousands of models, brokerage organizations & analysts We illustrate how K8s handles Stock Trading by creating two clusters (Dev & Prod) to handle: -Thousands of stocks where ticker info are ingested, processed and stored in Stateful Cassandra. -Legacy MS SQL Server accessed through containerized .NET apps. -Live Tweets are analyzed using NLP tools -News Feeds are analyzed through Thomson Reuters Eikon -Industrial sectors statistical analysis -ML Models predicting asset pricing, trained through Kubeflow &TFJobs -Inference through R-based pods, and ML models deployed through Seldon A Jenkins server handles CI/CD for automating model training and deployment. Scaling is carried out via Namespaces, RBAC, Net Policies & Resource Constraints.
https://sched.co/Zek0
- 1 participant
- 14 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
An introduction to Helm - Bridget Kromhout, Microsoft & Marc Khouzam, City of Montreal
CNCF Helm is a package manager for Kubernetes manifests that helps you write, share, find, and manage applications on Kubernetes. In this session you will learn the basics of Helm. We’ll dive into the components that make up Helm, and what a Helm Package looks like. We’ll then look at ways you can share Helm Charts and we’ll show you how to deploy an existing Helm Chart as well as how to get started writing your own Helm Chart. We’ll finish off by talking about some of the other exciting tools in the Helm ecosystem.
https://sched.co/Zx1Z
An introduction to Helm - Bridget Kromhout, Microsoft & Marc Khouzam, City of Montreal
CNCF Helm is a package manager for Kubernetes manifests that helps you write, share, find, and manage applications on Kubernetes. In this session you will learn the basics of Helm. We’ll dive into the components that make up Helm, and what a Helm Package looks like. We’ll then look at ways you can share Helm Charts and we’ll show you how to deploy an existing Helm Chart as well as how to get started writing your own Helm Chart. We’ll finish off by talking about some of the other exciting tools in the Helm ecosystem.
https://sched.co/Zx1Z
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Anatomy of a Kubernetes Release: Success Through Team and Tools - Sascha Grunert, SUSE & Daniel Mangum, Upbound
As Kubernetes is one of the biggest open-source projects worldwide, the creation of a new release can be an overwhelming topic. The major burden is not only to release a new version every three months, but also to provide stability and security fixes over the whole support period of a release. In this talk, we will cover the details behind the lifecycle of a Kubernetes release. The presentation will contain everything from assembling the Release Team before the actual cycle begins up to maintaining the release branches, which provide continuous patch releases to the community. The talk will outline the technical process of branch management by covering all of the necessary stages during the release cycle. We will also demonstrate our Release Engineering tooling and dive into the design decisions we’ve made as a group that shape the overall process.
https://sched.co/ZeyQ
Anatomy of a Kubernetes Release: Success Through Team and Tools - Sascha Grunert, SUSE & Daniel Mangum, Upbound
As Kubernetes is one of the biggest open-source projects worldwide, the creation of a new release can be an overwhelming topic. The major burden is not only to release a new version every three months, but also to provide stability and security fixes over the whole support period of a release. In this talk, we will cover the details behind the lifecycle of a Kubernetes release. The presentation will contain everything from assembling the Release Team before the actual cycle begins up to maintaining the release branches, which provide continuous patch releases to the community. The talk will outline the technical process of branch management by covering all of the necessary stages during the release cycle. We will also demonstrate our Release Engineering tooling and dive into the design decisions we’ve made as a group that shape the overall process.
https://sched.co/ZeyQ
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Architectural Caching Patterns for Kubernetes - Rafał Leszko, Hazelcast
Kubernetes brings new ideas of how to organize the caching layer for your applications. You can still use the old-but-good client-server topology, but now there is much more than that. This session will start with the known distributed caching topologies: embedded, client-server, and cloud. Then, I'll present Kubernetes-only caching strategies, including: - Sidecar Caching - Reverse Proxy Caching with Nginx - Reverse Proxy Sidecar Caching with Hazelcast - Envoy-level caching with Service Mesh In this session you'll see: - A walk-through of all caching topologies you can use in Kubernetes - Pros and Cons of each solution - The future of caching in container-based environments
https://sched.co/ZerY
Architectural Caching Patterns for Kubernetes - Rafał Leszko, Hazelcast
Kubernetes brings new ideas of how to organize the caching layer for your applications. You can still use the old-but-good client-server topology, but now there is much more than that. This session will start with the known distributed caching topologies: embedded, client-server, and cloud. Then, I'll present Kubernetes-only caching strategies, including: - Sidecar Caching - Reverse Proxy Caching with Nginx - Reverse Proxy Sidecar Caching with Hazelcast - Envoy-level caching with Service Mesh In this session you'll see: - A walk-through of all caching topologies you can use in Kubernetes - Pros and Cons of each solution - The future of caching in container-based environments
https://sched.co/ZerY
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Automating Load Balancing and Fault Tolerance via Predictive Analysis - Steven Rosenberg, Red Hat
Just imagine, wouldn't it be great if Kubernetes load balancing could predict application traffic in advance and react appropriately? We’ll explain how to improve performance, reduce costs, and increase reliability in order to provide more intelligent workload balancing. The solution is Predictive Analysis which allows us to “predict” the future from historical events. We will discuss how predictive analysis can improve overall system performance while reducing costs and improve the reliability of Kubernetes and Hybrid Cloud based environments. Attendees will come away with a better understanding of cutting edge technology for solving complex problems that are fast becoming the next generation of technological advances.
https://sched.co/Zenp
Automating Load Balancing and Fault Tolerance via Predictive Analysis - Steven Rosenberg, Red Hat
Just imagine, wouldn't it be great if Kubernetes load balancing could predict application traffic in advance and react appropriately? We’ll explain how to improve performance, reduce costs, and increase reliability in order to provide more intelligent workload balancing. The solution is Predictive Analysis which allows us to “predict” the future from historical events. We will discuss how predictive analysis can improve overall system performance while reducing costs and improve the reliability of Kubernetes and Hybrid Cloud based environments. Attendees will come away with a better understanding of cutting edge technology for solving complex problems that are fast becoming the next generation of technological advances.
https://sched.co/Zenp
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Autoscaling and Cost Optimization on Kubernetes: From 0 to 100 - Guy Templeton, Skyscanner & Jiaxin Shan, Amazon
One of the great promises of Kubernetes is the ability to scale your applications and infrastructure dynamically based on demand whilst optimising cost no matter where clusters run. Autoscaling workloads and clusters without compromising the performance or availability of your applications is not always simple though. At Skyscanner, use of the Cluster Autoscaler (CA), Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA) have helped meet traveller demand in a cost effective way. Guy and Jiaxin will walk through hard earned autoscaling lessons, going from the basics to advanced features. This will include using custom metrics with the HPA, the CA’s expanders, scaling from zero, labeling and balancing between node groups to handle different use cases and challenging to scale applications. They will also cover a number of other useful community tools to help with autoscaling.
https://sched.co/Zemi
Autoscaling and Cost Optimization on Kubernetes: From 0 to 100 - Guy Templeton, Skyscanner & Jiaxin Shan, Amazon
One of the great promises of Kubernetes is the ability to scale your applications and infrastructure dynamically based on demand whilst optimising cost no matter where clusters run. Autoscaling workloads and clusters without compromising the performance or availability of your applications is not always simple though. At Skyscanner, use of the Cluster Autoscaler (CA), Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA) have helped meet traveller demand in a cost effective way. Guy and Jiaxin will walk through hard earned autoscaling lessons, going from the basics to advanced features. This will include using custom metrics with the HPA, the CA’s expanders, scaling from zero, labeling and balancing between node groups to handle different use cases and challenging to scale applications. They will also cover a number of other useful community tools to help with autoscaling.
https://sched.co/Zemi
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Autoscaling at Scale: How We Manage Capacity @ Zalando - Mikkel Larsen, Zalando SE
As of October 2019 Zalando has ~140 Kubernetes clusters varying in size from 5 to 400 nodes. This talk goes over how different applications both stateful and stateless are autoscaled using the HPA(Horizontal Pod Autoscaler) and VPA(Vertical Pod Autoscaler) and also the cluster using the Cluster Autoscaler. More specifically the talk explains the limitations and workarounds to each of these scaling strategies and also the techniques used to monitor so that applications always have sufficient capacity. It also discusses common pitfalls while scaling with these controllers and finally concludes with proposed enhancements to these controllers which would make autoscaling more reliable and efficient.
https://sched.co/ZelM
Autoscaling at Scale: How We Manage Capacity @ Zalando - Mikkel Larsen, Zalando SE
As of October 2019 Zalando has ~140 Kubernetes clusters varying in size from 5 to 400 nodes. This talk goes over how different applications both stateful and stateless are autoscaled using the HPA(Horizontal Pod Autoscaler) and VPA(Vertical Pod Autoscaler) and also the cluster using the Cluster Autoscaler. More specifically the talk explains the limitations and workarounds to each of these scaling strategies and also the techniques used to monitor so that applications always have sufficient capacity. It also discusses common pitfalls while scaling with these controllers and finally concludes with proposed enhancements to these controllers which would make autoscaling more reliable and efficient.
https://sched.co/ZelM
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Banking on Kubernetes, the Hard Way, in Production - Miles Bryant & Suhail Patel, Monzo Bank
Have you ever wondered what it takes to deploy and operate Kubernetes at scale, in production? Self hosted clusters often have a bad reputation as a complex and costly choice when compared to managed services. Let’s look at an alternative viewpoint and evaluate the tradeoffs. Monzo started self hosting Kubernetes out of necessity a few years ago when managed services were in their infancy. In this talk, Miles and Suhail will explain why Monzo has chosen to continue operating their own clusters, and how this can be a viable option. This talk discusses Monzo’s experiences with operating, upgrading, customising and configuring the control plane, networking and cloud integrations. We think this has been the best choice, but we also want to discuss the challenges we’ve faced along the way - like the time when network policies took down a large chunk of Monzo's cluster.
https://sched.co/Zeot
Banking on Kubernetes, the Hard Way, in Production - Miles Bryant & Suhail Patel, Monzo Bank
Have you ever wondered what it takes to deploy and operate Kubernetes at scale, in production? Self hosted clusters often have a bad reputation as a complex and costly choice when compared to managed services. Let’s look at an alternative viewpoint and evaluate the tradeoffs. Monzo started self hosting Kubernetes out of necessity a few years ago when managed services were in their infancy. In this talk, Miles and Suhail will explain why Monzo has chosen to continue operating their own clusters, and how this can be a viable option. This talk discusses Monzo’s experiences with operating, upgrading, customising and configuring the control plane, networking and cloud integrations. We think this has been the best choice, but we also want to discuss the challenges we’ve faced along the way - like the time when network policies took down a large chunk of Monzo's cluster.
https://sched.co/Zeot
- 2 participants
- 20 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Be a Good Corporate Citizen in Kubernetes - Dawn Foster, VMware
As an employee, it can be difficult to strike the right balance between the needs of the company and the needs of the open source Kubernetes project. This can create friction and put significant pressure on employees who participate in Kubernetes on behalf of their company when the needs of the individual, the company, and the community are not aligned. This talk will focus on ways to create this alignment between individuals, companies, and the community required to be successful participants in Kubernetes. The talk contains three major sections: * How collaboration happens within the Kubernetes project. * How to build a strategy for participation that will benefit your company, your employees, and the Kubernetes community. * Tips for being a good corporate citizen as you contribute to Kubernetes.
https://sched.co/Zeju
Be a Good Corporate Citizen in Kubernetes - Dawn Foster, VMware
As an employee, it can be difficult to strike the right balance between the needs of the company and the needs of the open source Kubernetes project. This can create friction and put significant pressure on employees who participate in Kubernetes on behalf of their company when the needs of the individual, the company, and the community are not aligned. This talk will focus on ways to create this alignment between individuals, companies, and the community required to be successful participants in Kubernetes. The talk contains three major sections: * How collaboration happens within the Kubernetes project. * How to build a strategy for participation that will benefit your company, your employees, and the Kubernetes community. * Tips for being a good corporate citizen as you contribute to Kubernetes.
https://sched.co/Zeju
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Better Histograms for Prometheus - Björn Rabenstein, Grafana Labs
Robust histogram functionality was added to Prometheus long ago, to be precise in version 0.11.0. The histogram representation as we know it from Prometheus andnow also OpenMetrics is a simple yet powerful and enables many important use cases. However, it is also infuriatingly limited, mostly because of its high per-bucket cost. Björn “Beorn” Rabenstein released the above mentioned Prometheus version in February 2015 and has been dreaming about better histograms ever since. In this talk, he will explain why it is so hard for Prometheus to adopt established techniques known from various academic publications and even practical applications in other metrics-processing systems. To add a silver lining, he will share his latest findings from reignited efforts to finally break through the barriers and bring efficient high-resolution histograms to Prometheus.
https://sched.co/ZekL
Better Histograms for Prometheus - Björn Rabenstein, Grafana Labs
Robust histogram functionality was added to Prometheus long ago, to be precise in version 0.11.0. The histogram representation as we know it from Prometheus andnow also OpenMetrics is a simple yet powerful and enables many important use cases. However, it is also infuriatingly limited, mostly because of its high per-bucket cost. Björn “Beorn” Rabenstein released the above mentioned Prometheus version in February 2015 and has been dreaming about better histograms ever since. In this talk, he will explain why it is so hard for Prometheus to adopt established techniques known from various academic publications and even practical applications in other metrics-processing systems. To add a silver lining, he will share his latest findings from reignited efforts to finally break through the barriers and bring efficient high-resolution histograms to Prometheus.
https://sched.co/ZekL
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Birds of a Feather: Telecom User Group - Dan Kohn, CNCF & Taylor Carpenter, Vulk Coop
CNCF hosts the Telecom User Group (TUG) for service providers and their vendors to discuss the adoption of cloud native technologies. The community is invited to join this birds-of-a-feather (BoF) session to discuss the status of various initiatives and white papers in this space as well as ideas, requirements and best practices to continue moving forward. Some topics to discuss include the TUG Whitepaper, Cloud Native Networking Principles, Cloud Native Network Functions (CNFs) conformance testing, gap analysis and demonstrating different approaches using the CNF Testbed.
https://sched.co/Zevr
Birds of a Feather: Telecom User Group - Dan Kohn, CNCF & Taylor Carpenter, Vulk Coop
CNCF hosts the Telecom User Group (TUG) for service providers and their vendors to discuss the adoption of cloud native technologies. The community is invited to join this birds-of-a-feather (BoF) session to discuss the status of various initiatives and white papers in this space as well as ideas, requirements and best practices to continue moving forward. Some topics to discuss include the TUG Whitepaper, Cloud Native Networking Principles, Cloud Native Network Functions (CNFs) conformance testing, gap analysis and demonstrating different approaches using the CNF Testbed.
https://sched.co/Zevr
- 1 participant
- 19 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
BoF: Introduction to Contour, A High Performance Multitenant Ingress Controller for Kubernetes - Michael Michael & Nick Young, VMware
This session will show how to leverage Contour and Envoy for Kubernetes workloads. Contour is a high performance ingress and load balancer solution for Kubernetes, offering a richer feature set than some common alternatives. At its core, Contour is providing the control plane for the Envoy edge and service proxy. We will also present an introduction into how Contour plans to leverage service APIs (also known as Ingress v2). More information at https://projectcontour.io/
https://sched.co/b6H3
BoF: Introduction to Contour, A High Performance Multitenant Ingress Controller for Kubernetes - Michael Michael & Nick Young, VMware
This session will show how to leverage Contour and Envoy for Kubernetes workloads. Contour is a high performance ingress and load balancer solution for Kubernetes, offering a richer feature set than some common alternatives. At its core, Contour is providing the control plane for the Envoy edge and service proxy. We will also present an introduction into how Contour plans to leverage service APIs (also known as Ingress v2). More information at https://projectcontour.io/
https://sched.co/b6H3
- 3 participants
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Booting 5 K8s Clusters on Every Git Push: How Linkerd Leveled Up Its CI - Andrew Seigner, Buoyant
In mid-2019, the Linkerd project's CI took 45 minutes, all tests were serialized on a single Kubernetes cluster, and multi-hour backups were common. A migration onto one-off Kubernetes in Docker (kind) clusters got CI below 10 minutes, and made it parallelizable. This talk will detail Linkerd's CI journey from a single, persistent Kubernetes cluster to theoretically unlimited one-off kind clusters. This journey includes a few detours on what patterns and tools worked well (and not-so-well) for Linkerd's use case. Attendees can expect a live demonstration of Linkerd's CI workflow, including automated cluster setup, test, and teardown. Folks should walk away from this talk with a grounded, end-user story of how to efficiently test their Kubernetes applications in CI.
https://sched.co/Zeng
Booting 5 K8s Clusters on Every Git Push: How Linkerd Leveled Up Its CI - Andrew Seigner, Buoyant
In mid-2019, the Linkerd project's CI took 45 minutes, all tests were serialized on a single Kubernetes cluster, and multi-hour backups were common. A migration onto one-off Kubernetes in Docker (kind) clusters got CI below 10 minutes, and made it parallelizable. This talk will detail Linkerd's CI journey from a single, persistent Kubernetes cluster to theoretically unlimited one-off kind clusters. This journey includes a few detours on what patterns and tools worked well (and not-so-well) for Linkerd's use case. Attendees can expect a live demonstration of Linkerd's CI workflow, including automated cluster setup, test, and teardown. Folks should walk away from this talk with a grounded, end-user story of how to efficiently test their Kubernetes applications in CI.
https://sched.co/Zeng
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Build an Automatic Canary Release Pipeline in a Kubernetes-native Way - Ying Chun Guo, IBM
Tekton and Knative are two Kubernetes-native open source projects to extend Kubernetes capabilities. They have defined a series of powerful and flexible Kubernetes objects, in order to build CI/CD pipeline, to create event driven flows, and to manage serverless applications. This presentation will introduce and demonstrate how Tekton and Knative collaborate seamlessly to build an automatic canary release pipeline in a Kubernetes-native way. In this session, you will learn how to monitor CI/CD events with Knative Eventing, how to extract information from events payloads and feed these information into a CI/CD pipeline with Tekton Trigger, how to define a k8s-style pipeline to build and deploy serverless applications with Tekton Pipeline, how to manage traffics with Knative Serving, and more importantly, how these components work together to build the automatic canary release pipeline.
https://sched.co/Zeie
Build an Automatic Canary Release Pipeline in a Kubernetes-native Way - Ying Chun Guo, IBM
Tekton and Knative are two Kubernetes-native open source projects to extend Kubernetes capabilities. They have defined a series of powerful and flexible Kubernetes objects, in order to build CI/CD pipeline, to create event driven flows, and to manage serverless applications. This presentation will introduce and demonstrate how Tekton and Knative collaborate seamlessly to build an automatic canary release pipeline in a Kubernetes-native way. In this session, you will learn how to monitor CI/CD events with Knative Eventing, how to extract information from events payloads and feed these information into a CI/CD pipeline with Tekton Trigger, how to define a k8s-style pipeline to build and deploy serverless applications with Tekton Pipeline, how to manage traffics with Knative Serving, and more importantly, how these components work together to build the automatic canary release pipeline.
https://sched.co/Zeie
- 1 participant
- 19 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Docker Images with Cloud Native Buildpacks - Ben Hale, VMware & Terence Lee, Salesforce
In today’s cloud-native world, Docker Images are the lingua franca for platform portability. Unfortunately creating great, secure, and efficient images can be difficult and time consuming. In this talk, you'll learn about Cloud Native Buildpacks, a high-level abstraction for building application images. Buildpacks are a standardized tool for creating images in a secure, reproducible, and efficient manner. As an application developer, you don't need to know the best practices for command ordering to optimize layer reusability. As an operator, you will minimize the security hazards developers my introduce. Come learn how buildpacks meet developers at their source code, automate the delivery of both OS-level and application-level dependency upgrades, and help you efficiently handle day-two operations.
https://sched.co/Zeu7
Building Docker Images with Cloud Native Buildpacks - Ben Hale, VMware & Terence Lee, Salesforce
In today’s cloud-native world, Docker Images are the lingua franca for platform portability. Unfortunately creating great, secure, and efficient images can be difficult and time consuming. In this talk, you'll learn about Cloud Native Buildpacks, a high-level abstraction for building application images. Buildpacks are a standardized tool for creating images in a secure, reproducible, and efficient manner. As an application developer, you don't need to know the best practices for command ordering to optimize layer reusability. As an operator, you will minimize the security hazards developers my introduce. Come learn how buildpacks meet developers at their source code, automate the delivery of both OS-level and application-level dependency upgrades, and help you efficiently handle day-two operations.
https://sched.co/Zeu7
- 2 participants
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building a Distributed API Gateway with a Service Mesh - Rei Shimizu, Waseda University & Cynthia Coan, Tetrate
API Gateways are going through an identity crisis. As microservice architectures proliferate we're learning that really, we need API Gateway functionality between all of our services, and not just at ingress where API Gateways have been deployed traditionally. The ability to dynamically extend Envoy at runtime via WASM opens the door for many new capabilities, including moving API Gateway functionality into the service mesh layer. In this talk, we'll explore how we helped extend Envoy to support executing WASM as a safe, sandboxed way to run arbitrary code in the proxy. We'll then go further by showing how we used WASM to move functionality typically reserved for the edge of our deployments - API Gateway functions like token validation, rate limiting, and payload transformation - into the service mesh in a real user's deployment.
https://sched.co/ZelP
Building a Distributed API Gateway with a Service Mesh - Rei Shimizu, Waseda University & Cynthia Coan, Tetrate
API Gateways are going through an identity crisis. As microservice architectures proliferate we're learning that really, we need API Gateway functionality between all of our services, and not just at ingress where API Gateways have been deployed traditionally. The ability to dynamically extend Envoy at runtime via WASM opens the door for many new capabilities, including moving API Gateway functionality into the service mesh layer. In this talk, we'll explore how we helped extend Envoy to support executing WASM as a safe, sandboxed way to run arbitrary code in the proxy. We'll then go further by showing how we used WASM to move functionality typically reserved for the edge of our deployments - API Gateway functions like token validation, rate limiting, and payload transformation - into the service mesh in a real user's deployment.
https://sched.co/ZelP
- 3 participants
- 38 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building a Software-Defined-Network Using K8s API Machinery and Controllers - Matteo Olivi, Independent
Kubernetes controller pattern and API machinery are being used to build systems other than Kubernetes itself. As a result, they are put to the test with new, original challenges, and strengths and weaknesses emerge. This talk describes the lessons learned building an SDN with Kubernetes controller pattern and API machinery, as well as some interesting and general problems that arose: locking and allocation of IPs without multi-object transactions, enforcement of invariants between API objects of the same kind, managing a dynamic set of informers on API objects of the same kind to eagerly and efficiently disseminate guest - host mappings. The audience will also learn how to apply the controller pattern to their own problems and how doing so automatically handles for them the (hard) details of building a reliable control plane, freeing them to focus on the specifics of their problems.
https://sched.co/ZenR
Building a Software-Defined-Network Using K8s API Machinery and Controllers - Matteo Olivi, Independent
Kubernetes controller pattern and API machinery are being used to build systems other than Kubernetes itself. As a result, they are put to the test with new, original challenges, and strengths and weaknesses emerge. This talk describes the lessons learned building an SDN with Kubernetes controller pattern and API machinery, as well as some interesting and general problems that arose: locking and allocation of IPs without multi-object transactions, enforcement of invariants between API objects of the same kind, managing a dynamic set of informers on API objects of the same kind to eagerly and efficiently disseminate guest - host mappings. The audience will also learn how to apply the controller pattern to their own problems and how doing so automatically handles for them the (hard) details of building a reliable control plane, freeing them to focus on the specifics of their problems.
https://sched.co/ZenR
- 1 participant
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building the Cloud Native Telco with Network Service Mesh - Ivana Atanasova & Radoslav Dimitrov, VMware
Nowadays, the rapid technology development, significant increase of the number of connected devices and overall generated traffic, are challenging the networking solutions to evolve fast. Those solutions would hardly meet the higher demands for scalability and resiliency without adopting a cloud-native approach. Therefore, network service providers, like ISPs and Telco operators, are at the point of looking for a way to adopt the new cloud-native paradigm for their sophisticated network demands. Network Service Mesh is a CNCF project that offers a potential solution. In this talk we are going to introduce the approach Network Service Mesh is using to solve complicated L2/L3 challenges in Kubernetes and provide an example of building real cloud-native network topology using the tools provided by the NSM project. We are also going to show a demo of that topology implementation with NSM.
https://sched.co/ZepE
Building the Cloud Native Telco with Network Service Mesh - Ivana Atanasova & Radoslav Dimitrov, VMware
Nowadays, the rapid technology development, significant increase of the number of connected devices and overall generated traffic, are challenging the networking solutions to evolve fast. Those solutions would hardly meet the higher demands for scalability and resiliency without adopting a cloud-native approach. Therefore, network service providers, like ISPs and Telco operators, are at the point of looking for a way to adopt the new cloud-native paradigm for their sophisticated network demands. Network Service Mesh is a CNCF project that offers a potential solution. In this talk we are going to introduce the approach Network Service Mesh is using to solve complicated L2/L3 challenges in Kubernetes and provide an example of building real cloud-native network topology using the tools provided by the NSM project. We are also going to show a demo of that topology implementation with NSM.
https://sched.co/ZepE
- 2 participants
- 17 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building the Next Generation of Release Notes for Kubernetes and Beyond - Sascha Grunert, SUSE
Kubernetes is an open source project with a high velocity of PRs and releases. While the activity and interest in the project is awesome, communicating these changes to end users becomes difficult. For a long time, each release would generate a new release notes markdown document that required manual cleanup and curation. In recent months the format has been reconsidered and completely restructured. The majority of content in the previous markdown has become a widely used website! Generating and publishing release notes for open source projects can be a pain point, especially as a project grows. Imagine if there was a solution usable with many different projects? This talk will go over the history of Kubernetes release notes, the current state of relnotes.k8s.io, and future plans for automated publishing of release notes and notifications.
https://sched.co/Zeq6
Building the Next Generation of Release Notes for Kubernetes and Beyond - Sascha Grunert, SUSE
Kubernetes is an open source project with a high velocity of PRs and releases. While the activity and interest in the project is awesome, communicating these changes to end users becomes difficult. For a long time, each release would generate a new release notes markdown document that required manual cleanup and curation. In recent months the format has been reconsidered and completely restructured. The majority of content in the previous markdown has become a widely used website! Generating and publishing release notes for open source projects can be a pain point, especially as a project grows. Imagine if there was a solution usable with many different projects? This talk will go over the history of Kubernetes release notes, the current state of relnotes.k8s.io, and future plans for automated publishing of release notes and notifications.
https://sched.co/Zeq6
- 1 participant
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF Research User Group - Eduardo Arango, Red Hat & Bob Killen, University of Michigan
Interested in improving the Research experience with Kubernetes, or simply running research workloads on it? The CNCF Research User Group’s purpose is to serve as a focal point for the discussion and advancement of Research Computing using “Cloud Native” technologies. Since the group’s inception 6 months ago, key areas have been identified as gaps within the ecosystem. This session would serve as an opportunity to share with a broader audience some of the key challenges the Research-user-group has identified, and showcase project updates on key tools that the research community is developing to address these challenges. For more information visit: https://github.com/cncf/research-user-group
https://sched.co/ZeuD
CNCF Research User Group - Eduardo Arango, Red Hat & Bob Killen, University of Michigan
Interested in improving the Research experience with Kubernetes, or simply running research workloads on it? The CNCF Research User Group’s purpose is to serve as a focal point for the discussion and advancement of Research Computing using “Cloud Native” technologies. Since the group’s inception 6 months ago, key areas have been identified as gaps within the ecosystem. This session would serve as an opportunity to share with a broader audience some of the key challenges the Research-user-group has identified, and showcase project updates on key tools that the research community is developing to address these challenges. For more information visit: https://github.com/cncf/research-user-group
https://sched.co/ZeuD
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF SIG Network Intro & Deep-Dive - Lee Calcote, Layer5
“It’s the network!” is the cry of every system administrator, every developer. With the increased prevalence of microservice-based distributed systems, it’s true - networking as a discipline has never been more critical in the efficient operation of cloud native deployments. Networking primitives, including load balancing, observability, authentication, authorization, policy, rate limiting, QoS, mesh networks, legacy infrastructure bridging, and so on are now receiving substantial development and investment throughout the industry and are the subject of focus of the CNCF Network SIG. Join this talk for an intro to the SIG, its charter and a deeper discussion of current cloud native networking topics being advanced in this SIG. Current CNCF projects in-scope: CNI, CoreDNS, Envoy, gRPC, Linkerd, NATS, Network Service Mesh.
https://sched.co/alkB
CNCF SIG Network Intro & Deep-Dive - Lee Calcote, Layer5
“It’s the network!” is the cry of every system administrator, every developer. With the increased prevalence of microservice-based distributed systems, it’s true - networking as a discipline has never been more critical in the efficient operation of cloud native deployments. Networking primitives, including load balancing, observability, authentication, authorization, policy, rate limiting, QoS, mesh networks, legacy infrastructure bridging, and so on are now receiving substantial development and investment throughout the industry and are the subject of focus of the CNCF Network SIG. Join this talk for an intro to the SIG, its charter and a deeper discussion of current cloud native networking topics being advanced in this SIG. Current CNCF projects in-scope: CNI, CoreDNS, Envoy, gRPC, Linkerd, NATS, Network Service Mesh.
https://sched.co/alkB
- 1 participant
- 20 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF SIG Storage – An Intro to Cloud Native Storage - Alex Chircop, StorageOS & Erin Boyd, Red Hat
The CNCF SIG Storage (https://github.com/cncf/sig-storage) collaborates to explore and understand how different storage technologies are used in cloud-native environments. Topics include block stores, file systems, object stores, key-value stores and databases, amongst others. Different architectural approaches (centralized, distributed, sharded etc) are compared in terms of key attributes like availability, scalability, performance, data consistency, durability, fault tolerance, ease of development and operational complexity. In the intro, we'll provide an overview of the work currently underway and on the roadmap. You'll get the meet the people leading these efforts, and find out how best to get involved and contribute. We'll present our work thus far, and host discussions around the findings of how cloud native storage is approached in the real world, including some representative successes and failures. Our hope is that others can learn from, and expand upon those experiences.
https://sched.co/Zevi
CNCF SIG Storage – An Intro to Cloud Native Storage - Alex Chircop, StorageOS & Erin Boyd, Red Hat
The CNCF SIG Storage (https://github.com/cncf/sig-storage) collaborates to explore and understand how different storage technologies are used in cloud-native environments. Topics include block stores, file systems, object stores, key-value stores and databases, amongst others. Different architectural approaches (centralized, distributed, sharded etc) are compared in terms of key attributes like availability, scalability, performance, data consistency, durability, fault tolerance, ease of development and operational complexity. In the intro, we'll provide an overview of the work currently underway and on the roadmap. You'll get the meet the people leading these efforts, and find out how best to get involved and contribute. We'll present our work thus far, and host discussions around the findings of how cloud native storage is approached in the real world, including some representative successes and failures. Our hope is that others can learn from, and expand upon those experiences.
https://sched.co/Zevi
- 2 participants
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF Serverless WG: CloudEvents and Serverless Workflow Updates - Tihomir Surdilovic, Red Hat
In this session the Serverless WG will briefly update the community on the release of CloudEvents v1.0, and then dive into the latest with the Serverless Workflow specification. With the rise of Serverless Architectures, Workflows have gained a renewed interest and usefulness. In this talk we introduce this Serverless Workflow specification and provide examples, details, and use cases. We will also show a demo with a Java-based reference implementation of the specification, running on Quarkus. In this session you will learn: - The what, why, and the how of the Serverless Workflow specification - Why using the Serverless Workflow specification and orchestration can improve your serverless architecture
https://sched.co/Zeut
CNCF Serverless WG: CloudEvents and Serverless Workflow Updates - Tihomir Surdilovic, Red Hat
In this session the Serverless WG will briefly update the community on the release of CloudEvents v1.0, and then dive into the latest with the Serverless Workflow specification. With the rise of Serverless Architectures, Workflows have gained a renewed interest and usefulness. In this talk we introduce this Serverless Workflow specification and provide examples, details, and use cases. We will also show a demo with a Java-based reference implementation of the specification, running on Quarkus. In this session you will learn: - The what, why, and the how of the Serverless Workflow specification - Why using the Serverless Workflow specification and orchestration can improve your serverless architecture
https://sched.co/Zeut
- 2 participants
- 17 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CRI-O: Deep Diving into the Security - Sascha Grunert, SUSE & Daniel Walsh, Red Hat
Container Runtime security is one of the most important aspects of the Kubernetes ecosystem. Runtimes have to ensure that all security constraints provided by the end-users are met on the system, as well as provide strong defaults for less experienced users. CRI-O is a container runtime that prides itself in its focus on security and safe defaults. In this talk Dan Walsh and Sascha Grunert will dive deep into CRI-O’s security principles. They will present common container workload securing practices and demonstrate how the container runtime will apply those to the target system. The talk will cover best practices in SELinux, AppArmor, seccomp, Linux capabilities and namespace isolation techniques which make Kubernetes based end-user applications more secure. At the end of the talk, they will also cover a general overview of the current status of container runtime security.
https://sched.co/ZexY
CRI-O: Deep Diving into the Security - Sascha Grunert, SUSE & Daniel Walsh, Red Hat
Container Runtime security is one of the most important aspects of the Kubernetes ecosystem. Runtimes have to ensure that all security constraints provided by the end-users are met on the system, as well as provide strong defaults for less experienced users. CRI-O is a container runtime that prides itself in its focus on security and safe defaults. In this talk Dan Walsh and Sascha Grunert will dive deep into CRI-O’s security principles. They will present common container workload securing practices and demonstrate how the container runtime will apply those to the target system. The talk will cover best practices in SELinux, AppArmor, seccomp, Linux capabilities and namespace isolation techniques which make Kubernetes based end-user applications more secure. At the end of the talk, they will also cover a general overview of the current status of container runtime security.
https://sched.co/ZexY
- 2 participants
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CRI-O: Development Process & How to Contribute - Urvashi Mohnani & Peter Hunt, Red Hat
Are you interested in contributing to Cloud Native projects, or open source, but are unsure on where to start? The CRI-O community strives to be welcoming and accessible for new contributors, and would love your help! Urvashi Mohnani and Peter Hunt will dive into the basic workflow behind open source development, using CRI-O as an example. They will walk attendees through the entire process of contribution, including: finding a bug or feature to work on, submitting a PR, cooperating with the needs of CI/CD systems, the approval process, and having their work integrated downstream. After seeing this talk, budding community members should be ready to submit their first contribution to CRI-O.
https://sched.co/Zewa
CRI-O: Development Process & How to Contribute - Urvashi Mohnani & Peter Hunt, Red Hat
Are you interested in contributing to Cloud Native projects, or open source, but are unsure on where to start? The CRI-O community strives to be welcoming and accessible for new contributors, and would love your help! Urvashi Mohnani and Peter Hunt will dive into the basic workflow behind open source development, using CRI-O as an example. They will walk attendees through the entire process of contribution, including: finding a bug or feature to work on, submitting a PR, cooperating with the needs of CI/CD systems, the approval process, and having their work integrated downstream. After seeing this talk, budding community members should be ready to submit their first contribution to CRI-O.
https://sched.co/Zewa
- 2 participants
- 13 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Capacity-aware Dynamic Volume Provisioning For LVM Local Storage - Kazuhito Matsuda & Satoru Takeuchi, Cybozu
This session presents a summary of the existing Kubernetes features to use local storage devices (e.g. hostPath and local persistent volumes) in first, then introduces a novel CSI plugin named TopoLVM. Applications that can replicate data themselves (e.g. Elasticsearch, MySQL, Ceph) are promising users of local storage because of their needs for lower prices and higher I/O performance storage. Although existing ways enable to use of local storage, the following desired features are not provided yet: - Raw block volume - Capacity-aware dynamic provision - Online volume resizing To satisfy these features, the authors created a novel CSI plugin named TopoLVM. It dynamically creates logical volumes of LVM and extends the standard Pod scheduler to consider volume group capacity of each node. Besides, it intends to support more features including online resizing.
https://sched.co/ZerD
Capacity-aware Dynamic Volume Provisioning For LVM Local Storage - Kazuhito Matsuda & Satoru Takeuchi, Cybozu
This session presents a summary of the existing Kubernetes features to use local storage devices (e.g. hostPath and local persistent volumes) in first, then introduces a novel CSI plugin named TopoLVM. Applications that can replicate data themselves (e.g. Elasticsearch, MySQL, Ceph) are promising users of local storage because of their needs for lower prices and higher I/O performance storage. Although existing ways enable to use of local storage, the following desired features are not provided yet: - Raw block volume - Capacity-aware dynamic provision - Online volume resizing To satisfy these features, the authors created a novel CSI plugin named TopoLVM. It dynamically creates logical volumes of LVM and extends the standard Pod scheduler to consider volume group capacity of each node. Besides, it intends to support more features including online resizing.
https://sched.co/ZerD
- 2 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Event Horizon - Ian Coffey, VMware
Cloudevents offers a useful specification which can help facilitate new patterns and innovation in several areas of tech. In this session, we will use a hands-on machine learning example to explore how Cloudevents and evented systems can work together. First we will perform an experiment by combining CloudEvents with BentoML and Tektoncd to explore the cross-section of events, machine learning models and CI/CD pipelines. Then, we will use the Kubeflow KFServing project to deploy our models inference service into a canary setup.
https://sched.co/Zep2
Cloud Event Horizon - Ian Coffey, VMware
Cloudevents offers a useful specification which can help facilitate new patterns and innovation in several areas of tech. In this session, we will use a hands-on machine learning example to explore how Cloudevents and evented systems can work together. First we will perform an experiment by combining CloudEvents with BentoML and Tektoncd to explore the cross-section of events, machine learning models and CI/CD pipelines. Then, we will use the Kubeflow KFServing project to deploy our models inference service into a canary setup.
https://sched.co/Zep2
- 1 participant
- 25 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Policy Deep Dive - Zhipeng Huang, Huawei & Erica von Buelow, Red Hat
In this session we will discuss many open source initiatives that the Policy WG have been discussing, including policy formal verification, Policy Violation CRD, Runtime Policy Interface and so forth
https://sched.co/ZeuS
Cloud Native Policy Deep Dive - Zhipeng Huang, Huawei & Erica von Buelow, Red Hat
In this session we will discuss many open source initiatives that the Policy WG have been discussing, including policy formal verification, Policy Violation CRD, Runtime Policy Interface and so forth
https://sched.co/ZeuS
- 2 participants
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud-Native Application Delivery Landscape Update (Deep-Dive) - Alois Reitbauer, Dynatrace & Lei Zhang, Alibaba
In the session the audience will learn about the state of the cloud-native application delivery landscape. The session will provide examples and guidance how to compose an application delivery stack following the application delivery model defined by the application delivery SIG. The audience will get first hand experience with sample projects and how they can be applied to common use cases.
https://sched.co/Zeuk
Cloud-Native Application Delivery Landscape Update (Deep-Dive) - Alois Reitbauer, Dynatrace & Lei Zhang, Alibaba
In the session the audience will learn about the state of the cloud-native application delivery landscape. The session will provide examples and guidance how to compose an application delivery stack following the application delivery model defined by the application delivery SIG. The audience will get first hand experience with sample projects and how they can be applied to common use cases.
https://sched.co/Zeuk
- 2 participants
- 23 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CloudEvents - v1.0 and Beyond - Discovery/Subscriptions - Doug Davis, IBM & Clemens Vasters, Microsoft
With the release of CloudEvents v1.0 the project has now expanded its scope to consider other potential pain points for the community. To that end, the group is focusing on Event Discovery and Subscriptions APIs in the hopes of reducing the friction of discovering which events are available from Event Producers as well as how someone can subscribe to those receive those events. In this session we'll quickly summarize, and review, the status of CloudEvents and then jump into the goals, design and status of the new Discovery and Subscription APIs specification being developed.
https://sched.co/ZewO
CloudEvents - v1.0 and Beyond - Discovery/Subscriptions - Doug Davis, IBM & Clemens Vasters, Microsoft
With the release of CloudEvents v1.0 the project has now expanded its scope to consider other potential pain points for the community. To that end, the group is focusing on Event Discovery and Subscriptions APIs in the hopes of reducing the friction of discovering which events are available from Event Producers as well as how someone can subscribe to those receive those events. In this session we'll quickly summarize, and review, the status of CloudEvents and then jump into the goals, design and status of the new Discovery and Subscription APIs specification being developed.
https://sched.co/ZewO
- 2 participants
- 21 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloudstate—Towards Stateful Serverless - Jonas Bonér & James Roper, Lightbend
The Serverless experience is revolutionary and will grow to dominate the future of Cloud. FaaS however—with its ephemeral, stateless, and short-lived functions—is only the 1st step. It's great for processing-intensive, parallelizable workloads, but limited in use-cases, making it hard to impl general-purpose apps. What’s needed is a next-gen Serverless platform for general-purpose app dev for our new world of real-time data & event-driven systems. What’s missing is: ways to manage distributed state in a scalable & available fashion, long-lived stateful services, ways to co-locate data & processing, and options for data consistency. This talk will discuss challenges, requirements, and introduce you to our proposed solution: CloudState—an OSS project building next-gen Stateful Serverless on Akka, gRPC, Kubernetes & GraalVM, with client support for Go, JavaScript, Java, Swift and more.
https://sched.co/Zeln
Cloudstate—Towards Stateful Serverless - Jonas Bonér & James Roper, Lightbend
The Serverless experience is revolutionary and will grow to dominate the future of Cloud. FaaS however—with its ephemeral, stateless, and short-lived functions—is only the 1st step. It's great for processing-intensive, parallelizable workloads, but limited in use-cases, making it hard to impl general-purpose apps. What’s needed is a next-gen Serverless platform for general-purpose app dev for our new world of real-time data & event-driven systems. What’s missing is: ways to manage distributed state in a scalable & available fashion, long-lived stateful services, ways to co-locate data & processing, and options for data consistency. This talk will discuss challenges, requirements, and introduce you to our proposed solution: CloudState—an OSS project building next-gen Stateful Serverless on Akka, gRPC, Kubernetes & GraalVM, with client support for Go, JavaScript, Java, Swift and more.
https://sched.co/Zeln
- 2 participants
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cluster API Deep Dive - Naadir Jeewa, VMware & Cecile Robert-Michon, Microsoft
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. In this deep dive, we will examine how the Cluster API simplifies the cluster management experience for cluster operators by enabling consistent machine management across environments, and bringing declarative upgrades to Kubernetes clusters.
https://sched.co/Zevc
Cluster API Deep Dive - Naadir Jeewa, VMware & Cecile Robert-Michon, Microsoft
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. In this deep dive, we will examine how the Cluster API simplifies the cluster management experience for cluster operators by enabling consistent machine management across environments, and bringing declarative upgrades to Kubernetes clusters.
https://sched.co/Zevc
- 3 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
ClusterAPI: A Guide to Get Started - Katie Gamanji, American Express
In the past years, Kubernetes has been the nucleus of container orchestration frameworks. With the growing number of microservices, managing clusters at scale has become an imperative requirement. Additionally, from a technological landscape standpoint, the cloud platform teams are highly focused on delivering scalable, reliable and highly available platforms. At Condé Nast, this constitutes in having a stable and coherent approach to deploy, manage and upgrade multiple Kubernetes clusters that are distributed globally. Also, it is imperative to keep the life-cycle management of the clusters consistent across all regions. Henceforth, this talk aims to present an overview of how Condé Nast prototypes tools, such as ClusterAPI, to ensure a sustainable cluster provisioning mechanism.
https://sched.co/Zenm
ClusterAPI: A Guide to Get Started - Katie Gamanji, American Express
In the past years, Kubernetes has been the nucleus of container orchestration frameworks. With the growing number of microservices, managing clusters at scale has become an imperative requirement. Additionally, from a technological landscape standpoint, the cloud platform teams are highly focused on delivering scalable, reliable and highly available platforms. At Condé Nast, this constitutes in having a stable and coherent approach to deploy, manage and upgrade multiple Kubernetes clusters that are distributed globally. Also, it is imperative to keep the life-cycle management of the clusters consistent across all regions. Henceforth, this talk aims to present an overview of how Condé Nast prototypes tools, such as ClusterAPI, to ensure a sustainable cluster provisioning mechanism.
https://sched.co/Zenm
- 1 participant
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
ComponentConfig Technical Challenges - Michael Taufen, Google & Alexander Knipping, Noris Network
Michael Taufen and Alex Knipping will give a technical deep dive into some of the trickier problems our working group has encountered while implementing ComponentConfig. The talk will focus on recent areas of work such as strict decoding of ComponentConfigs, the "instance-specific" config problem, and how ComponentConfig applies to hierarchical components like kube-controller-manager. The working group deals with broad issues that affect a large number of users, but you don't need to be an expert to start helping. Alex will share how he was able to quickly make an impact on these problems as a new contributor, and how others can get started too.
https://sched.co/Zeun
ComponentConfig Technical Challenges - Michael Taufen, Google & Alexander Knipping, Noris Network
Michael Taufen and Alex Knipping will give a technical deep dive into some of the trickier problems our working group has encountered while implementing ComponentConfig. The talk will focus on recent areas of work such as strict decoding of ComponentConfigs, the "instance-specific" config problem, and how ComponentConfig applies to hierarchical components like kube-controller-manager. The working group deals with broad issues that affect a large number of users, but you don't need to be an expert to start helping. Alex will share how he was able to quickly make an impact on these problems as a new contributor, and how others can get started too.
https://sched.co/Zeun
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Container Isolation via Virtualization: Don't Forget to Shrink the Guest - Dan Williams, IBM & Hsuan-Chi (Austin) Kuo, UIUC
Virtualization must be lightweight to be useful for improving the isolation of container runtimes (e.g., Kata containers): adding traditional (heavyweight) virtualization layers to container primitives would, for example, result in unacceptable boot time and performance for important use cases like serverless computing. Fortunately, the community has made great strides towards lightweight virtualization with new VM monitors (e.g., AWS Firecracker) and associated tooling (e.g., Weaveworks Ignite). However, there has been relatively little attention paid to the guest kernel itself, which remains unnecessarily bloated, affecting both performance and security. We will make the case for guest kernel specialization via kernel configuration and highlight key challenges in applying these techniques in a sandboxed container context.
https://sched.co/ZelG
Container Isolation via Virtualization: Don't Forget to Shrink the Guest - Dan Williams, IBM & Hsuan-Chi (Austin) Kuo, UIUC
Virtualization must be lightweight to be useful for improving the isolation of container runtimes (e.g., Kata containers): adding traditional (heavyweight) virtualization layers to container primitives would, for example, result in unacceptable boot time and performance for important use cases like serverless computing. Fortunately, the community has made great strides towards lightweight virtualization with new VM monitors (e.g., AWS Firecracker) and associated tooling (e.g., Weaveworks Ignite). However, there has been relatively little attention paid to the guest kernel itself, which remains unnecessarily bloated, affecting both performance and security. We will make the case for guest kernel specialization via kernel configuration and highlight key challenges in applying these techniques in a sandboxed container context.
https://sched.co/ZelG
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Controllers at Chaos - Kesavan Subramanian & Gaurav Gupta, SAP
Gardener implements the automated management and operation of Kubernetes clusters as a service (shoot) by hosting its the control plane components (Etcd, API server, controller manager, scheduler) in a different K8s cluster called seed cluster which delivers a robust Control-Plane-as-a-Service leveraging existing Kubernetes capabilities. In this session, the speakers will cover how kubernetes in kubernetes works in production and typical challenges faced by this approach.
https://sched.co/ZejB
Controllers at Chaos - Kesavan Subramanian & Gaurav Gupta, SAP
Gardener implements the automated management and operation of Kubernetes clusters as a service (shoot) by hosting its the control plane components (Etcd, API server, controller manager, scheduler) in a different K8s cluster called seed cluster which delivers a robust Control-Plane-as-a-Service leveraging existing Kubernetes capabilities. In this session, the speakers will cover how kubernetes in kubernetes works in production and typical challenges faced by this approach.
https://sched.co/ZejB
- 2 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CoreDNS for Hybrid and Multi-cloud - Yong Tang, MobileIron
This session will cover CoreDNS configurations in hybrid and multi-cloud environments, including serving DNS record provided by cloud vendors such as AWS (Route53) and GCP (Cloud DNS), supporting DNS over TLS and DNS over gRPC for securing DNS data communications, managing zone data with records shuffling and reordering for service workload rebalancing, and finally deploying CoreDNS in multiple Kubernetes clusters across multi-cloud for service discovery. This session is intended for people familiar with basic CoreDNS configurations but wishing to extend CoreDNS’s functionality in complicated scenarios. It is important to mention that the flexibility and ease of use allow CoreDNS to solve many real-world problems with brevity.
https://sched.co/Zeib
CoreDNS for Hybrid and Multi-cloud - Yong Tang, MobileIron
This session will cover CoreDNS configurations in hybrid and multi-cloud environments, including serving DNS record provided by cloud vendors such as AWS (Route53) and GCP (Cloud DNS), supporting DNS over TLS and DNS over gRPC for securing DNS data communications, managing zone data with records shuffling and reordering for service workload rebalancing, and finally deploying CoreDNS in multiple Kubernetes clusters across multi-cloud for service discovery. This session is intended for people familiar with basic CoreDNS configurations but wishing to extend CoreDNS’s functionality in complicated scenarios. It is important to mention that the flexibility and ease of use allow CoreDNS to solve many real-world problems with brevity.
https://sched.co/Zeib
- 2 participants
- 45 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive into Autoscaling - Maciek Pytel & Joe Burnett, Google
Come and see how to debug and optimize your autoscalers and decrease your monthly infrastructure costs even further. During this talk members of SIG-Autoscaling will discuss the internals of HPA, VPA and Cluster Autoscaler, their peculiar features, and ways to fine tune them across dimensions like cost and availability. After this talk you will know where to look for information about the autoscaler activity, what settings can be changed and which flags should probably be left alone.
https://sched.co/ZeyB
Deep Dive into Autoscaling - Maciek Pytel & Joe Burnett, Google
Come and see how to debug and optimize your autoscalers and decrease your monthly infrastructure costs even further. During this talk members of SIG-Autoscaling will discuss the internals of HPA, VPA and Cluster Autoscaler, their peculiar features, and ways to fine tune them across dimensions like cost and availability. After this talk you will know where to look for information about the autoscaler activity, what settings can be changed and which flags should probably be left alone.
https://sched.co/ZeyB
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive into Cloud Provider for Azure - Andy Zhang & Ernest Wong, Microsoft
In this session, we'll dig into the implementation of the Azure cloud provider, and current work to enhance the operations of Kubernetes. Updates for Kubernetes v1.18 and designs for the v1.19 versions will be discussed. Demos of the newest capabilities will make this. concrete. You will also learn how the maintainers set up their development environments so you can contribute easily too.
https://sched.co/Zew3
Deep Dive into Cloud Provider for Azure - Andy Zhang & Ernest Wong, Microsoft
In this session, we'll dig into the implementation of the Azure cloud provider, and current work to enhance the operations of Kubernetes. Updates for Kubernetes v1.18 and designs for the v1.19 versions will be discussed. Demos of the newest capabilities will make this. concrete. You will also learn how the maintainers set up their development environments so you can contribute easily too.
https://sched.co/Zew3
- 2 participants
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive into Helm - Scott Rigby, Codeacademy & Paul Czarkowski, Pivotal
Helm v3 went GA in 2019 and the community was abuzz with excitement over the removal of Tiller. There’s more to Helm v3 than just the removal of Tiller though! In this session we’ll learn about the new features of Helm v3 and the changes and new architectures to support them. We’ll discuss the changes to the CLI and the underlying library and the subsequent improvements to usability. We’ll look at library charts and the new client/server security models. We’ll finish with a discussion on migrating charts from v2 to v3.
https://sched.co/Zx4K
Deep Dive into Helm - Scott Rigby, Codeacademy & Paul Czarkowski, Pivotal
Helm v3 went GA in 2019 and the community was abuzz with excitement over the removal of Tiller. There’s more to Helm v3 than just the removal of Tiller though! In this session we’ll learn about the new features of Helm v3 and the changes and new architectures to support them. We’ll discuss the changes to the CLI and the underlying library and the subsequent improvements to usability. We’ll look at library charts and the new client/server security models. We’ll finish with a discussion on migrating charts from v2 to v3.
https://sched.co/Zx4K
- 2 participants
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive: CNI - Bryan Boreham, Weaveworks & Bruce Ma, Ant Financial
CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at implementers of network plugins and runtimes using CNI, as well as anyone interested in contributing to the project or becoming a maintainer. In this session we will take a close look at the Tuning and Firewall plugins from the containernetworking/plugins repo. We will also have plenty of time for discussion and Q&A.
https://sched.co/ZexP
Deep Dive: CNI - Bryan Boreham, Weaveworks & Bruce Ma, Ant Financial
CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at implementers of network plugins and runtimes using CNI, as well as anyone interested in contributing to the project or becoming a maintainer. In this session we will take a close look at the Tuning and Firewall plugins from the containernetworking/plugins repo. We will also have plenty of time for discussion and Q&A.
https://sched.co/ZexP
- 3 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive: Harbor - Enterprise Cloud Native Artifact Registry - Steven Zou & Daniel Jiang, VMware
Harbor is an open-source trusted cloud-native registry project that stores, signs, and scans content. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this session, the speakers would like to talk more details about the evolution of making Harbor support managing kinds of cloud-native artifacts like Image, Helm Chart, CNAB and OPA bundle, etc. with simple and unified user experiences and promoting Harbor to be the best OCI compatible cloud-native artifact registry then. At the same time, they're going to share the future roadmap of Harbor project and community with the attendees, including but not limited to non-blocking online GC, Proxy cache, P2P distribution, and EDGE computing support, etc. Additionally, they'd like to update the current status of the Harbor community and encourage more participation in the Harbor community. Furthermore, the team would love to get feedback from users and contributors to current features and future roadmap.
https://sched.co/Zexh
Deep Dive: Harbor - Enterprise Cloud Native Artifact Registry - Steven Zou & Daniel Jiang, VMware
Harbor is an open-source trusted cloud-native registry project that stores, signs, and scans content. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this session, the speakers would like to talk more details about the evolution of making Harbor support managing kinds of cloud-native artifacts like Image, Helm Chart, CNAB and OPA bundle, etc. with simple and unified user experiences and promoting Harbor to be the best OCI compatible cloud-native artifact registry then. At the same time, they're going to share the future roadmap of Harbor project and community with the attendees, including but not limited to non-blocking online GC, Proxy cache, P2P distribution, and EDGE computing support, etc. Additionally, they'd like to update the current status of the Harbor community and encourage more participation in the Harbor community. Furthermore, the team would love to get feedback from users and contributors to current features and future roadmap.
https://sched.co/Zexh
- 2 participants
- 21 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive: Linkerd - Zahari Dichev, Buoyant
In this session, Zahari Dichev, will focus on lessons learned, how to's, and what the future of Linkerd holds.
https://sched.co/Zexn
Deep Dive: Linkerd - Zahari Dichev, Buoyant
In this session, Zahari Dichev, will focus on lessons learned, how to's, and what the future of Linkerd holds.
https://sched.co/Zexn
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep-Dive: Packet-level Debugging of Bridged and Non-bridged CNI Plugins - Jay Vyas & Sedef Savas, VMware
Finding the fault for k8s connectivity issues can be a daunting task and require several teams (DevOps, networking) to do their own due diligence. The best way to track down a connectivity error from the perspective of a DevOps team is to deep-dive into packets’ journey through the Linux Network Stack. In this session, we will walk through the following challenges for various open-source CNI providers, in real-time with the audience: If packets from your pods aren’t reaching their destination - how would you use tcpdump to determine where in the packet’s trajectory? Do you know what destination NAT’ing is, and at which step and how it happens (via iptables or IPVS) for bridged and non-bridged CNI plugins? What about existing network policies and routes on your hardware - are there iptables rules conflicting with the rules added by kube-proxy?
https://sched.co/Zeob
Deep-Dive: Packet-level Debugging of Bridged and Non-bridged CNI Plugins - Jay Vyas & Sedef Savas, VMware
Finding the fault for k8s connectivity issues can be a daunting task and require several teams (DevOps, networking) to do their own due diligence. The best way to track down a connectivity error from the perspective of a DevOps team is to deep-dive into packets’ journey through the Linux Network Stack. In this session, we will walk through the following challenges for various open-source CNI providers, in real-time with the audience: If packets from your pods aren’t reaching their destination - how would you use tcpdump to determine where in the packet’s trajectory? Do you know what destination NAT’ing is, and at which step and how it happens (via iptables or IPVS) for bridged and non-bridged CNI plugins? What about existing network policies and routes on your hardware - are there iptables rules conflicting with the rules added by kube-proxy?
https://sched.co/Zeob
- 2 participants
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deliver Your Cloud Native Application with Design Pattern as Code - Jun Makishi & Rintaro Sekino, NTT Communications
As Cloud Native landscape is evolving, and many practices become outdated quickly, it is hard to follow best practices for integrating Cloud Native tools. NTT Communications has introduced a new idea to manage such integration: Design Pattern as Code. We break a Cloud Native architecture into a small portion of design pattern per context to make it reusable and composable. As this approach enables sharing a well designed and maintained integration pattern across organizations, our software delivery becomes safe and scalable. We will throw a live demo to build an application from some practical design patterns to turn it to Cloud Native application and delivery it to production safely. We leverage Tekton, Cuelang, and many other Open Source tools, and we will give all participants our insight to use those tools to achieve such scalable application delivery
https://sched.co/ZeiY
Deliver Your Cloud Native Application with Design Pattern as Code - Jun Makishi & Rintaro Sekino, NTT Communications
As Cloud Native landscape is evolving, and many practices become outdated quickly, it is hard to follow best practices for integrating Cloud Native tools. NTT Communications has introduced a new idea to manage such integration: Design Pattern as Code. We break a Cloud Native architecture into a small portion of design pattern per context to make it reusable and composable. As this approach enables sharing a well designed and maintained integration pattern across organizations, our software delivery becomes safe and scalable. We will throw a live demo to build an application from some practical design patterns to turn it to Cloud Native application and delivery it to production safely. We leverage Tekton, Cuelang, and many other Open Source tools, and we will give all participants our insight to use those tools to achieve such scalable application delivery
https://sched.co/ZeiY
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Design Choices Behind Making gRPC Available on Web Platforms - Wenbo Zhu, Google
In this talk, we will go through the challenges faced by making gRPC available on Web platforms and discuss the design choices we made in order to strike the balance between reachability and complexity of the solution. Since its GA (Oct 2018), grpc-web has been widely adopted by OSS users (https://github.com/grpc/grpc-web), and we have also seen a rapidly growing ecosystem support for gRPC-Web, such as Dart, Angular, Swift, Reactive-Native etc. Web technologies will continue evolving and we will present the road-maps of gRPC-Web and how we plan to deliver a seamless development experience for designing highly-responsive Web applications against gRPC based microservices or APIs.
https://sched.co/ZeoJ
Design Choices Behind Making gRPC Available on Web Platforms - Wenbo Zhu, Google
In this talk, we will go through the challenges faced by making gRPC available on Web platforms and discuss the design choices we made in order to strike the balance between reachability and complexity of the solution. Since its GA (Oct 2018), grpc-web has been widely adopted by OSS users (https://github.com/grpc/grpc-web), and we have also seen a rapidly growing ecosystem support for gRPC-Web, such as Dart, Angular, Swift, Reactive-Native etc. Web technologies will continue evolving and we will present the road-maps of gRPC-Web and how we plan to deliver a seamless development experience for designing highly-responsive Web applications against gRPC based microservices or APIs.
https://sched.co/ZeoJ
- 2 participants
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Designing a gRPC Interface for Kernel Tracing with eBPF - Leonardo Di Donato, Sysdig
As a maintainer of the CNCF runtime security project, Falco, he was tasked with designing a mutually TLS authenticated API over gRPC in C/C++ to solve the runtime security problem. Join this talk to understand the challenges he faced with designing the interface, as well as the performance concerns with parsing millions of syscalls using eBPF over gRPC. The audience will walk away with an understanding of runtime security in cloud-native, as well as the technical concerns with building such an interface.
https://sched.co/Zexb
Designing a gRPC Interface for Kernel Tracing with eBPF - Leonardo Di Donato, Sysdig
As a maintainer of the CNCF runtime security project, Falco, he was tasked with designing a mutually TLS authenticated API over gRPC in C/C++ to solve the runtime security problem. Join this talk to understand the challenges he faced with designing the interface, as well as the performance concerns with parsing millions of syscalls using eBPF over gRPC. The audience will walk away with an understanding of runtime security in cloud-native, as well as the technical concerns with building such an interface.
https://sched.co/Zexb
- 1 participant
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
DevOps Patterns and Antipatterns for Continuous Software Updates - Kat Cosgrove, JFrog
So, you want to update the software for your user, be it the nodes in your K8s cluster, a browser on user’s desktop, an app in user’s smartphone or even a user’s car. What can possibly go wrong? In this talk, we’ll analyze real-world software update failures and how multiple DevOps patterns, that fit a variety of scenarios, could have saved the developers. Manually making sure that everything works before sending update and expecting the user to do acceptance tests before they update is most definitely not on the list of such patterns. Join us for some awesome and scary continuous update horror stories and some obvious (and some not so obvious) proven ideas for improvement and best practices you can start following tomorrow.
https://sched.co/Zelk
DevOps Patterns and Antipatterns for Continuous Software Updates - Kat Cosgrove, JFrog
So, you want to update the software for your user, be it the nodes in your K8s cluster, a browser on user’s desktop, an app in user’s smartphone or even a user’s car. What can possibly go wrong? In this talk, we’ll analyze real-world software update failures and how multiple DevOps patterns, that fit a variety of scenarios, could have saved the developers. Manually making sure that everything works before sending update and expecting the user to do acceptance tests before they update is most definitely not on the list of such patterns. Join us for some awesome and scary continuous update horror stories and some obvious (and some not so obvious) proven ideas for improvement and best practices you can start following tomorrow.
https://sched.co/Zelk
- 1 participant
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Developing the Kubernetes Python Client - Scott Lee, Facebook
The Kubernetes Python client allows users to programmatically interact with clusters using the Python language. With Python being one of the most popular programming languages, the Python client provides a way for those unfamiliar with Golang to still reap the benefits of a code interface to Kubernetes. This session will cover the repositories and resources that are used to generate the Python client and dive into examples of how the client is used. This talk will also cover how to get involved as a contributor to the Python client by covering processes and resources. Note: Brendan Burns gave a talk titled "!go, Interacting with and Extending Kubernetes in a Polyglot World" but it covered Kubernetes clients generally while this talk is specifically about the Kubernetes Python client and dives deeper into the nuances of the client and how to get involved as a contributor.
https://sched.co/ZetU
Developing the Kubernetes Python Client - Scott Lee, Facebook
The Kubernetes Python client allows users to programmatically interact with clusters using the Python language. With Python being one of the most popular programming languages, the Python client provides a way for those unfamiliar with Golang to still reap the benefits of a code interface to Kubernetes. This session will cover the repositories and resources that are used to generate the Python client and dive into examples of how the client is used. This talk will also cover how to get involved as a contributor to the Python client by covering processes and resources. Note: Brendan Burns gave a talk titled "!go, Interacting with and Extending Kubernetes in a Polyglot World" but it covered Kubernetes clients generally while this talk is specifically about the Kubernetes Python client and dives deeper into the nuances of the client and how to get involved as a contributor.
https://sched.co/ZetU
- 1 participant
- 14 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Discreetly Studying the Effects of Individual Traffic Control Functions - Lee Calcote & Prateek Sahu, Layer5
Like path-based routing? How about attribute-based whitelisting? Manipulating request headers and routing? (yes, you do.) Service meshes offer granular control over service traffic, allowing you bend network traffic to your will. But, how do these individual traffic controls perform? How much latency do they induce? We present a study on the effects of individual traffic controls in a service mesh. Using a simple application, we will show how users can chain together multiple (fake) microservices, which are configurable in terms of their behavior (i.e. respond precisely and consistently) in performance test environments.
https://sched.co/Zetg
Discreetly Studying the Effects of Individual Traffic Control Functions - Lee Calcote & Prateek Sahu, Layer5
Like path-based routing? How about attribute-based whitelisting? Manipulating request headers and routing? (yes, you do.) Service meshes offer granular control over service traffic, allowing you bend network traffic to your will. But, how do these individual traffic controls perform? How much latency do they induce? We present a study on the effects of individual traffic controls in a service mesh. Using a simple application, we will show how users can chain together multiple (fake) microservices, which are configurable in terms of their behavior (i.e. respond precisely and consistently) in performance test environments.
https://sched.co/Zetg
- 3 participants
- 46 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Do The Math: Auto-Scaling Applications with Kubernetes - Antoine Hamon, Nephely
What better place is there to host applications but inside a Kubernetes cluster? Yet what feature is more under-estimated than pod auto-scaling? Yes pod auto-scaling can be really hard, especially when searching for an optimized configuration. Whatever the application, goals are always the same: making sure our pods are able to scale-up quickly enough so users don't ever face any latency nor HTTP/5xx, while keeping the cost as low as possible. As both goals directly leverage the other, the complexity is all about finding the correct balance. Instead of putting the regular 80% CPU utilization threshold (which is sometimes fine-tuned with load-testing and/or feedback monitoring), would it be possible to have a more mathematical approach to solve this problem? During this talk Antoine will present one he created and explain how to utilize it within Kubernetes.
https://sched.co/ZelV
Do The Math: Auto-Scaling Applications with Kubernetes - Antoine Hamon, Nephely
What better place is there to host applications but inside a Kubernetes cluster? Yet what feature is more under-estimated than pod auto-scaling? Yes pod auto-scaling can be really hard, especially when searching for an optimized configuration. Whatever the application, goals are always the same: making sure our pods are able to scale-up quickly enough so users don't ever face any latency nor HTTP/5xx, while keeping the cost as low as possible. As both goals directly leverage the other, the complexity is all about finding the correct balance. Instead of putting the regular 80% CPU utilization threshold (which is sometimes fine-tuned with load-testing and/or feedback monitoring), would it be possible to have a more mathematical approach to solve this problem? During this talk Antoine will present one he created and explain how to utilize it within Kubernetes.
https://sched.co/ZelV
- 1 participant
- 13 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Dynamic Configuration with ComponentConfig and the Control Loop - Chris Hein, Apple & Leigh Capili, Weaveworks
ComponentConfig is a pattern that allows you to use Kubernetes API Machinery to load Configuration files that look and feel like Kubernetes resources. This talk will introduce the idea of combining ComponentConfig with Dynamic Configs through CRDs to allow your controllers to dynamically reconfigure themselves similar to the way the Dynamic Kubelet Configuration works. This pattern can be useful for any Controller or Operator builder to make updating and managing the controller much more straightforward for end-users. This pattern also introduces the ability to report customized status about how the controller is operating, reducing the cognitive load for users to debug misconfigured controllers.
https://sched.co/ZemW
Dynamic Configuration with ComponentConfig and the Control Loop - Chris Hein, Apple & Leigh Capili, Weaveworks
ComponentConfig is a pattern that allows you to use Kubernetes API Machinery to load Configuration files that look and feel like Kubernetes resources. This talk will introduce the idea of combining ComponentConfig with Dynamic Configs through CRDs to allow your controllers to dynamically reconfigure themselves similar to the way the Dynamic Kubelet Configuration works. This pattern can be useful for any Controller or Operator builder to make updating and managing the controller much more straightforward for end-users. This pattern also introduces the ability to report customized status about how the controller is operating, reducing the cognitive load for users to debug misconfigured controllers.
https://sched.co/ZemW
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Easy, Secure and Fast - Using NATS for Data Streams and Services - Colin Sullivan, Synadia
Distributed systems architecture has been disrupted via decomposition as cloud technology has matured - we’ve seen a migration from monolithic applications to microservices coordinating across large scale deployments. This has created a need for flexible deployments, secure and transparent data sharing, multiple communication patterns, location transparency, and the decoupling of data producers and consumers. NATS is a cloud-native messaging project that addresses these needs. While cloud-native, NATS and can also run on-premise, edge and even endpoints. In this discussion, we'll introduce you to NATS: how NATS came to be, its DNA and cover some of the problems that it solves. We’ll describe common messaging patterns, when to use them, and design principles to create NATS enabled cloud-native applications. For more information be sure to follow this up with the NATS deep dive!
https://sched.co/Zewv
Easy, Secure and Fast - Using NATS for Data Streams and Services - Colin Sullivan, Synadia
Distributed systems architecture has been disrupted via decomposition as cloud technology has matured - we’ve seen a migration from monolithic applications to microservices coordinating across large scale deployments. This has created a need for flexible deployments, secure and transparent data sharing, multiple communication patterns, location transparency, and the decoupling of data producers and consumers. NATS is a cloud-native messaging project that addresses these needs. While cloud-native, NATS and can also run on-premise, edge and even endpoints. In this discussion, we'll introduce you to NATS: how NATS came to be, its DNA and cover some of the problems that it solves. We’ll describe common messaging patterns, when to use them, and design principles to create NATS enabled cloud-native applications. For more information be sure to follow this up with the NATS deep dive!
https://sched.co/Zewv
- 1 participant
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Effective Kubernetes Onboarding - Kathleen Juell, DigitalOcean
Kubernetes has a steep learning curve, but many teams need to learn Kubernetes – quickly. This talk will cover strategies for onboarding developers to Kubernetes, taken from DigitalOcean's Developer Education team – the producers of DO's Community tutorials – and the Community Platform team, which develops the Community application. It will include 1. Core concepts and insights from DO's new Kubernetes for Full-Stack Developers curriculum; 2. An on-the-ground perspective taken from the Community Platform team's migration from a traditional VM environment to Kubernetes. Key concepts the talk will cover: 1. How to onboard teams successfully by establishing knowledge baselines and effectively organizing, structuring, and delivering Kubernetes concepts. 2. How to situate Kubernetes in a larger arc of application development and integrate it into an existing development workflow.
https://sched.co/Zeso
Effective Kubernetes Onboarding - Kathleen Juell, DigitalOcean
Kubernetes has a steep learning curve, but many teams need to learn Kubernetes – quickly. This talk will cover strategies for onboarding developers to Kubernetes, taken from DigitalOcean's Developer Education team – the producers of DO's Community tutorials – and the Community Platform team, which develops the Community application. It will include 1. Core concepts and insights from DO's new Kubernetes for Full-Stack Developers curriculum; 2. An on-the-ground perspective taken from the Community Platform team's migration from a traditional VM environment to Kubernetes. Key concepts the talk will cover: 1. How to onboard teams successfully by establishing knowledge baselines and effectively organizing, structuring, and delivering Kubernetes concepts. 2. How to situate Kubernetes in a larger arc of application development and integrate it into an existing development workflow.
https://sched.co/Zeso
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Elephant on Wheels: Petabyte-scale AI @ LinkedIn - Cong Gu & Abin Shahab, LinkedIn
Kubernetes has flourished at LinkedIn for AI workloads. It started as a proof of concept for Jupyter notebooks, and now it has become a key infrastructure for model training and model serving. LinkedIn AI has been traditionally Hadoop/YARN based, and its Hadoop data lake is one of the worlds largest. To allow AI and non-AI workloads to securely access HDFS, a scalable, secure, open-source integration with HDFS Kerberos called Kube2Hadoop was built. This enables AI modelers at LinkedIn to use data securely in their model exploration and training with KubeFlow components such as the mpi-operator. LinkedIn’s infra teams are also prototyping a multilevel scheduler on top of Kubernetes and YARN clusters on the cloud, which can intelligently route jobs to multiple clusters and can facilitate workflows across Kubernetes and YARN clusters.
https://sched.co/Zepx
Elephant on Wheels: Petabyte-scale AI @ LinkedIn - Cong Gu & Abin Shahab, LinkedIn
Kubernetes has flourished at LinkedIn for AI workloads. It started as a proof of concept for Jupyter notebooks, and now it has become a key infrastructure for model training and model serving. LinkedIn AI has been traditionally Hadoop/YARN based, and its Hadoop data lake is one of the worlds largest. To allow AI and non-AI workloads to securely access HDFS, a scalable, secure, open-source integration with HDFS Kerberos called Kube2Hadoop was built. This enables AI modelers at LinkedIn to use data securely in their model exploration and training with KubeFlow components such as the mpi-operator. LinkedIn’s infra teams are also prototyping a multilevel scheduler on top of Kubernetes and YARN clusters on the cloud, which can intelligently route jobs to multiple clusters and can facilitate workflows across Kubernetes and YARN clusters.
https://sched.co/Zepx
- 2 participants
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Enabling E2E Observability via Open Source in 5G Telco CNFs - Tamas Zsiros & Henrik Saavedra Persson, Ericsson
Ericsson is building CNFs for 5G being deployed in live operation throughout the world. One of the earliest challenges to answer when developing for a Kubernetes evnironment was how to enable observability (monitoring, logging and tracing) as well as configuration management for cloud native applications that need to interact with a multitude of management and visualization systems, some of which were created for the cloud (e.g. ONAP), and some which has long been established in telecom service providers' environments. To answer the challenge Ericsson has built a platform using open source projects straight from the CNCF Landscape. This session will show the motivations behind this undertaking, walk you throuh the architecture of the platform and discuss the benefits and challenges of using open source and cloud native for 5G networks.
https://sched.co/Zepo
Enabling E2E Observability via Open Source in 5G Telco CNFs - Tamas Zsiros & Henrik Saavedra Persson, Ericsson
Ericsson is building CNFs for 5G being deployed in live operation throughout the world. One of the earliest challenges to answer when developing for a Kubernetes evnironment was how to enable observability (monitoring, logging and tracing) as well as configuration management for cloud native applications that need to interact with a multitude of management and visualization systems, some of which were created for the cloud (e.g. ONAP), and some which has long been established in telecom service providers' environments. To answer the challenge Ericsson has built a platform using open source projects straight from the CNCF Landscape. This session will show the motivations behind this undertaking, walk you throuh the architecture of the platform and discuss the benefits and challenges of using open source and cloud native for 5G networks.
https://sched.co/Zepo
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Enabling Multi-user Machine Learning Workflows for Kubeflow Pipelines - Yannis Zarkadas, Arrikto & Yuan Gong, Google
Kubeflow is an open source machine learning platform built on Kubernetes. Every service in Kubeflow is implemented either as a Custom Resource Definition (CRD) (e.g., TensorFlow Job) or as a standalone service (e.g., Kubeflow Pipelines). As enterprises start to adopt Kubeflow, the need for access control, authentication, and authorization is emerging. Kubernetes CRDs come with their own auth story, but what about Services with their own API and database, like Kubeflow Pipelines? In this talk, we explore how we enabled multi-user workflows for Kubeflow Pipelines, in a Kubernetes-native way. We present how we combined open-source, cloud-native technologies to design and implement a flexible, Kubernetes-native solution for services with their own API and database. The talk will include a live demo.
https://sched.co/Zeok
Enabling Multi-user Machine Learning Workflows for Kubeflow Pipelines - Yannis Zarkadas, Arrikto & Yuan Gong, Google
Kubeflow is an open source machine learning platform built on Kubernetes. Every service in Kubeflow is implemented either as a Custom Resource Definition (CRD) (e.g., TensorFlow Job) or as a standalone service (e.g., Kubeflow Pipelines). As enterprises start to adopt Kubeflow, the need for access control, authentication, and authorization is emerging. Kubernetes CRDs come with their own auth story, but what about Services with their own API and database, like Kubeflow Pipelines? In this talk, we explore how we enabled multi-user workflows for Kubeflow Pipelines, in a Kubernetes-native way. We present how we combined open-source, cloud-native technologies to design and implement a flexible, Kubernetes-native solution for services with their own API and database. The talk will include a live demo.
https://sched.co/Zeok
- 2 participants
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Envoy, Take the Wheel: Real-time Adaptive Circuit Breaking - Tony Allen, Lyft
Modern service mesh deployments are equipped with hundreds of tunables, such as timeouts and circuit breakers. Finding ideal initial values requires deep technical expertise. Workloads change over time, requiring regular effort to re-tune stale parameters. As a consequence, configuration errors have become a source of operational toil and one of the major causes of system failures across the industry. The service mesh should aim to expose a minimal configuration surface by dynamically adjusting parameters based on observations. Tony Allen will provide a deep-dive into how Envoy’s Adaptive Concurrency Control feature dynamically tunes circuit breaker thresholds using real-time sampling of request latencies, removing the need for periodic adjustment. He will also discuss lessons learned deploying the feature to Lyft’s production service mesh.
https://sched.co/Zes8
Envoy, Take the Wheel: Real-time Adaptive Circuit Breaking - Tony Allen, Lyft
Modern service mesh deployments are equipped with hundreds of tunables, such as timeouts and circuit breakers. Finding ideal initial values requires deep technical expertise. Workloads change over time, requiring regular effort to re-tune stale parameters. As a consequence, configuration errors have become a source of operational toil and one of the major causes of system failures across the industry. The service mesh should aim to expose a minimal configuration surface by dynamically adjusting parameters based on observations. Tony Allen will provide a deep-dive into how Envoy’s Adaptive Concurrency Control feature dynamically tunes circuit breaker thresholds using real-time sampling of request latencies, removing the need for periodic adjustment. He will also discuss lessons learned deploying the feature to Lyft’s production service mesh.
https://sched.co/Zes8
- 1 participant
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Episode IV: A New Network Service Mesh - Frederick Kautz, Doc.ai & Nikolay Nikolaev, VMware
It is a time of exploding networking complexity. Members of the Network Service Mesh Community, hacking furiously around the clock, have won their first victory for network simplification. During the development, community members discovered a new way to think about Cloud Native networking with enough power to meet the needs of multi-cloud enterprises and telcos alike. Racing across… Frederick Kautz and Nikolay Nikolaev bring you Network Service Mesh, which can unchain developers from legacy networking and restore freedom to networking. Come learn about Network Service Mesh and get the latest updates on the latest features including Inter-Domain connectivity, identity (SPIFFE) and policy (OPA) support!
https://sched.co/ZevK
Episode IV: A New Network Service Mesh - Frederick Kautz, Doc.ai & Nikolay Nikolaev, VMware
It is a time of exploding networking complexity. Members of the Network Service Mesh Community, hacking furiously around the clock, have won their first victory for network simplification. During the development, community members discovered a new way to think about Cloud Native networking with enough power to meet the needs of multi-cloud enterprises and telcos alike. Racing across… Frederick Kautz and Nikolay Nikolaev bring you Network Service Mesh, which can unchain developers from legacy networking and restore freedom to networking. Come learn about Network Service Mesh and get the latest updates on the latest features including Inter-Domain connectivity, identity (SPIFFE) and policy (OPA) support!
https://sched.co/ZevK
- 2 participants
- 38 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Escaping the Jungle - Migration to Cloud Native CI/CD - Anton Weiss, Otomato Software
In the last 2 years Otomato has been helping a number of software companies to migrate their complex systems to Cloud Native infrastructure. This included rebuilding the CI/CD processes and tooling based on Cloud Native concepts and tooling. In this talk Anton will present the challenges organisations face when switching to modern approaches in software delivery. We will cover the topics of: - Providing unified kubernetes-based CI/CD infrastructure - Scalable CI/CD Pipelines and Environments - Component and Contract testing vs. End-to-End testing - Managing Deployments with Helm - Evaluating Service Meshes - Making the switch to GitOps
https://sched.co/Zesu
Escaping the Jungle - Migration to Cloud Native CI/CD - Anton Weiss, Otomato Software
In the last 2 years Otomato has been helping a number of software companies to migrate their complex systems to Cloud Native infrastructure. This included rebuilding the CI/CD processes and tooling based on Cloud Native concepts and tooling. In this talk Anton will present the challenges organisations face when switching to modern approaches in software delivery. We will cover the topics of: - Providing unified kubernetes-based CI/CD infrastructure - Scalable CI/CD Pipelines and Environments - Component and Contract testing vs. End-to-End testing - Managing Deployments with Helm - Evaluating Service Meshes - Making the switch to GitOps
https://sched.co/Zesu
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Expanding Serverless to Scale-out Kubeflow Pipelines - Yaron Haviv, Iguazio
Serverless frameworks enable devops automation, resource allocation on demand and auto-scaling. However, so far they only addressed event-driven workloads and not distributed, batch oriented data science tasks like data preparation and ML training. Orit Nissan-Messing will introduce the recently announced Nuclio ML Functions which is tightly integrated with Kubeflow and extends the Nuclio open-source serverless framework to auto-scaling machine learning, training and data preparation tasks. Nuclio ML functions automatically tracks experiments and artifacts, is seamlessly integrated with Kubeflow pipelines and eliminates a significant amount of devops. Participants will learn how to work with Kubeflow and Nuclio to enable CI/CD for their machine learning workloads, enabling performance and horizontal scaling, while cutting infrastructure costs and tedious development tasks.
https://sched.co/ZepH
Expanding Serverless to Scale-out Kubeflow Pipelines - Yaron Haviv, Iguazio
Serverless frameworks enable devops automation, resource allocation on demand and auto-scaling. However, so far they only addressed event-driven workloads and not distributed, batch oriented data science tasks like data preparation and ML training. Orit Nissan-Messing will introduce the recently announced Nuclio ML Functions which is tightly integrated with Kubeflow and extends the Nuclio open-source serverless framework to auto-scaling machine learning, training and data preparation tasks. Nuclio ML functions automatically tracks experiments and artifacts, is seamlessly integrated with Kubeflow pipelines and eliminates a significant amount of devops. Participants will learn how to work with Kubeflow and Nuclio to enable CI/CD for their machine learning workloads, enabling performance and horizontal scaling, while cutting infrastructure costs and tedious development tasks.
https://sched.co/ZepH
- 1 participant
- 56 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Failure Stories From the On-premise Bare-metal World - Stephan Fudeus & David Meder-Marouelli, 1&1 Mail & Media Development & Technology GmbH
Setting up a Kubernetes cluster is not trivial in general and doing that on-premise with bare-metal machines has very specific challenges. In addition to "just" defining the pod overlay network and embedding the host network into an existing topology, ingesting and directing traffic into the cluster is an essential task. Regardless of the chosen solution, compromises need to be made and eventually, failures will occur. In this session David and Stephan will show their real world setup of reasonably large clusters (up to 150 nodes currently), the reasoning behind the network design and the failure stories they experienced and had to deal with. The topics are ranging from ingress controllers via BGP, network routing, DNS and iptables to hardware load balancer appliances - and how those technologies are not as cloud native as one might wish.
https://sched.co/Zemo
Failure Stories From the On-premise Bare-metal World - Stephan Fudeus & David Meder-Marouelli, 1&1 Mail & Media Development & Technology GmbH
Setting up a Kubernetes cluster is not trivial in general and doing that on-premise with bare-metal machines has very specific challenges. In addition to "just" defining the pod overlay network and embedding the host network into an existing topology, ingesting and directing traffic into the cluster is an essential task. Regardless of the chosen solution, compromises need to be made and eventually, failures will occur. In this session David and Stephan will show their real world setup of reasonably large clusters (up to 150 nodes currently), the reasoning behind the network design and the failure stories they experienced and had to deal with. The topics are ranging from ingress controllers via BGP, network routing, DNS and iptables to hardware load balancer appliances - and how those technologies are not as cloud native as one might wish.
https://sched.co/Zemo
- 2 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
FinOps Summit: Cost Visibility and Optimization in Kubernetes
Managing the visibility and optimization of costs is hard enough in the Cloud, the introduction of Kubernetes adds another layer of virtualization to manage. This 90-minute, single-track event will focus on how to do cloud financial management in a cloud native container environment. Topics to be covered: Why Cloud Financial Management is harder in Kubernetes Introduction to the FinOps Foundation and launch of Certified partner programs Shifting responsibility for cloud spending to product teams Implementing cost accountability and allocation in Kubernetes Strategies for ensuring developers take action on cost actions on optimizations. Managing the complexity of spending in a cloud native container environment
https://sched.co/dfTz
FinOps Summit: Cost Visibility and Optimization in Kubernetes
Managing the visibility and optimization of costs is hard enough in the Cloud, the introduction of Kubernetes adds another layer of virtualization to manage. This 90-minute, single-track event will focus on how to do cloud financial management in a cloud native container environment. Topics to be covered: Why Cloud Financial Management is harder in Kubernetes Introduction to the FinOps Foundation and launch of Certified partner programs Shifting responsibility for cloud spending to product teams Implementing cost accountability and allocation in Kubernetes Strategies for ensuring developers take action on cost actions on optimizations. Managing the complexity of spending in a cloud native container environment
https://sched.co/dfTz
- 6 participants
- 1:34 hours
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Five Great Ways to Lose Data on Kubernetes (And How to Avoid Them) - Robert Hodges, Altinity LTD
Databases and stateful apps are gravitating rapidly to Kubernetes, so the sorrows of accidental data loss cannot be far behind. As long-time database engineers and authors of the ClickHouse Kubernetes operator, our team has seen lots of imaginative ways to lose data. We also learned how to prevent them. The talk starts with standard high availability/disaster recovery models used in DBMS and demonstrates that classic ways to lose data are still alive and well on Kubernetes. We'll then pivot to Kubernetes-specific disasters-in-waiting, such as the PV that wasn't, affinity afflictions, and the dreaded fat fingers of fate. The talk will help instill a healthy sense of paranoia and give listeners tools to ensure their experiences with cloud-native data will be happy ones.
https://sched.co/Zet6
Five Great Ways to Lose Data on Kubernetes (And How to Avoid Them) - Robert Hodges, Altinity LTD
Databases and stateful apps are gravitating rapidly to Kubernetes, so the sorrows of accidental data loss cannot be far behind. As long-time database engineers and authors of the ClickHouse Kubernetes operator, our team has seen lots of imaginative ways to lose data. We also learned how to prevent them. The talk starts with standard high availability/disaster recovery models used in DBMS and demonstrates that classic ways to lose data are still alive and well on Kubernetes. We'll then pivot to Kubernetes-specific disasters-in-waiting, such as the PV that wasn't, affinity afflictions, and the dreaded fat fingers of fate. The talk will help instill a healthy sense of paranoia and give listeners tools to ensure their experiences with cloud-native data will be happy ones.
https://sched.co/Zet6
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Flux Deep Dive: A GitOps Approach to Progressive Delivery - Stefan Prodan & Hidde Beydals, Weaveworks
“Progressive Delivery” refers to a set of techniques for reducing deployment risk by decoupling the deployment from the release process. In this session, Stefan and Hidde will talk about implementing these techniques on Kubernetes. We will discuss in depth how canary releases can be orchestrated through Git operations, declaratively, using Kubernetes custom resources and Flux git-to-cluster synchronization. We will demo a GitOps pipeline that automates the release process of a web application. The demo will feature: - Flux for cluster state management - Flux Helm Operator for app deployments - Flagger for app testing and incremental rollout
https://sched.co/Zev2
Flux Deep Dive: A GitOps Approach to Progressive Delivery - Stefan Prodan & Hidde Beydals, Weaveworks
“Progressive Delivery” refers to a set of techniques for reducing deployment risk by decoupling the deployment from the release process. In this session, Stefan and Hidde will talk about implementing these techniques on Kubernetes. We will discuss in depth how canary releases can be orchestrated through Git operations, declaratively, using Kubernetes custom resources and Flux git-to-cluster synchronization. We will demo a GitOps pipeline that automates the release process of a web application. The demo will feature: - Flux for cluster state management - Flux Helm Operator for app deployments - Flagger for app testing and incremental rollout
https://sched.co/Zev2
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Alert Notification to Comparison of Good and Bad Requests in One Click - Shreyas Srivatsan, Chronosphere
Metrics are a great tool for notifying when something goes wrong. Distributed tracing provides the ability to drill down deeper into an issue when triaging an alert with a non-obvious root cause. It’s already difficult to jump from metrics raising an alert to a representative problematic trace, but even once there, users often want to compare a problematic trace with a non-problematic one to help root cause the issue. This talk demonstrates how to jump straight from an alert notification to displaying a problematic trace along with a comparison to a non-problematic trace. This is accomplished with a combination of open source tools such as Prometheus, Jaeger, Grafana and M3. The audience will learn how recent advances in the community can enable them to reduce their time-to-mitigation by providing the relevant context of a bad request vs a good request directly from a graph.
https://sched.co/Zeoq
From Alert Notification to Comparison of Good and Bad Requests in One Click - Shreyas Srivatsan, Chronosphere
Metrics are a great tool for notifying when something goes wrong. Distributed tracing provides the ability to drill down deeper into an issue when triaging an alert with a non-obvious root cause. It’s already difficult to jump from metrics raising an alert to a representative problematic trace, but even once there, users often want to compare a problematic trace with a non-problematic one to help root cause the issue. This talk demonstrates how to jump straight from an alert notification to displaying a problematic trace along with a comparison to a non-problematic trace. This is accomplished with a combination of open source tools such as Prometheus, Jaeger, Grafana and M3. The audience will learn how recent advances in the community can enable them to reduce their time-to-mitigation by providing the relevant context of a bad request vs a good request directly from a graph.
https://sched.co/Zeoq
- 1 participant
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Infrastructure Bro to Hacker Chick: A Cloud Native Journey - Kris Nóva, Independent
Her first commit to Kubernetes was made under a name she no longer uses, by a person who no longer exists. Until now she has done her best to keep this information a secret, and lives full time as a well known transgender engineer. In this talk she publicly reveals the commit log for the first time, and tells her unique story about her personal journey with cloud native technologies. The fact that she has experienced cloud native from both sides of the gender spectrum gives her unique insight into the tooling, and more importantly the processes in place for contributing. She draws striking parallels with her personal epiphanies in her career, with the maturity of the cloud native ecosystem by using three simple words: shame, adoption, victory. The talk explores the three lessons in detail from the perspective of a veteran cloud native engineer. She hopes to inspire all.
https://sched.co/Zen9
From Infrastructure Bro to Hacker Chick: A Cloud Native Journey - Kris Nóva, Independent
Her first commit to Kubernetes was made under a name she no longer uses, by a person who no longer exists. Until now she has done her best to keep this information a secret, and lives full time as a well known transgender engineer. In this talk she publicly reveals the commit log for the first time, and tells her unique story about her personal journey with cloud native technologies. The fact that she has experienced cloud native from both sides of the gender spectrum gives her unique insight into the tooling, and more importantly the processes in place for contributing. She draws striking parallels with her personal epiphanies in her career, with the maturity of the cloud native ecosystem by using three simple words: shame, adoption, victory. The talk explores the three lessons in detail from the perspective of a veteran cloud native engineer. She hopes to inspire all.
https://sched.co/Zen9
- 1 participant
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Minikube to Production, Never Miss a Step in Getting Your K8s Ready - Horacio Gonzalez & Kevin Georges, OVHcloud
So you have installed your Kubernetes cluster, and you have deployed some apps on it, but the idea of putting it into production makes you uneasy... Well, this talk is for you! The path form a working Kubernetes cluster to a production-ready one can be rough and complicated, with lots of things to think of, and many pitfalls to avoid. In this talk Kevin & Horacio will share with you the common pitfalls and their best known antidotes, in order to make sure that you deliver a secure and highly available Kubernetes to your end-users. After sharing with you a cost-effective HA setup for a typical Kubernetes production environnement, Kevin and Horacio will cover the basic security best practices, adapted to any enterprise context. They will also discuss some of the most recognized CNCF projects tools to enhance Kubernetes observability, reliability, security and management.
https://sched.co/Zeo4
From Minikube to Production, Never Miss a Step in Getting Your K8s Ready - Horacio Gonzalez & Kevin Georges, OVHcloud
So you have installed your Kubernetes cluster, and you have deployed some apps on it, but the idea of putting it into production makes you uneasy... Well, this talk is for you! The path form a working Kubernetes cluster to a production-ready one can be rough and complicated, with lots of things to think of, and many pitfalls to avoid. In this talk Kevin & Horacio will share with you the common pitfalls and their best known antidotes, in order to make sure that you deliver a secure and highly available Kubernetes to your end-users. After sharing with you a cost-effective HA setup for a typical Kubernetes production environnement, Kevin and Horacio will cover the basic security best practices, adapted to any enterprise context. They will also discuss some of the most recognized CNCF projects tools to enhance Kubernetes observability, reliability, security and management.
https://sched.co/Zeo4
- 2 participants
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Go? Bash! Meet the Shell-operator - Andrey Klimentyev & Dmitry Stolyarov, Flant
While using Kubernetes, the need to automate our work is everpresent. Usually, the task boils to a simple pattern: subscribe to Kubernetes resource changes and acting upon them. In the simplest case, a ConfigMap creation will suffice. In the complex one, interaction with a Custom Resource might be required. Most of the operations engineers know a scripting language (e.g., bash) and are familiar with the jq tool, which employs an indigenous paradigm of traversing JSON structures inspired by the functional programming paradigm. A general-purpose programming language, without a doubt, provides tons of benefits, but do they not create a steep learning curve on the path to automating and extending Kubernetes? This talk focuses on writing simple operators with the shell-operator, using a scripting language (bash) and jq, and justifies such an approach.
https://sched.co/Zeo1
Go? Bash! Meet the Shell-operator - Andrey Klimentyev & Dmitry Stolyarov, Flant
While using Kubernetes, the need to automate our work is everpresent. Usually, the task boils to a simple pattern: subscribe to Kubernetes resource changes and acting upon them. In the simplest case, a ConfigMap creation will suffice. In the complex one, interaction with a Custom Resource might be required. Most of the operations engineers know a scripting language (e.g., bash) and are familiar with the jq tool, which employs an indigenous paradigm of traversing JSON structures inspired by the functional programming paradigm. A general-purpose programming language, without a doubt, provides tons of benefits, but do they not create a steep learning curve on the path to automating and extending Kubernetes? This talk focuses on writing simple operators with the shell-operator, using a scripting language (bash) and jq, and justifies such an approach.
https://sched.co/Zeo1
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Going Beyond CI/CD with Prow - Leonardo Di Donato, Sysdig
One of the most untold secrets is how hard and important is to automate the whole set of workflows around the code, not only the testing phase. We were able to use the native Kubernetes CI/CD system - Prow - to solve CI/CD for Falco. Furthermore we discovered that Prow does much more than CI/CD! Join us to find out what! You will walk away with a deep technical knowledge of Prow and how we were able to implement internally so you can too. We’ll see how to correctly setup and deploy Prow on a Kubernetes instance. How to link it to a bot account. How to hook Prow to GitHub organizations and repositories, how to establish an automated governance process for the Open Source by configuring multiple Prow plugins. Finally the audience will learn how to create its own custom plugins in order to lint commit messages and code.
https://sched.co/ZenU
Going Beyond CI/CD with Prow - Leonardo Di Donato, Sysdig
One of the most untold secrets is how hard and important is to automate the whole set of workflows around the code, not only the testing phase. We were able to use the native Kubernetes CI/CD system - Prow - to solve CI/CD for Falco. Furthermore we discovered that Prow does much more than CI/CD! Join us to find out what! You will walk away with a deep technical knowledge of Prow and how we were able to implement internally so you can too. We’ll see how to correctly setup and deploy Prow on a Kubernetes instance. How to link it to a bot account. How to hook Prow to GitHub organizations and repositories, how to establish an automated governance process for the Open Source by configuring multiple Prow plugins. Finally the audience will learn how to create its own custom plugins in order to lint commit messages and code.
https://sched.co/ZenU
- 1 participant
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Going Containerless with WebAssembly - Kevin Hoffman, Capital One
WebAssembly is the future of distributed computing. This session explains what WebAssembly is, how it works outside the browser, and why people at a cloud conference should take notice. Attendees will learn how, with the use of a few open source projects, building functions and services in WebAssembly can be easier, faster, and more secure than building traditional services. Demonstrations will include building systems that engage in low-level, RPC-style communication between the runtime host and guest module, then advancing to the examination of a host runtime written in Rust that dynamically and securely binds zero-trust WebAssembly functions and services with high-privilege capability plugins like message broker providers, key-value stores, and more (also written in WebAssembly!).
https://sched.co/Zer1
Going Containerless with WebAssembly - Kevin Hoffman, Capital One
WebAssembly is the future of distributed computing. This session explains what WebAssembly is, how it works outside the browser, and why people at a cloud conference should take notice. Attendees will learn how, with the use of a few open source projects, building functions and services in WebAssembly can be easier, faster, and more secure than building traditional services. Demonstrations will include building systems that engage in low-level, RPC-style communication between the runtime host and guest module, then advancing to the examination of a host runtime written in Rust that dynamically and securely binds zero-trust WebAssembly functions and services with high-privilege capability plugins like message broker providers, key-value stores, and more (also written in WebAssembly!).
https://sched.co/Zer1
- 1 participant
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Hacking on Network Service Mesh Dataplane for a True Multi-cloud Experience - Aleksandra Kowalska, Netcompany & Jaroslaw Lukow, Nine Fives Labs
In this session the presenters will guide you through integrating Network Service Mesh with the Tungsten Fabric SDN controller as the dataplane tunnel provider. The session will bring both information about the NSM architecture and its use-cases. The TF's ubiquity of integrations (Kubernetes, OpenStack, VMware, physical appliances etc.) enables to demonstrate the true concept of cloud-native networking - when the location of the network service is irrevelant to the consumer and she can focus only on the required functionality. Thus, we can mix and match different clusters, orchestrators and technologies to provide a flexible networking environment.
https://sched.co/Zepf
Hacking on Network Service Mesh Dataplane for a True Multi-cloud Experience - Aleksandra Kowalska, Netcompany & Jaroslaw Lukow, Nine Fives Labs
In this session the presenters will guide you through integrating Network Service Mesh with the Tungsten Fabric SDN controller as the dataplane tunnel provider. The session will bring both information about the NSM architecture and its use-cases. The TF's ubiquity of integrations (Kubernetes, OpenStack, VMware, physical appliances etc.) enables to demonstrate the true concept of cloud-native networking - when the location of the network service is irrevelant to the consumer and she can focus only on the required functionality. Thus, we can mix and match different clusters, orchestrators and technologies to provide a flexible networking environment.
https://sched.co/Zepf
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Handling Container Vulnerabilities with Open Policy Agent - Teppei Fukuda, Aqua Security
A vulnerability scanner for containers doesn’t help a user decide how to handle vulnerabilities. For example, even if a critical vulnerability is found, some organizations may accept the risk of it. The policy for vulnerability handling depends on the organization, and in many cases, the person in charge has to make a manual judgement based on this policy every time. This is time-consuming. This talk demonstrates how to automatically handle vulnerabilities detected by a scanner using OPA. - The vulnerabilities found by a scanner in CI are handled automatically by Open Policy Agent - Applying custom policy, OPA shows users which vulnerabilities to address This automatic vulnerability handling in CI will be demonstrated live, along with Trivy, which is an open source vulnerability scanner for containers. The same policy handling model could be used with any scanner.
https://sched.co/Zekd
Handling Container Vulnerabilities with Open Policy Agent - Teppei Fukuda, Aqua Security
A vulnerability scanner for containers doesn’t help a user decide how to handle vulnerabilities. For example, even if a critical vulnerability is found, some organizations may accept the risk of it. The policy for vulnerability handling depends on the organization, and in many cases, the person in charge has to make a manual judgement based on this policy every time. This is time-consuming. This talk demonstrates how to automatically handle vulnerabilities detected by a scanner using OPA. - The vulnerabilities found by a scanner in CI are handled automatically by Open Policy Agent - Applying custom policy, OPA shows users which vulnerabilities to address This automatic vulnerability handling in CI will be demonstrated live, along with Trivy, which is an open source vulnerability scanner for containers. The same policy handling model could be used with any scanner.
https://sched.co/Zekd
- 1 participant
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Help! My Cluster Is On The Internet: Container Security Fundamentals - Samuel Davidson, Google
You know security is important, but what does that actually mean in containers and Kubernetes, and more importantly, what are you supposed to do about it? If you’re new to Kubernetes, or at least Kubernetes security, this session will cover the fundamental concepts in container security -- including supply chain security and runtime security -- and give you context for the security tooling and open source projects like Falco and Open Policy Agent you will encounter in the cloud native ecosystem. We’ll use a real world example (“Oh no! This cluster is open to the internet!”) and cover a cheat sheet that you help you prevent bad things from happening. You should expect to leave this session with a mental model of how to think about container security, a list of security-related decisions you need to make on “day 0," and resources for how to keep security front and center in your team.
https://sched.co/ZetO
Help! My Cluster Is On The Internet: Container Security Fundamentals - Samuel Davidson, Google
You know security is important, but what does that actually mean in containers and Kubernetes, and more importantly, what are you supposed to do about it? If you’re new to Kubernetes, or at least Kubernetes security, this session will cover the fundamental concepts in container security -- including supply chain security and runtime security -- and give you context for the security tooling and open source projects like Falco and Open Policy Agent you will encounter in the cloud native ecosystem. We’ll use a real world example (“Oh no! This cluster is open to the internet!”) and cover a cheat sheet that you help you prevent bad things from happening. You should expect to leave this session with a mental model of how to think about container security, a list of security-related decisions you need to make on “day 0," and resources for how to keep security front and center in your team.
https://sched.co/ZetO
- 1 participant
- 44 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Help! Please Rescue Not-ready Nodes Immediately - Xiaoyu Zhang, Alibaba & Di Xu, Ant Financial
For a Kubernetes cluster, nodes are crucial to make pods running properly. So it is indispensable to monitor nodes status and detect node problems. Node problem detector (NPD), an open source project in Kubernetes community, is a good answer to address this issue. Nowadays NPD has already been well accepted and widely used in production environments. Actually identifying the problem is only the first step. What we need to do next is to handle those problems and rescue the nodes. In this talk, we will list common problems and share how we establish rules to decide whether a node is ready or not and how to fix them if recoverable. Moreover, we will introduce some use scenarios on how we make a 99.9% uptime guarantee with ten thousand nodes in a single cluster. We will share some experience on how to recover the nodes within 10 minutes as well.
https://sched.co/Zek3
Help! Please Rescue Not-ready Nodes Immediately - Xiaoyu Zhang, Alibaba & Di Xu, Ant Financial
For a Kubernetes cluster, nodes are crucial to make pods running properly. So it is indispensable to monitor nodes status and detect node problems. Node problem detector (NPD), an open source project in Kubernetes community, is a good answer to address this issue. Nowadays NPD has already been well accepted and widely used in production environments. Actually identifying the problem is only the first step. What we need to do next is to handle those problems and rescue the nodes. In this talk, we will list common problems and share how we establish rules to decide whether a node is ready or not and how to fix them if recoverable. Moreover, we will introduce some use scenarios on how we make a 99.9% uptime guarantee with ten thousand nodes in a single cluster. We will share some experience on how to recover the nodes within 10 minutes as well.
https://sched.co/Zek3
- 2 participants
- 9 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Hey, Did You Hear About This New CVE? - A Vulnerability Response Playbook - Andrew Lytvynov, Independent & Alexandr Tcherniakhovski, Google
Kubernetes provides a lot of great ways to harden the security of your infrastructure. But despite how much you have it locked down, things will inevitably go wrong. Hope is not a strategy, so you need a contingency plan. In this prescriptive talk, you will learn how to prepare for complex vulnerabilities (like the Intel speculative execution or Go HTTP/2 DoS vulnerabilities), mitigate them and clean up afterwards. We’ll share our experiences with the GKE fleet, dealing with newly announced vulnerabilities, and lessons learned balancing both security and reliability of workloads. You will learn how to develop a response playbook for vulnerabilities. You will also learn about the tools that Kubernetes provides to help make your vulnerability response less hectic, such as audit logs, network policies and RBAC. This talk will not cover live attacks (attackers in your infrastructure).
https://sched.co/ZerA
Hey, Did You Hear About This New CVE? - A Vulnerability Response Playbook - Andrew Lytvynov, Independent & Alexandr Tcherniakhovski, Google
Kubernetes provides a lot of great ways to harden the security of your infrastructure. But despite how much you have it locked down, things will inevitably go wrong. Hope is not a strategy, so you need a contingency plan. In this prescriptive talk, you will learn how to prepare for complex vulnerabilities (like the Intel speculative execution or Go HTTP/2 DoS vulnerabilities), mitigate them and clean up afterwards. We’ll share our experiences with the GKE fleet, dealing with newly announced vulnerabilities, and lessons learned balancing both security and reliability of workloads. You will learn how to develop a response playbook for vulnerabilities. You will also learn about the tools that Kubernetes provides to help make your vulnerability response less hectic, such as audit logs, network policies and RBAC. This talk will not cover live attacks (attackers in your infrastructure).
https://sched.co/ZerA
- 2 participants
- 22 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How ABN AMRO Switched Cloud Providers Without Anyone Noticing - Mike Ryan, backtothelab.io & Laura Rehorst, ABN AMRO
People often talk about being cloud agnostic, but what actually happens when an enterprise with 3000 developers decides to switch cloud providers? In this session Laura Rehorst (Product Owner, Stratus, ABN AMRO) and Mike Ryan (DevOps Consultant) will share the story of how ABN AMRO leveraged the power of Kubernetes to facilitate the transition between cloud providers, and explore the strategic benefits of adopting a cloud native posture at all levels of the organisation. Laura and Mike will also delve into the practical side to demonstrate how tools such as Helm, OPA, and custom operators allowed the platform team to abstract away the differences between cloud providers, and the “compliant by default” approach that keeps their security and compliance teams smiling.
https://www.abnamro.com/
http://backtothelab.io/
https://sched.co/Zetm
How ABN AMRO Switched Cloud Providers Without Anyone Noticing - Mike Ryan, backtothelab.io & Laura Rehorst, ABN AMRO
People often talk about being cloud agnostic, but what actually happens when an enterprise with 3000 developers decides to switch cloud providers? In this session Laura Rehorst (Product Owner, Stratus, ABN AMRO) and Mike Ryan (DevOps Consultant) will share the story of how ABN AMRO leveraged the power of Kubernetes to facilitate the transition between cloud providers, and explore the strategic benefits of adopting a cloud native posture at all levels of the organisation. Laura and Mike will also delve into the practical side to demonstrate how tools such as Helm, OPA, and custom operators allowed the platform team to abstract away the differences between cloud providers, and the “compliant by default” approach that keeps their security and compliance teams smiling.
https://www.abnamro.com/
http://backtothelab.io/
https://sched.co/Zetm
- 2 participants
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Many CPU Cycles I Need to Invest in Cloud Native Security? - Ben Hirschberg, CyberArmor
TLS is the de-facto standard protocol for creating point-to-point secure communication between applications. Ideally, it should be used on every application all the time; however, the industry has a love-hate relationship toward TLS. Now, we need to protect traffic between our microservices. TLS presents additional deployment complexity and operational costs, such as considerable CPU use and high maintenance of keys and certificates. How do sidecar proxies fare against native application implementations? Which TLS implementation to use? How can TLS be optimized to deliver security and performance? In this talk, we will present an in-depth performance review of TLS over different cryptographic suites, different implementations, and different deployment models from the perspective of practicality.
https://sched.co/ZerP
How Many CPU Cycles I Need to Invest in Cloud Native Security? - Ben Hirschberg, CyberArmor
TLS is the de-facto standard protocol for creating point-to-point secure communication between applications. Ideally, it should be used on every application all the time; however, the industry has a love-hate relationship toward TLS. Now, we need to protect traffic between our microservices. TLS presents additional deployment complexity and operational costs, such as considerable CPU use and high maintenance of keys and certificates. How do sidecar proxies fare against native application implementations? Which TLS implementation to use? How can TLS be optimized to deliver security and performance? In this talk, we will present an in-depth performance review of TLS over different cryptographic suites, different implementations, and different deployment models from the perspective of practicality.
https://sched.co/ZerP
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How This Innocent Image Had a Party in My Cluster - Amir Jerbi & Itay Shakury, Aqua Security
As security practices and tools for scanning container images are becoming increasingly popular, malicious actors are introducing sophisticated techniques to obfuscate their intent and evade scanning tools. The malware they plant cannot be detected using static analysis, or based on signatures. But dynamic analysis that runs the image, and then traces the activity of the running container can detect and document the entire multi-stage attack. In this talk, we will review the evolution of these attacks as observed by Aqua’s security research team, and demonstrate the full chain of events and IoCs (indicators if compromise) that were detected. We will give practical advice on what developers and cluster admins should do to detect similar techniques, and the security controls the should be employed to reduce the chances of such an attack succeeding, as well as reduce its potential impact.
https://sched.co/Zeks
How This Innocent Image Had a Party in My Cluster - Amir Jerbi & Itay Shakury, Aqua Security
As security practices and tools for scanning container images are becoming increasingly popular, malicious actors are introducing sophisticated techniques to obfuscate their intent and evade scanning tools. The malware they plant cannot be detected using static analysis, or based on signatures. But dynamic analysis that runs the image, and then traces the activity of the running container can detect and document the entire multi-stage attack. In this talk, we will review the evolution of these attacks as observed by Aqua’s security research team, and demonstrate the full chain of events and IoCs (indicators if compromise) that were detected. We will give practical advice on what developers and cluster admins should do to detect similar techniques, and the security controls the should be employed to reduce the chances of such an attack succeeding, as well as reduce its potential impact.
https://sched.co/Zeks
- 3 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How We Migrated Our Monolith to K8s and Became a High Performing Team - Mauricio Salatino, Camunda/LearnK8s & Tracy Miranda, CloudBees
Migrating your existing architecture from a monolith to microservices is a challenging task. Not only the technology landscape is different and overwhelming, but you also need a solid plan to bring the rest of the team along in the journey. This talk shares our real-life journey and the lessons learned from migrating a monoliths open-source project to microservices while adding in CI/CD best practices. We looked at specific best practices from the Accelerate book and show how those became reality within our team. The focus of this is: - Best practices for refactoring monoliths into microservices - Understanding how you can leverage tools such as Kubernetes, Helm, Jenkins X, and Zeebe to develop cloud-native applications - Pitfalls you should avoid and how you can learn from our mistakes
https://sched.co/Zen3
How We Migrated Our Monolith to K8s and Became a High Performing Team - Mauricio Salatino, Camunda/LearnK8s & Tracy Miranda, CloudBees
Migrating your existing architecture from a monolith to microservices is a challenging task. Not only the technology landscape is different and overwhelming, but you also need a solid plan to bring the rest of the team along in the journey. This talk shares our real-life journey and the lessons learned from migrating a monoliths open-source project to microservices while adding in CI/CD best practices. We looked at specific best practices from the Accelerate book and show how those became reality within our team. The focus of this is: - Best practices for refactoring monoliths into microservices - Understanding how you can leverage tools such as Kubernetes, Helm, Jenkins X, and Zeebe to develop cloud-native applications - Pitfalls you should avoid and how you can learn from our mistakes
https://sched.co/Zen3
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How to Use Kubernetes to Build a Data Lake for AI Workloads - Peter MacKinnon & Uday Boppana, Red Hat
The recent popularity of hybrid cloud architectures have left organizations with traditional data lakes behind. How do you build a data architecture that is cloud provider agnostic and is flexible enough to run in across public and private cloud data centers? How do you make this data available to data scientists and developers in a way that simplifies the creation of intelligent applications? This talk will walk through a new way of building data lakes for the hybrid cloud using Rook and Ceph community projects running on Kubernetes. With a single data architecture deployment that can run in any cloud or across multiple clouds, IT and data engineers can use open source tools on Kubernetes such as Rook, Ceph, Hive metastore, Spark, and Presto to provide unified access to massive amounts of data across multiple data centers for data scientists and developers.
https://sched.co/Zenj
How to Use Kubernetes to Build a Data Lake for AI Workloads - Peter MacKinnon & Uday Boppana, Red Hat
The recent popularity of hybrid cloud architectures have left organizations with traditional data lakes behind. How do you build a data architecture that is cloud provider agnostic and is flexible enough to run in across public and private cloud data centers? How do you make this data available to data scientists and developers in a way that simplifies the creation of intelligent applications? This talk will walk through a new way of building data lakes for the hybrid cloud using Rook and Ceph community projects running on Kubernetes. With a single data architecture deployment that can run in any cloud or across multiple clouds, IT and data engineers can use open source tools on Kubernetes such as Rook, Ceph, Hive metastore, Spark, and Presto to provide unified access to massive amounts of data across multiple data centers for data scientists and developers.
https://sched.co/Zenj
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How to Work in Cloud Native Security: Demystifying the Security Role - Justin Cormack, Docker
Working in security can be intimidating and the shortage of people in the space makes hiring difficult. But especially in cloud native environments, security is something everyone must own. If you’ve ever asked yourself, “what does it take to work in security in a cloud native environment? How can you move into security from a dev or an ops position? Where should you start and what should you learn about?” then this talk is for you. Justin Cormack, Security Lead at Docker and member of CNCF SIG Security will share his personal experience gradually moving from ops to dev to security, the reasons for his transitions, and what he learned along the way. He will break down why security really is one of the most interesting and different areas to specialize in and why working in security might be for you.
https://sched.co/Zeiz
How to Work in Cloud Native Security: Demystifying the Security Role - Justin Cormack, Docker
Working in security can be intimidating and the shortage of people in the space makes hiring difficult. But especially in cloud native environments, security is something everyone must own. If you’ve ever asked yourself, “what does it take to work in security in a cloud native environment? How can you move into security from a dev or an ops position? Where should you start and what should you learn about?” then this talk is for you. Justin Cormack, Security Lead at Docker and member of CNCF SIG Security will share his personal experience gradually moving from ops to dev to security, the reasons for his transitions, and what he learned along the way. He will break down why security really is one of the most interesting and different areas to specialize in and why working in security might be for you.
https://sched.co/Zeiz
- 1 participant
- 25 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Hubble - eBPF Based Observability for Kubernetes - Sebastian Wicki, Isovalent
Troubleshooting network issues in Kubernetes often requires deep insight into different layers of your stack. Hubble is a new open-source observability platform that aims to assist you in understanding what is going on in all layers of your Kubernetes network. Based on the Cilium CNI and the Linux kernel eBPF technology, it is able to obtain fine-grained visibility into network traffic and applications behavior, with low overhead and without having to modify applications. In this talk, you will get a introduction into Hubble, and the technologies that power it, the Cilium CNI and eBPF. You will be presented with practical examples of how Hubble can be used to interactively troubleshoot complex network issues. The talk will show how to write custom Hubble metrics which allow you to benefit from eBPF's superpowers without having to write or understand any kernel code.
https://sched.co/Zeoz
Hubble - eBPF Based Observability for Kubernetes - Sebastian Wicki, Isovalent
Troubleshooting network issues in Kubernetes often requires deep insight into different layers of your stack. Hubble is a new open-source observability platform that aims to assist you in understanding what is going on in all layers of your Kubernetes network. Based on the Cilium CNI and the Linux kernel eBPF technology, it is able to obtain fine-grained visibility into network traffic and applications behavior, with low overhead and without having to modify applications. In this talk, you will get a introduction into Hubble, and the technologies that power it, the Cilium CNI and eBPF. You will be presented with practical examples of how Hubble can be used to interactively troubleshoot complex network issues. The talk will show how to write custom Hubble metrics which allow you to benefit from eBPF's superpowers without having to write or understand any kernel code.
https://sched.co/Zeoz
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Hunting For New Particles Leveraging Legacy Infrastructure with Kubernetes - Clemens Lange, CERN
In the search for unknown particles in the CERN Large Hadron Collider’s particle collisions, billions of events need to be analysed. Even though large parts of CERN’s computing infrastructure are deployed using Kubernetes, physics analysis jobs are still being run on classical high throughput computing batch systems. While developing a fully cloud native computing approach, one still needs to have access to the ten-thousands of cores available on the legacy batch system to have sufficient resources for the data processing. In this presentation, Clemens will demonstrate how complex physics analysis workflows that are written and scheduled using Kubernetes can make use of classical batch systems. The audience will also learn what complexity a realistic physics analysis can reach, and the important role that software containers and Kubernetes play in the context of open science.
https://sched.co/Zeji
Hunting For New Particles Leveraging Legacy Infrastructure with Kubernetes - Clemens Lange, CERN
In the search for unknown particles in the CERN Large Hadron Collider’s particle collisions, billions of events need to be analysed. Even though large parts of CERN’s computing infrastructure are deployed using Kubernetes, physics analysis jobs are still being run on classical high throughput computing batch systems. While developing a fully cloud native computing approach, one still needs to have access to the ten-thousands of cores available on the legacy batch system to have sufficient resources for the data processing. In this presentation, Clemens will demonstrate how complex physics analysis workflows that are written and scheduled using Kubernetes can make use of classical batch systems. The audience will also learn what complexity a realistic physics analysis can reach, and the important role that software containers and Kubernetes play in the context of open science.
https://sched.co/Zeji
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Improving the Performance of Your Kubernetes Cluster - Priya Wadhwa, Google
Ever wonder if your Kubernetes cluster could be more performant? Most users of Minikube, a tool to run Kubernetes locally, have; in fact, improved performance has been one of the most requested features since the project began. In this talk, Priya Wadhwa will discuss how we tackled reducing the start latency and CPU overhead of a Kubernetes cluster. You will walk away with knowledge of frameworks and tools to identify where performance issues exist in your own cluster. We’ll cover how we used these tools to identify where overhead was coming from and how we came up with solutions to reduce it, all while maintaining a great user experience.
https://sched.co/Zerq
Improving the Performance of Your Kubernetes Cluster - Priya Wadhwa, Google
Ever wonder if your Kubernetes cluster could be more performant? Most users of Minikube, a tool to run Kubernetes locally, have; in fact, improved performance has been one of the most requested features since the project began. In this talk, Priya Wadhwa will discuss how we tackled reducing the start latency and CPU overhead of a Kubernetes cluster. You will walk away with knowledge of frameworks and tools to identify where performance issues exist in your own cluster. We’ll cover how we used these tools to identify where overhead was coming from and how we came up with solutions to reduce it, all while maintaining a great user experience.
https://sched.co/Zerq
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
In a Container, Nobody Hears Your Screams: Next Generation Process Isolation - Andrew Martin, ControlPlane
Is it ever safe to run untrusted code in containers? Should process isolation keep workloads in, or attackers out? What would it take to run a malware test lab in Kubernetes? With fast startup times and consistent execution environments containers beat traditionally slow, monolithic VMs -- but with the advancement of micro VMs the boundaries have become blurred. It is increasingly difficult to know which isolation technology to choose for our next application. Can we run different workloads in different “container” types -- on the same cluster? In this talk we: - examine the history of trying to safely run unsafe processes - compare and contrast the emerging generation of process isolation and security techniques - rationalise the design decisions that drive each project - demo how to break in, out, and learn about what workloads are best suited to run in each technology
https://sched.co/Zerb
In a Container, Nobody Hears Your Screams: Next Generation Process Isolation - Andrew Martin, ControlPlane
Is it ever safe to run untrusted code in containers? Should process isolation keep workloads in, or attackers out? What would it take to run a malware test lab in Kubernetes? With fast startup times and consistent execution environments containers beat traditionally slow, monolithic VMs -- but with the advancement of micro VMs the boundaries have become blurred. It is increasingly difficult to know which isolation technology to choose for our next application. Can we run different workloads in different “container” types -- on the same cluster? In this talk we: - examine the history of trying to safely run unsafe processes - compare and contrast the emerging generation of process isolation and security techniques - rationalise the design decisions that drive each project - demo how to break in, out, and learn about what workloads are best suited to run in each technology
https://sched.co/Zerb
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
In-place Upgrade Noway! Blue/Green Your Way to a New Kubernetes Version - Ricardo Aravena, Rakuten
Since its introduction, Kubernetes has had a relentless pace of innovation and a significant release every three months. For an organization, it may be challenging to keep pace with new features and their Kubernetes clusters up to date. Furthermore, the constant change of the Kubernetes API + CRDs may be a barrier to minimizing downtime. This session will showcase using different tools with automation to update the major version of your cluster using a blue/green approach. Can we take advantage of a GitOps approach using open-source tools like Flux and Keiko? How do we change manifests to support the new API? How can we verify and add more security to the upgrades? The audience will come away with a pragmatic understanding of how to make use of different open-source tools and processes to make Kubernetes upgrades seamless with minimal to no downtime in production.
https://sched.co/Zek9
In-place Upgrade Noway! Blue/Green Your Way to a New Kubernetes Version - Ricardo Aravena, Rakuten
Since its introduction, Kubernetes has had a relentless pace of innovation and a significant release every three months. For an organization, it may be challenging to keep pace with new features and their Kubernetes clusters up to date. Furthermore, the constant change of the Kubernetes API + CRDs may be a barrier to minimizing downtime. This session will showcase using different tools with automation to update the major version of your cluster using a blue/green approach. Can we take advantage of a GitOps approach using open-source tools like Flux and Keiko? How do we change manifests to support the new API? How can we verify and add more security to the upgrades? The audience will come away with a pragmatic understanding of how to make use of different open-source tools and processes to make Kubernetes upgrades seamless with minimal to no downtime in production.
https://sched.co/Zek9
- 1 participant
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Ingress on the Rails: Use Community Tools to Automate Ingress Provisioning - Alastair Firth, Camunda
Routing traffic into your clusters is a key part of many Kubernetes workloads. The tools to manage this are great, but getting them all to work together can be a configuration nightmare for the uninitiated. Alastair Firth will demonstrate a concrete, automated, cloud-provider agnostic setup for provisioning DNS, TLS certs, and monitoring using community tools like ExternalDNS, cert-manager, Prometheus, Grafana, and Helm with the kubernetes/ingress-nginx controller so you can securely serve and monitor HTTPS and HTTP/2 (e.g. GRPC) traffic to many hostnames across multiple Kubernetes clusters.
https://sched.co/ZeqC
Ingress on the Rails: Use Community Tools to Automate Ingress Provisioning - Alastair Firth, Camunda
Routing traffic into your clusters is a key part of many Kubernetes workloads. The tools to manage this are great, but getting them all to work together can be a configuration nightmare for the uninitiated. Alastair Firth will demonstrate a concrete, automated, cloud-provider agnostic setup for provisioning DNS, TLS certs, and monitoring using community tools like ExternalDNS, cert-manager, Prometheus, Grafana, and Helm with the kubernetes/ingress-nginx controller so you can securely serve and monitor HTTPS and HTTP/2 (e.g. GRPC) traffic to many hostnames across multiple Kubernetes clusters.
https://sched.co/ZeqC
- 1 participant
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro + Deep Dive - Provider IBM Cloud - Sahdev Zala & Khalid Ahmed, IBM
In this session, the Provider IBM Cloud leads will give an overview of this Cloud Provider subproject, its activities and discuss the recent developments. Everyone --active contributors, new contributors, and conference attendees -- with interest in the Provider IBM Cloud are welcome to attend.
https://sched.co/ZevW
Intro + Deep Dive - Provider IBM Cloud - Sahdev Zala & Khalid Ahmed, IBM
In this session, the Provider IBM Cloud leads will give an overview of this Cloud Provider subproject, its activities and discuss the recent developments. Everyone --active contributors, new contributors, and conference attendees -- with interest in the Provider IBM Cloud are welcome to attend.
https://sched.co/ZevW
- 2 participants
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to Falco: Intrusion Detection for Containers - Shane Lawrence, Shopify
How do you protect Kubernetes clusters from malicious behavior? Role-based access control won't stop a user who's authorized to create pods from deploying hundreds of coin miners, and Intrusion Detection Systems at a network edge won't catch requests from a compromised container to the API server. Falco joined CNCF Incubator as an open-source runtime monitoring tool that combines kernel-level visibility with cluster-level awareness, making it possible to implement security policy and assert if these policies have been violated. In this session, Shane will demonstrate detection use cases, and discuss how Shopify has been using Falco since 2018 to monitor containers in a cloud environment that processes $100 million+ per day. Attendees will learn how to deploy Falco at scale, implement and change the ruleset, avoid common pitfalls with eBPF probes and kernel modules, and manage alert volume.
https://sched.co/Zewd
Intro to Falco: Intrusion Detection for Containers - Shane Lawrence, Shopify
How do you protect Kubernetes clusters from malicious behavior? Role-based access control won't stop a user who's authorized to create pods from deploying hundreds of coin miners, and Intrusion Detection Systems at a network edge won't catch requests from a compromised container to the API server. Falco joined CNCF Incubator as an open-source runtime monitoring tool that combines kernel-level visibility with cluster-level awareness, making it possible to implement security policy and assert if these policies have been violated. In this session, Shane will demonstrate detection use cases, and discuss how Shopify has been using Falco since 2018 to monitor containers in a cloud environment that processes $100 million+ per day. Attendees will learn how to deploy Falco at scale, implement and change the ruleset, avoid common pitfalls with eBPF probes and kernel modules, and manage alert volume.
https://sched.co/Zewd
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to Longhorn: Open Source Cloud-Native Storage For K8s - Sheng Yang, Rancher Labs
Longhorn is an Open Source Cloud-Native distributed block storage built on and for Kubernetes. It provides persistent storage support for any Kubernetes cluster with one-click installation. It also supports advanced features like the built-in incremental backup and across cluster disaster recovery of the data. Longhorn leverages Kubernetes to build an easy to use, reliable and powerful storage experience for the users. Join us to learn about the architecture of Longhorn, how it was built on Kubernetes, how to use it with your stateful applications, and see a live demo of the latest release!
https://sched.co/ZevH
Intro to Longhorn: Open Source Cloud-Native Storage For K8s - Sheng Yang, Rancher Labs
Longhorn is an Open Source Cloud-Native distributed block storage built on and for Kubernetes. It provides persistent storage support for any Kubernetes cluster with one-click installation. It also supports advanced features like the built-in incremental backup and across cluster disaster recovery of the data. Longhorn leverages Kubernetes to build an easy to use, reliable and powerful storage experience for the users. Join us to learn about the architecture of Longhorn, how it was built on Kubernetes, how to use it with your stateful applications, and see a live demo of the latest release!
https://sched.co/ZevH
- 1 participant
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to Rook: Storage for Kubernetes - Jared Watts, Upbound & Alexander Trost, Cloudical
In this talk, the Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. Rook turns storage software into self-managing, self-scaling, and self-healing storage services. It does this by automating deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. The benefits and use cases of Rook will be explored along with an overview of each of the Rook storage providers: Ceph, EdgeFS, YugabyteDB, Cassandra, NFS, and CockroachDB. Rook was accepted as the first storage project hosted by the Cloud Native Computing Foundation in January 2018.
https://sched.co/Zex7
Intro to Rook: Storage for Kubernetes - Jared Watts, Upbound & Alexander Trost, Cloudical
In this talk, the Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. Rook turns storage software into self-managing, self-scaling, and self-healing storage services. It does this by automating deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. The benefits and use cases of Rook will be explored along with an overview of each of the Rook storage providers: Ceph, EdgeFS, YugabyteDB, Cassandra, NFS, and CockroachDB. Rook was accepted as the first storage project hosted by the Cloud Native Computing Foundation in January 2018.
https://sched.co/Zex7
- 2 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to gRPC - Abhishek Kumar, Google
gRPC is a modern, open source remote procedure call (RPC) framework that can run anywhere. Distributed systems and client-server applications are built using gRPC because it provides simple abstractions for application-layer communication, coupled with a broad and powerful feature set. A wide range of languages and platforms are supported by gRPC. Join us for this session to hear about the gRPC project, how you can use it in your applications, and how to get involved as a contributor or maintainer!
https://sched.co/Zew6
Intro to gRPC - Abhishek Kumar, Google
gRPC is a modern, open source remote procedure call (RPC) framework that can run anywhere. Distributed systems and client-server applications are built using gRPC because it provides simple abstractions for application-layer communication, coupled with a broad and powerful feature set. A wide range of languages and platforms are supported by gRPC. Join us for this session to hear about the gRPC project, how you can use it in your applications, and how to get involved as a contributor or maintainer!
https://sched.co/Zew6
- 1 participant
- 38 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to the Kubernetes Code of Conduct Committee - Tasha Drew, VMware
Did you know that Kubernetes community has an elected Code of Conduct Committee? This session will explain what the committee does, how it is formed, and some of the things the group is working on. Additionally, the presenters will share some insights on why such a committee is so important for maintaining a healthy, inclusive open source project.
https://sched.co/Zew9
Intro to the Kubernetes Code of Conduct Committee - Tasha Drew, VMware
Did you know that Kubernetes community has an elected Code of Conduct Committee? This session will explain what the committee does, how it is formed, and some of the things the group is working on. Additionally, the presenters will share some insights on why such a committee is so important for maintaining a healthy, inclusive open source project.
https://sched.co/Zew9
- 1 participant
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro: Brigade - Radu Matei & Kent Rancourt, Microsoft
Brigade is a lightweight, Kubernetes-native framework which allows the creation of event-driven workflows. Using JavaScript, Brigade chains together containers and controls their execution in an in-cluster scripting environment that enables easy error handling and data sharing. In this session, you will learn how to get started with Brigade, how to use the existing GitHub, CloudEvents and generic event support and integrate them in your workflow, and how different companies are using Brigade to automate their internal workflows (from code quality assessment and security scanning, to automatically generating preview environments for each pull request), and ultimately allow teams to build massively distributed workflows using a few lines of JavaScript. Finally, we will explore future plans and share the progress for the next major version of Brigade, 2.0.
https://sched.co/Zeuq
Intro: Brigade - Radu Matei & Kent Rancourt, Microsoft
Brigade is a lightweight, Kubernetes-native framework which allows the creation of event-driven workflows. Using JavaScript, Brigade chains together containers and controls their execution in an in-cluster scripting environment that enables easy error handling and data sharing. In this session, you will learn how to get started with Brigade, how to use the existing GitHub, CloudEvents and generic event support and integrate them in your workflow, and how different companies are using Brigade to automate their internal workflows (from code quality assessment and security scanning, to automatically generating preview environments for each pull request), and ultimately allow teams to build massively distributed workflows using a few lines of JavaScript. Finally, we will explore future plans and share the progress for the next major version of Brigade, 2.0.
https://sched.co/Zeuq
- 3 participants
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro: Contributor Experience SIG - Jorge Castro, VMware & Bob Killen, University of Michigan
In this 30 minute session, we will explore the projects we have been working on with Contributor Experience and the future work we have on deck. We will provide an update to the following projects and have information on how to get involved.
https://sched.co/c9yh
Intro: Contributor Experience SIG - Jorge Castro, VMware & Bob Killen, University of Michigan
In this 30 minute session, we will explore the projects we have been working on with Contributor Experience and the future work we have on deck. We will provide an update to the following projects and have information on how to get involved.
https://sched.co/c9yh
- 2 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro: Linkerd - William Morgan, Buoyant
In this session, William Morgan will provide an introduction to Linkerd, the CNCF's service mesh project. Linkerd features blazing fast performance, an ultralight footprint, a Kubernetes-native design, and open governance. You'll learn what it does, why it's useful, differences with other service meshes, and finish with a brief Q&A.
https://sched.co/Zews
Intro: Linkerd - William Morgan, Buoyant
In this session, William Morgan will provide an introduction to Linkerd, the CNCF's service mesh project. Linkerd features blazing fast performance, an ultralight footprint, a Kubernetes-native design, and open governance. You'll learn what it does, why it's useful, differences with other service meshes, and finish with a brief Q&A.
https://sched.co/Zews
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro: SIG Scalability - Wojciech Tyczynski & Matt Matejczyk, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
https://sched.co/Zx5w
Intro: SIG Scalability - Wojciech Tyczynski & Matt Matejczyk, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
https://sched.co/Zx5w
- 2 participants
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro: Telepresence - Daniel Bryant, Datawire
This session will provide an intro to Telepresence, a CNCF Sandbox tool. We’ll talk about development workflows for Kubernetes. We’ll discuss the differences between traditional development, and different approaches people take to building Kubernetes services. We’ll then introduce Telepresence and discuss how it integrates with different organizational development workflows. Finally, we’ll talk about the evolution of Telepresence and how we are actively moving Telepresence forward from its heritage as a VPN-type approach into a more sophisticated L7 routing layer for developers.
https://sched.co/Zevu
Intro: Telepresence - Daniel Bryant, Datawire
This session will provide an intro to Telepresence, a CNCF Sandbox tool. We’ll talk about development workflows for Kubernetes. We’ll discuss the differences between traditional development, and different approaches people take to building Kubernetes services. We’ll then introduce Telepresence and discuss how it integrates with different organizational development workflows. Finally, we’ll talk about the evolution of Telepresence and how we are actively moving Telepresence forward from its heritage as a VPN-type approach into a more sophisticated L7 routing layer for developers.
https://sched.co/Zevu
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to Autoscaling - Marcin Wielgus & Beata Lach, Google
Come and see how to reduce the cost of your cluster and make your workloads more robust by dynamically adjusting them to the current traffic. During this talk members of SIG-Autoscaling will explain why you should be autoscaling both applications and clusters, and what tools Kubernetes provides to do that. You will learn the mechanics of Cluster, Horizontal Pod and Vertical Pod Autoscalers, their new features as well as the best practices for applying them in production.
https://sched.co/ZeyE
Introduction to Autoscaling - Marcin Wielgus & Beata Lach, Google
Come and see how to reduce the cost of your cluster and make your workloads more robust by dynamically adjusting them to the current traffic. During this talk members of SIG-Autoscaling will explain why you should be autoscaling both applications and clusters, and what tools Kubernetes provides to do that. You will learn the mechanics of Cluster, Horizontal Pod and Vertical Pod Autoscalers, their new features as well as the best practices for applying them in production.
https://sched.co/ZeyE
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to CNI, the Container Network Interface Project - Casey Callendrello, Red Hat & Bryan Boreham, Weaveworks
CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at users and developers who have little previous knowledge of container networking. Attendees will hear: - A broad overview of what CNI is - What the CNCF-hosted CNI project has delivered - How CNI relates to Kubernetes - How they can get more involved in the project
https://sched.co/ZewR
Introduction to CNI, the Container Network Interface Project - Casey Callendrello, Red Hat & Bryan Boreham, Weaveworks
CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at users and developers who have little previous knowledge of container networking. Attendees will hear: - A broad overview of what CNI is - What the CNCF-hosted CNI project has delivered - How CNI relates to Kubernetes - How they can get more involved in the project
https://sched.co/ZewR
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to Data Protection WG in Kubernetes - Xing Yang, VMware & Xiangqian Yu, Google
Data Protection WG in Kubernetes was formed following discussions at KubeCon in San Diego. This is a Working Group dedicated to promoting data protection support in Kubernetes, identifying missing functionality and working together across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will explain the motivation behind the formation of this WG, the charter of this WG, who are involved, what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including backup and storage vendors, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
https://sched.co/ZeuM
Introduction to Data Protection WG in Kubernetes - Xing Yang, VMware & Xiangqian Yu, Google
Data Protection WG in Kubernetes was formed following discussions at KubeCon in San Diego. This is a Working Group dedicated to promoting data protection support in Kubernetes, identifying missing functionality and working together across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will explain the motivation behind the formation of this WG, the charter of this WG, who are involved, what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including backup and storage vendors, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
https://sched.co/ZeuM
- 2 participants
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to SIG-Cluster Lifecycle - Lubomir Ivanov , VMware & Justin Santa Barbara, Google
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Since the group's formation we have focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience, and building a Cluster API to provide an abstraction of machines across different deployment environments and a common control plane configuration. In this introduction session, we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes' cluster lifecycle management.
https://sched.co/Zevf
Introduction to SIG-Cluster Lifecycle - Lubomir Ivanov , VMware & Justin Santa Barbara, Google
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Since the group's formation we have focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience, and building a Cluster API to provide an abstraction of machines across different deployment environments and a common control plane configuration. In this introduction session, we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes' cluster lifecycle management.
https://sched.co/Zevf
- 2 participants
- 21 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to Strimzi: Apache Kafka on Kubernetes - Jakub Scholz & Paolo Patierno, Red Hat
Strimzi is a CNCF project focusing on running Apache Kafka on Kubernetes. Apache Kafka has emerged as a leading platform for building real-time data pipelines. It provides support for high-throughput/low-latency messaging, as well as sophisticated development options that cover all the stages of a distributed data streaming pipeline, from ingestion to processing. But running it on Kubernetes can be complex and tedious. This talk will introduce you to Strimzi - an operator which makes it easy to run Apache Kafka on Kubernetes. It addresses the whole lifecycle from creating, managing, and monitoring Kafka clusters to managing topics or users. This session will go through the main challenges of running Apache Kafka on Kubernetes, explain how they are solved by Strimzi and show a live demo.
https://sched.co/Zevl
Introduction to Strimzi: Apache Kafka on Kubernetes - Jakub Scholz & Paolo Patierno, Red Hat
Strimzi is a CNCF project focusing on running Apache Kafka on Kubernetes. Apache Kafka has emerged as a leading platform for building real-time data pipelines. It provides support for high-throughput/low-latency messaging, as well as sophisticated development options that cover all the stages of a distributed data streaming pipeline, from ingestion to processing. But running it on Kubernetes can be complex and tedious. This talk will introduce you to Strimzi - an operator which makes it easy to run Apache Kafka on Kubernetes. It addresses the whole lifecycle from creating, managing, and monitoring Kafka clusters to managing topics or users. This session will go through the main challenges of running Apache Kafka on Kubernetes, explain how they are solved by Strimzi and show a live demo.
https://sched.co/Zevl
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to Windows Containers in Kubernetes - MICHAEL MICHAEL, VMware & Mark Rossetti, Microsoft
The leaders of SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This will concentrate on presenting an introduction of Windows Containers in Kubernetes and new features that are being delivered.
https://sched.co/ZeyH
Introduction to Windows Containers in Kubernetes - MICHAEL MICHAEL, VMware & Mark Rossetti, Microsoft
The leaders of SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This will concentrate on presenting an introduction of Windows Containers in Kubernetes and new features that are being delivered.
https://sched.co/ZeyH
- 3 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to containerd - Phil Estes, IBM & Derek McGowan, Docker
Join containerd maintainers and learn how containerd is an improvement to one of the most fundamental parts of the container ecosystem. They will discuss the latest updates to the containerd project as well as how it is being used by Kubernetes and other container systems. Come dive into what containerd is, how it is different from other runtimes, and how it is built. The agenda includes an introduction to the containerd project, the architecture of containerd, and upcoming features in containerd 1.4.
https://sched.co/ZewU
Introduction to containerd - Phil Estes, IBM & Derek McGowan, Docker
Join containerd maintainers and learn how containerd is an improvement to one of the most fundamental parts of the container ecosystem. They will discuss the latest updates to the containerd project as well as how it is being used by Kubernetes and other container systems. Come dive into what containerd is, how it is different from other runtimes, and how it is built. The agenda includes an introduction to the containerd project, the architecture of containerd, and upcoming features in containerd 1.4.
https://sched.co/ZewU
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Is Sharing GPU to Multiple Containers Feasible? - Samed Güner, SAP
Provisioning GPUs for ML workloads in data center can be very costly and more costly if they are not fully utilized. Thus, maximizing the GPU utilization is a must for ML workloads. This session will show how a single GPU can be used to run multiple ML workloads, especially ML inference, in parallel and will deep dive into the understanding of how GPUs are provisioned and attached using K8s device plugins. It will show how the nvidia device plugin can be extended to schedule multiple ML workloads to a single GPU and collect desired GPU information with Prometheus. This session will highlight and deep dive into native GPU sharing using K8s device plugin without additional technologies such as vGPUs from VMware.
https://sched.co/ZesB
Is Sharing GPU to Multiple Containers Feasible? - Samed Güner, SAP
Provisioning GPUs for ML workloads in data center can be very costly and more costly if they are not fully utilized. Thus, maximizing the GPU utilization is a must for ML workloads. This session will show how a single GPU can be used to run multiple ML workloads, especially ML inference, in parallel and will deep dive into the understanding of how GPUs are provisioned and attached using K8s device plugins. It will show how the nvidia device plugin can be extended to schedule multiple ML workloads to a single GPU and collect desired GPU information with Prometheus. This session will highlight and deep dive into native GPU sharing using K8s device plugin without additional technologies such as vGPUs from VMware.
https://sched.co/ZesB
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Is There a Place For Distributed Storage For AI/ML on Kubernetes? - Diane Feddema & Kyle Bader, Red Hat
Containerized machine learning workloads running on Kubernetes receive benefits such as portability, declarative configuration, less administrative toil, all with marginal performance impact. The best published results for performance sensitive machine learning workloads, e.g. MLPerf v0.6, were obtained by reading the datasets from local SSDs. While the MLPerf datasets fit comfortably on a single SSD, it’s a luxury not afforded to folks training models against petabyte scale datasets. We’ll share our experience running MLPerf training jobs in Kubernetes, against datasets stored by Kubernetes stateful storage services orchestrated by Rook. Highlights include the performance and scalability tradeoffs associated with local and open source distributed storage, and how machine learning formats like RecordIO and TFRecord provide performance utility and model validation flexibility.
https://sched.co/ZerS
Is There a Place For Distributed Storage For AI/ML on Kubernetes? - Diane Feddema & Kyle Bader, Red Hat
Containerized machine learning workloads running on Kubernetes receive benefits such as portability, declarative configuration, less administrative toil, all with marginal performance impact. The best published results for performance sensitive machine learning workloads, e.g. MLPerf v0.6, were obtained by reading the datasets from local SSDs. While the MLPerf datasets fit comfortably on a single SSD, it’s a luxury not afforded to folks training models against petabyte scale datasets. We’ll share our experience running MLPerf training jobs in Kubernetes, against datasets stored by Kubernetes stateful storage services orchestrated by Rook. Highlights include the performance and scalability tradeoffs associated with local and open source distributed storage, and how machine learning formats like RecordIO and TFRecord provide performance utility and model validation flexibility.
https://sched.co/ZerS
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
It’s a Polyglot World of Stateless Functions and Stateful Actors - Yaron Schneider & Aman Bhardwaj, Microsoft
Serverless applications are becoming dominate, but all too often they fall short by only supporting stateless functions, when most applications are polyglot in nature and combine both stateless and stateful services. What’s more when you write code, it's not portable across different clouds and hosting platforms. In this session we will dive into the Distributed Application Runtime, Dapr, an open source, vendor neutral project that has gained community attention as it enables developers to combine highly portable, stateless functions and stateful actors using any language or developer framework of their choice. With built in state management, distributed tracing based on Open Telemetry and pub/sub based on Cloud Events you can take advantage of Dapr to build highly available serverless applications that run on any cloud.
https://sched.co/Zeky
It’s a Polyglot World of Stateless Functions and Stateful Actors - Yaron Schneider & Aman Bhardwaj, Microsoft
Serverless applications are becoming dominate, but all too often they fall short by only supporting stateless functions, when most applications are polyglot in nature and combine both stateless and stateful services. What’s more when you write code, it's not portable across different clouds and hosting platforms. In this session we will dive into the Distributed Application Runtime, Dapr, an open source, vendor neutral project that has gained community attention as it enables developers to combine highly portable, stateless functions and stateful actors using any language or developer framework of their choice. With built in state management, distributed tracing based on Open Telemetry and pub/sub based on Cloud Events you can take advantage of Dapr to build highly available serverless applications that run on any cloud.
https://sched.co/Zeky
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Jaeger Deep Dive - Pavol Loffay, Red Hat
This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo of the recently added features, talk about various topics including the architecture, adaptive sampling, multi-tenancy, and configuration, and review the roadmap. After this session the attendees should better understand the Jaeger architecture, how to deploy it and get the best benefits, and to make contributions to the project.
https://sched.co/Zexk
Jaeger Deep Dive - Pavol Loffay, Red Hat
This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo of the recently added features, talk about various topics including the architecture, adaptive sampling, multi-tenancy, and configuration, and review the roadmap. After this session the attendees should better understand the Jaeger architecture, how to deploy it and get the best benefits, and to make contributions to the project.
https://sched.co/Zexk
- 1 participant
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Jaeger Intro - Yuri Shkuro, Uber
This session is an introduction to Jaeger and distributed tracing. We will do a demo of the current Jaeger features, talk about the roadmap, and finish with a Q&A. After this session the attendees should better understand how Jaeger fits in the observability space for cloud native applications. For more information on the project everybody is welcome to attend the Jaeger Deep Dive Session.
https://sched.co/Zewm
Jaeger Intro - Yuri Shkuro, Uber
This session is an introduction to Jaeger and distributed tracing. We will do a demo of the current Jaeger features, talk about the roadmap, and finish with a Q&A. After this session the attendees should better understand how Jaeger fits in the observability space for cloud native applications. For more information on the project everybody is welcome to attend the Jaeger Deep Dive Session.
https://sched.co/Zewm
- 1 participant
- 45 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
K8s in the Datacenter: Integrating with Preexisting Bare Metal Environments - Max Stritzinger, Bloomberg
As Kubernetes adoption grows, it will need to support the ability to run in a variety of host networking configurations to conform to the wide variety of datacenter architectures that exist in bare metal environments. This talk discusses our path of adapting Kubernetes components such as kube-proxy and the Calico networking project to operate in the pure L3 ECMP fabric our hosts live in. We will discuss our network configuration, how Calico (and other commonly used CNI providers) provide overlay networks to clusters, the steps we took and tools we used (ebpf, ftrace, tcpdump, conntrack) to diagnose some uncommon Linux networking issues, and how we can provide network connectivity to our clusters both with and without an overlay.
https://sched.co/ZeqL
K8s in the Datacenter: Integrating with Preexisting Bare Metal Environments - Max Stritzinger, Bloomberg
As Kubernetes adoption grows, it will need to support the ability to run in a variety of host networking configurations to conform to the wide variety of datacenter architectures that exist in bare metal environments. This talk discusses our path of adapting Kubernetes components such as kube-proxy and the Calico networking project to operate in the pure L3 ECMP fabric our hosts live in. We will discuss our network configuration, how Calico (and other commonly used CNI providers) provide overlay networks to clusters, the steps we took and tools we used (ebpf, ftrace, tcpdump, conntrack) to diagnose some uncommon Linux networking issues, and how we can provide network connectivity to our clusters both with and without an overlay.
https://sched.co/ZeqL
- 1 participant
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kata Containers + Cloud-Hypervisor: Virtualization for Cloud Native - Samuel Ortiz, Intel
At KubeCon NA 2017, the speakers introduced the Kata Containers project to the public for the first time. After two years of development and community collaboration, we have made containers running in virtualized sandboxes a commodity. On the other hand, virtualization has become more lightweight and container-friendly. At the beginning of 2020, Kata project is kicking off the 2.0 dev-cycle, and the idea behind it is “virtualization for Cloud Native”. The new open-source cloud-hypervisor will be a cornerstone for the goal -- not only by helping Cloud-Native infrastructures run better with hardware-virtualized isolation but also by pushing the virtualization tech forward: - Share resources across sandboxes but keep the security boundary clear. - Provision resources to sandboxes on-demand and promptly. - The collaboration between host user-space tool, VMM, and the guest kernel.
https://sched.co/Zej5
Kata Containers + Cloud-Hypervisor: Virtualization for Cloud Native - Samuel Ortiz, Intel
At KubeCon NA 2017, the speakers introduced the Kata Containers project to the public for the first time. After two years of development and community collaboration, we have made containers running in virtualized sandboxes a commodity. On the other hand, virtualization has become more lightweight and container-friendly. At the beginning of 2020, Kata project is kicking off the 2.0 dev-cycle, and the idea behind it is “virtualization for Cloud Native”. The new open-source cloud-hypervisor will be a cornerstone for the goal -- not only by helping Cloud-Native infrastructures run better with hardware-virtualized isolation but also by pushing the virtualization tech forward: - Share resources across sandboxes but keep the security boundary clear. - Provision resources to sandboxes on-demand and promptly. - The collaboration between host user-space tool, VMM, and the guest kernel.
https://sched.co/Zej5
- 1 participant
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Building a Service Mesh From Scratch - The Pinterest Story - Derek Argueta, Senior Software Engineer, Tesla
2 years ago Pinterest began rolling out Envoy as the ingress load balancer for its dynamic web traffic. Since then they've expanded Envoy's footprint to include service-to-service HTTP and Thrift communication while supporting Kubernetes and non-Kubernetes deployments with a powerful homegrown control plane. Derek works on the Pinterest Traffic Team and led the initial rollout of Envoy for ingress load balancing. In this talk Derek will provide a comprehensive overview of how Pinterest's service mesh evolved from static configuration files to a dynamic centralized control plane, and explore some of the challenges in adapting a service mesh to legacy infrastructure as well as the benefits it has provided.
https://sched.co/ZfGp
Keynote: Building a Service Mesh From Scratch - The Pinterest Story - Derek Argueta, Senior Software Engineer, Tesla
2 years ago Pinterest began rolling out Envoy as the ingress load balancer for its dynamic web traffic. Since then they've expanded Envoy's footprint to include service-to-service HTTP and Thrift communication while supporting Kubernetes and non-Kubernetes deployments with a powerful homegrown control plane. Derek works on the Pinterest Traffic Team and led the initial rollout of Envoy for ingress load balancing. In this talk Derek will provide a comprehensive overview of how Pinterest's service mesh evolved from static configuration files to a dynamic centralized control plane, and explore some of the challenges in adapting a service mesh to legacy infrastructure as well as the benefits it has provided.
https://sched.co/ZfGp
- 1 participant
- 14 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: CNCF Projects Update - Constance Caramanolis, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Principal Software Engineer, Splunk
https://sched.co/ZfB9
Keynote: CNCF Projects Update - Constance Caramanolis, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Principal Software Engineer, Splunk
https://sched.co/ZfB9
- 1 participant
- 7 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: End User Awards - Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation
https://sched.co/ZfHA
Keynote: End User Awards - Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation
https://sched.co/ZfHA
- 3 participants
- 8 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: End to End: The Foundation of Doers - Priyanka Sharma, General Manager, Cloud Native Computing Foundation
https://sched.co/ZfAj
Keynote: End to End: The Foundation of Doers - Priyanka Sharma, General Manager, Cloud Native Computing Foundation
https://sched.co/ZfAj
- 1 participant
- 14 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: How to Love K8s and Not Wreck the Planet - Holly Cummins, Worldwide IBM Garage Developer Lead, IBM
The past five years have been the warmest since records began. Human activity, including the IT industry, is driving worrying climate change. Data centres alone consume 3% of the world's energy, and more and more of that energy is being used by Kubernetes and workloads running on Kubernetes. Is k8s helping, or making things worse? The beauty of the cloud is that it makes it easy to run code, virtualised and scheduled for efficiency... but it doesn't provide any guarantee that what's running is useful. Even when the workload is high-value and efficient, Kube sprawl can lead to low utilisation, unsatisfactory elasticity, and high costs - but mega-mono-clusters have their own problems around isolation, security, and management. How should these competing requirements be balanced? This talk discusses some of the trade-offs and provides a roadmap to figuring out the right thing.
https://sched.co/ZfGQ
Keynote: How to Love K8s and Not Wreck the Planet - Holly Cummins, Worldwide IBM Garage Developer Lead, IBM
The past five years have been the warmest since records began. Human activity, including the IT industry, is driving worrying climate change. Data centres alone consume 3% of the world's energy, and more and more of that energy is being used by Kubernetes and workloads running on Kubernetes. Is k8s helping, or making things worse? The beauty of the cloud is that it makes it easy to run code, virtualised and scheduled for efficiency... but it doesn't provide any guarantee that what's running is useful. Even when the workload is high-value and efficient, Kube sprawl can lead to low utilisation, unsatisfactory elasticity, and high costs - but mega-mono-clusters have their own problems around isolation, security, and management. How should these competing requirements be balanced? This talk discusses some of the trade-offs and provides a roadmap to figuring out the right thing.
https://sched.co/ZfGQ
- 1 participant
- 15 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Kubernetes Project Update - Vicki Cheung, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Engineering Manager, Lyft
https://sched.co/ZfDC
Keynote: Kubernetes Project Update - Vicki Cheung, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Engineering Manager, Lyft
https://sched.co/ZfDC
- 1 participant
- 12 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: My Stint as a Chameleon - Constance Caramanolis, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Principal Software Engineer, Splunk
https://sched.co/ZfH3
Keynote: My Stint as a Chameleon - Constance Caramanolis, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Principal Software Engineer, Splunk
https://sched.co/ZfH3
- 1 participant
- 15 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Observing Kubernetes Without Losing Your Mind - Vicki Cheung, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Engineering Manager, Lyft
This is a talk about managing complexity. A lot of teams find operating and monitoring larger scale distributed systems like Kubernetes daunting. When there are so many moving parts, how do you make sure everything is healthy? How do you make sure they're working together properly? Vicki will tell a story of how Infra teams can quickly get a handle on how their systems are running by monitoring from the end user's perspective.
https://sched.co/ZfGv
Keynote: Observing Kubernetes Without Losing Your Mind - Vicki Cheung, KubeCon + CloudNativeCon Europe 2020 Co-Chair & Engineering Manager, Lyft
This is a talk about managing complexity. A lot of teams find operating and monitoring larger scale distributed systems like Kubernetes daunting. When there are so many moving parts, how do you make sure everything is healthy? How do you make sure they're working together properly? Vicki will tell a story of how Infra teams can quickly get a handle on how their systems are running by monitoring from the end user's perspective.
https://sched.co/ZfGv
- 1 participant
- 13 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Open Source Intrusion Detection for Containers at Shopify - Shane Lawrence, Senior Security Infrastructure Engineer, Shopify & Kris Nóva, Chief Open Source Advocate, Sysdig
Even well protected workloads may be compromised by 0-days and platform vulnerabilities. Observability is essential for detecting and stopping an attack before infrastructure and information is compromised. Shopify uses open source Falco, a CNCF incubating project, to track syscalls at the kernel level and reveal them to a Kubernetes-aware process in userspace. That uses predefined rules to decide which events to log. Additional tooling filters and aggregates logs, and generates alerts when suspicious activity is detected. In this talk, Shane will describe how Shopify first deployed Falco in 2018 and continues to use it to monitor critical systems, including those that process payment card information. He will share tips and tricks for getting the most out of Falco, areas for improvement, and use cases for detecting compromise or data exfiltration when all else fails.
https://sched.co/ZfCl
Keynote: Open Source Intrusion Detection for Containers at Shopify - Shane Lawrence, Senior Security Infrastructure Engineer, Shopify & Kris Nóva, Chief Open Source Advocate, Sysdig
Even well protected workloads may be compromised by 0-days and platform vulnerabilities. Observability is essential for detecting and stopping an attack before infrastructure and information is compromised. Shopify uses open source Falco, a CNCF incubating project, to track syscalls at the kernel level and reveal them to a Kubernetes-aware process in userspace. That uses predefined rules to decide which events to log. Additional tooling filters and aggregates logs, and generates alerts when suspicious activity is detected. In this talk, Shane will describe how Shopify first deployed Falco in 2018 and continues to use it to monitor critical systems, including those that process payment card information. He will share tips and tricks for getting the most out of Falco, areas for improvement, and use cases for detecting compromise or data exfiltration when all else fails.
https://sched.co/ZfCl
- 2 participants
- 23 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: The Beginner’s Guide to the CNCF TOC - Liz Rice, VP Open Source Engineering, Aqua Security
Who is the Technical Oversight Committee? What do its members do? How do projects get picked for adoption into the CNCF? Let’s shine a light on this group who determine which projects are adopted by the CNCF, set the future direction of the cloud native landscape, and are even responsible for the definition of the term “cloud native." This talk discusses the pros & cons of a project’s participation in the CNCF from the perspective of end users, vendors, contributors, and maintainers. It covers the lifecycle for a CNCF project, including: - why projects want to be in the CNCF - how the project adoption process works - the requirements that the CNCF has on projects at different phases of maturity Attendees will leave this talk with insights into how the technical arm of the CNCF works, why it’s important, what the TOC wants to do next, and how they can get involved.
https://sched.co/ZfCr
Keynote: The Beginner’s Guide to the CNCF TOC - Liz Rice, VP Open Source Engineering, Aqua Security
Who is the Technical Oversight Committee? What do its members do? How do projects get picked for adoption into the CNCF? Let’s shine a light on this group who determine which projects are adopted by the CNCF, set the future direction of the cloud native landscape, and are even responsible for the definition of the term “cloud native." This talk discusses the pros & cons of a project’s participation in the CNCF from the perspective of end users, vendors, contributors, and maintainers. It covers the lifecycle for a CNCF project, including: - why projects want to be in the CNCF - how the project adoption process works - the requirements that the CNCF has on projects at different phases of maturity Attendees will leave this talk with insights into how the technical arm of the CNCF works, why it’s important, what the TOC wants to do next, and how they can get involved.
https://sched.co/ZfCr
- 1 participant
- 15 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Why End Users Are More Than Passive Consumers Why End Users Are More Than Passive Consumers - Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation
https://sched.co/aiAH
Keynote: Why End Users Are More Than Passive Consumers Why End Users Are More Than Passive Consumers - Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation
https://sched.co/aiAH
- 1 participant
- 8 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KinD-ly Validating Your K8s Apps Automatically Per PR - Sarah Khalife, GitHub & Grant Griffiths, Portworx
Kubernetes application developers working on successful projects thrive on collaboration that is transparent, consistent, and rigorous. This is one of the reasons many open source projects excel. However, a common pitfall that app developers face is manually testing against inconsistent environments. Testing k8s application correctness can differ per developer environment. It is also very time consuming to spin up and down k8s clusters. In this talk, we will demonstrate a simple set of steps to create and automate a homogenous testing environment for your application. We will be using KinD, a tool for running Kubernetes in Docker, and CI to automatically run e2e tests across a common environment for a k8s application. To maintain consistency, we will automate the creation of this environment per pull request and run the test suite before deploying to production.
https://sched.co/Zele
KinD-ly Validating Your K8s Apps Automatically Per PR - Sarah Khalife, GitHub & Grant Griffiths, Portworx
Kubernetes application developers working on successful projects thrive on collaboration that is transparent, consistent, and rigorous. This is one of the reasons many open source projects excel. However, a common pitfall that app developers face is manually testing against inconsistent environments. Testing k8s application correctness can differ per developer environment. It is also very time consuming to spin up and down k8s clusters. In this talk, we will demonstrate a simple set of steps to create and automate a homogenous testing environment for your application. We will be using KinD, a tool for running Kubernetes in Docker, and CI to automatically run e2e tests across a common environment for a k8s application. To maintain consistency, we will automate the creation of this environment per pull request and run the test suite before deploying to production.
https://sched.co/Zele
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KubeCon + CloudNativeCon 101: A Beginner’s Guide to The Conference - Karen Chu & Michelle Noorali, Microsoft
First time attending KubeCon + CloudNativeCon? Not sure how to approach it? Getting decision paralysis from all there is to learn from? We gotchu. Come join us at the start of the conference to learn the best ways to get the most out of your time here. Collectively, both Karen and Michelle have been to almost every KubeCon + CloudNativeCon event since its inception and have identified tricks/tips to help guide you through your first conference, including: -Attending sessions -Hallway tracks -CNCF projects -Meeting project maintainers -Mentoring sessions -Approaching the sponsor hall -How to think about CFPs for the future
https://sched.co/Zeiw
KubeCon + CloudNativeCon 101: A Beginner’s Guide to The Conference - Karen Chu & Michelle Noorali, Microsoft
First time attending KubeCon + CloudNativeCon? Not sure how to approach it? Getting decision paralysis from all there is to learn from? We gotchu. Come join us at the start of the conference to learn the best ways to get the most out of your time here. Collectively, both Karen and Michelle have been to almost every KubeCon + CloudNativeCon event since its inception and have identified tricks/tips to help guide you through your first conference, including: -Attending sessions -Hallway tracks -CNCF projects -Meeting project maintainers -Mentoring sessions -Approaching the sponsor hall -How to think about CFPs for the future
https://sched.co/Zeiw
- 2 participants
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KubeEdge: Kubernetes Native Edge Computing Framework (Intro) - Yin Ding, FutureWei
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. It provides application management and service communication across cloud and edge sites, device management for multiple IoT/Edge device communication protocols with lightweight implementation. During this talk, Kevin and Jie will review KubeEdge motivation, architecture; then go through latest updates on new features and user adoptions. After that Kevin and Jie will introduce where the project is heading to and how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
https://sched.co/ZevB
KubeEdge: Kubernetes Native Edge Computing Framework (Intro) - Yin Ding, FutureWei
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. It provides application management and service communication across cloud and edge sites, device management for multiple IoT/Edge device communication protocols with lightweight implementation. During this talk, Kevin and Jie will review KubeEdge motivation, architecture; then go through latest updates on new features and user adoptions. After that Kevin and Jie will introduce where the project is heading to and how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
https://sched.co/ZevB
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KubeVirt Intro – Using KubeVirt to Run VMs at Scale - Fabian Deutsch, Red Hat & Marcus Sorensen, Apple
This session will provide an intro into the KubeVirt project, which enables Kubernetes to run virtual machine workloads alongside containers. This provides a unified development platform where developers can build, modify, and deploy applications made up of both application containers as well as virtual machines in a common, shared environment. In the session, you will learn more about why KubeVirt exists, how people are using it today, and how the project actually works from an architectural perspective. You will also see a short demo of the project in action! Finally, you will hear about future plans for developing KubeVirt’s capabilities that are emerging from the community.
https://sched.co/ZevE
KubeVirt Intro – Using KubeVirt to Run VMs at Scale - Fabian Deutsch, Red Hat & Marcus Sorensen, Apple
This session will provide an intro into the KubeVirt project, which enables Kubernetes to run virtual machine workloads alongside containers. This provides a unified development platform where developers can build, modify, and deploy applications made up of both application containers as well as virtual machines in a common, shared environment. In the session, you will learn more about why KubeVirt exists, how people are using it today, and how the project actually works from an architectural perspective. You will also see a short demo of the project in action! Finally, you will hear about future plans for developing KubeVirt’s capabilities that are emerging from the community.
https://sched.co/ZevE
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubeadm Deep Dive - Rostislav Georgiev, VMware & Rafael Lopez , SUSE
Don’t miss this talk if you want to understand what are the driving forces for kubeadm evolution, if you want to take your first opportunity to influence the roadmap, or, least but not last, if you are considering to step up as a new contributor helping making this happen. We’ll reserve time to talk about how to get involved with SIG Cluster Lifecycle and kubeadm, for all your questions, concerns, and feature requests!
https://sched.co/Zev8
Kubeadm Deep Dive - Rostislav Georgiev, VMware & Rafael Lopez , SUSE
Don’t miss this talk if you want to understand what are the driving forces for kubeadm evolution, if you want to take your first opportunity to influence the roadmap, or, least but not last, if you are considering to step up as a new contributor helping making this happen. We’ll reserve time to talk about how to get involved with SIG Cluster Lifecycle and kubeadm, for all your questions, concerns, and feature requests!
https://sched.co/Zev8
- 2 participants
- 23 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubeflow 1.0 Update by a Kubeflow Community Product Manager - Josh Bottum, Arrikto
This session will provide a Kubeflow 1.0 Update by a Kubeflow Community Product Manager. The presentation will include a review of the Kubeflow Community and feature development process, the Kubeflow user survey results, and Kubeflow 1.0 features. The talk will highlight significant business benefits and review use cases from top deployments. It will also include a live demonstration of a workflow to build, train and deploy a versioned Kubeflow Pipeline.
https://sched.co/Zen6
Kubeflow 1.0 Update by a Kubeflow Community Product Manager - Josh Bottum, Arrikto
This session will provide a Kubeflow 1.0 Update by a Kubeflow Community Product Manager. The presentation will include a review of the Kubeflow Community and feature development process, the Kubeflow user survey results, and Kubeflow 1.0 features. The talk will highlight significant business benefits and review use cases from top deployments. It will also include a live demonstration of a workflow to build, train and deploy a versioned Kubeflow Pipeline.
https://sched.co/Zen6
- 1 participant
- 44 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes DNS Horror Stories (And How to Avoid Them) - Laurent Bernaille, Datadog
DNS is one of the Kubernetes core systems and can quickly become a source of issues when you’re running clusters at scale. For over a year at Datadog, we’ve run Kubernetes clusters with thousands of nodes that host workloads generating tens of thousands of DNS queries per second. It wasn’t easy to build an architecture able to handle this load, and we’ve had our share of problems along the way. This talk starts with a presentation of how Kubernetes DNS works. It then dives into the challenges we’ve faced, which span a variety of topics related to load, connection tracking, upstream servers, rolling updates, resolver implementations, and performance. We then show how our DNS architecture evolved over time to address or mitigate these problems. Finally, we share our solutions for detecting these problems before they happen—and identifying misbehaving clients.
https://sched.co/Zepr
Kubernetes DNS Horror Stories (And How to Avoid Them) - Laurent Bernaille, Datadog
DNS is one of the Kubernetes core systems and can quickly become a source of issues when you’re running clusters at scale. For over a year at Datadog, we’ve run Kubernetes clusters with thousands of nodes that host workloads generating tens of thousands of DNS queries per second. It wasn’t easy to build an architecture able to handle this load, and we’ve had our share of problems along the way. This talk starts with a presentation of how Kubernetes DNS works. It then dives into the challenges we’ve faced, which span a variety of topics related to load, connection tracking, upstream servers, rolling updates, resolver implementations, and performance. We then show how our DNS architecture evolved over time to address or mitigate these problems. Finally, we share our solutions for detecting these problems before they happen—and identifying misbehaving clients.
https://sched.co/Zepr
- 1 participant
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes IoT Edge Working Group: Applications at the Edge - Cindy Xing, Microsoft & Steve Wong, VMware
This session will address unique considerations of edge applications. Edge workloads on Kubernetes can vary from: - Simple IoT solutions over Raspberry-pi - Video processing, image recognition, or machine learning apps on embedded device or server - Complicated industrial IoT or Teleco solutions requiring high availability, security, and reliability We will survey how edge impacts best practices of app development and operational management - and how Kubernetes and other related open source tools can be utilized for edge workloads. Agenda - Characteristics and requirements of different Edge Applications - Language / runtime considerations - Operational considerations with Kubernetes - App development, build, packaging and CI / CD considerations - Available tooling - How to get involved in the IoT Edge Working Group
https://sched.co/ZeuP
Kubernetes IoT Edge Working Group: Applications at the Edge - Cindy Xing, Microsoft & Steve Wong, VMware
This session will address unique considerations of edge applications. Edge workloads on Kubernetes can vary from: - Simple IoT solutions over Raspberry-pi - Video processing, image recognition, or machine learning apps on embedded device or server - Complicated industrial IoT or Teleco solutions requiring high availability, security, and reliability We will survey how edge impacts best practices of app development and operational management - and how Kubernetes and other related open source tools can be utilized for edge workloads. Agenda - Characteristics and requirements of different Edge Applications - Language / runtime considerations - Operational considerations with Kubernetes - App development, build, packaging and CI / CD considerations - Available tooling - How to get involved in the IoT Edge Working Group
https://sched.co/ZeuP
- 2 participants
- 23 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Leader Election for Fun and Profit - Nick Young, VMware
Did you know that you can use the same code that core Kubernetes components use to elect a leader in your services? This can help with adding both reliability and scalability to your Cloud Native application. Discover the ins and outs of how Kubernetes leader election works and what options it has. There have been significant changes recently, for example the addition of the Lease Object, GA in 1.16. Using some real-world use cases, we’ll look at some patterns for using the leader election distributed lock. You will come away from this talk with some understanding of: - Possible interactions with standard mechanisms like Pod readiness and metrics serving How both controller/operator services (services that listen to the API and take actions directly) and translator services (services that listen to the API and present a translated API) can use it. - How one thing we tried didn’t work
https://sched.co/Zerw
Kubernetes Leader Election for Fun and Profit - Nick Young, VMware
Did you know that you can use the same code that core Kubernetes components use to elect a leader in your services? This can help with adding both reliability and scalability to your Cloud Native application. Discover the ins and outs of how Kubernetes leader election works and what options it has. There have been significant changes recently, for example the addition of the Lease Object, GA in 1.16. Using some real-world use cases, we’ll look at some patterns for using the leader election distributed lock. You will come away from this talk with some understanding of: - Possible interactions with standard mechanisms like Pod readiness and metrics serving How both controller/operator services (services that listen to the API and take actions directly) and translator services (services that listen to the API and present a translated API) can use it. - How one thing we tried didn’t work
https://sched.co/Zerw
- 1 participant
- 21 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Networking Intro and Deep-Dive - Bowei Du & Tim Hockin, Google
Networking is less complicated than you think! This session is a combined intro and deep dive. This talk will start with some background on Kubernetes networking. Attendees who are not already comfortable with the "hows and whys" of basic networking in Kubernetes can get a bit of a primer before we dive deep on a few of the more recent developments and efforts in the networking space.
https://sched.co/ZewF
Kubernetes Networking Intro and Deep-Dive - Bowei Du & Tim Hockin, Google
Networking is less complicated than you think! This session is a combined intro and deep dive. This talk will start with some background on Kubernetes networking. Attendees who are not already comfortable with the "hows and whys" of basic networking in Kubernetes can get a bit of a primer before we dive deep on a few of the more recent developments and efforts in the networking space.
https://sched.co/ZewF
- 2 participants
- 1:20 hours
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes On Cgroup v2 - Giuseppe Scrivano, Red Hat
This talk will go over the current status of cgroups v2 in the Kubernetes and container ecosystem. Efforts are underway to enable cgroups v2 in containers runtimes and up the stack in Kubernetes so users can benefit from new kernel features such as PSI and have better OOM handling through using projects such as oomd. Particular focus will be placed on the changes required in the OCI (Open Container Initiative) specifications and how the containers runtime must be adapted to use the new version.
https://sched.co/ZeoS
Kubernetes On Cgroup v2 - Giuseppe Scrivano, Red Hat
This talk will go over the current status of cgroups v2 in the Kubernetes and container ecosystem. Efforts are underway to enable cgroups v2 in containers runtimes and up the stack in Kubernetes so users can benefit from new kernel features such as PSI and have better OOM handling through using projects such as oomd. Particular focus will be placed on the changes required in the OCI (Open Container Initiative) specifications and how the containers runtime must be adapted to use the new version.
https://sched.co/ZeoS
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Patterns - Roland Huß, Red Hat
The way developers design, build, and run software has changed significantly with the evolution of microservices, containers and Kubernetes. This talk dives into common, reusable patterns and principles for designing and implementing cloud-native applications on Kubernetes. This talk focus on the most established patterns. It will revisit basic patterns like "Predictable Demands" or "Service Discovery" but also dive into prominent patterns "Sidecar", "Elastic Scale" or "Operator". Live demos back this presentation. This presentation is ideal for developers and architects who want to learn more about a pattern-based approach to implementing common Kubernetes usage scenarios.
https://sched.co/ZerV
Kubernetes Patterns - Roland Huß, Red Hat
The way developers design, build, and run software has changed significantly with the evolution of microservices, containers and Kubernetes. This talk dives into common, reusable patterns and principles for designing and implementing cloud-native applications on Kubernetes. This talk focus on the most established patterns. It will revisit basic patterns like "Predictable Demands" or "Service Discovery" but also dive into prominent patterns "Sidecar", "Elastic Scale" or "Operator". Live demos back this presentation. This presentation is ideal for developers and architects who want to learn more about a pattern-based approach to implementing common Kubernetes usage scenarios.
https://sched.co/ZerV
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Architecture Intro and Update - Derek Carr, Red Hat & Davanum Srinivas, VMware
SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.
https://sched.co/ZeyZ
Kubernetes SIG Architecture Intro and Update - Derek Carr, Red Hat & Davanum Srinivas, VMware
SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.
https://sched.co/ZeyZ
- 2 participants
- 44 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Instrumentation: Instrumenting for Day Two Concerns - Marek Siarkowicz, Google
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. This intro session will give an overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make Kubernetes' instrumentation even better!
https://sched.co/Zeub
Kubernetes SIG Instrumentation: Instrumenting for Day Two Concerns - Marek Siarkowicz, Google
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. This intro session will give an overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make Kubernetes' instrumentation even better!
https://sched.co/Zeub
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Steering Committee AMA - Lachlan Evenson, Microsoft; Aaron Crickenberger, Google; Paris Pittman, Apple; Nikhita Raghunath & Davanum "Dims" Srinivas, VMware ; Derek Carr & Christoph Blecker, Red Hat
https://sched.co/cq9c
Kubernetes Steering Committee AMA - Lachlan Evenson, Microsoft; Aaron Crickenberger, Google; Paris Pittman, Apple; Nikhita Raghunath & Davanum "Dims" Srinivas, VMware ; Derek Carr & Christoph Blecker, Red Hat
https://sched.co/cq9c
- 7 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes VMware User Group Intro: Best Practices for Running on VMware - Steven Wong & Myles Gray, VMware
This will be an inaugural presentation by organizers and members of the recently formed Kubernetes VMware User Group. This group addresses running all forms of Kubernetes on VMware infrastructure. Come to this session if you want to meet other users, along with those who develop, test and support running K8s on vSphere and desktop hypervisors. This group is also here to support those building/using cluster installation tooling for VMware hypervisors. Agenda: - Intro to the vSphere cloud provider and related storage plugins - Recent features/changes: What are they? How to use them? - Running Kubernetes on "desktop" hypervisors - How to get involved in the User Group
https://sched.co/ZewL
Kubernetes VMware User Group Intro: Best Practices for Running on VMware - Steven Wong & Myles Gray, VMware
This will be an inaugural presentation by organizers and members of the recently formed Kubernetes VMware User Group. This group addresses running all forms of Kubernetes on VMware infrastructure. Come to this session if you want to meet other users, along with those who develop, test and support running K8s on vSphere and desktop hypervisors. This group is also here to support those building/using cluster installation tooling for VMware hypervisors. Agenda: - Intro to the vSphere cloud provider and related storage plugins - Recent features/changes: What are they? How to use them? - Running Kubernetes on "desktop" hypervisors - How to get involved in the User Group
https://sched.co/ZewL
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes as a General Purpose Control Plane: Scaling on Kubernetes - Hasan Turken, Upbound
Kubernetes style APIs are becoming popular as it works great as a general purpose control plane. One can build operators on top of it to declaratively manage resources living outside of the cluster. But how to scale when we want to run multiple isolated instances of such an operator? Do we really need a full fledged Kubernetes Cluster for each or can we run only a subset of control plane components by considering we are managing external resources? In this talk, we will discuss the minimal control plane components when we want to use Kubernetes as a general purpose control plane. Building on top of that, we will propose a lightweight solution to run multiple isolated control plane instances as tenants on a single Kubernetes Cluster. At the end, a live demo will be shown that provides a practical example of the solution proposed.
https://sched.co/Zens
Kubernetes as a General Purpose Control Plane: Scaling on Kubernetes - Hasan Turken, Upbound
Kubernetes style APIs are becoming popular as it works great as a general purpose control plane. One can build operators on top of it to declaratively manage resources living outside of the cluster. But how to scale when we want to run multiple isolated instances of such an operator? Do we really need a full fledged Kubernetes Cluster for each or can we run only a subset of control plane components by considering we are managing external resources? In this talk, we will discuss the minimal control plane components when we want to use Kubernetes as a general purpose control plane. Building on top of that, we will propose a lightweight solution to run multiple isolated control plane instances as tenants on a single Kubernetes Cluster. At the end, a live demo will be shown that provides a practical example of the solution proposed.
https://sched.co/Zens
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes? But I'm a Product Manager… - Matthew McNeeney, Independent & Miguel Luna, VMware
Good product teams care deeply about their users and the experience they provide to them, yet many Product Managers shy away from conversations about Kubernetes, believing that it’s something for their engineering counterparts to think about. But this is a critical mistake; many of the benefits Kubernetes brings can be harnessed to deliver better products, faster. The Kubernetes.io tagline is ‘Production-Grade Container Orchestration’, so it’s easy to see why Product Managers tend to leave it aside as an engineering concern. But much of the innovative work happening in the ecosystem can be used to ship software faster and deliver great user experiences. This talk will cover how Product Managers building different types of software can utilise features in Kubernetes to build extensible, scalable and cloud-agnostic products that drive better customer outcomes.
https://sched.co/ZenX
Kubernetes? But I'm a Product Manager… - Matthew McNeeney, Independent & Miguel Luna, VMware
Good product teams care deeply about their users and the experience they provide to them, yet many Product Managers shy away from conversations about Kubernetes, believing that it’s something for their engineering counterparts to think about. But this is a critical mistake; many of the benefits Kubernetes brings can be harnessed to deliver better products, faster. The Kubernetes.io tagline is ‘Production-Grade Container Orchestration’, so it’s easy to see why Product Managers tend to leave it aside as an engineering concern. But much of the innovative work happening in the ecosystem can be used to ship software faster and deliver great user experiences. This talk will cover how Product Managers building different types of software can utilise features in Kubernetes to build extensible, scalable and cloud-agnostic products that drive better customer outcomes.
https://sched.co/ZenX
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lesson Learned on Running Hadoop on Kubernetes - Chen Qiang, LinkedIn
LinkedIn operates one of the world’s largest Hadoop environments, with ~450PB used data, 2 billion files/blocks, and over 400K jobs/day. However, testing cluster features in an isolated fashion has been traditionally fairly difficult. Infra teams such as HDFS, YARN, and Azkaban often step on top of one another for testing new features in our existing test Hadoop clusters. Setting up a new test cluster requires coordination between hardware, infra, and security teams, usually taking weeks to months. We have recently extended Kubernetes’ usage to test Hadoop(HDFS/YARN) clusters, by deploying production-like Hadoop cluster on Kubernetes. This has reduced infra setup time from weeks down to minutes with no network, hardware dependencies, and enables critical infra/workflow teams to test new features on the fly.
https://sched.co/ZeoG
Lesson Learned on Running Hadoop on Kubernetes - Chen Qiang, LinkedIn
LinkedIn operates one of the world’s largest Hadoop environments, with ~450PB used data, 2 billion files/blocks, and over 400K jobs/day. However, testing cluster features in an isolated fashion has been traditionally fairly difficult. Infra teams such as HDFS, YARN, and Azkaban often step on top of one another for testing new features in our existing test Hadoop clusters. Setting up a new test cluster requires coordination between hardware, infra, and security teams, usually taking weeks to months. We have recently extended Kubernetes’ usage to test Hadoop(HDFS/YARN) clusters, by deploying production-like Hadoop cluster on Kubernetes. This has reduced infra setup time from weeks down to minutes with no network, hardware dependencies, and enables critical infra/workflow teams to test new features on the fly.
https://sched.co/ZeoG
- 1 participant
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Live Migration of Production Workloads from Apache Mesos PaaS to Kubernetes - Maria Camacho & Gufran Lutful, Nokia
In 2018 we started the migration of production workloads on our cloud-native big data analytics platform (PaaS) from Apache Mesos and Marathon to K8s. Nokia has multiple production PaaS instances in its datacenters across the globe with various production workloads, including a distributed analytics engine, production databases, data streams and ML applications. These workloads are critical to telecom data scientists requiring high performance, availability and reliability without disrupting continuous delivery of big data services. We want to share the story and lessons learnt when migrating production workloads to K8s while maintaining performance and reliability, and at the same time delivering new services to our demanding users. You will hear how we seamlessly shared cloud resources, network traffic, internal DNS and telemetry systems between two orchestrators in production.
https://sched.co/Zel1
Live Migration of Production Workloads from Apache Mesos PaaS to Kubernetes - Maria Camacho & Gufran Lutful, Nokia
In 2018 we started the migration of production workloads on our cloud-native big data analytics platform (PaaS) from Apache Mesos and Marathon to K8s. Nokia has multiple production PaaS instances in its datacenters across the globe with various production workloads, including a distributed analytics engine, production databases, data streams and ML applications. These workloads are critical to telecom data scientists requiring high performance, availability and reliability without disrupting continuous delivery of big data services. We want to share the story and lessons learnt when migrating production workloads to K8s while maintaining performance and reliability, and at the same time delivering new services to our demanding users. You will hear how we seamlessly shared cloud resources, network traffic, internal DNS and telemetry systems between two orchestrators in production.
https://sched.co/Zel1
- 2 participants
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Look Ma, No Pause! - Mrunal Patel & Peter Hunt, Red Hat
The pause container is a quinnessential hack for Kubernetes pods. A pause container is the first container in a pod, pauses until it is terminated, and is used to hold Linux namespaces open for the lifespan of the pod. Even though the pause container is as minimal as possible, it still has overhead, and we can do better. CRI-O now supports running the pause container only when absolutely necessary. Join Peter Hunt and Mrunal Patel for a deep dive into the implementation details of dropping the pause container, as well as a performance comparison and discussion of other benefits. Attendees will participate in a conversation about the removal of this hack from Kubernetes.
https://sched.co/Zenv
Look Ma, No Pause! - Mrunal Patel & Peter Hunt, Red Hat
The pause container is a quinnessential hack for Kubernetes pods. A pause container is the first container in a pod, pauses until it is terminated, and is used to hold Linux namespaces open for the lifespan of the pod. Even though the pause container is as minimal as possible, it still has overhead, and we can do better. CRI-O now supports running the pause container only when absolutely necessary. Join Peter Hunt and Mrunal Patel for a deep dive into the implementation details of dropping the pause container, as well as a performance comparison and discussion of other benefits. Attendees will participate in a conversation about the removal of this hack from Kubernetes.
https://sched.co/Zenv
- 2 participants
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
MLPerf Meets Kubernetes - Xinyuan Huang & Elvira Dzhuraeva, Cisco
Kubeflow is maturing as a cloud native Machine Learning (ML) platform that simplifies the journey of development, deployment, and management of ML on Kubernetes. As Kubeflow gets increasingly adopted, practitioners are looking beyond functions and starting to explore its performance and cost efficiency in the real world. MLPerf is a state-of-the-art benchmark suite that aims to set an industry standard for end-to-end performance evaluation of ML systems with real-world workloads covering both training and inference phases of ML lifecycle. This talk will provide a brief overview about MLPerf, followed by detailed discussions about how MLPerf can be adapted to evaluate ML performance on Kubeflow and Kubernetes, as well as how the performance results can be leveraged to guide the future design and optimization of cloud native ML platforms based on Kubeflow and Kubernetes.
https://sched.co/Zepu
MLPerf Meets Kubernetes - Xinyuan Huang & Elvira Dzhuraeva, Cisco
Kubeflow is maturing as a cloud native Machine Learning (ML) platform that simplifies the journey of development, deployment, and management of ML on Kubernetes. As Kubeflow gets increasingly adopted, practitioners are looking beyond functions and starting to explore its performance and cost efficiency in the real world. MLPerf is a state-of-the-art benchmark suite that aims to set an industry standard for end-to-end performance evaluation of ML systems with real-world workloads covering both training and inference phases of ML lifecycle. This talk will provide a brief overview about MLPerf, followed by detailed discussions about how MLPerf can be adapted to evaluate ML performance on Kubeflow and Kubernetes, as well as how the performance results can be leveraged to guide the future design and optimization of cloud native ML platforms based on Kubeflow and Kubernetes.
https://sched.co/Zepu
- 3 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Make Prometheus Use Less Memory and Restart Faster - Ganesh Vernekar, Grafana Labs
These days, the most common reason for a Prometheus server to run out of memory is an excessive amount of time series in the so called head block, the part of the internal TSDB with the freshest data, which has to be kept in memory prior to consolidation into a block on disk. A large head block leads to a long restart time because the head block has to be rebuilt from the write-ahead log. On large servers, the restart time can be 10 minutes or more. Since restarts happen regularly to upgrade the binary or to change flags, the resulting interruption of sample collection is problematic. Even worse: After an OOM crash, the same replaying from the WAL has to happen, often causing another OOM crash immediately. Ganesh Vernekar will talk about the work started in late 2019 to persist parts of the head block earlier, thereby reducing both the memory footprint and the restart time.
https://sched.co/Zeih
Make Prometheus Use Less Memory and Restart Faster - Ganesh Vernekar, Grafana Labs
These days, the most common reason for a Prometheus server to run out of memory is an excessive amount of time series in the so called head block, the part of the internal TSDB with the freshest data, which has to be kept in memory prior to consolidation into a block on disk. A large head block leads to a long restart time because the head block has to be rebuilt from the write-ahead log. On large servers, the restart time can be 10 minutes or more. Since restarts happen regularly to upgrade the binary or to change flags, the resulting interruption of sample collection is problematic. Even worse: After an OOM crash, the same replaying from the WAL has to happen, often causing another OOM crash immediately. Ganesh Vernekar will talk about the work started in late 2019 to persist parts of the head block earlier, thereby reducing both the memory footprint and the restart time.
https://sched.co/Zeih
- 1 participant
- 21 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Making Compliance Cloud Native - Ann Wallace & Zeal Somani, Google
If you’re in a highly-regulated industry, you likely have compliance requirements which make it challenging to adopt containers. Traditional compliance frameworks such as PCI and ISO 27001 were written for traditional architectures and have not yet adapted to cloud-native technologies. We’ll first discuss misconceptions that auditors believe about cloud-native technologies and architectures. Then, we will demonstrate how to meet compliance requirements – like segmentation, encryption, supply chain management, and monitoring – in a containerized environment, using our OSS K8S compliance starter kit. Lastly, we will share techniques for communicating these learnings with audit and compliance officers. Attendees will come away from this talk with knowledge of how technologies like Kubernetes can actually make compliance easier and how to shift left security and compliance requirements.
https://sched.co/ZetI
Making Compliance Cloud Native - Ann Wallace & Zeal Somani, Google
If you’re in a highly-regulated industry, you likely have compliance requirements which make it challenging to adopt containers. Traditional compliance frameworks such as PCI and ISO 27001 were written for traditional architectures and have not yet adapted to cloud-native technologies. We’ll first discuss misconceptions that auditors believe about cloud-native technologies and architectures. Then, we will demonstrate how to meet compliance requirements – like segmentation, encryption, supply chain management, and monitoring – in a containerized environment, using our OSS K8S compliance starter kit. Lastly, we will share techniques for communicating these learnings with audit and compliance officers. Attendees will come away from this talk with knowledge of how technologies like Kubernetes can actually make compliance easier and how to shift left security and compliance requirements.
https://sched.co/ZetI
- 2 participants
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Managing Applications in Production: Helm vs. ytt and kapp - Dmitriy Kalinin & Shatarupa Nandi, Pivotal
Have you ever got a stuck Helm upgrade? Did you struggle counting number of spaces to use for indenting a template chunk? Have you switched away from generic deployment tools to writing your own operators? Do you dream about extracting common app configuration into a library for use by all your applications? This talk will dissect challenges you and I have faced while working with production Kubernetes environments, managing non-trivial application configuration, and deployment mechanics. It will dig deep into Helm v2, Helm v3, ytt, kbld, kapp, to understand design choices that ultimately result in great successes and failures in your production environments. Attendees will come away with a deeper knowledge of the inner workings of these tools and appreciation for the complexity hidden away in these tools.
https://sched.co/Zetv
Managing Applications in Production: Helm vs. ytt and kapp - Dmitriy Kalinin & Shatarupa Nandi, Pivotal
Have you ever got a stuck Helm upgrade? Did you struggle counting number of spaces to use for indenting a template chunk? Have you switched away from generic deployment tools to writing your own operators? Do you dream about extracting common app configuration into a library for use by all your applications? This talk will dissect challenges you and I have faced while working with production Kubernetes environments, managing non-trivial application configuration, and deployment mechanics. It will dig deep into Helm v2, Helm v3, ytt, kbld, kapp, to understand design choices that ultimately result in great successes and failures in your production environments. Attendees will come away with a deeper knowledge of the inner workings of these tools and appreciation for the complexity hidden away in these tools.
https://sched.co/Zetv
- 2 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Managing Multi-Cluster/Multi-Tenant Kubernetes with GitOps - Chris Carty, Independent
Trying to go fully cloud native all at once can be intimidating. Learning GitOps best practices is a relatively small investment in time that has big operational payoffs. Good news! If you’re using Git, you’ve already started! This talk with be a guide to effectively implementing GitOps through a real world example of modernizing deployments using FluxCD in a multi-cluster/multi-tenant environment. It will also introduce CI tools such as conftest/Kubeval, Open Policy Agent and Kind to make pipelines more consistent and secure.
https://sched.co/ZerJ
Managing Multi-Cluster/Multi-Tenant Kubernetes with GitOps - Chris Carty, Independent
Trying to go fully cloud native all at once can be intimidating. Learning GitOps best practices is a relatively small investment in time that has big operational payoffs. Good news! If you’re using Git, you’ve already started! This talk with be a guide to effectively implementing GitOps through a real world example of modernizing deployments using FluxCD in a multi-cluster/multi-tenant environment. It will also introduce CI tools such as conftest/Kubeval, Open Policy Agent and Kind to make pipelines more consistent and secure.
https://sched.co/ZerJ
- 1 participant
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Managing a Managed Kubernetes Platform - Annegies van 't Zand & Wiender Sarup, Nationale Nederlanden
Over the past year Nationale Nederlanden (NN) has built a managed Kubernetes platform for their DevOps teams. Now, a year later, we are managing over twenty Kubernetes clusters that are running multiple production workloads. Although Kubernetes is the main component, it turned out that lifecycle management and reliable delivery of changes to in-use platforms proved to be the most challenging part. All-in-all there are fifteen components that provide all the platform features and services, so we had to get creative to make sure that we kept up to date with all of them. In this talk we will share our solutions for setting up a platform delivery pipeline and the lifecycle management of our platform components. Fan-in/fan-out cluster deployments, platform integration tests, version dashboards and feature flagging are some of the subjects that we will address.
https://sched.co/ZepK
Managing a Managed Kubernetes Platform - Annegies van 't Zand & Wiender Sarup, Nationale Nederlanden
Over the past year Nationale Nederlanden (NN) has built a managed Kubernetes platform for their DevOps teams. Now, a year later, we are managing over twenty Kubernetes clusters that are running multiple production workloads. Although Kubernetes is the main component, it turned out that lifecycle management and reliable delivery of changes to in-use platforms proved to be the most challenging part. All-in-all there are fifteen components that provide all the platform features and services, so we had to get creative to make sure that we kept up to date with all of them. In this talk we will share our solutions for setting up a platform delivery pipeline and the lifecycle management of our platform components. Fan-in/fan-out cluster deployments, platform integration tests, version dashboards and feature flagging are some of the subjects that we will address.
https://sched.co/ZepK
- 3 participants
- 47 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Mario Meets the Robocat: Lessons From Dogfooding Tekton - Andrea Frittoli, IBM & Dibyo Mukherjee, Google
Tekton is an open-source project providing lightweight reusable Kubernetes native building blocks for CI/CD that can be curated to embody best practices. Tekton, hosted by the CD Foundation, aspires to be the common denominator in CI/CD. At the last Kubecon, the speakers shared their adventures in incrementally adopting Tekton for its own release "plumbing". The goal was to ensure that the project was going in the right direction. Since then the speakers have focused their dogfooding efforts on Tekton’s CI needs. They set up event based pipelines to verify pull requests, test infrastructure defined as code, and provide friendly bots. In this talk, the speakers will share their experiences in using Tekton for its own CI/CD -- the challenges they encountered, how the robocat helped overcome them, the lessons learnt along the way, and how those helped shape the roadmap for Tekton.
https://sched.co/Zej2
Mario Meets the Robocat: Lessons From Dogfooding Tekton - Andrea Frittoli, IBM & Dibyo Mukherjee, Google
Tekton is an open-source project providing lightweight reusable Kubernetes native building blocks for CI/CD that can be curated to embody best practices. Tekton, hosted by the CD Foundation, aspires to be the common denominator in CI/CD. At the last Kubecon, the speakers shared their adventures in incrementally adopting Tekton for its own release "plumbing". The goal was to ensure that the project was going in the right direction. Since then the speakers have focused their dogfooding efforts on Tekton’s CI needs. They set up event based pipelines to verify pull requests, test infrastructure defined as code, and provide friendly bots. In this talk, the speakers will share their experiences in using Tekton for its own CI/CD -- the challenges they encountered, how the robocat helped overcome them, the lessons learnt along the way, and how those helped shape the roadmap for Tekton.
https://sched.co/Zej2
- 2 participants
- 46 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Migrating to OpenTelemetry From a Custom Distributed Tracing Pipeline - Francis Bogsanyi, Shopify
Shopify built its own distributed tracing pipeline in 2016, including custom instrumentation, a custom propagation format, trace collection, down sampling, augmentation, cleansing and fanout to multiple analytics backends. Over the past year, they have been migrating their entire tracing pipeline to OpenTelemetry, after a brief sojourn with OpenCensus. This talk describes the motivation for the migration, the advantages of working with and building upon the OpenTelemetry project, and concrete details of the migration process.
https://sched.co/ZekF
Migrating to OpenTelemetry From a Custom Distributed Tracing Pipeline - Francis Bogsanyi, Shopify
Shopify built its own distributed tracing pipeline in 2016, including custom instrumentation, a custom propagation format, trace collection, down sampling, augmentation, cleansing and fanout to multiple analytics backends. Over the past year, they have been migrating their entire tracing pipeline to OpenTelemetry, after a brief sojourn with OpenCensus. This talk describes the motivation for the migration, the advantages of working with and building upon the OpenTelemetry project, and concrete details of the migration process.
https://sched.co/ZekF
- 1 participant
- 19 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Minikube - Rohit Anand, NEC Corporation & Medya Ghazizadeh, Google
Join minikube maintainers for a deep dive into how minikube runs Kubernetes on your local machine. We'll cover how to get started with minikube and what customizations are available so you can have the best possible local development experience. We'll also go over how you can contribute to the project, new features we've recently added, and what you can expect from minikube in 2020. This session is intended for both new and seasoned minikube users.
https://sched.co/Zexq
Minikube - Rohit Anand, NEC Corporation & Medya Ghazizadeh, Google
Join minikube maintainers for a deep dive into how minikube runs Kubernetes on your local machine. We'll cover how to get started with minikube and what customizations are available so you can have the best possible local development experience. We'll also go over how you can contribute to the project, new features we've recently added, and what you can expect from minikube in 2020. This session is intended for both new and seasoned minikube users.
https://sched.co/Zexq
- 2 participants
- 38 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Monitoring GPUs at Scale for AI/ML and HPC Clusters - Bharti L Agrawal, NVIDIA
At Nvidia we have several large GPU K8s clusters for running deep learning training (AI/ML) workloads. On these clusters we need monitoring to support a range of user personas . First we have the end users (AI/ML researchers) who want to get an insight into how well their workloads used the GPUs and the system. Then we have the operations team who would like to monitor the general health of the cluster and be alerted in real time to any issues. Finally we have the stakeholders who would like to see the GPU utilization and saturation over time for capacity planning. These requirements cannot be satisfied by a standard “out of the box” setup. In this presentation we will show how we used a combination of open source tools to address our requirements. We will discuss various deployment, maintenance, security and scale challenges we hit and how we resolved them for monitoring GPU data.
https://sched.co/Zeoh
Monitoring GPUs at Scale for AI/ML and HPC Clusters - Bharti L Agrawal, NVIDIA
At Nvidia we have several large GPU K8s clusters for running deep learning training (AI/ML) workloads. On these clusters we need monitoring to support a range of user personas . First we have the end users (AI/ML researchers) who want to get an insight into how well their workloads used the GPUs and the system. Then we have the operations team who would like to monitor the general health of the cluster and be alerted in real time to any issues. Finally we have the stakeholders who would like to see the GPU utilization and saturation over time for capacity planning. These requirements cannot be satisfied by a standard “out of the box” setup. In this presentation we will show how we used a combination of open source tools to address our requirements. We will discuss various deployment, maintenance, security and scale challenges we hit and how we resolved them for monitoring GPU data.
https://sched.co/Zeoh
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-Tenant Clusters with Hierarchical Namespaces - Adrian Ludwin, Google
The multi-tenancy working group is developing new building blocks in Kubernetes to better support multi-tenant use cases, such as hosting multiple teams in large enterprises and enabling multi-single-tenant deployments in SaaS. Namespaces are one of the most important foundations of multi-tenancy in Kubernetes. In this talk, we introduce a new building block called Hierarchical Namespaces that allow policies like RBAC and Network Policies to be consistently inherited across trees of namespaces. Based on our experience working with customers, we believe this new technique will simplify namespace management in Enterprise and SaaS use cases. This talk will show how you can use hierarchical namespaces to safely and easily share your cluster across teams and deployments within an organization. Hierarchical Namespaces are an open source project currently incubating in the Multi-tenancy working group. You can check out the code and get involved in the project here: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/hnc
https://sched.co/Zeuh
Multi-Tenant Clusters with Hierarchical Namespaces - Adrian Ludwin, Google
The multi-tenancy working group is developing new building blocks in Kubernetes to better support multi-tenant use cases, such as hosting multiple teams in large enterprises and enabling multi-single-tenant deployments in SaaS. Namespaces are one of the most important foundations of multi-tenancy in Kubernetes. In this talk, we introduce a new building block called Hierarchical Namespaces that allow policies like RBAC and Network Policies to be consistently inherited across trees of namespaces. Based on our experience working with customers, we believe this new technique will simplify namespace management in Enterprise and SaaS use cases. This talk will show how you can use hierarchical namespaces to safely and easily share your cluster across teams and deployments within an organization. Hierarchical Namespaces are an open source project currently incubating in the Multi-tenancy working group. You can check out the code and get involved in the project here: https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/hnc
https://sched.co/Zeuh
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-cluster Made Reasonable: Envoy Service Mesh Control Plane - Ashley Kasim & Paul Fisher, Lyft
Lyft runs business critical microservices sharded across multiple independent Kubernetes clusters in an Envoy service mesh, enabling services to autoscale and serve rides in the face of Kubernetes cluster and backplane failures. Existing Envoy control plane solutions are complex and can be difficult to span multiple clusters. Ashley and Paul's talk covers the design and implementation of Dyplomat — Lyft’s simple cloud-agnostic open source Envoy control plane. Built on top of Envoy's Go Control Plane, Dyplomat bridges together multiple Kubernetes clusters and legacy infrastructure. The talk demonstrates how to scale a production service mesh to hundreds of microservices running across multiple clusters spanning thousands of nodes.
https://sched.co/ZesE
Multi-cluster Made Reasonable: Envoy Service Mesh Control Plane - Ashley Kasim & Paul Fisher, Lyft
Lyft runs business critical microservices sharded across multiple independent Kubernetes clusters in an Envoy service mesh, enabling services to autoscale and serve rides in the face of Kubernetes cluster and backplane failures. Existing Envoy control plane solutions are complex and can be difficult to span multiple clusters. Ashley and Paul's talk covers the design and implementation of Dyplomat — Lyft’s simple cloud-agnostic open source Envoy control plane. Built on top of Envoy's Go Control Plane, Dyplomat bridges together multiple Kubernetes clusters and legacy infrastructure. The talk demonstrates how to scale a production service mesh to hundreds of microservices running across multiple clusters spanning thousands of nodes.
https://sched.co/ZesE
- 2 participants
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multicloud Vitess over Network Service Mesh - Tim Swanson, Cisco & John Watson, PlanetScale
This talk will describe using Network Service Mesh to create a private L3 network between Kubernetes clusters in different cloud providers to seamlessly deploy multiple Vitess cells across them. We will describe a multicloud Vitess use case and walk through the deployment details, highlighting the networking requirements in the process. We will describe NSM’s inter-domain feature and multicloud capabilities and a network service which fulfills the Vitess multicloud networking requirements by dynamically forming a common private L3 routing domain to interconnect specific workloads hosted in multiple clouds.
https://sched.co/ZejK
Multicloud Vitess over Network Service Mesh - Tim Swanson, Cisco & John Watson, PlanetScale
This talk will describe using Network Service Mesh to create a private L3 network between Kubernetes clusters in different cloud providers to seamlessly deploy multiple Vitess cells across them. We will describe a multicloud Vitess use case and walk through the deployment details, highlighting the networking requirements in the process. We will describe NSM’s inter-domain feature and multicloud capabilities and a network service which fulfills the Vitess multicloud networking requirements by dynamically forming a common private L3 routing domain to interconnect specific workloads hosted in multiple clouds.
https://sched.co/ZejK
- 2 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Mutual TLS Adoption Made Simple, Safe and Secure - Lizan Zhou, Tetrate & Jianfei Hu, Google
Rolling out mutual TLS to service meshes is challenging. In the real world, service mesh adoptions are incremental. Services deployment are heterogenous, consisting of workloads with or without sidecar, able or unable to speak mutual TLS, on both client and server side. Coordinating the mutual TLS rolling out with service mesh adoption is hard. In this talk, Jianfei and Lizan will explain the lessons learned from the last several years experience. Specifically, we walk through Envoy innovations to address the problem on both client and server side: TLS sniffing on the server side and per endpoint mutual TLS labeling mechanism on the client side. In the end, we show how these techniques combined together to offer a frictionless user journey to adopt mutual TLS safely.
https://sched.co/Zesi
Mutual TLS Adoption Made Simple, Safe and Secure - Lizan Zhou, Tetrate & Jianfei Hu, Google
Rolling out mutual TLS to service meshes is challenging. In the real world, service mesh adoptions are incremental. Services deployment are heterogenous, consisting of workloads with or without sidecar, able or unable to speak mutual TLS, on both client and server side. Coordinating the mutual TLS rolling out with service mesh adoption is hard. In this talk, Jianfei and Lizan will explain the lessons learned from the last several years experience. Specifically, we walk through Envoy innovations to address the problem on both client and server side: TLS sniffing on the server side and per endpoint mutual TLS labeling mechanism on the client side. In the end, we show how these techniques combined together to offer a frictionless user journey to adopt mutual TLS safely.
https://sched.co/Zesi
- 3 participants
- 25 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Network Isolation For 1500 Microservices - Jack Kleeman
Network policies can be difficult to manage at scale while maintaining granular controls, and migrating an existing cluster is particularly challenging. In this presentation, Jack Kleeman will explain the problems that his team solved to be able to write, maintain, test, and enforce network policies for an existing self-managed Kubernetes cluster with 1500 highly connected Go microservices.
https://sched.co/ZekU
Network Isolation For 1500 Microservices - Jack Kleeman
Network policies can be difficult to manage at scale while maintaining granular controls, and migrating an existing cluster is particularly challenging. In this presentation, Jack Kleeman will explain the problems that his team solved to be able to write, maintain, test, and enforce network policies for an existing self-managed Kubernetes cluster with 1500 highly connected Go microservices.
https://sched.co/ZekU
- 1 participant
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Network Isolation and Security Policies for Kubernetes Bare-metal Nodes - Girish Moodalbail, NVIDIA & Liel Shoshan, Mellanox
Running Kubernetes at scale in a multi-tenant Cloud requires strong network isolation and flexible stateful security policy enforcement for the bare-metal nodes used for both the tenant K8s clusters as well as in the Cloud control plane. Such isolation and security needs to be implemented in a way that consumes as little host resources as possible, while being immune to potentially malicious host root user. Additionally, the preferred implementation needs to be compatible with a high-performance (offloaded) K8s CNI. This presentation provides an overview of such an implementation for Software Defined (SDN) K8s node networking, based on Open Virtual Network (OVN) and Open vSwitch (OVS)) and offloaded to “bump-in-the-wire” Smart NICs.
https://sched.co/Zetj
Network Isolation and Security Policies for Kubernetes Bare-metal Nodes - Girish Moodalbail, NVIDIA & Liel Shoshan, Mellanox
Running Kubernetes at scale in a multi-tenant Cloud requires strong network isolation and flexible stateful security policy enforcement for the bare-metal nodes used for both the tenant K8s clusters as well as in the Cloud control plane. Such isolation and security needs to be implemented in a way that consumes as little host resources as possible, while being immune to potentially malicious host root user. Additionally, the preferred implementation needs to be compatible with a high-performance (offloaded) K8s CNI. This presentation provides an overview of such an implementation for Software Defined (SDN) K8s node networking, based on Open Virtual Network (OVN) and Open vSwitch (OVS)) and offloaded to “bump-in-the-wire” Smart NICs.
https://sched.co/Zetj
- 2 participants
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Network Service Mesh to Address Cloud Native 5G Telco Networking Challenges - Roshini Ratnam & Anders Franzen, Ericsson
Some of the key networking challenges of cloud native telco applications are VPN/traffic separation, no NAT protocols, path diversity, accelerated user plane traffic, legacy protocol etc. Kubernetes networking cannot address them. Currently they are addressed using approaches like Multus, Danm, CNI-Genie. All this still only works on a node level but will require a substantial amount of complex case specific, on-site DevOps to bottom-up build a functional multi-network cluster, with all challenges that come with that, like LCM. This seminar will cover how Network Service Mesh (NSM) can address networking challenges of cloud native telco applications in 5G with the details of proof of concept and how NSM decouple infrastructure from applications. The speakers will also give details of the ongoing work with CNF test bed network separation use case.
https://sched.co/Zelt
Network Service Mesh to Address Cloud Native 5G Telco Networking Challenges - Roshini Ratnam & Anders Franzen, Ericsson
Some of the key networking challenges of cloud native telco applications are VPN/traffic separation, no NAT protocols, path diversity, accelerated user plane traffic, legacy protocol etc. Kubernetes networking cannot address them. Currently they are addressed using approaches like Multus, Danm, CNI-Genie. All this still only works on a node level but will require a substantial amount of complex case specific, on-site DevOps to bottom-up build a functional multi-network cluster, with all challenges that come with that, like LCM. This seminar will cover how Network Service Mesh (NSM) can address networking challenges of cloud native telco applications in 5G with the details of proof of concept and how NSM decouple infrastructure from applications. The speakers will also give details of the ongoing work with CNF test bed network separation use case.
https://sched.co/Zelt
- 2 participants
- 40 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Next Generation of CI/CD: Analytics-driven Traffic Management on Kubernetes - Fabio Oliveira, IBM
We will describe and demonstrate how to architect a CI/CD solution to upgrade Kubernetes services while relying on fully automatic traffic management driven by principled metric and success criteria analysis. Our solution relies on Istio’s support for traffic management and on iter8 (https://iter8.tools), a new open-source Kubernetes controller and analytics engine. Iter8 automatically shifts user traffic to a canary version as it becomes increasingly confident in the canary’s performance and correctness, and it rolls back to the current version if things go bad. By way of example, we will show how IBM Watson Health migrated to our proposed solution and the lessons learned in the process.
https://sched.co/Zep8
Next Generation of CI/CD: Analytics-driven Traffic Management on Kubernetes - Fabio Oliveira, IBM
We will describe and demonstrate how to architect a CI/CD solution to upgrade Kubernetes services while relying on fully automatic traffic management driven by principled metric and success criteria analysis. Our solution relies on Istio’s support for traffic management and on iter8 (https://iter8.tools), a new open-source Kubernetes controller and analytics engine. Iter8 automatically shifts user traffic to a canary version as it becomes increasingly confident in the canary’s performance and correctness, and it rolls back to the current version if things go bad. By way of example, we will show how IBM Watson Health migrated to our proposed solution and the lessons learned in the process.
https://sched.co/Zep8
- 1 participant
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Nondestructive Forensics: Debugging K8s Services Without Disturbing State - Alex Leong, Buoyant
If debugging distributed systems is like solving a murder mystery, then we need a way to gather clues without disturbing the scene of the crime. Some application errors (resource leaks and race conditions in particular) can take a long time to reproduce; other errors might occur unexpectedly in production. When this happens, we want to gather as much information as possible without restarting the pod. Tools like detailed logging, debug sidecars, and Linkerd's "tap" are only usable if we had the foresight to include them before the error occurred. Ephemeral containers promise to be a useful tool, but are currently in alpha. We will compare these techniques and then see how we can use direct access to the node to enter a pod's network namespace and do detailed network debugging without needing to restart any running containers.
https://sched.co/Zeqs
Nondestructive Forensics: Debugging K8s Services Without Disturbing State - Alex Leong, Buoyant
If debugging distributed systems is like solving a murder mystery, then we need a way to gather clues without disturbing the scene of the crime. Some application errors (resource leaks and race conditions in particular) can take a long time to reproduce; other errors might occur unexpectedly in production. When this happens, we want to gather as much information as possible without restarting the pod. Tools like detailed logging, debug sidecars, and Linkerd's "tap" are only usable if we had the foresight to include them before the error occurred. Ephemeral containers promise to be a useful tool, but are currently in alpha. We will compare these techniques and then see how we can use direct access to the node to enter a pod's network namespace and do detailed network debugging without needing to restart any running containers.
https://sched.co/Zeqs
- 1 participant
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Notary v2 Introduction and Status Report - Justin Cormack, Docker & Omar Paul, Amazon
The Notary v2 project is a rework of the infrastructure for container signing, supporting additional OCI Artifacts, such as Helm, Singularity and CNAB. It addresses the design and usability issues that have been found with Notary v1, and signing in a multi-registry world. The major focus being signatures as first class elements of registries rather than running a sidecar database. It addresses the signing usability issues enabling broad provider and customer adoption. This session will give an overview of the Notary v2 community project at present, and the roadmap. This session is for anyone interested in container signing and what the new project is working on.
https://sched.co/Zewy
Notary v2 Introduction and Status Report - Justin Cormack, Docker & Omar Paul, Amazon
The Notary v2 project is a rework of the infrastructure for container signing, supporting additional OCI Artifacts, such as Helm, Singularity and CNAB. It addresses the design and usability issues that have been found with Notary v1, and signing in a multi-registry world. The major focus being signatures as first class elements of registries rather than running a sidecar database. It addresses the signing usability issues enabling broad provider and customer adoption. This session will give an overview of the Notary v2 community project at present, and the roadmap. This session is for anyone interested in container signing and what the new project is working on.
https://sched.co/Zewy
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Notary v2 Outstanding Issues Working Session - Justin Cormack, Docker & Steve Lasker, Microsoft
The Notary v2 project is a rework of the infrastructure for container signing, supporting additional OCI Artifacts, such as Helm, Singularity and CNAB, and fixing usability and other issues. This session examines the current state of the project, discussing the design decisions as they relate to the target scenarios. This session is a working session to engage face to face discussions for all participants.
https://sched.co/Zexw
Notary v2 Outstanding Issues Working Session - Justin Cormack, Docker & Steve Lasker, Microsoft
The Notary v2 project is a rework of the infrastructure for container signing, supporting additional OCI Artifacts, such as Helm, Singularity and CNAB, and fixing usability and other issues. This session examines the current state of the project, discussing the design decisions as they relate to the target scenarios. This session is a working session to engage face to face discussions for all participants.
https://sched.co/Zexw
- 2 participants
- 34 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Observability at Scale: Running OpenTelemetry Across an Enterprise - Jonah Back & Kranti Vikram, Intuit
Observability has been a huge topic of interest in the software industry over the last few years. One of the major components in observability is distributed tracing. Tools like Jaeger, Zipkin, OpenCensus, and OpenTelemetry have made it really easy to get started. Less easy, however, is getting your tracing infrastructure to a place where it can be fully leveraged across hundreds, if not thousands, of services. This talk will cover Intuit's experience deploying tracing infrastructure using Kubernetes, Jaeger, and OpenTelemetry. It will cover a few key areas in Intuit's journey to running a highly available, multi-region tracing solution. 1) Scaling ElasticSearch to support 500M+ traces per day. 2) Secure, automated on-boarding of OpenTelemetry agents to central collectors 3) Leveraging open-source libraries to provide high quality trace data, enhanced with domain-specific attributes
https://sched.co/Zeqy
Observability at Scale: Running OpenTelemetry Across an Enterprise - Jonah Back & Kranti Vikram, Intuit
Observability has been a huge topic of interest in the software industry over the last few years. One of the major components in observability is distributed tracing. Tools like Jaeger, Zipkin, OpenCensus, and OpenTelemetry have made it really easy to get started. Less easy, however, is getting your tracing infrastructure to a place where it can be fully leveraged across hundreds, if not thousands, of services. This talk will cover Intuit's experience deploying tracing infrastructure using Kubernetes, Jaeger, and OpenTelemetry. It will cover a few key areas in Intuit's journey to running a highly available, multi-region tracing solution. 1) Scaling ElasticSearch to support 500M+ traces per day. 2) Secure, automated on-boarding of OpenTelemetry agents to central collectors 3) Leveraging open-source libraries to provide high quality trace data, enhanced with domain-specific attributes
https://sched.co/Zeqy
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Open Policy Agent Deep Dive - Tim Hinrichs & Ash Narkar, Styra
Come to this session for a deep dive on some exciting new features in the OPA project presented by the project maintainers. This session will have plenty of time for Q&A!
https://sched.co/Zexz
Open Policy Agent Deep Dive - Tim Hinrichs & Ash Narkar, Styra
Come to this session for a deep dive on some exciting new features in the OPA project presented by the project maintainers. This session will have plenty of time for Q&A!
https://sched.co/Zexz
- 2 participants
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Open Policy Agent Introduction - Rita Zhang, Microsoft & Patrick East, Styra
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases in Kubernetes and the wider cloud native ecosystem. During this session the OPA maintainers will introduce the project and then provide updates on the latest and greatest features to land in OPA and OPA Gatekeeper.
https://sched.co/Zex1
Open Policy Agent Introduction - Rita Zhang, Microsoft & Patrick East, Styra
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases in Kubernetes and the wider cloud native ecosystem. During this session the OPA maintainers will introduce the project and then provide updates on the latest and greatest features to land in OPA and OPA Gatekeeper.
https://sched.co/Zex1
- 2 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Open Source Adulthood: What We Learned About Growing Up - Jean-Philippe Evrard, SUSE & Kendall Nelson, OpenStack Foundation
With dozens of companies and countries, with thousands of people contributing to a single open source project, the community is bound to face some growing pains. On the rise there are more and more people every day hoping to contribute their new feature whether it actually fits in the project or not. For a while there are more resources than community knows what to do with, but eventually, a new project will come along and hopefully they can learn from the challenges that the projects before them faced. In this talk, attendees will learn about one open source community's rise in popularity and the transition to stable, mature project. Attendees will learn from the struggles of the OpenStack community and will be able to take the lessons we learned back to the Kubernetes and other CNCF communities.
https://sched.co/Zen0
Open Source Adulthood: What We Learned About Growing Up - Jean-Philippe Evrard, SUSE & Kendall Nelson, OpenStack Foundation
With dozens of companies and countries, with thousands of people contributing to a single open source project, the community is bound to face some growing pains. On the rise there are more and more people every day hoping to contribute their new feature whether it actually fits in the project or not. For a while there are more resources than community knows what to do with, but eventually, a new project will come along and hopefully they can learn from the challenges that the projects before them faced. In this talk, attendees will learn about one open source community's rise in popularity and the transition to stable, mature project. Attendees will learn from the struggles of the OpenStack community and will be able to take the lessons we learned back to the Kubernetes and other CNCF communities.
https://sched.co/Zen0
- 2 participants
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenEBS 101: Hyperconverged Kubernetes Native Storage - Kiran Mova & Vishnu Itta, MayaData
OpenEBS provides horizontally scalable, highly available, persistent storage for Kubernetes stateful workloads. OpenEBS allows users to create a Hyper converged Kubernetes clusters, by pooling the storage available on the Kubernetes nodes. OpenEBS comes with a variety of storage engines that are highly composable to meet the demands of the different workloads. OpenEBS makes it easy to build managed data services. In this talk Kiran Mova and Vishnu Itta will discuss OpenEBS architecture, how to get started with OpenEBS, recent updates on the Day 2 Storage Operations support and the roadmap. OpenEBS is a CNCF sandbox project.
https://sched.co/ZevN
OpenEBS 101: Hyperconverged Kubernetes Native Storage - Kiran Mova & Vishnu Itta, MayaData
OpenEBS provides horizontally scalable, highly available, persistent storage for Kubernetes stateful workloads. OpenEBS allows users to create a Hyper converged Kubernetes clusters, by pooling the storage available on the Kubernetes nodes. OpenEBS comes with a variety of storage engines that are highly composable to meet the demands of the different workloads. OpenEBS makes it easy to build managed data services. In this talk Kiran Mova and Vishnu Itta will discuss OpenEBS architecture, how to get started with OpenEBS, recent updates on the Day 2 Storage Operations support and the roadmap. OpenEBS is a CNCF sandbox project.
https://sched.co/ZevN
- 3 participants
- 46 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenID Connect as SSO Solution: Strengths and Weaknesses - Álvaro Iradier, Sysdig
OpenID Connect (OIDC), an identity layer on top of OAuth2 protocol, makes user login easier and allows for a seamless SSO experience between multiple tools and services by delegating authentication to a trusted Identity Provider (Authorization Server). The concept is quite appealing at first sight. But different implementations and lack of agreement, both on the client applications and on the Authorization Servers, can ruin your trip. In this talk we will explain the basic concepts of OIDC, how it works, how it compares to other Federated Authentication systems like SAML, and some integration examples like Harbor or Kubernetes. Then we talk about some common issues that are still rough edges, like the user onboarding and the roles and group management. Finally, we will see how we can make some non-OIDC aware applications work with OIDC by delegating authentication to an Nginx proxy.
https://sched.co/Zeka
OpenID Connect as SSO Solution: Strengths and Weaknesses - Álvaro Iradier, Sysdig
OpenID Connect (OIDC), an identity layer on top of OAuth2 protocol, makes user login easier and allows for a seamless SSO experience between multiple tools and services by delegating authentication to a trusted Identity Provider (Authorization Server). The concept is quite appealing at first sight. But different implementations and lack of agreement, both on the client applications and on the Authorization Servers, can ruin your trip. In this talk we will explain the basic concepts of OIDC, how it works, how it compares to other Federated Authentication systems like SAML, and some integration examples like Harbor or Kubernetes. Then we talk about some common issues that are still rough edges, like the user onboarding and the roles and group management. Finally, we will see how we can make some non-OIDC aware applications work with OIDC by delegating authentication to an Nginx proxy.
https://sched.co/Zeka
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenTelemetry Agent and Collector: Telemetry Built-in Into All Software - Steve Flanders, Splunk & Trask Stalnaker, Microsoft
Effective observability requires high-quality telemetry. OpenTelemetry enables it by making telemetry a built-in feature of all software. Learn how easy it is to enable telemetry data collection for any app and enable observability scenarios by configuring OpenTelemetry collector. Help us build the future where all software exposes its telemetry in a unified way. Where app owners concentrate on building great software while getting insights into application behavior and reliability effortlessly. And see how the road to this future looks like. This talk will feature a demo of automatic java application instrumentation and collector configuration to upload high-quality telemetry to the backend of your choice.
https://sched.co/ZevT
OpenTelemetry Agent and Collector: Telemetry Built-in Into All Software - Steve Flanders, Splunk & Trask Stalnaker, Microsoft
Effective observability requires high-quality telemetry. OpenTelemetry enables it by making telemetry a built-in feature of all software. Learn how easy it is to enable telemetry data collection for any app and enable observability scenarios by configuring OpenTelemetry collector. Help us build the future where all software exposes its telemetry in a unified way. Where app owners concentrate on building great software while getting insights into application behavior and reliability effortlessly. And see how the road to this future looks like. This talk will feature a demo of automatic java application instrumentation and collector configuration to upload high-quality telemetry to the backend of your choice.
https://sched.co/ZevT
- 2 participants
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Operating Enterprise Grade Kubernetes Clusters at Salesforce on Bare Metal - Anubhav Dhoot & Mayank Kumar, Salesforce
Many enterprises today don’t have the luxury of public cloud managed offerings, or VM’s in their private data centers. In the absence of these, it’s challenging to operate enterprise grade Kubernetes clusters and manage it seamlessly. We will talk about specific challenges in bringing up a highly available kubernetes cluster on bare metal, securing it, upgrading it, monitoring it 24/7, and doing all of that using Puppet, while maintaining SLA for our customers. We will cover a lot of lessons learnt in managing a fleet of 2600+ hosts across 20 + data centers over the last 4 years, including battle stories like dangers of etcd initial-cluster-state config, hairpin networking issues, and setting up service accounts with key rotation. While we are well on the path to using managed K8s offerings in Public Cloud, this will be a cautionary tale for teams managing their own k8s clusters.
https://sched.co/bGGS
Operating Enterprise Grade Kubernetes Clusters at Salesforce on Bare Metal - Anubhav Dhoot & Mayank Kumar, Salesforce
Many enterprises today don’t have the luxury of public cloud managed offerings, or VM’s in their private data centers. In the absence of these, it’s challenging to operate enterprise grade Kubernetes clusters and manage it seamlessly. We will talk about specific challenges in bringing up a highly available kubernetes cluster on bare metal, securing it, upgrading it, monitoring it 24/7, and doing all of that using Puppet, while maintaining SLA for our customers. We will cover a lot of lessons learnt in managing a fleet of 2600+ hosts across 20 + data centers over the last 4 years, including battle stories like dangers of etcd initial-cluster-state config, hairpin networking issues, and setting up service accounts with key rotation. While we are well on the path to using managed K8s offerings in Public Cloud, this will be a cautionary tale for teams managing their own k8s clusters.
https://sched.co/bGGS
- 2 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Optimized Resource Allocation in Kubernetes? Topology Manager is Here - Conor Nolan, Intel & Victor Pickard, Red Hat
To satisfy the resource demands of workloads, Kubernetes must be responsible for resources on the platform and the intricacies associated with them. The introduction of CPU Manager and Device Manager are two examples of K8s taking involved decisions for resource assignment. However, these two components act independently, which can lead to undesirable resource allocations most notable on a systems with multiple CPU Socket or NUMA Regions. Under the guidance of SIG node, a new component is being introduced to Kubelet called Topology Manager, which will resolve this undesirable situation by enabling optimal resource allocation. This talk will introduce Topology Manager, how it works to solve these problems as well as the reasons behind introducing such a feature.
https://sched.co/b6KQ
Optimized Resource Allocation in Kubernetes? Topology Manager is Here - Conor Nolan, Intel & Victor Pickard, Red Hat
To satisfy the resource demands of workloads, Kubernetes must be responsible for resources on the platform and the intricacies associated with them. The introduction of CPU Manager and Device Manager are two examples of K8s taking involved decisions for resource assignment. However, these two components act independently, which can lead to undesirable resource allocations most notable on a systems with multiple CPU Socket or NUMA Regions. Under the guidance of SIG node, a new component is being introduced to Kubelet called Topology Manager, which will resolve this undesirable situation by enabling optimal resource allocation. This talk will introduce Topology Manager, how it works to solve these problems as well as the reasons behind introducing such a feature.
https://sched.co/b6KQ
- 3 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Owned By Statistics: How Kubeflow & MLOps Can Help Secure Your ML Workloads - David Aronchick, Microsoft
While machine learning is spreading like wildfire, very little attention has been paid to the ways that it can go wrong when moving from development to production. Even when models work perfectly, they can be attacked and/or degrade quickly if the data changes. Having a well understood MLOps process is necessary for ML security! Using Kubeflow, we will demonstrate how to the common ways machine learning workflows go wrong, and how to mitigate them using MLOps pipelines to provide reproducibility, validation, versioning/tracking, and safe/compliant deployment. We will also talk about the direction for MLOps as an industry, and how we can use it to move faster, with less risk, than ever before.
https://sched.co/ZekC
Owned By Statistics: How Kubeflow & MLOps Can Help Secure Your ML Workloads - David Aronchick, Microsoft
While machine learning is spreading like wildfire, very little attention has been paid to the ways that it can go wrong when moving from development to production. Even when models work perfectly, they can be attacked and/or degrade quickly if the data changes. Having a well understood MLOps process is necessary for ML security! Using Kubeflow, we will demonstrate how to the common ways machine learning workflows go wrong, and how to mitigate them using MLOps pipelines to provide reproducibility, validation, versioning/tracking, and safe/compliant deployment. We will also talk about the direction for MLOps as an industry, and how we can use it to move faster, with less risk, than ever before.
https://sched.co/ZekC
- 1 participant
- 40 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel: Are Cloud Native 5G Core Network Functions (NFs) Truly Manageable & Secure? - Ramki Krishnan, VMware; Srini Addepalli, Intel; Heather Kirksey, The Linux Foundation; Tom Kivlin, Vodafone; & Balaji Ethirajulu, Ericsson
In the transition towards Cloud Native, 5G Core NFs has an interesting architectural mix of HTTP 2.0 and other network I/Fs. In this panel, we first examine the various manageability/security/visibility challenges of the 5G Core NFs in K8S with 1) Multiple network I/Fs for high performance data plane NFs and for isolation for all NFs 2) Chaining of NFs that are distributed across K8S clusters. While multi-cluster L7 Service Mesh (Istio, Linkerd etc.) seems to be a reasonable solution choice especially for HTTP-based functions, there are unique challenges posed by other NFs operation with other protocols and at lower layers. We will explore options such as an integrated Layer 2-7 service mesh approach leveraging open source efforts such as Open Virtual Network (OVN) to address these challenges - e.g. inter node/cluster secure communication using for Layer 7 TLS or Layer 2-4 IPSEC.
https://sched.co/Zeq9
Panel: Are Cloud Native 5G Core Network Functions (NFs) Truly Manageable & Secure? - Ramki Krishnan, VMware; Srini Addepalli, Intel; Heather Kirksey, The Linux Foundation; Tom Kivlin, Vodafone; & Balaji Ethirajulu, Ericsson
In the transition towards Cloud Native, 5G Core NFs has an interesting architectural mix of HTTP 2.0 and other network I/Fs. In this panel, we first examine the various manageability/security/visibility challenges of the 5G Core NFs in K8S with 1) Multiple network I/Fs for high performance data plane NFs and for isolation for all NFs 2) Chaining of NFs that are distributed across K8S clusters. While multi-cluster L7 Service Mesh (Istio, Linkerd etc.) seems to be a reasonable solution choice especially for HTTP-based functions, there are unique challenges posed by other NFs operation with other protocols and at lower layers. We will explore options such as an integrated Layer 2-7 service mesh approach leveraging open source efforts such as Open Virtual Network (OVN) to address these challenges - e.g. inter node/cluster secure communication using for Layer 7 TLS or Layer 2-4 IPSEC.
https://sched.co/Zeq9
- 4 participants
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel: Ask Me Anything About Service Mesh - Lin Sun & Daniel Berg IBM; Christian Posta, Solo.io; Oliver Gould, Buoyant; & Sven Mawson, Google
As part of the cloud native journey, users are leveraging service mesh to solve the rising challenges of microservices in a consistent manner such as how to observe microservices, how to handle network failures, how to control traffic and how to secure microservices etc. without redeploying their services. Join us for a live interactive session where our panel of service mesh experts will address your most challenging inquiries around service mesh!
https://sched.co/ZejT
Panel: Ask Me Anything About Service Mesh - Lin Sun & Daniel Berg IBM; Christian Posta, Solo.io; Oliver Gould, Buoyant; & Sven Mawson, Google
As part of the cloud native journey, users are leveraging service mesh to solve the rising challenges of microservices in a consistent manner such as how to observe microservices, how to handle network failures, how to control traffic and how to secure microservices etc. without redeploying their services. Join us for a live interactive session where our panel of service mesh experts will address your most challenging inquiries around service mesh!
https://sched.co/ZejT
- 5 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel: CNCF Ambassadors: Building the Cloud Native Community – Ihor Dvoretskyi, CNCF; Kasper Nissen, Lunar; Alison Dowdney, Weaveworks; Jessica Andersson, Meltwater; & Saiyam Pathak
As the adoption of Cloud Native increases, the need for local communities increases. End users are looking for others in similar situations to share experiences and learn from each other. CNCF helps and supports local organizers through the meetup and ambassador program. In this session, the panelists will share their experiences in building and scaling local communities around the Cloud Native ecosystem. How can you get started? Where do you find speakers and venues? How to keep the momentum? These are just a few of the questions the panelists will try to answer.
https://sched.co/aDjR
Panel: CNCF Ambassadors: Building the Cloud Native Community – Ihor Dvoretskyi, CNCF; Kasper Nissen, Lunar; Alison Dowdney, Weaveworks; Jessica Andersson, Meltwater; & Saiyam Pathak
As the adoption of Cloud Native increases, the need for local communities increases. End users are looking for others in similar situations to share experiences and learn from each other. CNCF helps and supports local organizers through the meetup and ambassador program. In this session, the panelists will share their experiences in building and scaling local communities around the Cloud Native ecosystem. How can you get started? Where do you find speakers and venues? How to keep the momentum? These are just a few of the questions the panelists will try to answer.
https://sched.co/aDjR
- 5 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel: End User Community Adoption of Cloud Native Principles & Lessons Learned - Ken Owens, Mastercard; Lee Mills, Spotify; Jennifer Strejevitch, Condé Nast; Kasper Nissen, Lunar; & Cheryl Hung, Cloud Native Computing Foundation
This panel brings together engineers from the CNCF End User Community to provide their insights on the journey their respective companies have undergone in their transformation to Cloud Native. Each End User member company will discuss their Cloud Native principles and what has worked along with what has not worked. Topics will include operational best practices, developer experience, CNCF projects evaluated and implemented, and vendor management along with the lessons learned along the journey.
https://sched.co/ZeqU
Panel: End User Community Adoption of Cloud Native Principles & Lessons Learned - Ken Owens, Mastercard; Lee Mills, Spotify; Jennifer Strejevitch, Condé Nast; Kasper Nissen, Lunar; & Cheryl Hung, Cloud Native Computing Foundation
This panel brings together engineers from the CNCF End User Community to provide their insights on the journey their respective companies have undergone in their transformation to Cloud Native. Each End User member company will discuss their Cloud Native principles and what has worked along with what has not worked. Topics will include operational best practices, developer experience, CNCF projects evaluated and implemented, and vendor management along with the lessons learned along the journey.
https://sched.co/ZeqU
- 6 participants
- 45 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel: Kubernetes and Cloud Native Security: A State of the Union - Rags Srinivas, InfoQ; Gareth Rushgrove, Snyk; Kirsten Newcomer, Red Hat; Scott Coulton, Microsoft; & Phil Estes, IBM
With the advent of Containers, Kubernetes and microservices, and platforms that build on it, like Helm, openshift, Istio, etc. the attack surfaces have increased and that necessitates a more holistic and disciplined approach towards security. While there is a lot of FUD around cloud native security in general there are approaches to harden security during development and deployment today. This panel, intended for developers and devops audience will look at the cloud native, containers and Kubernetes security ecosystem. Attendees will walk away with a better understanding of the challenges of some of the tools for the trade and how to overcome some of the security gaps that exist today.
https://sched.co/ZeqF
Panel: Kubernetes and Cloud Native Security: A State of the Union - Rags Srinivas, InfoQ; Gareth Rushgrove, Snyk; Kirsten Newcomer, Red Hat; Scott Coulton, Microsoft; & Phil Estes, IBM
With the advent of Containers, Kubernetes and microservices, and platforms that build on it, like Helm, openshift, Istio, etc. the attack surfaces have increased and that necessitates a more holistic and disciplined approach towards security. While there is a lot of FUD around cloud native security in general there are approaches to harden security during development and deployment today. This panel, intended for developers and devops audience will look at the cloud native, containers and Kubernetes security ecosystem. Attendees will walk away with a better understanding of the challenges of some of the tools for the trade and how to overcome some of the security gaps that exist today.
https://sched.co/ZeqF
- 5 participants
- 42 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel: Navigating Your Career in Open Source - Megan Bigelow & Rachel Leekin, VMware; James Munnelly, Independent; Ria Bhatia, Independent; & Faz Sadeghi, Red Hat
The goal of this panel is to share with a broad audience that it does not require a singular path or skill-set to arrive into this space. Additionally, everyone sitting on this panel has access and privilege that must be acknowledged, so we will also dive into what they are doing personally, with this access, to effect positive change within their sphere of influence and how others can do the same. Panelists will engage in an honest discussion framed by the following questions: Discuss your career journey, how did you get where you are? Where do you think you got help in getting where you are? What personal steps are you taking to ensure open source, and particularly Kubernetes, is a community that has opportunities for a broader audience (read: those outside of dominant culture)? What’s one key piece of information you want the audience to take away from this talk?
https://sched.co/Zes2
Panel: Navigating Your Career in Open Source - Megan Bigelow & Rachel Leekin, VMware; James Munnelly, Independent; Ria Bhatia, Independent; & Faz Sadeghi, Red Hat
The goal of this panel is to share with a broad audience that it does not require a singular path or skill-set to arrive into this space. Additionally, everyone sitting on this panel has access and privilege that must be acknowledged, so we will also dive into what they are doing personally, with this access, to effect positive change within their sphere of influence and how others can do the same. Panelists will engage in an honest discussion framed by the following questions: Discuss your career journey, how did you get where you are? Where do you think you got help in getting where you are? What personal steps are you taking to ensure open source, and particularly Kubernetes, is a community that has opportunities for a broader audience (read: those outside of dominant culture)? What’s one key piece of information you want the audience to take away from this talk?
https://sched.co/Zes2
- 5 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel: Security Is Not A Unicorn - Jay Beale, InGuardians; Marlow Weston, Intel; Trupti Shiralkar, Illumio; Aeva Black & Sarah Young, Microsoft
Do you have to trade performance for security? Panelists will gather to discuss whether current kubernetes security best practices are at odds with the architectural requirements of heavy computational workloads such as those in machine learning or High-Performance Computing (HPC). The panelists will discuss where the bottlenecks are, what security risks are known, and what industry tools are used to address these issues. The panelists will also draw comparisons to more traditional HPC-style workloads and see what lessons can be drawn from that stalwart legacy. The panel will be moderated by Jay Beale, CTO of InGuardians, who co-leads the Kubernetes project’s third party security audit working group.
https://sched.co/Zerz
Panel: Security Is Not A Unicorn - Jay Beale, InGuardians; Marlow Weston, Intel; Trupti Shiralkar, Illumio; Aeva Black & Sarah Young, Microsoft
Do you have to trade performance for security? Panelists will gather to discuss whether current kubernetes security best practices are at odds with the architectural requirements of heavy computational workloads such as those in machine learning or High-Performance Computing (HPC). The panelists will discuss where the bottlenecks are, what security risks are known, and what industry tools are used to address these issues. The panelists will also draw comparisons to more traditional HPC-style workloads and see what lessons can be drawn from that stalwart legacy. The panel will be moderated by Jay Beale, CTO of InGuardians, who co-leads the Kubernetes project’s third party security audit working group.
https://sched.co/Zerz
- 5 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Performance Optimization – Rook on Kubernetes - Mark Darnell & Ryan Tidwell, SUSE
Storage systems like Ceph require maximum performance from their underlying platforms, historically relying on custom silicon or bare metal access. Rook, a containerization of Ceph, will potentially require optimization of the network stack in order to match Ceph’s bare-metal performance capabilities. Join us as we walk the audience through the measurement, discover, and optimization processes, leveraging different architectures and CNI plugins to optimize Rook/Ceph on K8s.
https://sched.co/ZekO
Performance Optimization – Rook on Kubernetes - Mark Darnell & Ryan Tidwell, SUSE
Storage systems like Ceph require maximum performance from their underlying platforms, historically relying on custom silicon or bare metal access. Rook, a containerization of Ceph, will potentially require optimization of the network stack in order to match Ceph’s bare-metal performance capabilities. Join us as we walk the audience through the measurement, discover, and optimization processes, leveraging different architectures and CNI plugins to optimize Rook/Ceph on K8s.
https://sched.co/ZekO
- 2 participants
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Predictable Performance Through Prometheus and Topology Aware Scheduling - Killian Muldoon, Intel & Tom Golway, Hewlett Packard Enterprise
The Kubernetes scheduler does an excellent job scheduling cloud native workloads but the same isn’t true for performance sensitive workloads. Scheduling based on Topology of hardware resources is currently impossible due to the scheduler’s lack of knowledge of node topology. Resulting performance is less predictable, and advanced scheduling strategies – such as trait based placement– are blocked. Topology Manager in kubelet aligns topology-based resource allocations from CPU and Device Manager but only after workloads are scheduled. With Observability tools becoming popular we solve this problem using Prometheus and custom scheduling enhancements. The focus of this talk is Topology Aware Scheduling and we discuss how exposing cluster level topology to the scheduler, and using Prometheus to track NUMA topology related metrics, enhances the default scheduler, empowering it to proactively use node level topology to make intelligent NUMA aware placement decisions leading to more effective cluster wide performance of workloads.
https://sched.co/ZeqI
Predictable Performance Through Prometheus and Topology Aware Scheduling - Killian Muldoon, Intel & Tom Golway, Hewlett Packard Enterprise
The Kubernetes scheduler does an excellent job scheduling cloud native workloads but the same isn’t true for performance sensitive workloads. Scheduling based on Topology of hardware resources is currently impossible due to the scheduler’s lack of knowledge of node topology. Resulting performance is less predictable, and advanced scheduling strategies – such as trait based placement– are blocked. Topology Manager in kubelet aligns topology-based resource allocations from CPU and Device Manager but only after workloads are scheduled. With Observability tools becoming popular we solve this problem using Prometheus and custom scheduling enhancements. The focus of this talk is Topology Aware Scheduling and we discuss how exposing cluster level topology to the scheduler, and using Prometheus to track NUMA topology related metrics, enhances the default scheduler, empowering it to proactively use node level topology to make intelligent NUMA aware placement decisions leading to more effective cluster wide performance of workloads.
https://sched.co/ZeqI
- 2 participants
- 21 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Progressive Delivery in Kubernetes - Carlos Sanchez, Adobe & Viktor Farcic, CloudBees
Progressive Delivery makes it easier to adopt Continuous Delivery, by deploying new versions to a subset of users and evaluating their correctness and performance before rolling them to the totality of the users, and rolled back if not matching some key metrics. Canary deployments is one of the techniques in Progressive Delivery, used in companies like Facebook to roll out new versions gradually. But good news! you don't need to be Facebook to take advantage of it. We will demo how to create a fully automated Progressive Delivery pipeline with Canary deployments and rollbacks in Kubernetes using Jenkins X, an open source platform for cloud native CI/CD in Kubernetes, and Flagger, a project that uses Prometheus and your service mesh of choice to automate Canary rollouts and rollbacks.
https://sched.co/ZesH
Progressive Delivery in Kubernetes - Carlos Sanchez, Adobe & Viktor Farcic, CloudBees
Progressive Delivery makes it easier to adopt Continuous Delivery, by deploying new versions to a subset of users and evaluating their correctness and performance before rolling them to the totality of the users, and rolled back if not matching some key metrics. Canary deployments is one of the techniques in Progressive Delivery, used in companies like Facebook to roll out new versions gradually. But good news! you don't need to be Facebook to take advantage of it. We will demo how to create a fully automated Progressive Delivery pipeline with Canary deployments and rollbacks in Kubernetes using Jenkins X, an open source platform for cloud native CI/CD in Kubernetes, and Flagger, a project that uses Prometheus and your service mesh of choice to automate Canary rollouts and rollbacks.
https://sched.co/ZesH
- 2 participants
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Prometheus Deep Dive - Goutham Veeramachaneni, Grafana Labs & Bartłomiej Płotka, Red Hat
The Prometheus deep-dive will present advanced use cases, in particular how to run and scale up a vanilla Prometheus setup for large organizations. A number of Prometheus maintainers will be around for the Q&A.
https://sched.co/Zey2
Prometheus Deep Dive - Goutham Veeramachaneni, Grafana Labs & Bartłomiej Płotka, Red Hat
The Prometheus deep-dive will present advanced use cases, in particular how to run and scale up a vanilla Prometheus setup for large organizations. A number of Prometheus maintainers will be around for the Q&A.
https://sched.co/Zey2
- 2 participants
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Prometheus Introduction - Julius Volz, Prometheus
Prometheus is an open-source monitoring system and time series database. It features a multi-dimensional data model with a powerful query language and integrates many aspects of systems and service monitoring: from the instrumentation of services over the collection and storage of metrics data, all the way to dashboarding and alerting. Native support for various service discovery mechanisms also make it particularly suitable for dynamic cloud-based environments like Kubernetes. In the introduction, Prometheus co-founder Julius Volz explains the architecture of Prometheus and highlights its key features.
https://sched.co/Zex4
Prometheus Introduction - Julius Volz, Prometheus
Prometheus is an open-source monitoring system and time series database. It features a multi-dimensional data model with a powerful query language and integrates many aspects of systems and service monitoring: from the instrumentation of services over the collection and storage of metrics data, all the way to dashboarding and alerting. Native support for various service discovery mechanisms also make it particularly suitable for dynamic cloud-based environments like Kubernetes. In the introduction, Prometheus co-founder Julius Volz explains the architecture of Prometheus and highlights its key features.
https://sched.co/Zex4
- 1 participant
- 50 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Provider vSphere: All Things vSphere Working Group - David vonThenen, VMware
Cloud Providers and CSI drivers have reached the mainstream Kubernetes community. Members within the community are deploying persistent stateful applications on Kubernetes clusters both in the cloud and on-premises in production environments. A lot of the design and planning effort architecting these deployments has been through a significant amount of trial and error and painful iteration. The discussion in this session will address various deployment strategies on VMware infrastructure to make your clusters run smoothly, efficiently and more importantly... stress-free. Some topics that will be discussed: - Brief vSphere subproject updates and housekeeping - Cloud Provider (CPI) and CSI driver basics - Discuss multi-tenancy and role-based access introduced in CPI v1.1.0 - Deployment recommendations/strategies for large and multi-tenant environments These topics will be facilitated via a demonstration to help encourage and support discussion with attendees.
https://sched.co/ZevZ
Provider vSphere: All Things vSphere Working Group - David vonThenen, VMware
Cloud Providers and CSI drivers have reached the mainstream Kubernetes community. Members within the community are deploying persistent stateful applications on Kubernetes clusters both in the cloud and on-premises in production environments. A lot of the design and planning effort architecting these deployments has been through a significant amount of trial and error and painful iteration. The discussion in this session will address various deployment strategies on VMware infrastructure to make your clusters run smoothly, efficiently and more importantly... stress-free. Some topics that will be discussed: - Brief vSphere subproject updates and housekeeping - Cloud Provider (CPI) and CSI driver basics - Discuss multi-tenancy and role-based access introduced in CPI v1.1.0 - Deployment recommendations/strategies for large and multi-tenant environments These topics will be facilitated via a demonstration to help encourage and support discussion with attendees.
https://sched.co/ZevZ
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Public Technical Oversight Committee (TOC) Meeting – Liz Rice, Aqua Security; Katie Gamanji, American Express; Saad Ali, Google; Justin Cormack, Docker; Michelle Noorali, Microsoft; Sheng Liang, Rancher; Matt Klein, Lyft
The Technical Oversight Committee (TOC) provides technical leadership to the cloud-native community. The CNCF will host a public TOC meeting, inviting the community to discuss various agenda items along with holding an open Q&A for the community with TOC members.
https://sched.co/aqUY
Public Technical Oversight Committee (TOC) Meeting – Liz Rice, Aqua Security; Katie Gamanji, American Express; Saad Ali, Google; Justin Cormack, Docker; Michelle Noorali, Microsoft; Sheng Liang, Rancher; Matt Klein, Lyft
The Technical Oversight Committee (TOC) provides technical leadership to the cloud-native community. The CNCF will host a public TOC meeting, inviting the community to discuss various agenda items along with holding an open Q&A for the community with TOC members.
https://sched.co/aqUY
- 9 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Reimagining the Worldwide LHC Computing Grid on Kubernetes - Lukas Heinrich, CERN & Alessandra Forti, University of Manchester
At CERN, the home of the web, the Large Hadron Collider at CERN hosts some of the largest physics experiments ever constructed. The distributed infrastructure built over the last 20 years -- the World-wide LHC computing grid (WLCG) would today be described a federated, multi-cloud and multi-cluster deployment, mostly made up of a diverse set of research institute batch systems deployed on bare-metal or VMs. The rise of containers is an opportunity to reimagine the WLCG deployed on Kubernetes. In this talk we will cover how we leverage CNCF tools in this transition. Using e.g. containerd snapshotters for worldwide image distribution, Helm GitOps for reproducible configuration of multi-cluster setups and our deployment of services and batch workloads in that system. In a demo, we will deploy a member of the federation which will then receive workloads to analyze subatomic collision data.
https://sched.co/Zetd
Reimagining the Worldwide LHC Computing Grid on Kubernetes - Lukas Heinrich, CERN & Alessandra Forti, University of Manchester
At CERN, the home of the web, the Large Hadron Collider at CERN hosts some of the largest physics experiments ever constructed. The distributed infrastructure built over the last 20 years -- the World-wide LHC computing grid (WLCG) would today be described a federated, multi-cloud and multi-cluster deployment, mostly made up of a diverse set of research institute batch systems deployed on bare-metal or VMs. The rise of containers is an opportunity to reimagine the WLCG deployed on Kubernetes. In this talk we will cover how we leverage CNCF tools in this transition. Using e.g. containerd snapshotters for worldwide image distribution, Helm GitOps for reproducible configuration of multi-cluster setups and our deployment of services and batch workloads in that system. In a demo, we will deploy a member of the federation which will then receive workloads to analyze subatomic collision data.
https://sched.co/Zetd
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Rook Deep Dive: Ceph - Travis Nielsen & Sebastien Han, Red Hat
In this talk, a deep-dive will be presented for the Ceph storage provider. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. Rook is run today in many production environments, providing a stable storage platform for your data. The architecture and recent improvements will be show how Rook provides the Ceph management layer for production environments. Rook was accepted as the first storage project hosted by the Cloud Native Computing Foundation in January 2018.
https://sched.co/Zey5
Rook Deep Dive: Ceph - Travis Nielsen & Sebastien Han, Red Hat
In this talk, a deep-dive will be presented for the Ceph storage provider. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. Rook is run today in many production environments, providing a stable storage platform for your data. The architecture and recent improvements will be show how Rook provides the Ceph management layer for production environments. Rook was accepted as the first storage project hosted by the Cloud Native Computing Foundation in January 2018.
https://sched.co/Zey5
- 2 participants
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Running K3s, Lightweight Kubernetes, in Production for the Edge and Beyond - Darren Shepherd, Rancher
Within the short year since announcing k3s, the CNCF certified lightweight Kubernetes distribution, users have quickly put k3s into production in edge, on-premises, cloud, and pipeline use cases. In this presentation Darren Shepherd, the creator of k3s, will cover different strategies of running k3s and how they map to different use cases. Use cases range from thousands of clusters on the edge, to fast ephemeral clusters to power your pipeline, to running AI workloads, and much more.
https://sched.co/Zeo7
Running K3s, Lightweight Kubernetes, in Production for the Edge and Beyond - Darren Shepherd, Rancher
Within the short year since announcing k3s, the CNCF certified lightweight Kubernetes distribution, users have quickly put k3s into production in edge, on-premises, cloud, and pipeline use cases. In this presentation Darren Shepherd, the creator of k3s, will cover different strategies of running k3s and how they map to different use cases. Use cases range from thousands of clusters on the edge, to fast ephemeral clusters to power your pipeline, to running AI workloads, and much more.
https://sched.co/Zeo7
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Running SPIRE In Large Scale, Enterprise-Grade Environments - Andrew Harding, HPE
SPIRE started as the reference implementation of SPIFFE back in 2017, and is now part of the core security architecture of many large enterprises. That means it has to be flexible and reliable in a wide variety of deployment scenarios. We’ll discuss the practical logistics of running SPIRE in a large enterprise: high availability, nested deployment for multiple availability zones, integration with upstream certificate authorities, observability, and monitoring. This talk will be useful for anyone who is already using SPIRE at scale, as well as anyone who is thinking about using SPIRE and wants to know what to expect as their infrastructure grows.
https://sched.co/aDcf
Running SPIRE In Large Scale, Enterprise-Grade Environments - Andrew Harding, HPE
SPIRE started as the reference implementation of SPIFFE back in 2017, and is now part of the core security architecture of many large enterprises. That means it has to be flexible and reliable in a wide variety of deployment scenarios. We’ll discuss the practical logistics of running SPIRE in a large enterprise: high availability, nested deployment for multiple availability zones, integration with upstream certificate authorities, observability, and monitoring. This talk will be useful for anyone who is already using SPIRE at scale, as well as anyone who is thinking about using SPIRE and wants to know what to expect as their infrastructure grows.
https://sched.co/aDcf
- 1 participant
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Multicluster Intro - Jeremy Olmsted-Thompson, Google & Paul Morie, Red Hat
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud) and applications deployed across many clusters. In the introduction, we'll give attendees an overview of the current status of the multicluster problem space in Kubernetes and of the SIG. Beyond the technical details, we'll also cover the results of an on-going survey to gather feedback relevant to and assess adoption of the current SIG subprojects. Finally, we'll also be soliciting additional feedback from the community about the SIG's current efforts and future direction. This session will mostly be an open dialog; attendees will have the opportunity to ask questions in person as well as leave survey responses that the SIG will use to plan next steps.
https://sched.co/Zew0
SIG Multicluster Intro - Jeremy Olmsted-Thompson, Google & Paul Morie, Red Hat
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud) and applications deployed across many clusters. In the introduction, we'll give attendees an overview of the current status of the multicluster problem space in Kubernetes and of the SIG. Beyond the technical details, we'll also cover the results of an on-going survey to gather feedback relevant to and assess adoption of the current SIG subprojects. Finally, we'll also be soliciting additional feedback from the community about the SIG's current efforts and future direction. This session will mostly be an open dialog; attendees will have the opportunity to ask questions in person as well as leave survey responses that the SIG will use to plan next steps.
https://sched.co/Zew0
- 2 participants
- 22 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Scheduling Deep Dive - Aldo Culquicondor, Google & Mike Dame, Red Hat
Kube-Scheduler is the component of Kubernetes that assigns pods to nodes based on the configured scheduling requirements. These requirements can be high availability, resource efficiency and other policies and heuristics. This talk will provide an overview of the new and upcoming features in the scheduler, including the scheduler framework, and the new component config API that enables scheduling profiles. In addition, we'll present updates on other sig-scheduling projects like the Descheduler. We will dedicate about half of the time of the presentation to audience questions and users' feedback.
https://sched.co/ZeuJ
SIG Scheduling Deep Dive - Aldo Culquicondor, Google & Mike Dame, Red Hat
Kube-Scheduler is the component of Kubernetes that assigns pods to nodes based on the configured scheduling requirements. These requirements can be high availability, resource efficiency and other policies and heuristics. This talk will provide an overview of the new and upcoming features in the scheduler, including the scheduler framework, and the new component config API that enables scheduling profiles. In addition, we'll present updates on other sig-scheduling projects like the Descheduler. We will dedicate about half of the time of the presentation to audience questions and users' feedback.
https://sched.co/ZeuJ
- 3 participants
- 38 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Service Catalog Update - Jonathan Berkhahn, IBM & Mateusz Szostok, Kyma
Service Catalog lets you provision cloud services directly fromt he comfort of native Kubernetes tooling, regardless of where the service is actually hosted. Service Catalog is a Kubernetes implementation of the Open Service Broker API, an open standard to provision and manage cloud services. In this session,t he Service Catalog leads will demo the current Service Catalog functionality, and the activities around the sub-projects. This will be followed by a deep dive into the problems we are facing and the future of the Service Catalog project. At the end of this talk, we'll also go through a short comparison between Service Catalog and operators.
https://sched.co/ZrGx
SIG Service Catalog Update - Jonathan Berkhahn, IBM & Mateusz Szostok, Kyma
Service Catalog lets you provision cloud services directly fromt he comfort of native Kubernetes tooling, regardless of where the service is actually hosted. Service Catalog is a Kubernetes implementation of the Open Service Broker API, an open standard to provision and manage cloud services. In this session,t he Service Catalog leads will demo the current Service Catalog functionality, and the activities around the sub-projects. This will be followed by a deep dive into the problems we are facing and the future of the Service Catalog project. At the end of this talk, we'll also go through a short comparison between Service Catalog and operators.
https://sched.co/ZrGx
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Usability: Unifying the Experience for the Kubernetes User - Gaby Moreno Cesar, IBM & Pamel Shinh , VMware
SIG Usability is focused on the core end-user usability of the Kubernetes project. This includes efforts in user research, internationalization, and accessibility. We will be going over some of the SIG's initiatives, opportunities to get involved, as well as diving into the topic of what makes up a usability contribution? Pulling from the field of cognitive science, we will present some well-established usability and software experience principles that both code and non-code contributors can use to expand the types of contributions they make to open source projects.
https://sched.co/Zeue
SIG Usability: Unifying the Experience for the Kubernetes User - Gaby Moreno Cesar, IBM & Pamel Shinh , VMware
SIG Usability is focused on the core end-user usability of the Kubernetes project. This includes efforts in user research, internationalization, and accessibility. We will be going over some of the SIG's initiatives, opportunities to get involved, as well as diving into the topic of what makes up a usability contribution? Pulling from the field of cognitive science, we will present some well-established usability and software experience principles that both code and non-code contributors can use to expand the types of contributions they make to open source projects.
https://sched.co/Zeue
- 2 participants
- 17 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-CLI - Open Doors - Maciej Szulik, Red Hat
This session is intended for all interested in what SIG-CLI is and what it does. Whether you're fresh to Kubernetes or an old-timer you are more than welcome. This session will be fully interactive, and its contents will entirely rely on the expectations of the attendees. Topics will include, but are not limitted to: - Kubectl code tour which will provide basic knowledge for working on kubectl itself, as well as how to write kubectl plugins. - The main initiatives SIG-CLI is undertaking (splitting kubectl out of main Kubernetes repository, plugins - its development and management, resource configuration with kustomize, dynamic commands, etc.) - Gathering feedback and discussing problems people struggle the most with kubectl.
https://sched.co/Zeu4
SIG-CLI - Open Doors - Maciej Szulik, Red Hat
This session is intended for all interested in what SIG-CLI is and what it does. Whether you're fresh to Kubernetes or an old-timer you are more than welcome. This session will be fully interactive, and its contents will entirely rely on the expectations of the attendees. Topics will include, but are not limitted to: - Kubectl code tour which will provide basic knowledge for working on kubectl itself, as well as how to write kubectl plugins. - The main initiatives SIG-CLI is undertaking (splitting kubectl out of main Kubernetes repository, plugins - its development and management, resource configuration with kustomize, dynamic commands, etc.) - Gathering feedback and discussing problems people struggle the most with kubectl.
https://sched.co/Zeu4
- 1 participant
- 23 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Save Your Services from Sneaky Snoops With SPIFFE? - Daniel Feldman, Scytale
Lurking inside almost every cloud native project is a hidden threat: hardcoded credentials for services like external APIs and databases. While these credentials can be set to long random strings and encrypted, they still can be stolen by an intruder or accidentally misused by insiders. In this talk, we’ll demonstrate how to use CNCF’s SPIFFE and SPIRE Projects to securely authenticate to workloads such as PostgreSQL, MongoDB, and AWS from inside your services, all without any hardcoded credentials -- eliminating an entire class of security vulnerabilities while decreasing your work as a DevSecOps team.
https://sched.co/aDcB
Save Your Services from Sneaky Snoops With SPIFFE? - Daniel Feldman, Scytale
Lurking inside almost every cloud native project is a hidden threat: hardcoded credentials for services like external APIs and databases. While these credentials can be set to long random strings and encrypted, they still can be stolen by an intruder or accidentally misused by insiders. In this talk, we’ll demonstrate how to use CNCF’s SPIFFE and SPIRE Projects to securely authenticate to workloads such as PostgreSQL, MongoDB, and AWS from inside your services, all without any hardcoded credentials -- eliminating an entire class of security vulnerabilities while decreasing your work as a DevSecOps team.
https://sched.co/aDcB
- 1 participant
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling Kubernetes Networking Beyond 100k Endpoints - Rob Scott & Minhan Xia, Google
As Kubernetes continues to grow, scalability is increasingly important. One of the key bottlenecks that emerged as clusters got larger was related to network endpoints. They became quite slow at scale, and had limitations preventing them from growing beyond approximately 5,000 endpoints per Service. In this talk, Rob will show how the scalability of network endpoints has been dramatically increased in Kubernetes. He’ll cover the design and implementation of EndpointSlices, along with the impact they’ve had. He’ll walk through the process of profiling key components in the Kubernetes codebase to identify areas that could be optimized. Finally, he’ll show how all this work has improved Kubernetes network scalability, including real world performance metrics from large clusters with over 100,000 endpoints.
https://sched.co/Zeta
Scaling Kubernetes Networking Beyond 100k Endpoints - Rob Scott & Minhan Xia, Google
As Kubernetes continues to grow, scalability is increasingly important. One of the key bottlenecks that emerged as clusters got larger was related to network endpoints. They became quite slow at scale, and had limitations preventing them from growing beyond approximately 5,000 endpoints per Service. In this talk, Rob will show how the scalability of network endpoints has been dramatically increased in Kubernetes. He’ll cover the design and implementation of EndpointSlices, along with the impact they’ve had. He’ll walk through the process of profiling key components in the Kubernetes codebase to identify areas that could be optimized. Finally, he’ll show how all this work has improved Kubernetes network scalability, including real world performance metrics from large clusters with over 100,000 endpoints.
https://sched.co/Zeta
- 2 participants
- 38 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling Prometheus: How We Got Some Thanos Into Cortex - Thor Hansen, HashiCorp & Marco Pracucci, Grafana Labs
Cortex is a long term storage for Prometheus, designed for scalability, multi-tenancy and high-availability. It can reliably ingest and query millions of time series per second with sub-second latency. The current storage design uses a NoSQL store to index series and an object store for compressed time series data - two dependencies, and one with significant cost implications. In this talk we will show the new experimental Cortex blocks storage, based on Thanos and Prometheus TSDB, aiming to reduce the Cortex operational cost without compromising scalability and performances. We’ll cover the trade-off between the standard chunks storage and the new blocks storage, and share lessons learned running Cortex at scale. Cortex is a CNCF sandbox project.
https://sched.co/Zeuw
Scaling Prometheus: How We Got Some Thanos Into Cortex - Thor Hansen, HashiCorp & Marco Pracucci, Grafana Labs
Cortex is a long term storage for Prometheus, designed for scalability, multi-tenancy and high-availability. It can reliably ingest and query millions of time series per second with sub-second latency. The current storage design uses a NoSQL store to index series and an object store for compressed time series data - two dependencies, and one with significant cost implications. In this talk we will show the new experimental Cortex blocks storage, based on Thanos and Prometheus TSDB, aiming to reduce the Cortex operational cost without compromising scalability and performances. We’ll cover the trade-off between the standard chunks storage and the new blocks storage, and share lessons learned running Cortex at scale. Cortex is a CNCF sandbox project.
https://sched.co/Zeuw
- 2 participants
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling Telepresence Across Your Organization - Abhay Saxena, Datawire
Adopting Kubernetes often forces tradeoffs related to your cloud native software development lifecycle, particularly in relation to the inner development and debugging loops. End-to-end verification of a system consisting of 10+ microservices is simply not possible, so many developers use the CNCF-hosted Telepresence two-way proxy to solve this problem. This works very well, individually. But how do you scale these strategies across a whole organization? Learn from the experiences of the primary Telepresence maintainer: - Watch a demonstration of how Telepresence swap deployment does a good job for one developer who owns a cluster - Learn how this can be scaled with multiple clusters and namespaces, and understand the tradeoffs of this approach - Explore how the new Telepresence intercept enables a larger team to work together without needing multiple clusters and namespaces
https://sched.co/Zetp
Scaling Telepresence Across Your Organization - Abhay Saxena, Datawire
Adopting Kubernetes often forces tradeoffs related to your cloud native software development lifecycle, particularly in relation to the inner development and debugging loops. End-to-end verification of a system consisting of 10+ microservices is simply not possible, so many developers use the CNCF-hosted Telepresence two-way proxy to solve this problem. This works very well, individually. But how do you scale these strategies across a whole organization? Learn from the experiences of the primary Telepresence maintainer: - Watch a demonstration of how Telepresence swap deployment does a good job for one developer who owns a cluster - Learn how this can be scaled with multiple clusters and namespaces, and understand the tradeoffs of this approach - Explore how the new Telepresence intercept enables a larger team to work together without needing multiple clusters and namespaces
https://sched.co/Zetp
- 1 participant
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Seccomp Security Profiles and You: A Practical Guide - Duffie Cooley, VMware
Have you wondered what a seccomp security profile is, and how it relates to Linux Capabilities? Folks often dismiss seccomp profiles and Capabilities as a way of hardening applications as it is too difficult to determine what syscalls are in use by a given application. In this session we will explore a couple of tools designed to make this more approachable. Dockersl.im is an opensource project that can take a Dockerfile and an image and produce a smaller image containing only the necessary bits, a seccomp security profile derived from the system calls the application made while under test. Inspektor Gadget is an opensource project by the folks at kinvolk that enables to make use of BPF to inspect a number of things about pods that are deployed. Providing better visibility into what pods are accessing from a syscall and filesystem perspective. Come learn about these super powers!
https://sched.co/ZetL
Seccomp Security Profiles and You: A Practical Guide - Duffie Cooley, VMware
Have you wondered what a seccomp security profile is, and how it relates to Linux Capabilities? Folks often dismiss seccomp profiles and Capabilities as a way of hardening applications as it is too difficult to determine what syscalls are in use by a given application. In this session we will explore a couple of tools designed to make this more approachable. Dockersl.im is an opensource project that can take a Dockerfile and an image and produce a smaller image containing only the necessary bits, a seccomp security profile derived from the system calls the application made while under test. Inspektor Gadget is an opensource project by the folks at kinvolk that enables to make use of BPF to inspect a number of things about pods that are deployed. Providing better visibility into what pods are accessing from a syscall and filesystem perspective. Come learn about these super powers!
https://sched.co/ZetL
- 1 participant
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Securing Container Delivery with TUF - Lukas Puehringer, NYU
One of the most pressing security problems in cloud native is the secure delivery of container images. Common solutions addressing this problem live under the assumption that a signing key, used to protect an artifact or its distribution, is kept safe. But time has shown again and again that this assumption is faulty, and that a single key loss or compromise can cause enormous damage. That is why The Update Framework (TUF) was designed not only to prevent and detect attacks, but also with risk mitigation (reducing the damage from a successful attack) as a core principle. Being the first security-focused project to graduate in the CNCF, TUF is widely used both in and outside of the cloud ecosystem. In this talk we will describe the basic architecture of TUF including how TUF protects against a variety of real-world attacks on any software distribution infrastructure. We will show how even if an organization makes a security error (a server is hacked, a private key is checked into github, etc.), TUF can bring a repository back into a secure state.
https://sched.co/ZexA
Securing Container Delivery with TUF - Lukas Puehringer, NYU
One of the most pressing security problems in cloud native is the secure delivery of container images. Common solutions addressing this problem live under the assumption that a signing key, used to protect an artifact or its distribution, is kept safe. But time has shown again and again that this assumption is faulty, and that a single key loss or compromise can cause enormous damage. That is why The Update Framework (TUF) was designed not only to prevent and detect attacks, but also with risk mitigation (reducing the damage from a successful attack) as a core principle. Being the first security-focused project to graduate in the CNCF, TUF is widely used both in and outside of the cloud ecosystem. In this talk we will describe the basic architecture of TUF including how TUF protects against a variety of real-world attacks on any software distribution infrastructure. We will show how even if an organization makes a security error (a server is hacked, a private key is checked into github, etc.), TUF can bring a repository back into a secure state.
https://sched.co/ZexA
- 1 participant
- 21 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Securing Your Healthcare Data with OPA - Martin Pratt, Medudoc & Ash Narkar, Styra
In this talk, we will describe our “Shift Left” approach to security by using OPA to codify and enforce policies across our microservice architecture. We will focus on the design of our OPA driven application development process that allows us to define custom security policies using OPA and enforce them by injecting our apps with an Envoy sidecar resulting in policy-enabled apps that are now ready to provide least-privilege access to PHI and PII data of our users. In our demo we will show real-world examples of how we restrict access to sensitive data as well as how we control inbound and outbound traffic from our apps.
https://sched.co/ZemH
Securing Your Healthcare Data with OPA - Martin Pratt, Medudoc & Ash Narkar, Styra
In this talk, we will describe our “Shift Left” approach to security by using OPA to codify and enforce policies across our microservice architecture. We will focus on the design of our OPA driven application development process that allows us to define custom security policies using OPA and enforce them by injecting our apps with an Envoy sidecar resulting in policy-enabled apps that are now ready to provide least-privilege access to PHI and PII data of our users. In our demo we will show real-world examples of how we restrict access to sensitive data as well as how we control inbound and outbound traffic from our apps.
https://sched.co/ZemH
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Serverless Integration on Kubernetes with Apache Camel K - Nicola Ferraro, Red Hat
“Serverless” is one of the most trending paradigms for designing applications, but what most early adopters find out is that doing something more than a “Hello World!” is hard. The more your application is deconstructed into smaller pieces, the more you need better communication patterns. Real-life applications also interact with tons of external systems and managing this complexity is hard. Camel K is a lightweight integration platform for Kubernetes created specifically to address these issues. It’s based on Apache Camel, the most powerful open source integration framework, and it leverages Knative to deliver integration patterns in a serverless way. We will show how Camel K works under the hood and, with coding examples, we’ll also demonstrate how Camel K makes it easy is to connect (almost) anything using integration patterns and the 300+ components that Apache Camel provides.
https://sched.co/ZeoP
Serverless Integration on Kubernetes with Apache Camel K - Nicola Ferraro, Red Hat
“Serverless” is one of the most trending paradigms for designing applications, but what most early adopters find out is that doing something more than a “Hello World!” is hard. The more your application is deconstructed into smaller pieces, the more you need better communication patterns. Real-life applications also interact with tons of external systems and managing this complexity is hard. Camel K is a lightweight integration platform for Kubernetes created specifically to address these issues. It’s based on Apache Camel, the most powerful open source integration framework, and it leverages Knative to deliver integration patterns in a serverless way. We will show how Camel K works under the hood and, with coding examples, we’ll also demonstrate how Camel K makes it easy is to connect (almost) anything using integration patterns and the 300+ components that Apache Camel provides.
https://sched.co/ZeoP
- 1 participant
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Service Mesh and Serverless Chatbots with Linkerd, K8s and OpenFaas - Sergio Méndez, Universidad San Carlos de Guatemala
This session will present the different challenges for telco companies when they deploy support chatbots for clients, this is based on a real experience of working with chatbots in a telco company Telefónica based on Guatemala and some countries in Central America. The session also present a simple architecture, the workflow and the way to implement service mesh with Linkerd, kubernetes and Openfaas, and how they interact together to implement canary deployments to create a simple and fast strategy to manage chatbots as a serverless functions. At the end of the session the speaker present a short demo on how can implement a canary, blue/green deployments for serverless chatbots with some support intelligence. This session is the different that a previous one that i talked at Oscon 2019, there i talked about architectures here is focused on Service Mesh and Serverless implementation.
https://sched.co/Zemu
Service Mesh and Serverless Chatbots with Linkerd, K8s and OpenFaas - Sergio Méndez, Universidad San Carlos de Guatemala
This session will present the different challenges for telco companies when they deploy support chatbots for clients, this is based on a real experience of working with chatbots in a telco company Telefónica based on Guatemala and some countries in Central America. The session also present a simple architecture, the workflow and the way to implement service mesh with Linkerd, kubernetes and Openfaas, and how they interact together to implement canary deployments to create a simple and fast strategy to manage chatbots as a serverless functions. At the end of the session the speaker present a short demo on how can implement a canary, blue/green deployments for serverless chatbots with some support intelligence. This session is the different that a previous one that i talked at Oscon 2019, there i talked about architectures here is focused on Service Mesh and Serverless implementation.
https://sched.co/Zemu
- 1 participant
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Serving Trillion-Record Table on TiKV - Yi Wu, PingCAP
TiKV is a distributed, transactional key-value database that is based on the design of Google Spanner and HBase. It excels in horizontal scalability and can easily scale to 100+ terabytes of data.<br <br In this talk, Yi Wu will take a deep dive into the architecture of TiKV and the recent development of the TiKV project. Additionally, they will introduce the new Titan storage engine and multithreaded raft store introduced in TiKV 3.0 in-depth and detail how the new features helped TiDB serve 1.6 trillion rows and more than 200 terabytes of data within a single cluster.
https://sched.co/bRVh
Serving Trillion-Record Table on TiKV - Yi Wu, PingCAP
TiKV is a distributed, transactional key-value database that is based on the design of Google Spanner and HBase. It excels in horizontal scalability and can easily scale to 100+ terabytes of data.<br <br In this talk, Yi Wu will take a deep dive into the architecture of TiKV and the recent development of the TiKV project. Additionally, they will introduce the new Titan storage engine and multithreaded raft store introduced in TiKV 3.0 in-depth and detail how the new features helped TiDB serve 1.6 trillion rows and more than 200 terabytes of data within a single cluster.
https://sched.co/bRVh
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sharing Clusters: Learnings From Building a Namespace On-Demand Platform - Lukas Gentele, DevSpace Technologies Inc.
Multi-tenancy is a hot topic in the Kubernetes community right now. IT teams want to enable engineers to work in shared clusters and allow them provision namespaces on-demand whenever needed. This creates a plethora of challenges that cluster admins have to address. This case study will show how the team behind DevSpace Cloud built a public Kubernetes-Namespace-as-a-Service offering, including: - Authentication via Dex - Automatic RBAC configuration - Dynamic admission control via Open Policy Agent - On-Demand namespace provisioning via CRDs - Network isolation using network policies - Resource management using resource quotas and limit ranges - Inactivity detection and automated cleanup of abandoned namespaces - Sandboxing This talk is intended for IT teams that want to create internal Kubernetes offerings to allow engineering teams to provision namespaces in an on-demand fashion.
https://sched.co/ZeiV
Sharing Clusters: Learnings From Building a Namespace On-Demand Platform - Lukas Gentele, DevSpace Technologies Inc.
Multi-tenancy is a hot topic in the Kubernetes community right now. IT teams want to enable engineers to work in shared clusters and allow them provision namespaces on-demand whenever needed. This creates a plethora of challenges that cluster admins have to address. This case study will show how the team behind DevSpace Cloud built a public Kubernetes-Namespace-as-a-Service offering, including: - Authentication via Dex - Automatic RBAC configuration - Dynamic admission control via Open Policy Agent - On-Demand namespace provisioning via CRDs - Network isolation using network policies - Resource management using resource quotas and limit ranges - Inactivity detection and automated cleanup of abandoned namespaces - Sandboxing This talk is intended for IT teams that want to create internal Kubernetes offerings to allow engineering teams to provision namespaces in an on-demand fashion.
https://sched.co/ZeiV
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sharing Is Caring! Push Your Cloud Application to an OCI Registry - Silvin Lubecki & Djordje Lukic, Docker
Did you know that you can store anything into a container image registry? Did you ever wonder what black magic is behind multi-arch images? OCI Image specification is a standard purposely generic enough to enable use cases other than “just” container images. While working on the Cloud Native Application Bundle (CNAB) project, we built tooling to package whole applications as OCI Images so that they could be pushed to and pulled from registries. We learnt a lot doing this and would like to share with the community. During this talk, we will have a quick but in-depth view of: * The OCI Image specification and its future * How to push a multi service application to a registry * Our battle scars with the different interpretations of the OCI spec by the mainstream registries
https://sched.co/Zemr
Sharing Is Caring! Push Your Cloud Application to an OCI Registry - Silvin Lubecki & Djordje Lukic, Docker
Did you know that you can store anything into a container image registry? Did you ever wonder what black magic is behind multi-arch images? OCI Image specification is a standard purposely generic enough to enable use cases other than “just” container images. While working on the Cloud Native Application Bundle (CNAB) project, we built tooling to package whole applications as OCI Images so that they could be pushed to and pulled from registries. We learnt a lot doing this and would like to share with the community. During this talk, we will have a quick but in-depth view of: * The OCI Image specification and its future * How to push a multi service application to a registry * Our battle scars with the different interpretations of the OCI spec by the mainstream registries
https://sched.co/Zemr
- 2 participants
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Simplify Your Cloud Native Application Packaging and Deployments - Chris Crone, Docker
With so many tools for declaring and deploying applications, developing cloud native apps can get complicated quickly. Single container images can be built and shared with a registry, but what about multi container or other more complex applications? Using the CNAB (Cloud Native Application Bundle) specification, open source projects like Docker App or Porter allow you to package apps that would normally require multiple tools like Terraform, Helm, and shell to deploy - into a single tooling agnostic packaging format. These packages can then be shared using existing container registries and used with other CNAB compliant tools. In this talk, Chris Crone, co-executive director of the CNAB project, will share how to simplify cloud native development workflows using your favorite tools like Terraform, Helm and others, without requiring every developer to learn them.
https://sched.co/Zet9
Simplify Your Cloud Native Application Packaging and Deployments - Chris Crone, Docker
With so many tools for declaring and deploying applications, developing cloud native apps can get complicated quickly. Single container images can be built and shared with a registry, but what about multi container or other more complex applications? Using the CNAB (Cloud Native Application Bundle) specification, open source projects like Docker App or Porter allow you to package apps that would normally require multiple tools like Terraform, Helm, and shell to deploy - into a single tooling agnostic packaging format. These packages can then be shared using existing container registries and used with other CNAB compliant tools. In this talk, Chris Crone, co-executive director of the CNAB project, will share how to simplify cloud native development workflows using your favorite tools like Terraform, Helm and others, without requiring every developer to learn them.
https://sched.co/Zet9
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Simplifying Windows runtime and deployment in Kubernetes - Muzz Imam, Microsoft & Michael Michael, VMware
The leaders of SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This session will concentrate on presenting new features and capabilities as well as focus on advanced capabilities like Kubeadm support, ContainerD integration, and Cluster API for Windows. At the end, we will open the floor for Q&A with customers and members of the SIG-Windows community. Some familiarity with Windows on Kubernetes is required for the deep dive part since we will have an in-depth discussion on key features that are in the pipeline for Windows, explain their implementation and have a discussion on trade-offs with the community.
https://sched.co/ZeyK
Simplifying Windows runtime and deployment in Kubernetes - Muzz Imam, Microsoft & Michael Michael, VMware
The leaders of SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This session will concentrate on presenting new features and capabilities as well as focus on advanced capabilities like Kubeadm support, ContainerD integration, and Cluster API for Windows. At the end, we will open the floor for Q&A with customers and members of the SIG-Windows community. Some familiarity with Windows on Kubernetes is required for the deep dive part since we will have an in-depth discussion on key features that are in the pipeline for Windows, explain their implementation and have a discussion on trade-offs with the community.
https://sched.co/ZeyK
- 3 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Songwriter Showcase + Meet & Greet with Michael Hicks + Band
Enjoy a private songwriter showcase performance by Michael Hicks followed by a live virtual meet + greet! Hicks is a unique blend of talent and humility which is rarely found in today’s emerging talent. As an artist, writer, and performer, Hicks is revered as one of the best in the diverse Funk and Soul music scene in Nashville and beyond. His Freshman album, This Is Life, highlights the talents of his writing ability, the moral message of his music, and the production talents of both himself and James Waddell. When he’s not writing and performing his own original music, Hicks is on the road touring the world with Blues icon, Keb’ Mo. International touring has lent him years of maturity that most young artists never get to experience. This interesting blend of influences and experiences have made him “the” artist to watch in Nashville.
https://sched.co/dcPw
Songwriter Showcase + Meet & Greet with Michael Hicks + Band
Enjoy a private songwriter showcase performance by Michael Hicks followed by a live virtual meet + greet! Hicks is a unique blend of talent and humility which is rarely found in today’s emerging talent. As an artist, writer, and performer, Hicks is revered as one of the best in the diverse Funk and Soul music scene in Nashville and beyond. His Freshman album, This Is Life, highlights the talents of his writing ability, the moral message of his music, and the production talents of both himself and James Waddell. When he’s not writing and performing his own original music, Hicks is on the road touring the world with Blues icon, Keb’ Mo. International touring has lent him years of maturity that most young artists never get to experience. This interesting blend of influences and experiences have made him “the” artist to watch in Nashville.
https://sched.co/dcPw
- 3 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Speed Racer: Local Persistent Volumes in Production - Matt Schallert, Chronosphere
Local Persistent Volumes are a powerful feature of Kubernetes, enabling users to build and operate high-performance stateful systems in their clusters and bridging the storage gap for on-premise users. However, their usage comes with subtle pitfalls that users may not be aware of, and understanding of these aspects is key to a seamless production experience. In this talk, Matt will share best practices and how-to’s for local volumes based on experience running them in production since their alpha release. He will cover topics such as in-cluster volume provisioning, best practices not obvious from Kubernetes documentation, and cloud provider-specific local disk behavior. The audience will walk away with a better understanding of the tradeoffs of local volumes and how to leverage them in their workloads, concrete tips for avoiding common mistakes, and day-two operational best practices.
https://sched.co/ZenO
Speed Racer: Local Persistent Volumes in Production - Matt Schallert, Chronosphere
Local Persistent Volumes are a powerful feature of Kubernetes, enabling users to build and operate high-performance stateful systems in their clusters and bridging the storage gap for on-premise users. However, their usage comes with subtle pitfalls that users may not be aware of, and understanding of these aspects is key to a seamless production experience. In this talk, Matt will share best practices and how-to’s for local volumes based on experience running them in production since their alpha release. He will cover topics such as in-cluster volume provisioning, best practices not obvious from Kubernetes documentation, and cloud provider-specific local disk behavior. The audience will walk away with a better understanding of the tradeoffs of local volumes and how to leverage them in their workloads, concrete tips for avoiding common mistakes, and day-two operational best practices.
https://sched.co/ZenO
- 1 participant
- 24 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SpoK - Running Big Data Applications @ Scale on K8s - Srivathsan Canchi & Nagaraj Janardhana, Intuit
At Intuit, customer data sets are growing exponentially with the growth of the business and the capabilities offered. Processing this data and making it available for downstream applications such as ML, Analytics, Exploration etc. is crucial. Following the trend of running the services workload on Kubernetes, we built a data processing platform with Spark on Kubernetes as the backbone. This allowed us to reap all the benefits of well established processes for CI/CD, security and cluster management. With these we were able to reduce the cost footprint of our data processing jobs by 30%, while simultaneously increasing the speed to production.
https://sched.co/ZepB
SpoK - Running Big Data Applications @ Scale on K8s - Srivathsan Canchi & Nagaraj Janardhana, Intuit
At Intuit, customer data sets are growing exponentially with the growth of the business and the capabilities offered. Processing this data and making it available for downstream applications such as ML, Analytics, Exploration etc. is crucial. Following the trend of running the services workload on Kubernetes, we built a data processing platform with Spark on Kubernetes as the backbone. This allowed us to reap all the benefits of well established processes for CI/CD, security and cluster management. With these we were able to reduce the cost footprint of our data processing jobs by 30%, while simultaneously increasing the speed to production.
https://sched.co/ZepB
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sponsored Keynote: Cloud Native is Edge Native Too! - Dr. Thomas Di Giacomo, President of Engineering and Innovation, SUSE
We all know that the cloud is a great place to run cloud native applications, but that’s really just the beginning of the story. Cloud native is as much about how we deliver applications as it is about where we run them, whether that’s in the datacenter, in the cloud, or at the edge. In fact, edge computing is one area where cloud native technologies can be, and are being, especially well applied. In this talk I will highlight some exciting work being done in CNCF community projects to adapt cloud native technologies for edge use cases, including how they connect edge and cloud to enable edge computing solutions. With these advancements we can employ cloud native technologies to work in ways that are not merely cloud agnostic, but are also edge agnostic.
https://sched.co/ZfHL
Sponsored Keynote: Cloud Native is Edge Native Too! - Dr. Thomas Di Giacomo, President of Engineering and Innovation, SUSE
We all know that the cloud is a great place to run cloud native applications, but that’s really just the beginning of the story. Cloud native is as much about how we deliver applications as it is about where we run them, whether that’s in the datacenter, in the cloud, or at the edge. In fact, edge computing is one area where cloud native technologies can be, and are being, especially well applied. In this talk I will highlight some exciting work being done in CNCF community projects to adapt cloud native technologies for edge use cases, including how they connect edge and cloud to enable edge computing solutions. With these advancements we can employ cloud native technologies to work in ways that are not merely cloud agnostic, but are also edge agnostic.
https://sched.co/ZfHL
- 1 participant
- 6 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sponsored Keynote: Happy Birthday, Open Container Initiative: Here’s to 5 Years of Collaborative Innovation - Sally Ann O'Malley, Software Engineer, & Urvashi Mohnani, Software Engineer, Red Hat
Five years ago, the Open Container Initiative (OCI) was formed under the Linux Foundation to provide vendor-neutral open governance standards for container runtimes and image formats. This has fueled cloud-native innovation and has led the Cloud Native Computing Foundation (CNCF) to where it is today. In this talk, we will highlight some of the critical decision points in OCI's evolution and forecast how Red Hat is collaborating with and empowering the OCI and CNCF communities.
https://sched.co/ZfHO
Sponsored Keynote: Happy Birthday, Open Container Initiative: Here’s to 5 Years of Collaborative Innovation - Sally Ann O'Malley, Software Engineer, & Urvashi Mohnani, Software Engineer, Red Hat
Five years ago, the Open Container Initiative (OCI) was formed under the Linux Foundation to provide vendor-neutral open governance standards for container runtimes and image formats. This has fueled cloud-native innovation and has led the Cloud Native Computing Foundation (CNCF) to where it is today. In this talk, we will highlight some of the critical decision points in OCI's evolution and forecast how Red Hat is collaborating with and empowering the OCI and CNCF communities.
https://sched.co/ZfHO
- 2 participants
- 5 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sponsored Keynote: Keep It Simple - A Human Approach to Coping with Complexity - Hannah Foxwell, Director – Platform Services, VMware Pivotal Labs
We humans are simple creatures. Our focus is finite. Wrestling with complexity can overwhelm and demotivate even the smartest engineers, but there are ways we can make life a little easier. In this talk Hannah will propose a human approach to coping with complexity—something we all need to consider when building successful engineering teams—and will share how to begin applying user-centric design to reduce the cognitive load on developers.
https://sched.co/Zh39
Sponsored Keynote: Keep It Simple - A Human Approach to Coping with Complexity - Hannah Foxwell, Director – Platform Services, VMware Pivotal Labs
We humans are simple creatures. Our focus is finite. Wrestling with complexity can overwhelm and demotivate even the smartest engineers, but there are ways we can make life a little easier. In this talk Hannah will propose a human approach to coping with complexity—something we all need to consider when building successful engineering teams—and will share how to begin applying user-centric design to reduce the cognitive load on developers.
https://sched.co/Zh39
- 1 participant
- 5 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sponsored Keynote: Network, Please Evolve: Chapter 3, Stretching Out – Vijoy Pandey, Vice President and CTO of Cloud, Cisco
Cloud Native has become a synonym for scalable and reliable distributed applications. And a well-behaved, distributed system is synonymous with a highly-available, consumable, and composable Network. Over the past 2 chapters of our evolutionary tale, we have discussed the need for the Network to evolve beyond the 35-year old concepts that still define it to this day. And we have demonstrated, through a real-world database (Vitess) use case, the developmental and operational power and simplicity this new paradigm delivers. In this new Chapter, we will discuss how we can stretch these capabilities all the way into the enterprise, edge compute location, or a branch, and show how it eases the life of a developer building a new cloud native app.
https://sched.co/ZfBq
Sponsored Keynote: Network, Please Evolve: Chapter 3, Stretching Out – Vijoy Pandey, Vice President and CTO of Cloud, Cisco
Cloud Native has become a synonym for scalable and reliable distributed applications. And a well-behaved, distributed system is synonymous with a highly-available, consumable, and composable Network. Over the past 2 chapters of our evolutionary tale, we have discussed the need for the Network to evolve beyond the 35-year old concepts that still define it to this day. And we have demonstrated, through a real-world database (Vitess) use case, the developmental and operational power and simplicity this new paradigm delivers. In this new Chapter, we will discuss how we can stretch these capabilities all the way into the enterprise, edge compute location, or a branch, and show how it eases the life of a developer building a new cloud native app.
https://sched.co/ZfBq
- 1 participant
- 8 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sponsored Keynote: The Kubernetes Effect - Igniting Transformation in Your Team - Briana Frank, Director of Product, IBM Cloud
Kubernetes and Cloud Native architecture has begun to ignite transformation within companies in every industry. Growing from that first container project, team are starting to change how they build, work, collaborate and invent. Briana Frank will share how Kubernetes is the catalyst for this enterprise transformation and how to maximize the impact for your organization.
https://sched.co/Zh36
Sponsored Keynote: The Kubernetes Effect - Igniting Transformation in Your Team - Briana Frank, Director of Product, IBM Cloud
Kubernetes and Cloud Native architecture has begun to ignite transformation within companies in every industry. Growing from that first container project, team are starting to change how they build, work, collaborate and invent. Briana Frank will share how Kubernetes is the catalyst for this enterprise transformation and how to maximize the impact for your organization.
https://sched.co/Zh36
- 1 participant
- 6 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Standardizing Applications For the Cloud at a Global Scale - Jared Watts, Upbound & Lei Zhang, Alibaba
In our rapidly maturing world of cloud native software, what exactly does it mean to be an “application”, especially as deployments become more complicated and move towards multiple clusters, regions, and even clouds at a global scale? In this talk, we will examine both the need and the benefits of a standard application definition model, as well as dive into the details of recent specific efforts in the ecosystem, such as the Open Application Model (OAM). Once an “application” has a standard definition, it becomes easier to perform powerful higher level orchestration capabilities, such as scheduling the application and all of its infrastructure dependencies across multiple environments. We will learn about how scheduling works in Kubernetes and how the principles of scheduling pods to nodes can be applied to a global scale to schedule complete applications across multiple clouds.
https://sched.co/Zesr
Standardizing Applications For the Cloud at a Global Scale - Jared Watts, Upbound & Lei Zhang, Alibaba
In our rapidly maturing world of cloud native software, what exactly does it mean to be an “application”, especially as deployments become more complicated and move towards multiple clusters, regions, and even clouds at a global scale? In this talk, we will examine both the need and the benefits of a standard application definition model, as well as dive into the details of recent specific efforts in the ecosystem, such as the Open Application Model (OAM). Once an “application” has a standard definition, it becomes easier to perform powerful higher level orchestration capabilities, such as scheduling the application and all of its infrastructure dependencies across multiple environments. We will learn about how scheduling works in Kubernetes and how the principles of scheduling pods to nodes can be applied to a global scale to schedule complete applications across multiple clouds.
https://sched.co/Zesr
- 2 participants
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Startup Containers in Lightning Speed with Lazy Image Distribution - Kohei Tokunaga, NTT
Pulling image is one of the time-consuming steps in the container startup process. The most critical factor is the current OCI Image Spec with which a container cannot be started until its all image layers are downloaded. However, most of the contents in image layers are not being used for real-world workloads. In this talk, Kohei will show state-of-the-art alternative image formats which lead to faster container startup by allowing container runtimes to start a container without waiting for all its contents to be locally available. He will also introduce CNCF containerd's fast image distribution approach "Remote Snapshotter" which leverages these formats (https://github.com/containerd/containerd/issues/3731). Finally, he will share the status of his current work on the remote snapshotter implementation and how to take advantage of the new functionality.
https://sched.co/ZepQ
Startup Containers in Lightning Speed with Lazy Image Distribution - Kohei Tokunaga, NTT
Pulling image is one of the time-consuming steps in the container startup process. The most critical factor is the current OCI Image Spec with which a container cannot be started until its all image layers are downloaded. However, most of the contents in image layers are not being used for real-world workloads. In this talk, Kohei will show state-of-the-art alternative image formats which lead to faster container startup by allowing container runtimes to start a container without waiting for all its contents to be locally available. He will also introduce CNCF containerd's fast image distribution approach "Remote Snapshotter" which leverages these formats (https://github.com/containerd/containerd/issues/3731). Finally, he will share the status of his current work on the remote snapshotter implementation and how to take advantage of the new functionality.
https://sched.co/ZepQ
- 1 participant
- 25 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
State of Kubernetes in Africa - Tunde Oladipupo, Independent & Tunde Olu-isa, VMware
As Kubernetes adoption proliferates across different continents, we want to present the state of enterprises’ and startups’ adoption of Kubernetes in African countries. We will highlight the unique set of challenges that they face during migration to Kubernetes. These enterprises are looking for ways to improve and optimize infrastructure, and adopt cloud-native technologies. Startups want to build innovations on cloud-native architecture for rapid prototyping of their products, quick scalability as their businesses grow, and cost-saving on infrastructure. In this talk, we will share the factors enabling and hindering the adoption of Kubernetes, community presence and its growth in Africa. We will share how people are contributing to Kubernetes and highlight some of the challenges they face in their journey.
https://sched.co/ZenF
State of Kubernetes in Africa - Tunde Oladipupo, Independent & Tunde Olu-isa, VMware
As Kubernetes adoption proliferates across different continents, we want to present the state of enterprises’ and startups’ adoption of Kubernetes in African countries. We will highlight the unique set of challenges that they face during migration to Kubernetes. These enterprises are looking for ways to improve and optimize infrastructure, and adopt cloud-native technologies. Startups want to build innovations on cloud-native architecture for rapid prototyping of their products, quick scalability as their businesses grow, and cost-saving on infrastructure. In this talk, we will share the factors enabling and hindering the adoption of Kubernetes, community presence and its growth in Africa. We will share how people are contributing to Kubernetes and highlight some of the challenges they face in their journey.
https://sched.co/ZenF
- 2 participants
- 31 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Stateful Serverless and the Elephant in the Room - Stephan Ewen, Ververica
Kubernetes and FaaS have solved most of the challenges of dealing with stateless applications. But when it comes to handling state, it quickly becomes “someone else's problem”. Because of that, we have struggled with the same issues of data consistency and complex failure semantics for the past decade. For stateful applications, we are still far from the smooth development and operations experience associated with serverless. Stateful Functions is a new pattern to solve this problem. It uses containerized, event-driven functions with a stream processor (Apache Flink), not a database, to manage the state and handle the messaging between functions. This talk walks through the ideas behind Stateful Functions and shows how this simple framework solves the problem of consistency and failure semantics within and across functions, at the same time staying true to the serverless experience.
https://sched.co/ZelA
Stateful Serverless and the Elephant in the Room - Stephan Ewen, Ververica
Kubernetes and FaaS have solved most of the challenges of dealing with stateless applications. But when it comes to handling state, it quickly becomes “someone else's problem”. Because of that, we have struggled with the same issues of data consistency and complex failure semantics for the past decade. For stateful applications, we are still far from the smooth development and operations experience associated with serverless. Stateful Functions is a new pattern to solve this problem. It uses containerized, event-driven functions with a stream processor (Apache Flink), not a database, to manage the state and handle the messaging between functions. This talk walks through the ideas behind Stateful Functions and shows how this simple framework solves the problem of consistency and failure semantics within and across functions, at the same time staying true to the serverless experience.
https://sched.co/ZelA
- 1 participant
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Stateless Fluentd with Kafka - Steven McDonald, Usabilla
Fluentd is typically deployed as a central aggregator to which everything sends its logs for processing and routing. This superficially simple approach was found to be inadequate at Usabilla. Errors in one part of the processing chain often had knock-on effects elsewhere, leading Usabilla's SREs to search for a more failure tolerant design. Steven will introduce the new stateless fluentd deployment at Usabilla, built around Kafka as a centralised, highly available log buffer. He will also introduce the new components that have been developed to adapt fluentd to be completely stateless, as well as how logs are reliably fed into Kafka from hosts all over the world. Finally, there will be a brief overview of the challenges still remaining.
https://sched.co/Zeik
Stateless Fluentd with Kafka - Steven McDonald, Usabilla
Fluentd is typically deployed as a central aggregator to which everything sends its logs for processing and routing. This superficially simple approach was found to be inadequate at Usabilla. Errors in one part of the processing chain often had knock-on effects elsewhere, leading Usabilla's SREs to search for a more failure tolerant design. Steven will introduce the new stateless fluentd deployment at Usabilla, built around Kafka as a centralised, highly available log buffer. He will also introduce the new components that have been developed to adapt fluentd to be completely stateless, as well as how logs are reliably fed into Kafka from hosts all over the world. Finally, there will be a brief overview of the challenges still remaining.
https://sched.co/Zeik
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Stayin' Alive: PodDisruptionBudgets for Maintenance and Upgrades - Matthew Robson, Red Hat
As we work harder to automate our clusters, it becomes more and more difficult to guarantee the availability requirements of our applications. In large clusters, operations teams may not have the insights to ensure an applications minimum capacity requirements are maintained. Without that understanding, you may inadvertently bring down or inhibit applications through routine maintenance activities. Enter the Pod Disruption Budget (PDB). Simply put, PDBs allows application owners to define the minimum requirement for a service to operate in a stable manner. In this Lightning Talk, let me walk you through the benefits, usage and implementation of PDB’s. As an attendee, you will walk away with the necessary knowledge on how to use PDBs to define enforceable operating requirements of your applications.
https://sched.co/ZemK
Stayin' Alive: PodDisruptionBudgets for Maintenance and Upgrades - Matthew Robson, Red Hat
As we work harder to automate our clusters, it becomes more and more difficult to guarantee the availability requirements of our applications. In large clusters, operations teams may not have the insights to ensure an applications minimum capacity requirements are maintained. Without that understanding, you may inadvertently bring down or inhibit applications through routine maintenance activities. Enter the Pod Disruption Budget (PDB). Simply put, PDBs allows application owners to define the minimum requirement for a service to operate in a stable manner. In this Lightning Talk, let me walk you through the benefits, usage and implementation of PDB’s. As an attendee, you will walk away with the necessary knowledge on how to use PDBs to define enforceable operating requirements of your applications.
https://sched.co/ZemK
- 1 participant
- 5 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Still Writing SQL Migrations? You Could Use A (Schema)Hero. - Marc Campbell, Replicated
Let’s talk about database schema migrations. All too often, migrations are deployed using legacy tools, or worse yet — (gasp!) manually. That’s because we write migrations the hard way, instead of simply declaring the desired state of the database. Kubernetes has proved that declarative desired state is a great idea, so why not build on top of the Kubernetes API to let the computers figure out how to write database migrations? SchemaHero is an open source Kubernetes CRD/Operator that solves database migrations. Want to add an index, or rename a column? Just kubectl apply the desired definition of a table, and the operator will take over by writing and deploying a migration. Once you stop trying to control the database and just declare the desired state, database migrations are no longer toil, but become predictable and reliable. Let the computers migrate your schema instead.
https://sched.co/Zelq
Still Writing SQL Migrations? You Could Use A (Schema)Hero. - Marc Campbell, Replicated
Let’s talk about database schema migrations. All too often, migrations are deployed using legacy tools, or worse yet — (gasp!) manually. That’s because we write migrations the hard way, instead of simply declaring the desired state of the database. Kubernetes has proved that declarative desired state is a great idea, so why not build on top of the Kubernetes API to let the computers figure out how to write database migrations? SchemaHero is an open source Kubernetes CRD/Operator that solves database migrations. Want to add an index, or rename a column? Just kubectl apply the desired definition of a table, and the operator will take over by writing and deploying a migration. Once you stop trying to control the database and just declare the desired state, database migrations are no longer toil, but become predictable and reliable. Let the computers migrate your schema instead.
https://sched.co/Zelq
- 1 participant
- 26 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Taming Data/State Challenges for ML Applications and Kubeflow - Skyler Thomas, Hewlett Packard Enterprise
The Kubeflow project brings incredibly powerful Machine Learning frameworks like TensorFlow and PyTorch to Kubernetes. The ability to parallelize training and the ability to scale workflows up and down is revolutionary. However, state and persistent storage are a much bigger challenge for machine learning workloads because of their training data, library files, and models. We will discuss what it took to create AI/ML environments running thousands of pods and that request petabytes of training data. We will explore the various state and storage challenges that crop up when you are building Kubeflow applications. We will discuss where distributed persistent storage solutions fit in the picture. We will address various storage api's including: POSIX/CSI solutions, NFS, S3, and HDFS fit into solutions. Data security and privacy issues will be discussed.
https://sched.co/Zeq3
Taming Data/State Challenges for ML Applications and Kubeflow - Skyler Thomas, Hewlett Packard Enterprise
The Kubeflow project brings incredibly powerful Machine Learning frameworks like TensorFlow and PyTorch to Kubernetes. The ability to parallelize training and the ability to scale workflows up and down is revolutionary. However, state and persistent storage are a much bigger challenge for machine learning workloads because of their training data, library files, and models. We will discuss what it took to create AI/ML environments running thousands of pods and that request petabytes of training data. We will explore the various state and storage challenges that crop up when you are building Kubeflow applications. We will discuss where distributed persistent storage solutions fit in the picture. We will address various storage api's including: POSIX/CSI solutions, NFS, S3, and HDFS fit into solutions. Data security and privacy issues will be discussed.
https://sched.co/Zeq3
- 1 participant
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Thanos: Cheap, Simple and Scalable Prometheus - Giedrius Statkevičius, Adform & Matthias Loibl, Red Hat
Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by dozens of companies that aim for high multi-cloud scale for metrics while keeping low maintenance cost. During this talk, core maintainers of Thanos will explain basic concepts behind the project, its use cases, and tradeoffs. You will learn where to start and how to quickly deploy Thanos on Kubernetes without impacting your existing Prometheus setup. This talk is recommended for those who want to know more about running highly available Prometheus setup at scale with potentially unlimited metric retention with the lowest possible effort and cost.
https://sched.co/Zevx
Thanos: Cheap, Simple and Scalable Prometheus - Giedrius Statkevičius, Adform & Matthias Loibl, Red Hat
Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by dozens of companies that aim for high multi-cloud scale for metrics while keeping low maintenance cost. During this talk, core maintainers of Thanos will explain basic concepts behind the project, its use cases, and tradeoffs. You will learn where to start and how to quickly deploy Thanos on Kubernetes without impacting your existing Prometheus setup. This talk is recommended for those who want to know more about running highly available Prometheus setup at scale with potentially unlimited metric retention with the lowest possible effort and cost.
https://sched.co/Zevx
- 2 participants
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Hidden Generics in Kubernetes' API - Eirik Albrigtsen, Babylon Health
A look into how apimachinery enforces strong conventions on kubernetes' api, how that impacts client-go, and how we can take advantage of these hidden generic properties to build an actually generic client in rust. We will go through a kubernetes Object, its generic parts as modelled via a rust Trait, and how this enables the rust compiler to automatically populate all kubernetes objects' api calls and serialization code from a single generic impl. We will also show examples on how to write single file, performant, async/await rust controllers that follow operator best practices.
https://sched.co/Zeit
The Hidden Generics in Kubernetes' API - Eirik Albrigtsen, Babylon Health
A look into how apimachinery enforces strong conventions on kubernetes' api, how that impacts client-go, and how we can take advantage of these hidden generic properties to build an actually generic client in rust. We will go through a kubernetes Object, its generic parts as modelled via a rust Trait, and how this enables the rust compiler to automatically populate all kubernetes objects' api calls and serialization code from a single generic impl. We will also show examples on how to write single file, performant, async/await rust controllers that follow operator best practices.
https://sched.co/Zeit
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Kubernetes Bug Bounty Program - What Researchers and Users Need to Know - Taahir Ahmed, Google & Reed Loden, HackerOne
In January, Kubernetes launched a bug bounty program (BBP), creating a centralized way for security researchers to report vulnerabilities they find in products in exchange for monetary rewards. Just as many organizations support open source by hiring developers, paying bug bounties directly supports security researchers. The Kubernetes BBP is particularly interesting as it’s still rare for a large scale, open-source infrastructure project to have a public BBP. In this talk, we’ll cover what a BBP is and what it means for Kubernetes. We’ll cover vendor selection for the bug bounty, defining the scope and rewards, learnings from the private beta, and what you need to know as a researcher and user today. We’ll also reiterate how the Product Security Committee responds to new vulnerabilities, so you know what’s being done to keep clusters safe.
https://sched.co/Zesx
The Kubernetes Bug Bounty Program - What Researchers and Users Need to Know - Taahir Ahmed, Google & Reed Loden, HackerOne
In January, Kubernetes launched a bug bounty program (BBP), creating a centralized way for security researchers to report vulnerabilities they find in products in exchange for monetary rewards. Just as many organizations support open source by hiring developers, paying bug bounties directly supports security researchers. The Kubernetes BBP is particularly interesting as it’s still rare for a large scale, open-source infrastructure project to have a public BBP. In this talk, we’ll cover what a BBP is and what it means for Kubernetes. We’ll cover vendor selection for the bug bounty, defining the scope and rewards, learnings from the private beta, and what you need to know as a researcher and user today. We’ll also reiterate how the Product Security Committee responds to new vulnerabilities, so you know what’s being done to keep clusters safe.
https://sched.co/Zesx
- 2 participants
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The New Stack "Pancake Breakfast": Is Kubernetes Boring Yet? What’s on Your Stack?
Kubernetes is boring and that’s a good thing. It’s what’s on top of Kubernetes that counts. So join us for a short stack with The New Stack as we ask: “What’s on your stack?” We’ll pass the virtual syrup, and talk about all that goes with Kubernetes. It may be stateless, but that also means there’s plenty of room for sides.
https://sched.co/ZfUb
The New Stack "Pancake Breakfast": Is Kubernetes Boring Yet? What’s on Your Stack?
Kubernetes is boring and that’s a good thing. It’s what’s on top of Kubernetes that counts. So join us for a short stack with The New Stack as we ask: “What’s on your stack?” We’ll pass the virtual syrup, and talk about all that goes with Kubernetes. It may be stateless, but that also means there’s plenty of room for sides.
https://sched.co/ZfUb
- 5 participants
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Past, Present, and Future of Cloud Native API Gateways - Daniel Bryant, Datawire
An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer. Join this session to learn about: - The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow - Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols - Strategies for exposing Kubernetes services and APIs at the edge of your system - A brief guide to the (potential) future of cloud native API gateways
https://sched.co/ZepZ
The Past, Present, and Future of Cloud Native API Gateways - Daniel Bryant, Datawire
An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer. Join this session to learn about: - The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow - Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols - Strategies for exposing Kubernetes services and APIs at the edge of your system - A brief guide to the (potential) future of cloud native API gateways
https://sched.co/ZepZ
- 1 participant
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Threat Modelling: Securing Kubernetes Infrastructure & Deployments - Rowan Baker, ControlPlane
Security teams are often the last to know about an installation of Kubernetes, and are frequently concerned by its adoption. They have every right to be: poorly architected clusters can easily become exposed to unexpected threats, compromised by hostile workloads, or impossible to maintain. It doesn’t have to be this way! This talk details mechanisms for architecting Kubernetes securely in regulated organisations, and shares lessons learnt threat modelling with the CNCF Financial User Group including: - How to use threat modelling to secure clusters and workloads - Real-world examples of Kubernetes deployments, and multi-tenant security architectures from financial services - Where to apply controls to layer defence in depth - Using compliance standards to satisfy security teams - How to integrate Kubernetes with a global SOC - Gotchas, common threats, and advanced mitigations
https://sched.co/Zeow
Threat Modelling: Securing Kubernetes Infrastructure & Deployments - Rowan Baker, ControlPlane
Security teams are often the last to know about an installation of Kubernetes, and are frequently concerned by its adoption. They have every right to be: poorly architected clusters can easily become exposed to unexpected threats, compromised by hostile workloads, or impossible to maintain. It doesn’t have to be this way! This talk details mechanisms for architecting Kubernetes securely in regulated organisations, and shares lessons learnt threat modelling with the CNCF Financial User Group including: - How to use threat modelling to secure clusters and workloads - Real-world examples of Kubernetes deployments, and multi-tenant security architectures from financial services - Where to apply controls to layer defence in depth - Using compliance standards to satisfy security teams - How to integrate Kubernetes with a global SOC - Gotchas, common threats, and advanced mitigations
https://sched.co/Zeow
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
TiKV: A Cloud Native Key-Value Database - Dongxu Huang & Nick Cameron, PingCAP
TiKV is a distributed Key-Value database that features in geo-replication, horizontal scalability, consistent distributed transactions, and coprocessor support. As a CNCF incubating project, TiKV has been widely used in production by over 500 companies. An adopter has even stored over 1.3 trillion rows of in TiKV. In this talk, Dongxu Huang and Nick Cameron will share the story of how they built TiKV from scratch, including how they decided the technical solutions, how they interacted with other CNCF projects, and also how to apply Chaos Engineering on TiKV to guarantee system safety and robustness. In the end, Dongxu Huang and Nick Cameron will show the approach to a self-driving database in TiKV 4.0, which leverages Kubernetes to make TiKV more elastic and scalable.
https://sched.co/a3vq
TiKV: A Cloud Native Key-Value Database - Dongxu Huang & Nick Cameron, PingCAP
TiKV is a distributed Key-Value database that features in geo-replication, horizontal scalability, consistent distributed transactions, and coprocessor support. As a CNCF incubating project, TiKV has been widely used in production by over 500 companies. An adopter has even stored over 1.3 trillion rows of in TiKV. In this talk, Dongxu Huang and Nick Cameron will share the story of how they built TiKV from scratch, including how they decided the technical solutions, how they interacted with other CNCF projects, and also how to apply Chaos Engineering on TiKV to guarantee system safety and robustness. In the end, Dongxu Huang and Nick Cameron will show the approach to a self-driving database in TiKV 4.0, which leverages Kubernetes to make TiKV more elastic and scalable.
https://sched.co/a3vq
- 2 participants
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Toolchains Behind Successful Kubernetes Development Workflows - L Körbes, Tilt
Kubernetes solved a lot of problems, but it created a clumsy development workflow: Every code change requires fiddling with containers, registries, and manifests. Managing config files isn't trivial. Distributed debugging; a mystery. Dev clusters are tricky to set up, and sharing cluster state among team-members is mostly fiction. L Körbes, an expert in Kubernetes development tooling, outlines successful development workflows in three different settings: a very large enterprise, a small and agile startup, and a popular open source project. L will share how they set up dev clusters, manage configs, automate the development feedback loop, share context across teams, debug, and, finally, deploy to production. Learn how these teams made their Kubernetes dev workflows not only seamless, but amazing to use!
https://sched.co/Zet3
Toolchains Behind Successful Kubernetes Development Workflows - L Körbes, Tilt
Kubernetes solved a lot of problems, but it created a clumsy development workflow: Every code change requires fiddling with containers, registries, and manifests. Managing config files isn't trivial. Distributed debugging; a mystery. Dev clusters are tricky to set up, and sharing cluster state among team-members is mostly fiction. L Körbes, an expert in Kubernetes development tooling, outlines successful development workflows in three different settings: a very large enterprise, a small and agile startup, and a popular open source project. L will share how they set up dev clusters, manage configs, automate the development feedback loop, share context across teams, debug, and, finally, deploy to production. Learn how these teams made their Kubernetes dev workflows not only seamless, but amazing to use!
https://sched.co/Zet3
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Towards a Standardized Application Definition Model for Kubernetes - Phil Prasek, Upbound & Sudhanva Huruli, Microsoft
With multiple Kubernetes application models emerging to capture the complex set of cloud resources and their connectivity, how do these approaches stack up and is there a path towards a standardized Kubernetes application model that becomes the unit of scheduling across clusters, regions, and clouds? In this talk we’ll explore two emerging application models: the KubernetesApplication in Crossplane (a multi-cloud control plane) and the Open Application Model (OAM) from Microsoft and Alibaba. We’ll provide an overview of strengths and opportunities of each approach and directions towards converging around a standardized application model as part of the newly formed CNCF SIG: sig-app-delivery.
https://sched.co/ZelS
Towards a Standardized Application Definition Model for Kubernetes - Phil Prasek, Upbound & Sudhanva Huruli, Microsoft
With multiple Kubernetes application models emerging to capture the complex set of cloud resources and their connectivity, how do these approaches stack up and is there a path towards a standardized Kubernetes application model that becomes the unit of scheduling across clusters, regions, and clouds? In this talk we’ll explore two emerging application models: the KubernetesApplication in Crossplane (a multi-cloud control plane) and the Open Application Model (OAM) from Microsoft and Alibaba. We’ll provide an overview of strengths and opportunities of each approach and directions towards converging around a standardized application model as part of the newly formed CNCF SIG: sig-app-delivery.
https://sched.co/ZelS
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Turn It Up to a Million: Ingesting Millions of Metrics with Thanos Receive - Lucas Servén Marín, Red Hat
Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale and highly available monitoring system. In this talk, Lucas Servén presents a solution for creating a multi-tenant horizontally scalable metrics ingestion system using the newest addition to the Thanos toolset: the Thanos Receive component. The talk considers the motivations for building a system capable of ingesting metrics from thousands of clusters, including: multi-cluster monitoring and cluster telemetry. Lucas discusses how Thanos Receive is able to satisfy these requirements and how its hash ring design allows it to scale and maintain ingestion availability even during upgrades. Finally, the talk demonstrates the practice of running an automatically scalable hash ring by leveraging the Thanos Receive Controller, Horizontal Pod Autoscaler, and the Prometheus Adapter.
https://sched.co/ZejZ
Turn It Up to a Million: Ingesting Millions of Metrics with Thanos Receive - Lucas Servén Marín, Red Hat
Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale and highly available monitoring system. In this talk, Lucas Servén presents a solution for creating a multi-tenant horizontally scalable metrics ingestion system using the newest addition to the Thanos toolset: the Thanos Receive component. The talk considers the motivations for building a system capable of ingesting metrics from thousands of clusters, including: multi-cluster monitoring and cluster telemetry. Lucas discusses how Thanos Receive is able to satisfy these requirements and how its hash ring design allows it to scale and maintain ingestion availability even during upgrades. Finally, the talk demonstrates the practice of running an automatically scalable hash ring by leveraging the Thanos Receive Controller, Horizontal Pod Autoscaler, and the Prometheus Adapter.
https://sched.co/ZejZ
- 1 participant
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Building Secure & Decentralized Global Applications on Kubernetes with NATS - Waldemar Quevedo, Synadia
Learn how to build applications that span across more than one Kubernetes region by using a NATS based global communications network. In this talk, it will be covered how to setup a globally available NATS cluster using multiple Kubernetes regions from 4 different clouds (AWS, Digital Ocean, GKE & Azure) using NATS gateways and leafnode connections, as well as how to create applications that take advantage of the NATS decentralized authorization model by showing how to implement a simple Slack-like clone that runs under your terminal. Attendees of this session will be able to follow through the implementation of the service (and interact with each other!) during the talk, to run the examples it is recommended to have Docker installed.
https://sched.co/Zekp
Tutorial: Building Secure & Decentralized Global Applications on Kubernetes with NATS - Waldemar Quevedo, Synadia
Learn how to build applications that span across more than one Kubernetes region by using a NATS based global communications network. In this talk, it will be covered how to setup a globally available NATS cluster using multiple Kubernetes regions from 4 different clouds (AWS, Digital Ocean, GKE & Azure) using NATS gateways and leafnode connections, as well as how to create applications that take advantage of the NATS decentralized authorization model by showing how to implement a simple Slack-like clone that runs under your terminal. Attendees of this session will be able to follow through the implementation of the service (and interact with each other!) during the talk, to run the examples it is recommended to have Docker installed.
https://sched.co/Zekp
- 1 participant
- 44 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Communication Is Key -- Understanding Kubernetes Networking - Jeff Poole, Vivint Smart Home
Networking in Kubernetes has several aspects, including DNS, iptables, routing, software bridges, IP assignment, network policies, etc. While the practices for understanding the network were fairly easy to translate from physical servers to virtual machines, the level of complexity increases greatly when moving to containers in Kubernetes. This tutorial will explain several of the networking concepts used in Kubernetes with accompanying lab exercises in a virtualized environment so that participants will become comfortable looking under the hood at how a Kubernetes cluster is working (or not working, as the case may be). The material will be designed for people comfortable with SSH, bash, kubectl, and basic networking concepts, and will fill in the more advanced networking knowledge as the tutorial progresses. Please have Vagrant + VirtualBox installed to run the labs locally.
https://sched.co/Zej8
Tutorial: Communication Is Key -- Understanding Kubernetes Networking - Jeff Poole, Vivint Smart Home
Networking in Kubernetes has several aspects, including DNS, iptables, routing, software bridges, IP assignment, network policies, etc. While the practices for understanding the network were fairly easy to translate from physical servers to virtual machines, the level of complexity increases greatly when moving to containers in Kubernetes. This tutorial will explain several of the networking concepts used in Kubernetes with accompanying lab exercises in a virtualized environment so that participants will become comfortable looking under the hood at how a Kubernetes cluster is working (or not working, as the case may be). The material will be designed for people comfortable with SSH, bash, kubectl, and basic networking concepts, and will fill in the more advanced networking knowledge as the tutorial progresses. Please have Vagrant + VirtualBox installed to run the labs locally.
https://sched.co/Zej8
- 1 participant
- 1:18 hours
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: From Notebook to Kubeflow Pipelines with HP Tuning: A Data Science Journey - Stefano Fioravanzo & Ilias Katsakioris, Arrikto
An introduction to Kubeflow, the ML toolkit for K8s and the workflows you can use as a data scientist to scale up your ML code effortlessly. Ever thought how hard it is to convert your Jupyter Notebooks into deployable and composable pipelines, scale up computation and run hyperparameter tuning? With Kubeflow, this process becomes extremely easy as you make use of the many components of this ML toolkit: Pipelines, Kale, Katib, Snapshot Store. You will learn how to deploy Kubeflow in minutes, explore your ML code inside a Jupyter Notebook, convert it to a composable and scalable workflow with the click of a button, make the pipeline reproducible using immutable snapshots, go back in history and debug it, run hyperparameter tuning and distribute your computation. Did we mention you won’t need any specific SDK or CLI command to do this? Sounds like magic? Come and see for yourself!
https://sched.co/ZerG
Tutorial: From Notebook to Kubeflow Pipelines with HP Tuning: A Data Science Journey - Stefano Fioravanzo & Ilias Katsakioris, Arrikto
An introduction to Kubeflow, the ML toolkit for K8s and the workflows you can use as a data scientist to scale up your ML code effortlessly. Ever thought how hard it is to convert your Jupyter Notebooks into deployable and composable pipelines, scale up computation and run hyperparameter tuning? With Kubeflow, this process becomes extremely easy as you make use of the many components of this ML toolkit: Pipelines, Kale, Katib, Snapshot Store. You will learn how to deploy Kubeflow in minutes, explore your ML code inside a Jupyter Notebook, convert it to a composable and scalable workflow with the click of a button, make the pipeline reproducible using immutable snapshots, go back in history and debug it, run hyperparameter tuning and distribute your computation. Did we mention you won’t need any specific SDK or CLI command to do this? Sounds like magic? Come and see for yourself!
https://sched.co/ZerG
- 2 participants
- 40 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Getting Started With Cloud Native Security - Liz Rice, Aqua Security & Michael Hausenblas, Amazon
This tutorial will get you off the ground with Kubernetes security basics, using live demos and examples to work through yourself. We’ll start with possible attack vectors, to help you map out the threat model that applies to your cluster, so you can figure out where you need to focus your efforts for security. We’ll show you how to compromise a deployment with a pod running with a known vulnerability. Once you’ve had the attacker’s eye-view, we’ll walk you through the most important techniques and open source tools to prevent compromise. · Using secure Kubernetes settings · Including vulnerability scanning in your workflow · Configuring pods to run securely (eg avoiding unnecessary privileges) · Using GitOps to restrict user access to your cluster and provide an audit trail You’ll leave this tutorial armed with practical actions for securing your deployment.
https://sched.co/Zekj
Tutorial: Getting Started With Cloud Native Security - Liz Rice, Aqua Security & Michael Hausenblas, Amazon
This tutorial will get you off the ground with Kubernetes security basics, using live demos and examples to work through yourself. We’ll start with possible attack vectors, to help you map out the threat model that applies to your cluster, so you can figure out where you need to focus your efforts for security. We’ll show you how to compromise a deployment with a pod running with a known vulnerability. Once you’ve had the attacker’s eye-view, we’ll walk you through the most important techniques and open source tools to prevent compromise. · Using secure Kubernetes settings · Including vulnerability scanning in your workflow · Configuring pods to run securely (eg avoiding unnecessary privileges) · Using GitOps to restrict user access to your cluster and provide an audit trail You’ll leave this tutorial armed with practical actions for securing your deployment.
https://sched.co/Zekj
- 3 participants
- 1:19 hours
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Hands-On Intro to Cloud-Native CI/CD with Tekton - Jan Kleinert & Joel Lord, Red Hat
This hands-on tutorial introduces the key concepts of Tekton, a flexible, Kubernetes-native CI/CD framework that enables the automation of deployments across multiple platforms - including Kubernetes, serverless, and VMs - by abstracting away the underlying details. In this tutorial, participants will: - Learn about fundamental Tekton concepts and benefits and how to use the tkn CLI - Install tasks and learn about task catalogs - Create a pipeline for building, testing, and deploying an application on Kubernetes - Add pipeline resources - Trigger a pipelinerun - Deploy the application using a pipelinerun
Pre-requisites:
Install the following prior to the tutorial:
minikube: https://kubernetes.io/docs/tasks/tools/install-minikube/
tkn CLI: https://github.com/tektoncd/cli
(optional)
VS Code Tekton extension: https://marketplace.visualstudio.com/items?itemName=redhat.vscode-tekton-pipelines
https://sched.co/ZemE
Tutorial: Hands-On Intro to Cloud-Native CI/CD with Tekton - Jan Kleinert & Joel Lord, Red Hat
This hands-on tutorial introduces the key concepts of Tekton, a flexible, Kubernetes-native CI/CD framework that enables the automation of deployments across multiple platforms - including Kubernetes, serverless, and VMs - by abstracting away the underlying details. In this tutorial, participants will: - Learn about fundamental Tekton concepts and benefits and how to use the tkn CLI - Install tasks and learn about task catalogs - Create a pipeline for building, testing, and deploying an application on Kubernetes - Add pipeline resources - Trigger a pipelinerun - Deploy the application using a pipelinerun
Pre-requisites:
Install the following prior to the tutorial:
minikube: https://kubernetes.io/docs/tasks/tools/install-minikube/
tkn CLI: https://github.com/tektoncd/cli
(optional)
VS Code Tekton extension: https://marketplace.visualstudio.com/items?itemName=redhat.vscode-tekton-pipelines
https://sched.co/ZemE
- 2 participants
- 1:12 hours
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: KubeEdge Hands on Workshop -- Build Your Edge AI App on Real Edge Devices - Zefeng Wang, Huawei & Zhang Jie, China Unicom
Here a hands-on KubeEdge workshop is proposed which ideally will run through the full length of the conference. This workshop is intend to invite participants to get hands on experience building a real edge computing solution with KubeEdge, end-to-end. Starting from deploying and provisioning an edge node(e.g. raspberry Pi), followed with device modeling and connectivity setup, then building a video stream machine learning based solution. Through this exercise, participants will get first hand experience to understand the orchestration engine build on top of kurbenetes, understand the edge computing node setup mechanism, learn the device modeling concept for IoT Edge scenarios. And develop a state-of-art AI based video stream processing flow, all in a 30 minutes session.
https://sched.co/Zep5
Tutorial: KubeEdge Hands on Workshop -- Build Your Edge AI App on Real Edge Devices - Zefeng Wang, Huawei & Zhang Jie, China Unicom
Here a hands-on KubeEdge workshop is proposed which ideally will run through the full length of the conference. This workshop is intend to invite participants to get hands on experience building a real edge computing solution with KubeEdge, end-to-end. Starting from deploying and provisioning an edge node(e.g. raspberry Pi), followed with device modeling and connectivity setup, then building a video stream machine learning based solution. Through this exercise, participants will get first hand experience to understand the orchestration engine build on top of kurbenetes, understand the edge computing node setup mechanism, learn the device modeling concept for IoT Edge scenarios. And develop a state-of-art AI based video stream processing flow, all in a 30 minutes session.
https://sched.co/Zep5
- 1 participant
- 1:18 hours
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Using BPF in Cloud Native environments - Alban Crequy & Marga Manterola, Kinvolk
Kubernetes provides a high-level abstraction layer that makes it easy to deploy distributed computing resources without knowing what’s happening in the kernel and applications. But when debugging, Kubernetes does not provide any help in inspecting these low-level details. We showcase the following tools specifically designed for running on Kubernetes: - Inspektor Gadget, built on BPF Compiler Collection (BCC) and traceloop - kubectl-trace, built on bpftrace These allow devops teams to answer debugging questions such as: - What were the last system calls executed before the crash? - Was this function called? With which arguments and return value? - Which TCP packets were retransmitted? - Which queries run slow? - Was this file opened? You'll need access to a Linux machine and a Minikube installation. Please follow the instructions at https://github.com/kinvolk/cloud-native-bpf-workshop
https://sched.co/ZejN
Tutorial: Using BPF in Cloud Native environments - Alban Crequy & Marga Manterola, Kinvolk
Kubernetes provides a high-level abstraction layer that makes it easy to deploy distributed computing resources without knowing what’s happening in the kernel and applications. But when debugging, Kubernetes does not provide any help in inspecting these low-level details. We showcase the following tools specifically designed for running on Kubernetes: - Inspektor Gadget, built on BPF Compiler Collection (BCC) and traceloop - kubectl-trace, built on bpftrace These allow devops teams to answer debugging questions such as: - What were the last system calls executed before the crash? - Was this function called? With which arguments and return value? - Which TCP packets were retransmitted? - Which queries run slow? - Was this file opened? You'll need access to a Linux machine and a Minikube installation. Please follow the instructions at https://github.com/kinvolk/cloud-native-bpf-workshop
https://sched.co/ZejN
- 2 participants
- 1:10 hours
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Using Argo and Knative to Orchestrate Media-intensive Services in 5G Edge - David Breitgand, IBM
Kubernetes is at the core of the cloud-native transformation. In this talk, we will discuss how Argo Workflows, Argo Events and Knative can help with cost-efficient and extremely flexible orchestration of complex network-intensive services on Kubernetes. We will discuss a Knative based deployment of Argo Workflow and Argo Events and demonstrate how we used these technologies in 5G-MEDIA (http://www.5gmedia.eu/) to orchestrate media intensive network services, such as tele-immersive gaming and mobile journalism in a 5G Edge. We argue that CNCF technologies can very efficiently complement traditional orchestration tools used by telcos, such as OSM, which are not sufficiently flexible to orchestrate highly dynamic session-oriented container based workloads of this kind.
https://sched.co/ZesQ
Using Argo and Knative to Orchestrate Media-intensive Services in 5G Edge - David Breitgand, IBM
Kubernetes is at the core of the cloud-native transformation. In this talk, we will discuss how Argo Workflows, Argo Events and Knative can help with cost-efficient and extremely flexible orchestration of complex network-intensive services on Kubernetes. We will discuss a Knative based deployment of Argo Workflow and Argo Events and demonstrate how we used these technologies in 5G-MEDIA (http://www.5gmedia.eu/) to orchestrate media intensive network services, such as tele-immersive gaming and mobile journalism in a 5G Edge. We argue that CNCF technologies can very efficiently complement traditional orchestration tools used by telcos, such as OSM, which are not sufficiently flexible to orchestrate highly dynamic session-oriented container based workloads of this kind.
https://sched.co/ZesQ
- 3 participants
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Using Kubernetes Secrets in GitOps Workflows Securely - Seth Vargo & Alex Tcherniakhovski, Google
Adopting GitOps for Kubernetes provides a single source of truth for cluster configuration and enables facilities like peer reviews and automated rollbacks. While many organizations store their Kubernetes configurations in git, Kubernetes Secrets are often managed via bespoke implementations outside of source control. Storing plaintext secrets in source, even in private repositories, is a horrible idea, but can we meet somewhere in the middle? In this session, attendees will learn how to securely store and manage Kubernetes Secrets in source control using Javascript Object Signing and Encryption (JOSE) and a Key Management Service (KMS). After this talk, attendees will be able to securely store and manage their Kubernetes Secrets in source the same way they manage their existing Kubernetes configurations.
https://sched.co/ZeiP
Using Kubernetes Secrets in GitOps Workflows Securely - Seth Vargo & Alex Tcherniakhovski, Google
Adopting GitOps for Kubernetes provides a single source of truth for cluster configuration and enables facilities like peer reviews and automated rollbacks. While many organizations store their Kubernetes configurations in git, Kubernetes Secrets are often managed via bespoke implementations outside of source control. Storing plaintext secrets in source, even in private repositories, is a horrible idea, but can we meet somewhere in the middle? In this session, attendees will learn how to securely store and manage Kubernetes Secrets in source control using Javascript Object Signing and Encryption (JOSE) and a Key Management Service (KMS). After this talk, attendees will be able to securely store and manage their Kubernetes Secrets in source the same way they manage their existing Kubernetes configurations.
https://sched.co/ZeiP
- 2 participants
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Using Kubernetes to Make Cellular Data Plans Cheaper for 50 Million Users - Chandrasekhar Reddy Dodda, Mirantis & Amar Padmanabhan, Facebook Connectivity
A year ago, the CNCF Telecom User Group envisioned NFVi architecture where K8s replaces OpenStack as the virtual infrastructure manager. Today the first real-world use case of this has emerged, at an APAC telco with 50 million mobile subscribers. The speaker will discuss the use case and technical implementation, where pure K8s based NFV infrastructure is used in production to run an open source evolved packet core. The system is designed to offload cellular data to WiFi and uses K8s to orchestrate all components of the packet core, including containerd pods and Virtlet pods running VMs. The talk will explain how Genie provides connectivity between various pods with multiple, different network interfaces per pod. A demo will show how K8s powered NFVI makes it possible to seamlessly authenticate and roam between WiFi and LTE access points with no handover lag.
https://sched.co/ZepN
Using Kubernetes to Make Cellular Data Plans Cheaper for 50 Million Users - Chandrasekhar Reddy Dodda, Mirantis & Amar Padmanabhan, Facebook Connectivity
A year ago, the CNCF Telecom User Group envisioned NFVi architecture where K8s replaces OpenStack as the virtual infrastructure manager. Today the first real-world use case of this has emerged, at an APAC telco with 50 million mobile subscribers. The speaker will discuss the use case and technical implementation, where pure K8s based NFV infrastructure is used in production to run an open source evolved packet core. The system is designed to offload cellular data to WiFi and uses K8s to orchestrate all components of the packet core, including containerd pods and Virtlet pods running VMs. The talk will explain how Genie provides connectivity between various pods with multiple, different network interfaces per pod. A demo will show how K8s powered NFVI makes it possible to seamlessly authenticate and roam between WiFi and LTE access points with no handover lag.
https://sched.co/ZepN
- 3 participants
- 30 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Virtual Cluster - A Practical Kubernetes Hard Multi-tenancy Solution - Fei Guo, Alibaba
Conventional, the concept of Kubernetes multi-tenancy is realized by namespaces. Tenants access controls are limited within tenant namespaces using RBAC rules. The Pod level isolation is primarily done using network policy. This model faces various problems when applied in production since Kubernetes is far from tenancy-ready. For example: 1) APIServer is lack of tenant-aware flow control. A single tenant may generate large amount of concurrent traffic making APIServer unresponsive to other tenants; 2) Tenants cannot install customized CRDs which requires cluster scope permission; We proposed Virtual Cluster solution to resolve the multi-tenancy problem from a different angle. Basically, every tenant will be assigned a dedicated K8s control plane. All tenant K8s shares a big super master. Virtual cluster is built based on CRDs. The entire solution is open sourced in Github.
https://sched.co/Zek6
Virtual Cluster - A Practical Kubernetes Hard Multi-tenancy Solution - Fei Guo, Alibaba
Conventional, the concept of Kubernetes multi-tenancy is realized by namespaces. Tenants access controls are limited within tenant namespaces using RBAC rules. The Pod level isolation is primarily done using network policy. This model faces various problems when applied in production since Kubernetes is far from tenancy-ready. For example: 1) APIServer is lack of tenant-aware flow control. A single tenant may generate large amount of concurrent traffic making APIServer unresponsive to other tenants; 2) Tenants cannot install customized CRDs which requires cluster scope permission; We proposed Virtual Cluster solution to resolve the multi-tenancy problem from a different angle. Basically, every tenant will be assigned a dedicated K8s control plane. All tenant K8s shares a big super master. Virtual cluster is built based on CRDs. The entire solution is open sourced in Github.
https://sched.co/Zek6
- 1 participant
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Vitess Intro: How to Migrate a MySQL Database to Vitess - Sugu Sougoumarane. & Morgan Tocker, PlanetScale
Vitess is a database clustering system for horizontal scaling MySQL. This session will cover a high level overview of all the Vitess features, the architecture, and what database workloads are a good fit. We will then walk through a demo of live-migrating an existing MySQL installation into Vitess. Because Vitess also speaks the MySQL protocol, it is easy to retrofit scaling into your existing database systems.
https://sched.co/ZexD
Vitess Intro: How to Migrate a MySQL Database to Vitess - Sugu Sougoumarane. & Morgan Tocker, PlanetScale
Vitess is a database clustering system for horizontal scaling MySQL. This session will cover a high level overview of all the Vitess features, the architecture, and what database workloads are a good fit. We will then walk through a demo of live-migrating an existing MySQL installation into Vitess. Because Vitess also speaks the MySQL protocol, it is easy to retrofit scaling into your existing database systems.
https://sched.co/ZexD
- 2 participants
- 37 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Weaving a Mesh for Multiple Clusters at bol.com - Remco Overdijk, bol.com & James Brook, Google
Bol.com, the largest online retailer in the Netherlands, has many teams running services on Kubernetes in cloud and on-prem. Over time, they have grown out of a single cluster. They will explain how adopting Envoy and service mesh gives them resilient and uniform connectivity across clusters and datacenters, while optimizing costs. The goal was to go all in on service mesh with a cautious and incremental approach. Injecting Envoy into hundreds of mission-critical pods needs care. You'll learn about the reasons for choosing service mesh, the journey, architecture, challenges and the lessons learned along the way.
https://sched.co/ZesW
Weaving a Mesh for Multiple Clusters at bol.com - Remco Overdijk, bol.com & James Brook, Google
Bol.com, the largest online retailer in the Netherlands, has many teams running services on Kubernetes in cloud and on-prem. Over time, they have grown out of a single cluster. They will explain how adopting Envoy and service mesh gives them resilient and uniform connectivity across clusters and datacenters, while optimizing costs. The goal was to go all in on service mesh with a cautious and incremental approach. Injecting Envoy into hundreds of mission-critical pods needs care. You'll learn about the reasons for choosing service mesh, the journey, architecture, challenges and the lessons learned along the way.
https://sched.co/ZesW
- 2 participants
- 29 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Welcome to CloudLand! An Illustrated Intro to the Cloud Native Landscape - Kaslin Fields, Google
Like a kid in a theme park, the number of shiny exciting new technologies teams encounter as they move into and re-architect for the cloud can be overwhelming. Thus we welcome you, to CloudLand! Adopting the cloud comes with a lot of questions to explore and tools to learn. Why should I care about "Cloud Native?" What technologies count as “Cloud Native?" What Cloud Native technologies does my team/business need and why? Through colorful illustrations and a memorable theme park analogy, you will learn: How to identify "Cloud Native" technology and why it matters, The key characteristics of categories of technologies from the CNCF Landscape, And get an introduction to many of the individual CNCF projects that fill in the Cloud Native Landscape.
https://sched.co/Zety
Welcome to CloudLand! An Illustrated Intro to the Cloud Native Landscape - Kaslin Fields, Google
Like a kid in a theme park, the number of shiny exciting new technologies teams encounter as they move into and re-architect for the cloud can be overwhelming. Thus we welcome you, to CloudLand! Adopting the cloud comes with a lot of questions to explore and tools to learn. Why should I care about "Cloud Native?" What technologies count as “Cloud Native?" What Cloud Native technologies does my team/business need and why? Through colorful illustrations and a memorable theme park analogy, you will learn: How to identify "Cloud Native" technology and why it matters, The key characteristics of categories of technologies from the CNCF Landscape, And get an introduction to many of the individual CNCF projects that fill in the Cloud Native Landscape.
https://sched.co/Zety
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What You Need to Know About OpenMetrics - Brian Brazil, Robust Perception & Richard Hartmann, Grafana Labs
The OpenMetrics format intends to standardise metric exposition, making it easy for both those developing and operating systems to monitor them. While it is based on the Prometheus format, it is however a new format. Will it be supported by your monitoring system? Will you need to rewrite your existing instrumentation? What's needed to transition? What about 3rd party systems you don't control? How does this differ and expand, and improve on the existing Prometheus format? Do you have to use Prometheus?
https://sched.co/ZevQ
What You Need to Know About OpenMetrics - Brian Brazil, Robust Perception & Richard Hartmann, Grafana Labs
The OpenMetrics format intends to standardise metric exposition, making it easy for both those developing and operating systems to monitor them. While it is based on the Prometheus format, it is however a new format. Will it be supported by your monitoring system? Will you need to rewrite your existing instrumentation? What's needed to transition? What about 3rd party systems you don't control? How does this differ and expand, and improve on the existing Prometheus format? Do you have to use Prometheus?
https://sched.co/ZevQ
- 2 participants
- 14 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
When the Tekton Cat Misbehaves – Pitfalls, Mistakes, and Lessons Learned - Mark Nuttall, IBM
The Tekton project provides Kubernetes resources for declaring and launching CI/CD pipelines. You and your team's skills in working with Kubernetes can be applied directly to building and maintaining your CI/CD system. This is great once it's all set up and working - but a new kitten will sometimes misbehave! Tekton's design, and its Kubernetes-native implementation can make it fail in peculiar, distinctive ways. In this talk we'll show how Tekton can go wrong, explain why, and demonstrate how to fix it. We'll also use these failure modes to talk more generally about the strengths and weaknesses of Tekton's custom resource-based approach. We'll highlight the best methods and tools for debugging in this environment, and look forward to the key improvements needed - and planned - to raise a truly well-behaved CI/CD system.
https://sched.co/ZenL
When the Tekton Cat Misbehaves – Pitfalls, Mistakes, and Lessons Learned - Mark Nuttall, IBM
The Tekton project provides Kubernetes resources for declaring and launching CI/CD pipelines. You and your team's skills in working with Kubernetes can be applied directly to building and maintaining your CI/CD system. This is great once it's all set up and working - but a new kitten will sometimes misbehave! Tekton's design, and its Kubernetes-native implementation can make it fail in peculiar, distinctive ways. In this talk we'll show how Tekton can go wrong, explain why, and demonstrate how to fix it. We'll also use these failure modes to talk more generally about the strengths and weaknesses of Tekton's custom resource-based approach. We'll highlight the best methods and tools for debugging in this environment, and look forward to the key improvements needed - and planned - to raise a truly well-behaved CI/CD system.
https://sched.co/ZenL
- 1 participant
- 33 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Where Are Your Images Running? Stop Worrying and Start Encrypting! - Brandon Lum & Harshal Patil, IBM
Container image signing has made it possible for cluster operators to cryptographically verify that images are trusted. However, the same cannot be said of whether the nodes that run these images are trusted to view and use the contents of these images. This can be particularly important if compliance requires knowledge of WHERE a container image is running. In this talk, we will show how DevOps, trust bootstrapping, and key management, in conjunction with container image encryption can achieve geofencing of execution. We will demo the new encrypted container images worker node model in containerd and cri-o working in such a context. In addition, we will explore how to bootstrap node trust, from simple setups to advanced key distribution using HW Root of Trust/TPM technologies like Keylime. At the end, one should be able to “create an image only be usable by clusters in the EU region”.
https://sched.co/Zepc
Where Are Your Images Running? Stop Worrying and Start Encrypting! - Brandon Lum & Harshal Patil, IBM
Container image signing has made it possible for cluster operators to cryptographically verify that images are trusted. However, the same cannot be said of whether the nodes that run these images are trusted to view and use the contents of these images. This can be particularly important if compliance requires knowledge of WHERE a container image is running. In this talk, we will show how DevOps, trust bootstrapping, and key management, in conjunction with container image encryption can achieve geofencing of execution. We will demo the new encrypted container images worker node model in containerd and cri-o working in such a context. In addition, we will explore how to bootstrap node trust, from simple setups to advanced key distribution using HW Root of Trust/TPM technologies like Keylime. At the end, one should be able to “create an image only be usable by clusters in the EU region”.
https://sched.co/Zepc
- 2 participants
- 36 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Where to Put All That YAML: Secure Content Management for Cloud Native Apps - Ryan Abrams, Mirantis
An important part of the CI/CD toolchain for cloud-native apps is managing the content. In addition to your actual source code, container images and Helm Charts and Kubernetes Object YAMLs are all part of bringing apps into production. They are your intellectual property and must be managed carefully. The OCI distribution spec under the Linux Foundation was originally designed for container images, but the manifest and index definitions in the spec are quite flexible. This means it’s possible to support newer artifact types using the OCI distribution spec, including Helm Charts, build caches, snapshots and other YAML files, with some minor modifications, leveraging the same OCI-compliant registries to support more than just containers. In this talk, Ryan Abrams will discuss the common traits of different configuration formats and how you can use existing tools to support them.
https://sched.co/Zeiq
Where to Put All That YAML: Secure Content Management for Cloud Native Apps - Ryan Abrams, Mirantis
An important part of the CI/CD toolchain for cloud-native apps is managing the content. In addition to your actual source code, container images and Helm Charts and Kubernetes Object YAMLs are all part of bringing apps into production. They are your intellectual property and must be managed carefully. The OCI distribution spec under the Linux Foundation was originally designed for container images, but the manifest and index definitions in the spec are quite flexible. This means it’s possible to support newer artifact types using the OCI distribution spec, including Helm Charts, build caches, snapshots and other YAML files, with some minor modifications, leveraging the same OCI-compliant registries to support more than just containers. In this talk, Ryan Abrams will discuss the common traits of different configuration formats and how you can use existing tools to support them.
https://sched.co/Zeiq
- 1 participant
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Where's My Container? Visualizing the GitOps Container Journey at Microsoft - Andre Briggs & Samiya Akhtar, Microsoft
GitOps has become the de facto approach for enabling simple, secure, and auditable deployments. When you deploy to multiple Kubernetes clusters, knowing where your services are in the GitOps journey can be challenging. It can be almost impossible to track permutations of service versions across clusters with current tools available. In the session you will: • See a comprehensive dashboard view of a container’s journey from code check-in to deployment on Kubernetes clusters • Learn concrete patterns for testing in production with GitOps and deployment rings • See a new automation tool that can be used to deploy a seamless end-to-end GitOps workflow.
https://sched.co/Zes5
Where's My Container? Visualizing the GitOps Container Journey at Microsoft - Andre Briggs & Samiya Akhtar, Microsoft
GitOps has become the de facto approach for enabling simple, secure, and auditable deployments. When you deploy to multiple Kubernetes clusters, knowing where your services are in the GitOps journey can be challenging. It can be almost impossible to track permutations of service versions across clusters with current tools available. In the session you will: • See a comprehensive dashboard view of a container’s journey from code check-in to deployment on Kubernetes clusters • Learn concrete patterns for testing in production with GitOps and deployment rings • See a new automation tool that can be used to deploy a seamless end-to-end GitOps workflow.
https://sched.co/Zes5
- 2 participants
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Why We Are Choosing Cloud Native Buildpacks at GitLab - Abubakar Siddiq, GitLab
GitLab provides a zero configuration build/test/deploy pipeline called "Auto DevOps" which relies on Herokuish for detecting how to build/test your source code into a runnable docker image. Currently, GitLab uses Herokuish to match projects with known languages and build them. The new tooling from CNB is capable of building smaller resultant images by separating the build layers from the runtime layers. In order to increase the speed and efficiency of GitLab's products, the Product team investigated the Cloud Native Buildpacks, which provide a cloud-native means of standardizing code detection and producing a standards-based container runtime. In this talk, learn about GitLab’s goals, plan, and how they made the decision to move forward based on the greatest benefit to GitLab from CNAB - the larger community fixing CNAB issues.
https://sched.co/ZetC
Why We Are Choosing Cloud Native Buildpacks at GitLab - Abubakar Siddiq, GitLab
GitLab provides a zero configuration build/test/deploy pipeline called "Auto DevOps" which relies on Herokuish for detecting how to build/test your source code into a runnable docker image. Currently, GitLab uses Herokuish to match projects with known languages and build them. The new tooling from CNB is capable of building smaller resultant images by separating the build layers from the runtime layers. In order to increase the speed and efficiency of GitLab's products, the Product team investigated the Cloud Native Buildpacks, which provide a cloud-native means of standardizing code detection and producing a standards-based container runtime. In this talk, learn about GitLab’s goals, plan, and how they made the decision to move forward based on the greatest benefit to GitLab from CNAB - the larger community fixing CNAB issues.
https://sched.co/ZetC
- 1 participant
- 25 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Zero Database Downtime with etcd-operator - Tyler Lisowski & Kodie Glosser, IBM
Zero downtime upgrades, multi availability zone redundancy, automatic instance recovery, periodic backups, and restores in the case of disaster scenarios are all possible when you automate etcd operations with the Etcd-operator. This talk will walk through a live example of a multi availability zone etcd cluster managed by Etcd-operator and how Etcd-operator automates database administration tasks. We will visually step through how these operations are executed by Etcd-operator and how attendees can integrate it into their existing architectures to eliminate downtime and drastically reduce the time they spend on database administration tasks.
https://sched.co/Zeqj
Zero Database Downtime with etcd-operator - Tyler Lisowski & Kodie Glosser, IBM
Zero downtime upgrades, multi availability zone redundancy, automatic instance recovery, periodic backups, and restores in the case of disaster scenarios are all possible when you automate etcd operations with the Etcd-operator. This talk will walk through a live example of a multi availability zone etcd cluster managed by Etcd-operator and how Etcd-operator automates database administration tasks. We will visually step through how these operations are executed by Etcd-operator and how attendees can integrate it into their existing architectures to eliminate downtime and drastically reduce the time they spend on database administration tasks.
https://sched.co/Zeqj
- 3 participants
- 20 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Zero Downtime Data Relocation with Vitess - Liz van Dijk & Deepthi Sigireddi, PlanetScale
Vitess has a flexible sharding architecture and natively supports "cells" which correspond to infrastructure located in multiple locations. This allows for the creation of jurisdiction-aware database clusters that solve data locality without having to re-architect your application. Also, Vitess's built-in support for resharding workflows makes migrating from existing databases into databases resident in multiple locations easy. In this talk the speakers will show how to build a custom sharding scheme in Vitess that respects data locality requirements. They will then demonstrate a database cluster built using this scheme that enables transfer of existing data belonging to people from 8 different countries from one jurisdiction to four(4) separate jurisdictions with zero downtime at the application level.
https://sched.co/ZeoD
Zero Downtime Data Relocation with Vitess - Liz van Dijk & Deepthi Sigireddi, PlanetScale
Vitess has a flexible sharding architecture and natively supports "cells" which correspond to infrastructure located in multiple locations. This allows for the creation of jurisdiction-aware database clusters that solve data locality without having to re-architect your application. Also, Vitess's built-in support for resharding workflows makes migrating from existing databases into databases resident in multiple locations easy. In this talk the speakers will show how to build a custom sharding scheme in Vitess that respects data locality requirements. They will then demonstrate a database cluster built using this scheme that enables transfer of existing data belonging to people from 8 different countries from one jurisdiction to four(4) separate jurisdictions with zero downtime at the application level.
https://sched.co/ZeoD
- 2 participants
- 27 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Zero Downtime Deployments: Controlling Application Rollouts and Rollbacks - Christopher Hanson, RX-M LLC
Kubernetes provides several types of automation controllers to deploy and manage applications at scale. Each exposes features that provide for zero downtime upgrades and rollbacks but not all controllers are created equal. Deployments provide the widest application compatibility but work best with stateless applications; the aptly named StatefulSet controller provides guarantees that benefit stateful applications, but how do the features of these controllers behave in practice? Learn about these and other Kubernetes controller types through a series of demonstrations that will reveal their features, benefits, and drawbacks. The session will also explore the primitives that enable granular control over rollouts so that you can choose the settings that work best for your application.
https://sched.co/ZeoV
Zero Downtime Deployments: Controlling Application Rollouts and Rollbacks - Christopher Hanson, RX-M LLC
Kubernetes provides several types of automation controllers to deploy and manage applications at scale. Each exposes features that provide for zero downtime upgrades and rollbacks but not all controllers are created equal. Deployments provide the widest application compatibility but work best with stateless applications; the aptly named StatefulSet controller provides guarantees that benefit stateful applications, but how do the features of these controllers behave in practice? Learn about these and other Kubernetes controller types through a series of demonstrations that will reveal their features, benefits, and drawbacks. The session will also explore the primitives that enable granular control over rollouts so that you can choose the settings that work best for your application.
https://sched.co/ZeoV
- 1 participant
- 35 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
containerd Deep Dive - Akihiro Suda, NTT & Wei Fu, Alibaba
Join containerd maintainers to discuss the design of containerd’s core services and how to make use of them. This talk will dive into the plugin design and use cases for extending containerd. With knowledge of containerd’s service design, learn how to implement custom backend components such as special sandboxing and image storage. Finally, come away with an understanding of how to customize and configure containerd for your use case, whether through Kubernetes or a standalone deployment of containerd.
https://sched.co/ZexS
containerd Deep Dive - Akihiro Suda, NTT & Wei Fu, Alibaba
Join containerd maintainers to discuss the design of containerd’s core services and how to make use of them. This talk will dive into the plugin design and use cases for extending containerd. With knowledge of containerd’s service design, learn how to implement custom backend components such as special sandboxing and image storage. Finally, come away with an understanding of how to customize and configure containerd for your use case, whether through Kubernetes or a standalone deployment of containerd.
https://sched.co/ZexS
- 2 participants
- 28 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
eBPF and Kubernetes: Little Helper Minions for Scaling Microservices - Daniel Borkmann, Cilium
eBPF has come a long way in the Linux kernel and is gaining more and more adoption and popularity in the context of Kubernetes in the networking, tracing and security space. In fact, it is changing the way we think about operating systems by opening the doors to fully customise the Linux kernel as a platform. Given the rapid pace of development of eBPF in the kernel, it is often times quite challenging to keep up with all the exciting advances coming from the eBPF community. This talk provides a deep dive from the perspective of one of the eBPF co-maintainers and core developers in the Linux kernel of where we came from, where we currently are, what the future brings, why eBPF has cloud native roots and how Kubernetes users can benefit from all that. We will cover the user space landscape around eBPF as well as its inner workings and interactions with the rest of the kernel.
https://sched.co/ZemQ
eBPF and Kubernetes: Little Helper Minions for Scaling Microservices - Daniel Borkmann, Cilium
eBPF has come a long way in the Linux kernel and is gaining more and more adoption and popularity in the context of Kubernetes in the networking, tracing and security space. In fact, it is changing the way we think about operating systems by opening the doors to fully customise the Linux kernel as a platform. Given the rapid pace of development of eBPF in the kernel, it is often times quite challenging to keep up with all the exciting advances coming from the eBPF community. This talk provides a deep dive from the perspective of one of the eBPF co-maintainers and core developers in the Linux kernel of where we came from, where we currently are, what the future brings, why eBPF has cloud native roots and how Kubernetes users can benefit from all that. We will cover the user space landscape around eBPF as well as its inner workings and interactions with the rest of the kernel.
https://sched.co/ZemQ
- 1 participant
- 39 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
etcd Watchers Not Working? Improving Error Handling in Your Applications - Guillermo Nunez, IBM
When building services with etcd, one of the best features of etcd is watchers. It allows developers to create applications such that when a dataset is changed, the watcher for that dataset on another system receives the notification and performs user-specified action. A simple use case is a user has a program using etcd watchers to monitor the stock market and sell (user-defined action) if their stock of interest falls below price $X. There are error failures that are not automatically covered with an etcd cluster such as network connectivity issues, DC outage, and cloud infrastructure maintenance. The talk consists of the following: - what watchers are - how to build your services using heartbeat key for monitoring etcd watchers - perform locking on watchers to prevent race conditions - caching data locally for your service to keep running until the etcd cluster is back up.
https://sched.co/ZetF
etcd Watchers Not Working? Improving Error Handling in Your Applications - Guillermo Nunez, IBM
When building services with etcd, one of the best features of etcd is watchers. It allows developers to create applications such that when a dataset is changed, the watcher for that dataset on another system receives the notification and performs user-specified action. A simple use case is a user has a program using etcd watchers to monitor the stock market and sell (user-defined action) if their stock of interest falls below price $X. There are error failures that are not automatically covered with an etcd cluster such as network connectivity issues, DC outage, and cloud infrastructure maintenance. The talk consists of the following: - what watchers are - how to build your services using heartbeat key for monitoring etcd watchers - perform locking on watchers to prevent race conditions - caching data locally for your service to keep running until the etcd cluster is back up.
https://sched.co/ZetF
- 1 participant
- 7 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
gRPC Easy - Richard Belleville, Google
gRPC is a modern, open source remote procedure call (RPC) framework that can run anywhere. It enables client and server applications to communicate transparently, and makes it easier to build connected systems. Getting your micoservices talking to one another should be as simple as "import antigravity". Come hear about the latest developments in gRPC's Python bindings that make getting up and running easier than it's ever been. This talk will cover running services without generating code and simplifications in channel management.
https://sched.co/ZexG
gRPC Easy - Richard Belleville, Google
gRPC is a modern, open source remote procedure call (RPC) framework that can run anywhere. It enables client and server applications to communicate transparently, and makes it easier to build connected systems. Getting your micoservices talking to one another should be as simple as "import antigravity". Come hear about the latest developments in gRPC's Python bindings that make getting up and running easier than it's ever been. This talk will cover running services without generating code and simplifications in channel management.
https://sched.co/ZexG
- 1 participant
- 32 minutes
4 Sep 2020
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
in-toto: Securing the Entire Software Supply Chain - Santiago Torres, NYU
As attackers intensify their focus on the software development, distribution and deployment pipeline, supply chain security becomes more and more crucial to the overall security of software projects. in-toto, which has recently become a member of the CNCF, has tooling and a protocol that allows you to verifiably define all the steps of the supply chain, along with its authorized personnel, giving you and your customers the guarantee that everything happened according to your intentions and nothing else. This talk will walk you through the basics of software supply chain security, and show how a versatile tool like in-toto can add substantial security guarantees to any supply chain in- and outside of the cloud native ecosystem.
https://sched.co/Zev5
in-toto: Securing the Entire Software Supply Chain - Santiago Torres, NYU
As attackers intensify their focus on the software development, distribution and deployment pipeline, supply chain security becomes more and more crucial to the overall security of software projects. in-toto, which has recently become a member of the CNCF, has tooling and a protocol that allows you to verifiably define all the steps of the supply chain, along with its authorized personnel, giving you and your customers the guarantee that everything happened according to your intentions and nothing else. This talk will walk you through the basics of software supply chain security, and show how a versatile tool like in-toto can add substantial security guarantees to any supply chain in- and outside of the cloud native ecosystem.
https://sched.co/Zev5
- 1 participant
- 18 minutes
1 Sep 2020
Join SUSE Developers Marek Counts and Andrew Gracey for step by step demos about how to power AI using Kubeflow on SUSE Caas Platform, and how to deliver applications faster using SUSE Cloud Application Platform on Kubernetes.
- 2 participants
- 15 minutes
27 Aug 2020
Containers and orchestrators — like Kubernetes — promise greater resource efficiency and simplified deployments. Developers provide code in the form of a container, define their required resources for operation, and the orchestrator does the rest. Sounds easy, but if your workloads are dynamic in nature, how can you ensure sufficient resources to meet the performance and availability requirements of your customers?
In this demo video we will use a demo e-commerce application to showcase how to autoscale your application workloads on Kubernetes, including vertical autoscaling, horizontal autoscaling with external metrics server and she will introduce the Watermark Pod Autoscaler, an open source project created by Datadog that extends the Horizontal Pod Autoscaler with new features.
In this demo video we will use a demo e-commerce application to showcase how to autoscale your application workloads on Kubernetes, including vertical autoscaling, horizontal autoscaling with external metrics server and she will introduce the Watermark Pod Autoscaler, an open source project created by Datadog that extends the Horizontal Pod Autoscaler with new features.
- 1 participant
- 13 minutes
26 Aug 2020
During this demo, we will discuss Cloud Native Cassandra and how to deploy on Kubernetes with cass-operator.
- 1 participant
- 15 minutes