4 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Does Green Software need Open Hardware? - Hosted by Open Compute Project - Moderator Cliff Grossner, Ph.D.; Kate Mulhall, Senior Cloud Software Engineering Manager, Intel , VP Market Intelligence, Open Compute Project (OCP) Foundation; Dinesh Marjrekar, D
By 2040 the communications technology sector it is expected to account for 14% of the world’s
carbon footprint — up from about 1.5% in 2007, and in 2019, researchers at the University of
Cambridge estimated that the energy needed to maintain the Bitcoin network surpassed that of
the entire nation of Switzerland. Clearly this cannot continue and software needs to be
evaluated by judging its performance on its energy efficiency as much as on traditional
parameters. On top of the software itself, is the IT infrastructure and data center facilities that
can make a huge difference on the ecological impact of software workloads. This panel will look
at best practices and new technology directions that can change the current and dangerous
ecological impact curve implied by the digitization of society.
Does Green Software need Open Hardware? - Hosted by Open Compute Project - Moderator Cliff Grossner, Ph.D.; Kate Mulhall, Senior Cloud Software Engineering Manager, Intel , VP Market Intelligence, Open Compute Project (OCP) Foundation; Dinesh Marjrekar, D
By 2040 the communications technology sector it is expected to account for 14% of the world’s
carbon footprint — up from about 1.5% in 2007, and in 2019, researchers at the University of
Cambridge estimated that the energy needed to maintain the Bitcoin network surpassed that of
the entire nation of Switzerland. Clearly this cannot continue and software needs to be
evaluated by judging its performance on its energy efficiency as much as on traditional
parameters. On top of the software itself, is the IT infrastructure and data center facilities that
can make a huge difference on the ecological impact of software workloads. This panel will look
at best practices and new technology directions that can change the current and dangerous
ecological impact curve implied by the digitization of society.
- 12 participants
- 1:01 hours
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Accelerating High-Performance Machine Learning at Scale in Kubernetes - Alejandro Saucedo, The Institute for Ethical AI & Machine Learning & Elena Neroslavskaya, Microsoft
Identifying the right tools for high-performance production machine learning may be overwhelming as the ecosystem continues to grow at break-neck speed. In this industry collaboration we aim to provide a hands-on guide on how practitioners can productionize optimized machine learning models in cloud native ecosystems using production-ready open source frameworks. We will dive into a practical use-case, deploying the renowned GPT-2 NLP machine learning model in Kubernetes leveraging the ONNX Runtime from the Seldon Core Triton server, which will provide us with a scalable production NLP microservice serving the ML model that can power intelligent text generation applications. We will present some of the key challenges currently being faced in the MLOps space, as well as how each of the tools in the stack interoperate throughout the production machine learning lifecycle.
Accelerating High-Performance Machine Learning at Scale in Kubernetes - Alejandro Saucedo, The Institute for Ethical AI & Machine Learning & Elena Neroslavskaya, Microsoft
Identifying the right tools for high-performance production machine learning may be overwhelming as the ecosystem continues to grow at break-neck speed. In this industry collaboration we aim to provide a hands-on guide on how practitioners can productionize optimized machine learning models in cloud native ecosystems using production-ready open source frameworks. We will dive into a practical use-case, deploying the renowned GPT-2 NLP machine learning model in Kubernetes leveraging the ONNX Runtime from the Seldon Core Triton server, which will provide us with a scalable production NLP microservice serving the ML model that can power intelligent text generation applications. We will present some of the key challenges currently being faced in the MLOps space, as well as how each of the tools in the stack interoperate throughout the production machine learning lifecycle.
- 4 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Argo’s Vibrant Ecosystem and Community - Alex Collins, Intuit; Alexander Matyushentsev, Akuity; Dan Garfield, Codefresh
Argo CD is the most popular Kubernetes GitOps application delivery tool. Argo Workflows is the most popular Kubernetes workflow execution platform. I bet you know about the core Argo projects, but what about the massive rapidly growing ecosystem of projects around them? Have you heard of Argo Events, Argo Rollouts, ApplicationSet, Argo CD Image Updater, Argo CD Vault Plugin, Argo CD Autopilot, Hera Workflows? What about tools such as Kubeflow Pipelines, Katib, SQL Flow, Couler, and Ploomber?. In this session, you’ll learn not just about the core Argo projects, but also get the highlights from several ecosystem projects with demos and best practices. You can address many more use cases by teaming them up with each other.
Argo’s Vibrant Ecosystem and Community - Alex Collins, Intuit; Alexander Matyushentsev, Akuity; Dan Garfield, Codefresh
Argo CD is the most popular Kubernetes GitOps application delivery tool. Argo Workflows is the most popular Kubernetes workflow execution platform. I bet you know about the core Argo projects, but what about the massive rapidly growing ecosystem of projects around them? Have you heard of Argo Events, Argo Rollouts, ApplicationSet, Argo CD Image Updater, Argo CD Vault Plugin, Argo CD Autopilot, Hera Workflows? What about tools such as Kubeflow Pipelines, Katib, SQL Flow, Couler, and Ploomber?. In this session, you’ll learn not just about the core Argo projects, but also get the highlights from several ecosystem projects with demos and best practices. You can address many more use cases by teaming them up with each other.
- 5 participants
- 30 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Automated Progressive Delivery Using GitOps and Service Mesh - Yasen Simeonov & Henrik Blixt, Intuit
Intuit is rolling out progressive delivery together with service mesh, using metrics from the mesh to automate analysis on the health of a new release. This is our next step towards more sophisticated techniques like AI/ML-driven analysis. As a FinTech Technology company with tens of millions of users and thousands of services, with many being very seasonal, we were facing a wide variety of service performance and traffic patterns that made patterning analysis templates challenging. This session discusses and demos how Intuit leverages Argo Rollouts in combination with Envoy and Service Mesh to provide automatic and declarative progressive delivery. Attendees will learn about the challenges we faced, our learnings and work we had to overcome those challenges Intuit has been heavily involved in building tools for progressive analysis with Argo Rollouts and we are now rolling this out at large scale together with service mesh. This is the story on how and what worked in production.
Automated Progressive Delivery Using GitOps and Service Mesh - Yasen Simeonov & Henrik Blixt, Intuit
Intuit is rolling out progressive delivery together with service mesh, using metrics from the mesh to automate analysis on the health of a new release. This is our next step towards more sophisticated techniques like AI/ML-driven analysis. As a FinTech Technology company with tens of millions of users and thousands of services, with many being very seasonal, we were facing a wide variety of service performance and traffic patterns that made patterning analysis templates challenging. This session discusses and demos how Intuit leverages Argo Rollouts in combination with Envoy and Service Mesh to provide automatic and declarative progressive delivery. Attendees will learn about the challenges we faced, our learnings and work we had to overcome those challenges Intuit has been heavily involved in building tools for progressive analysis with Argo Rollouts and we are now rolling this out at large scale together with service mesh. This is the story on how and what worked in production.
- 8 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Autoscaling Kubernetes Deployments: A (Mostly) Practical Guide - Natalie Serrino, New Relic (Pixie team)
Sizing a Kubernetes deployment can be tricky. How many pods should it have? How much CPU/memory is needed per pod? Is it better to use a small number of large pods or a large number of small pods? What’s the best way to ensure stable performance when the load on the application changes over time? Luckily for anyone asking these questions, Kubernetes provides rich, flexible options for autoscaling deployments. This session cover the following topics: - Factors to consider when sizing your Kubernetes application - Horizontal vs Vertical autoscaling - How, when, and why to use the Kubernetes custom metrics API - Practical demo: Autoscaling with application metrics from Prometheus, Linkerd, Pixie (request throughput/latency, number of shoes purchased in my web store) - Impractical demo: A Turing-complete autoscaler!
Autoscaling Kubernetes Deployments: A (Mostly) Practical Guide - Natalie Serrino, New Relic (Pixie team)
Sizing a Kubernetes deployment can be tricky. How many pods should it have? How much CPU/memory is needed per pod? Is it better to use a small number of large pods or a large number of small pods? What’s the best way to ensure stable performance when the load on the application changes over time? Luckily for anyone asking these questions, Kubernetes provides rich, flexible options for autoscaling deployments. This session cover the following topics: - Factors to consider when sizing your Kubernetes application - Horizontal vs Vertical autoscaling - How, when, and why to use the Kubernetes custom metrics API - Practical demo: Autoscaling with application metrics from Prometheus, Linkerd, Pixie (request throughput/latency, number of shoes purchased in my web store) - Impractical demo: A Turing-complete autoscaler!
- 8 participants
- 35 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Been There, Done That: Tales of Burnout from the Open Source World - Savitha Raghunathan, RedHat & Divya Mohan, SUSE
Staying home has erased the line between work and life for many folks in the tech industry and around the world. Initially the extra commute time was utilized by many, including the speakers, for learning new tools, skills, and technologies. This boon eventually turned out to be a double-edged sword with overcommitting at or/and outside work leading to an overall feeling of overwhelming stress. In this talk, Divya & Savitha will share their own experience with overcommitting over the course of the pandemic and reflect on how they could have handled it better. At the end of the session, attendees will walk away knowing when to stop saying yes and how to draw their own boundaries thereby reclaiming their work-life balance.
Been There, Done That: Tales of Burnout from the Open Source World - Savitha Raghunathan, RedHat & Divya Mohan, SUSE
Staying home has erased the line between work and life for many folks in the tech industry and around the world. Initially the extra commute time was utilized by many, including the speakers, for learning new tools, skills, and technologies. This boon eventually turned out to be a double-edged sword with overcommitting at or/and outside work leading to an overall feeling of overwhelming stress. In this talk, Divya & Savitha will share their own experience with overcommitting over the course of the pandemic and reflect on how they could have handled it better. At the end of the session, attendees will walk away knowing when to stop saying yes and how to draw their own boundaries thereby reclaiming their work-life balance.
- 5 participants
- 41 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Digital Twins for DFDS With Crossplane and Kubernetes - Tobias Andersen, DFDS & Matthias Luebken, Upbound
Constant movement and adaptation to change is the story of DFDS, a logistics company from Denmark. Every ship, truck, or warehouse needs to be fully connected and be able to drive autonomous and smart decisions. At the same time, customer and business demands change constantly, and software development teams need to build and update solutions at an ever-increasing rate. In this talk, Tobias and Matthias like to introduce DFDS’s decentralized and distributed problem space and how they have mastered this challenge by introducing Kubernetes based Digital Twins. They will talk about how to align software teams from all over the organization, and how a platform build on top of Crossplane and Backstage can guide and accelerate teams.
Building Digital Twins for DFDS With Crossplane and Kubernetes - Tobias Andersen, DFDS & Matthias Luebken, Upbound
Constant movement and adaptation to change is the story of DFDS, a logistics company from Denmark. Every ship, truck, or warehouse needs to be fully connected and be able to drive autonomous and smart decisions. At the same time, customer and business demands change constantly, and software development teams need to build and update solutions at an ever-increasing rate. In this talk, Tobias and Matthias like to introduce DFDS’s decentralized and distributed problem space and how they have mastered this challenge by introducing Kubernetes based Digital Twins. They will talk about how to align software teams from all over the organization, and how a platform build on top of Crossplane and Backstage can guide and accelerate teams.
- 3 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building a Nodeless Kubernetes Platform - William Denniss, Google Cloud
Can Kubernetes be nodeless, and is nodeless Kubernetes still really Kubernetes? That is the question the Google Kubernetes Engine team asked themselves before embarking on a project to create a new operating mode for their 6-year-old Kubernetes platform, GKE. Go behind the scenes of the creation of GKE Autopilot, a fully managed "nodeless" Kubernetes platform, and hear from one of the creators how it was built, and why various decision decisions were made. Topics covered will include the trade off between operational support, security and Kubernetes compatibility, and why it actually makes sense for nodes to retain their semantic meaning on a nodeless Kubernetes platform. The community has seen several approaches for offering serverless/nodeless Kubernetes to operators, including with technology like Virtual Kubelet. This presentation will break new ground, providing an alternative path to achieving the goals of serverless Kubernetes without removing node-level APIs like affinity.
Building a Nodeless Kubernetes Platform - William Denniss, Google Cloud
Can Kubernetes be nodeless, and is nodeless Kubernetes still really Kubernetes? That is the question the Google Kubernetes Engine team asked themselves before embarking on a project to create a new operating mode for their 6-year-old Kubernetes platform, GKE. Go behind the scenes of the creation of GKE Autopilot, a fully managed "nodeless" Kubernetes platform, and hear from one of the creators how it was built, and why various decision decisions were made. Topics covered will include the trade off between operational support, security and Kubernetes compatibility, and why it actually makes sense for nodes to retain their semantic meaning on a nodeless Kubernetes platform. The community has seen several approaches for offering serverless/nodeless Kubernetes to operators, including with technology like Virtual Kubelet. This presentation will break new ground, providing an alternative path to achieving the goals of serverless Kubernetes without removing node-level APIs like affinity.
- 5 participants
- 40 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF 101 - Kristi Tan, The Linux Foundation & Charley Mann, Cloud Native Computing Foundation
Join us as we take a deep dive into CNCF 101, a great place to learn more about the foundation and how you can get involved. In this session, we'll take a look at the foundation at the basic level and explore the various engagement opportunities whether you are a student, an active participant, or somewhere in between.
CNCF 101 - Kristi Tan, The Linux Foundation & Charley Mann, Cloud Native Computing Foundation
Join us as we take a deep dive into CNCF 101, a great place to learn more about the foundation and how you can get involved. In this session, we'll take a look at the foundation at the basic level and explore the various engagement opportunities whether you are a student, an active participant, or somewhere in between.
- 6 participants
- 27 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cilium: Welcome, Vision and Updates - Thomas Graf & Liz Rice, Isovalent; Laurent Bernaille, Datadog
If you’re interested in using Cilium, or contributing to the project, this session is for you. Our agenda for this session: 1. Introduction to Cilium A brief overview of the origin and vision for Cilium. 2. Working with Cilium An end user's perspective of using Cilium. 3. Cilium Service Mesh Cilium can be used as a highly efficient service mesh data plane. Let’s discuss the learnings from our beta, and the upcoming roadmap. We will leave time for Q&A, and an opportunity to meet Cilium maintainers and contributors.
Cilium: Welcome, Vision and Updates - Thomas Graf & Liz Rice, Isovalent; Laurent Bernaille, Datadog
If you’re interested in using Cilium, or contributing to the project, this session is for you. Our agenda for this session: 1. Introduction to Cilium A brief overview of the origin and vision for Cilium. 2. Working with Cilium An end user's perspective of using Cilium. 3. Cilium Service Mesh Cilium can be used as a highly efficient service mesh data plane. Let’s discuss the learnings from our beta, and the upcoming roadmap. We will leave time for Q&A, and an opportunity to meet Cilium maintainers and contributors.
- 4 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Chaos Engineering with LitmusChaos - Karthik S, Umasankar Mukkara & Udit Gaurav, ChaosNative; Saiyam Pathak, Civo
The discipline of chaos engineering has evolved since it was introduced by Netflix a decade ago, mostly as a result of the cloud-native paradigm and the proliferation of Kubernetes as the universal control plane for today's distributed architecture. While the essence and basic principles of chaos remains the same, the way it is operationalized has undergone a paradigm shift, not limited to - the faults themselves, the environments where they are executed, the persona carrying out the experiments, as well as the methods to run them. LitmusChaos is a framework that has been designed to address these newer requirements and enable users to proactively identify weaknesses and improve resilience in their cloud-native setup. This session provides a deep-dive of the project, its goals and how it achieves them.
Cloud Native Chaos Engineering with LitmusChaos - Karthik S, Umasankar Mukkara & Udit Gaurav, ChaosNative; Saiyam Pathak, Civo
The discipline of chaos engineering has evolved since it was introduced by Netflix a decade ago, mostly as a result of the cloud-native paradigm and the proliferation of Kubernetes as the universal control plane for today's distributed architecture. While the essence and basic principles of chaos remains the same, the way it is operationalized has undergone a paradigm shift, not limited to - the faults themselves, the environments where they are executed, the persona carrying out the experiments, as well as the methods to run them. LitmusChaos is a framework that has been designed to address these newer requirements and enable users to proactively identify weaknesses and improve resilience in their cloud-native setup. This session provides a deep-dive of the project, its goals and how it achieves them.
- 4 participants
- 29 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Confidential Containers Explained - James Magowan, IBM & Samuel Ortiz, Apple
Confidential Containers (https://github.com/confidential-containers) enable cloud native confidential computing (https://confidentialcomputing.io/faq/) leveraging a variety of hardware platforms and technologies, standardising the confidential computing at the container level, helping users to deploy confidential workloads using already familiar workflows and tools; and in this Panel we're bringing together contributors from different hardware vendors, different projects (in different layers of the stack), and different companies to discuss and answer questions about this new complex technology. Topics for discussion will include: * How do we realise the benefits of cloud native confidential computing? * What impact is there to the Cloud Native User Experience? * What new considerations/concepts does confidential containers introduce? Note that this panel is a follow-up on what has been developed since https://www.youtube.com/watch?v=zTn9Xt1k1OA was presented.
Confidential Containers Explained - James Magowan, IBM & Samuel Ortiz, Apple
Confidential Containers (https://github.com/confidential-containers) enable cloud native confidential computing (https://confidentialcomputing.io/faq/) leveraging a variety of hardware platforms and technologies, standardising the confidential computing at the container level, helping users to deploy confidential workloads using already familiar workflows and tools; and in this Panel we're bringing together contributors from different hardware vendors, different projects (in different layers of the stack), and different companies to discuss and answer questions about this new complex technology. Topics for discussion will include: * How do we realise the benefits of cloud native confidential computing? * What impact is there to the Cloud Native User Experience? * What new considerations/concepts does confidential containers introduce? Note that this panel is a follow-up on what has been developed since https://www.youtube.com/watch?v=zTn9Xt1k1OA was presented.
- 6 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Create Your First CNCF Serverless Workflow Project with Kogito and Knative - Ricardo Zanini Fernandes, Red Hat
Serverless Workflow is a declarative workflow specification at CNCF for describing service orchestrations. Kogito is an open-source project by Red Hat and implements the Serverless Workflow Specification. In this session, you will learn in a live demo how to create your first CNFC Serverless Workflow project from the ground up with Kogito and how to deploy it on the Knative platform. Kogito is a developer-centric platform that can execute, test, and deploy workflows on Knative environments. The outcome is a REST microservice that can orchestrate other services and events. It is a perfect fit for an Event-Driven architecture and can integrate with Knative Eventing resources to solve complex business use cases. Kogito handles all the heavy lifting when deploying on Kubernetes by generating the resources necessary to deploy on Knative. After this session, you will be able to create a CNCF Serverless Workflow project, test it, and deploy it on Knative to be part of your architecture.
Create Your First CNCF Serverless Workflow Project with Kogito and Knative - Ricardo Zanini Fernandes, Red Hat
Serverless Workflow is a declarative workflow specification at CNCF for describing service orchestrations. Kogito is an open-source project by Red Hat and implements the Serverless Workflow Specification. In this session, you will learn in a live demo how to create your first CNFC Serverless Workflow project from the ground up with Kogito and how to deploy it on the Knative platform. Kogito is a developer-centric platform that can execute, test, and deploy workflows on Knative environments. The outcome is a REST microservice that can orchestrate other services and events. It is a perfect fit for an Event-Driven architecture and can integrate with Knative Eventing resources to solve complex business use cases. Kogito handles all the heavy lifting when deploying on Kubernetes by generating the resources necessary to deploy on Knative. After this session, you will be able to create a CNCF Serverless Workflow project, test it, and deploy it on Knative to be part of your architecture.
- 1 participant
- 35 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Digging Into Your App's Container Image Layers for Sneaky Vulnerabilities - Pablo Galego, VMware
Mitigating vulnerabilities in container images is, most of the time, a straight-forward task: update the base image, use a newer version of Node or Java, bump the patch version of a project dependency, etc. However, all useful pieces of software are complex and vulnerability scanning tools fall short on explaining why they are flagging some edge-cases. This session walks you through mitigating critical vulnerabilities in popular container images like Java-based ones, from the obvious to the sneaky ones, and how to leverage layer explorer tools to narrow the search field for the latter. It is meant to be a hands-on session, first we will use Aqua’s Trivy scanner to analyze an image generated for a Spring Boot app and then wagoodman's dive to explore in which layer we are introducing a version of a library with critical vulnerabilities, while Maven seems to tell us otherwise.
Digging Into Your App's Container Image Layers for Sneaky Vulnerabilities - Pablo Galego, VMware
Mitigating vulnerabilities in container images is, most of the time, a straight-forward task: update the base image, use a newer version of Node or Java, bump the patch version of a project dependency, etc. However, all useful pieces of software are complex and vulnerability scanning tools fall short on explaining why they are flagging some edge-cases. This session walks you through mitigating critical vulnerabilities in popular container images like Java-based ones, from the obvious to the sneaky ones, and how to leverage layer explorer tools to narrow the search field for the latter. It is meant to be a hands-on session, first we will use Aqua’s Trivy scanner to analyze an image generated for a Spring Boot app and then wagoodman's dive to explore in which layer we are introducing a version of a library with critical vulnerabilities, while Maven seems to tell us otherwise.
- 3 participants
- 26 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Disrupting the Downtime Continuum - Taylor Thomas & Brooks Townsend, Cosmonic
At this point in Cloud Native development, many people run headlong into the “day 2” operational headaches that come with running containers at scale. One of the most frustrating is handling dependency patching and version migration. We’ve all been there. A vulnerability is released and thus begins a frantic scramble to patch hundreds of container images and release them everywhere. WebAssembly and wasmCloud offer a better way! This demo-heavy talk will start with a brief introduction to WebAssembly and what it can enable. Then we will discuss how wasmCloud leverages WebAssembly to make creating and running an application at scale a breeze. We’ll then demonstrate downtime-free migration, patching, and failover between clouds live on stage with no changes to configuration or code.
Disrupting the Downtime Continuum - Taylor Thomas & Brooks Townsend, Cosmonic
At this point in Cloud Native development, many people run headlong into the “day 2” operational headaches that come with running containers at scale. One of the most frustrating is handling dependency patching and version migration. We’ve all been there. A vulnerability is released and thus begins a frantic scramble to patch hundreds of container images and release them everywhere. WebAssembly and wasmCloud offer a better way! This demo-heavy talk will start with a brief introduction to WebAssembly and what it can enable. Then we will discuss how wasmCloud leverages WebAssembly to make creating and running an application at scale a breeze. We’ll then demonstrate downtime-free migration, patching, and failover between clouds live on stage with no changes to configuration or code.
- 2 participants
- 32 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Effective Disaster Recovery: The Day We Deleted Production - Rick Spencer & Wojciech Kocjan, InfluxData
Imagine waking up to an sms, "we lost a cluster." On that day, with a one-line configuration change, we accidentally removed all of the compute from one of our busiest production clusters, causing a multi-hour outage. This presentation will cover the incident from the days leading up to it, to our full recovery, our customers' response to it, and how we implemented changes based on our learnings. It will go into detail about the configuration of our CI/CD pipeline, details about the specific change that caused the outage. Thankfully, we had a disaster recovery plan in place. We will discuss which parts of our disaster recovery plan worked, and critically, the few parts that didn't work. The session will cover a combination of technical and management content.
Effective Disaster Recovery: The Day We Deleted Production - Rick Spencer & Wojciech Kocjan, InfluxData
Imagine waking up to an sms, "we lost a cluster." On that day, with a one-line configuration change, we accidentally removed all of the compute from one of our busiest production clusters, causing a multi-hour outage. This presentation will cover the incident from the days leading up to it, to our full recovery, our customers' response to it, and how we implemented changes based on our learnings. It will go into detail about the configuration of our CI/CD pipeline, details about the specific change that caused the outage. Thankfully, we had a disaster recovery plan in place. We will discuss which parts of our disaster recovery plan worked, and critically, the few parts that didn't work. The session will cover a combination of technical and management content.
- 7 participants
- 37 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Emissary + Linkerd: A Guide to End-to-end Encryption for your Cluster - Flynn, Ambassador Labs & Jason Morgan, Buoyant
In this workshop, members of the Emissary-Ingress and Linkerd teams show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide end-to-end encryption for application calls. They'll guide you through the best practices for using Linkerd and Emissary to give you capabilities like advanced L7 routing, in-cluster mTLS, embedded authentication, rate limiting, and much more. They’ll take you on a tour of each project and show you how they complement each other and make a great addition to your Kubernetes stack. Finally, they'll introduce a reference architecture for running Linkerd and Emissary together and walk you through how to implement it in practice.
Emissary + Linkerd: A Guide to End-to-end Encryption for your Cluster - Flynn, Ambassador Labs & Jason Morgan, Buoyant
In this workshop, members of the Emissary-Ingress and Linkerd teams show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide end-to-end encryption for application calls. They'll guide you through the best practices for using Linkerd and Emissary to give you capabilities like advanced L7 routing, in-cluster mTLS, embedded authentication, rate limiting, and much more. They’ll take you on a tour of each project and show you how they complement each other and make a great addition to your Kubernetes stack. Finally, they'll introduce a reference architecture for running Linkerd and Emissary together and walk you through how to implement it in practice.
- 7 participants
- 35 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Emissary-ingress: Intro and Deep Dive - Flynn, Luke Shumaker & Alice Wasko, Ambassador Labs
Emissary-ingress, a CNCF Incubating project, is a self-service Kubernetes-native open-source API gateway and ingress controller built on the Envoy proxy -- but really, what does that mean? In this session, we'll give attendees an overview of why ingress controllers are necessary, how self-service developer workflows work for developers and for operations, and how Emissary-ingress can make all of this easier. We'll also look at current best practices around designing, managing, and evolving self-service APIs. We'll continue with a deeper dive into Emissary-ingress' evolution and future, notably including a discussion around plans for the upcoming getambassador.io/v3 API version, and - perhaps most importantly - how to get involved as a contributor or as a user who wants to offer feedback. This is a great opportunity to interact directly with the Emissary-ingress maintainers and make sure your voice is heard -- we're looking forward to your help as Emissary-ingress continues to grow and evolve!
Emissary-ingress: Intro and Deep Dive - Flynn, Luke Shumaker & Alice Wasko, Ambassador Labs
Emissary-ingress, a CNCF Incubating project, is a self-service Kubernetes-native open-source API gateway and ingress controller built on the Envoy proxy -- but really, what does that mean? In this session, we'll give attendees an overview of why ingress controllers are necessary, how self-service developer workflows work for developers and for operations, and how Emissary-ingress can make all of this easier. We'll also look at current best practices around designing, managing, and evolving self-service APIs. We'll continue with a deeper dive into Emissary-ingress' evolution and future, notably including a discussion around plans for the upcoming getambassador.io/v3 API version, and - perhaps most importantly - how to get involved as a contributor or as a user who wants to offer feedback. This is a great opportunity to interact directly with the Emissary-ingress maintainers and make sure your voice is heard -- we're looking forward to your help as Emissary-ingress continues to grow and evolve!
- 6 participants
- 30 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Falco to Pluginfinity and Beyond - Leonardo Grasso & Jason Dellaluce, Sysdig
This track will walk you through the astonishing things happening in Falco: a cloud-native runtime security project, the de facto Kubernetes threat detection engine. Two core maintainers, Jason and Leonardo, will give you a practical overview of Falco and its history but also updates on recently introduced features and the evolution of its ecosystem. This talk will deep dive into a new and very amazing feature introduced in Falco: the plugin system! Plugins are a game-changer, making Falco evolve to the next level: the all-in-one tool for cloud security and this maintainer track will show you how!
Falco to Pluginfinity and Beyond - Leonardo Grasso & Jason Dellaluce, Sysdig
This track will walk you through the astonishing things happening in Falco: a cloud-native runtime security project, the de facto Kubernetes threat detection engine. Two core maintainers, Jason and Leonardo, will give you a practical overview of Falco and its history but also updates on recently introduced features and the evolution of its ecosystem. This talk will deep dive into a new and very amazing feature introduced in Falco: the plugin system! Plugins are a game-changer, making Falco evolve to the next level: the all-in-one tool for cloud security and this maintainer track will show you how!
- 3 participants
- 23 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fluent Bit: Logs, OpenMetrics, and OpenTelemetry all-in-one - Eduardo Silva & Anurag Gupta, Calyptia
Observability continues to be an interesting challenge, data collection for logs, metrics, and traces is an expensive operation and different approaches exist. Fluentd and Fluent Bit have been the long-term defacto standard for logging, but recently the projects expanded their scope to support and assist with Metrics and Traces. Fluent Bit now supports data collection, aggregation, and delivery for the world of OpenMetrics (Prometheus) and OpenTelemetry. In this presentation, you will learn how to collect and aggregate Logs, Metrics, and Traces all together without losing control of your data by connecting different protocols at scale. Fluentd and Fluent Bit embraces OpenMetrics and OpenTelemetry vision, come to learn how to optimize your observability pipelines, and implement the best practices for your production environments.
Fluent Bit: Logs, OpenMetrics, and OpenTelemetry all-in-one - Eduardo Silva & Anurag Gupta, Calyptia
Observability continues to be an interesting challenge, data collection for logs, metrics, and traces is an expensive operation and different approaches exist. Fluentd and Fluent Bit have been the long-term defacto standard for logging, but recently the projects expanded their scope to support and assist with Metrics and Traces. Fluent Bit now supports data collection, aggregation, and delivery for the world of OpenMetrics (Prometheus) and OpenTelemetry. In this presentation, you will learn how to collect and aggregate Logs, Metrics, and Traces all together without losing control of your data by connecting different protocols at scale. Fluentd and Fluent Bit embraces OpenMetrics and OpenTelemetry vision, come to learn how to optimize your observability pipelines, and implement the best practices for your production environments.
- 7 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Flux Security Deep Dive - Stefan Prodan, Weaveworks
In this session Stefan will go deep into the security aspects of Flux v2. We'll start by explaining the Flux authorization model and how it relates to Kubernetes RBAC and account impersonation. Then we'll compare the soft and hard multitenancy models from a GitOps perspective. We'll explore the configuration options on how platform admins can lockdown Flux on multitenant environments and how they can onboard tenants onto clusters using the Flux CLI and Git. Finally we'll talk about the Flux roadmap for 2022.
Flux Security Deep Dive - Stefan Prodan, Weaveworks
In this session Stefan will go deep into the security aspects of Flux v2. We'll start by explaining the Flux authorization model and how it relates to Kubernetes RBAC and account impersonation. Then we'll compare the soft and hard multitenancy models from a GitOps perspective. We'll explore the configuration options on how platform admins can lockdown Flux on multitenant environments and how they can onboard tenants onto clusters using the Flux CLI and Git. Finally we'll talk about the Flux roadmap for 2022.
- 2 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Kubernetes to PaaS to … Err, What’s Next? - Daniel Bryant, Ambassador Labs
Developers building applications on Kubernetes today are being asked to not just code applications -- they are also responsible for shipping and running their applications, too. We often talk about needing a Kubernetes platform, but are we really looking for a PaaS? Or instead, are we looking for some kind of developer control plane with a Goldilock-sized collection of tools that provides just the right amount of platform? This talk will look back on my experience of building platforms, both as an end-user and now as part of an organization helping our customers do the same. The key takeaways are: - Treat platform as a product - Realize that you can’t have good developer experience (DevEx) without good UX - Focus on workflows and tooling interoperability We’ll wrap this talk with a walk-through of the CNCF ecosystem through the developer control plane lens, and look at what’s next in the future of this important emerging category.
From Kubernetes to PaaS to … Err, What’s Next? - Daniel Bryant, Ambassador Labs
Developers building applications on Kubernetes today are being asked to not just code applications -- they are also responsible for shipping and running their applications, too. We often talk about needing a Kubernetes platform, but are we really looking for a PaaS? Or instead, are we looking for some kind of developer control plane with a Goldilock-sized collection of tools that provides just the right amount of platform? This talk will look back on my experience of building platforms, both as an end-user and now as part of an organization helping our customers do the same. The key takeaways are: - Treat platform as a product - Realize that you can’t have good developer experience (DevEx) without good UX - Focus on workflows and tooling interoperability We’ll wrap this talk with a walk-through of the CNCF ecosystem through the developer control plane lens, and look at what’s next in the future of this important emerging category.
- 3 participants
- 32 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fun with Continuous Compliance - Ann Wallace, Shopify & Zeal Somani, Google
Is it possible to make compliance fun and less stressful? The old way of doing things is to manually gather evidence once or twice a year and hope nothing bad is found during your audit. This is not fun. In this talk, we’ll go over the concepts of continuous compliance and how to apply this to your current DevSecOps program. Zeal will talk about how the Open Security Controls Assessment Language (OSCAL) can be used to create automated control based assessments. Lastly, Ann will walk through how Shopify uses OSS like Falco and Voucher to achieve continuous compliance at scale. You will walk away from this session with information on how you can make compliance fun or at least less painful.
Fun with Continuous Compliance - Ann Wallace, Shopify & Zeal Somani, Google
Is it possible to make compliance fun and less stressful? The old way of doing things is to manually gather evidence once or twice a year and hope nothing bad is found during your audit. This is not fun. In this talk, we’ll go over the concepts of continuous compliance and how to apply this to your current DevSecOps program. Zeal will talk about how the Open Security Controls Assessment Language (OSCAL) can be used to create automated control based assessments. Lastly, Ann will walk through how Shopify uses OSS like Falco and Voucher to achieve continuous compliance at scale. You will walk away from this session with information on how you can make compliance fun or at least less painful.
- 7 participants
- 40 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Getting the Optimal Service Efficiency That Autoscalers Won’t Give You - Mauro Pessina, Moviri
A challenge when tuning a Kubernetes microservices application is identifying the container size (CPU and Memory), due to frequent application changes and varying traffic patterns. Kubernetes autoscalers are the standard solution to automatically adjust Kubernetes container resources for service efficiency. We present the results of an extensive tuning activity we successfully conducted on a Kubernetes application delivering business-critical financial services to SMB customers. Our goal was to minimize cloud cost without compromising on performance of this application. The unexpected result was that configurations minimizing the service cost were not recommended by the autoscaler. Indeed, autoscalers work by adjusting resource sizing wrt the historical usage, without being aware of the actual cost of cloud resources and of the impact on application performance. In our session, we illustrate how you can use our exploratory testing approach we leveraged to get these results.
Getting the Optimal Service Efficiency That Autoscalers Won’t Give You - Mauro Pessina, Moviri
A challenge when tuning a Kubernetes microservices application is identifying the container size (CPU and Memory), due to frequent application changes and varying traffic patterns. Kubernetes autoscalers are the standard solution to automatically adjust Kubernetes container resources for service efficiency. We present the results of an extensive tuning activity we successfully conducted on a Kubernetes application delivering business-critical financial services to SMB customers. Our goal was to minimize cloud cost without compromising on performance of this application. The unexpected result was that configurations minimizing the service cost were not recommended by the autoscaler. Indeed, autoscalers work by adjusting resource sizing wrt the historical usage, without being aware of the actual cost of cloud resources and of the impact on application performance. In our session, we illustrate how you can use our exploratory testing approach we leveraged to get these results.
- 8 participants
- 37 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Good Governance Practices for CNCF Projects - Dawn Foster, VMware
Too many maintainers think they don’t need governance ... until something goes wrong. Undefined or inadequate governance results in a lack of transparency that causes confusion over how decisions are made, unrealistic expectations, and unresolved disagreements. The CNCF helps projects adopt good governance practices with a focus on fair and transparent governance from sandbox to incubating to graduated. This talk will cover * Why governance is important * Selecting an appropriate governance model * Templates with patterns that work well to bootstrap CNCF projects * The role of mission, values, and scope in setting expectations * Defining roles, responsibilities, processes, and procedures within your governance model * Contributor ladders to help people move into leadership positions * The governance pros and cons of contributing a project to the CNCF The audience will get practical advice about creating fair and neutral governance structures and processes for open source projects.
Good Governance Practices for CNCF Projects - Dawn Foster, VMware
Too many maintainers think they don’t need governance ... until something goes wrong. Undefined or inadequate governance results in a lack of transparency that causes confusion over how decisions are made, unrealistic expectations, and unresolved disagreements. The CNCF helps projects adopt good governance practices with a focus on fair and transparent governance from sandbox to incubating to graduated. This talk will cover * Why governance is important * Selecting an appropriate governance model * Templates with patterns that work well to bootstrap CNCF projects * The role of mission, values, and scope in setting expectations * Defining roles, responsibilities, processes, and procedures within your governance model * Contributor ladders to help people move into leadership positions * The governance pros and cons of contributing a project to the CNCF The audience will get practical advice about creating fair and neutral governance structures and processes for open source projects.
- 4 participants
- 35 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Helm Project 2022: How You Can Benefit, How You Can Help - Scott Rigby, Weaveworks; Matt Butcher, Fermyon; Martin Hickey, IBM; Andrew Block, Red Hat
Helm is a widely used and stable CNCF project that manages packages for Kubernetes, and will continue to dependably deliver what users have grown to love. So, which direction will Helm go in 2022 and beyond? In this session, Helm maintainers will show you why you should continue to be excited about Helm, and what lies ahead. We’ll highlight key features that you can take advantage of – both tried and true features users have grown to love, as well as newly matured features from over the past year. For the dynamic future of Helm, we’ll cover how interested users like you can keep the momentum going by participating and even contributing to the project. We’ll preview what this looks like, from simple tasks that most users can get started with, to helping shape the vision of Helm 4.
Helm Project 2022: How You Can Benefit, How You Can Help - Scott Rigby, Weaveworks; Matt Butcher, Fermyon; Martin Hickey, IBM; Andrew Block, Red Hat
Helm is a widely used and stable CNCF project that manages packages for Kubernetes, and will continue to dependably deliver what users have grown to love. So, which direction will Helm go in 2022 and beyond? In this session, Helm maintainers will show you why you should continue to be excited about Helm, and what lies ahead. We’ll highlight key features that you can take advantage of – both tried and true features users have grown to love, as well as newly matured features from over the past year. For the dynamic future of Helm, we’ll cover how interested users like you can keep the momentum going by participating and even contributing to the project. We’ll preview what this looks like, from simple tasks that most users can get started with, to helping shape the vision of Helm 4.
- 5 participants
- 42 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Attackers Use Exposed Prometheus Server to Exploit Kubernetes Clusters - David de Torres Huerta & Miguel Hernández, Sysdig
Prometheus has become the standard for monitoring Kubernetes services. It comes with a set of helpful exporters, and Kubernetes offers several metrics endpoints directly through the API. These features enable monitoring and troubleshooting of most situations that SREs face on a daily basis. But, what if an attacker accesses your Prometheus server? How much information can they get for fingerprinting the cluster? Kernel versions, IP addresses, instance types, library versions…the list goes on and on. In this session, you will learn how attackers use this information in the first part of reconnaissance, to see if you are vulnerable. The speakers will share - What secrets they collect to fingerprint your Kubernetes cluster (hint: they're not after your timeseries) - How to leverage this information internally to secure your cluster - How to prevent the exposition of sensitive information No matter how many safety best practices you apply, you must be aware of every link of the chain.
How Attackers Use Exposed Prometheus Server to Exploit Kubernetes Clusters - David de Torres Huerta & Miguel Hernández, Sysdig
Prometheus has become the standard for monitoring Kubernetes services. It comes with a set of helpful exporters, and Kubernetes offers several metrics endpoints directly through the API. These features enable monitoring and troubleshooting of most situations that SREs face on a daily basis. But, what if an attacker accesses your Prometheus server? How much information can they get for fingerprinting the cluster? Kernel versions, IP addresses, instance types, library versions…the list goes on and on. In this session, you will learn how attackers use this information in the first part of reconnaissance, to see if you are vulnerable. The speakers will share - What secrets they collect to fingerprint your Kubernetes cluster (hint: they're not after your timeseries) - How to leverage this information internally to secure your cluster - How to prevent the exposition of sensitive information No matter how many safety best practices you apply, you must be aware of every link of the chain.
- 3 participants
- 22 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Cookpad Leverages Triton Inference Server To Boost Their Model Serving - Jose Navarro & Prayana Galih, Cookpad
The adoption of MLOps practices and tooling by organizations has considerably reduced the pain points to productionise Machine Learning models. However, with the increase of the number of models available by a company to deploy, the diversity of frameworks used to train those models and the different infrastructure required to run each model, new challenges arise for Machine Learning Platform teams e.g: How can we deploy new models from the same or different frameworks concurrently? How can we improve throughput and optimize resource utilization in our serving infrastructure, especially GPUs? Cookpad ML Platform Engineers will talk in this session how Triton Inference Server, an open-source model serving tool from Nvidia, can simplify the process of model deployment and optimise the resource utilisation by efficiently supporting concurrent models on single GPU or CPU, and multi-GPU servers.
How Cookpad Leverages Triton Inference Server To Boost Their Model Serving - Jose Navarro & Prayana Galih, Cookpad
The adoption of MLOps practices and tooling by organizations has considerably reduced the pain points to productionise Machine Learning models. However, with the increase of the number of models available by a company to deploy, the diversity of frameworks used to train those models and the different infrastructure required to run each model, new challenges arise for Machine Learning Platform teams e.g: How can we deploy new models from the same or different frameworks concurrently? How can we improve throughput and optimize resource utilization in our serving infrastructure, especially GPUs? Cookpad ML Platform Engineers will talk in this session how Triton Inference Server, an open-source model serving tool from Nvidia, can simplify the process of model deployment and optimise the resource utilisation by efficiently supporting concurrent models on single GPU or CPU, and multi-GPU servers.
- 5 participants
- 32 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Lombard Odier Deployed VPA to Increase Resource Usage Efficiency - Vincent Sevel, Lombard Odier SA
Container orchestrators have become the de-facto standard to deploy a wide variety of workloads. As the number of deployments increases, so is the pressure on resource usage, and hardware costs. Container runtimes and Kubernetes come with a set of tools that help make the most out of your infrastructure such as cgroups with resource usage limitation and prioritization, requests and limits on cpu and memory, quality of services. Even with those tools, it can be challenging to understand how they work, and how to use them. In this talk, the speaker will offer a review of the available mechanisms, how they map at the orchestrator and runtime levels, and introduce the Vertical Pod Autoscaler as a mean to optimize resource tuning at scale. He will share some of the lessons the company learned since starting this effort. And finally he will describe where they are in the deployment phase, and give some perspective on the direction where they are headed.
How Lombard Odier Deployed VPA to Increase Resource Usage Efficiency - Vincent Sevel, Lombard Odier SA
Container orchestrators have become the de-facto standard to deploy a wide variety of workloads. As the number of deployments increases, so is the pressure on resource usage, and hardware costs. Container runtimes and Kubernetes come with a set of tools that help make the most out of your infrastructure such as cgroups with resource usage limitation and prioritization, requests and limits on cpu and memory, quality of services. Even with those tools, it can be challenging to understand how they work, and how to use them. In this talk, the speaker will offer a review of the available mechanisms, how they map at the orchestrator and runtime levels, and introduce the Vertical Pod Autoscaler as a mean to optimize resource tuning at scale. He will share some of the lessons the company learned since starting this effort. And finally he will describe where they are in the deployment phase, and give some perspective on the direction where they are headed.
- 5 participants
- 34 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Improving GPU Utilization using Kubernetes - Maulin Patel & Pradeep Venkatachalam, Google
Kubernetes supports efficient utilization of resources by enabling applications to request the precise amounts of resources it needs. Unlike fractional requests for CPUs, fractional requests for GPUs are not allowed in Kubernetes. GPU resources requested in the pod manifest must be an integer number. This means one GPU is fully allocated to one container even if the container only needs a fraction of GPU for its workload. Without the support for fractional GPUs, GPU resources are invariably over provisioned leading to a wastage. This is especially true for inference workloads that process a handful of data samples in real-time. To address this limitation, we have developed user-friendly solutions that allow a single GPU to be shared by multiple containers thereby improving utilization of GPUs and saving cost. In this talk, we will show the demos of our solutions and share performance results.
Improving GPU Utilization using Kubernetes - Maulin Patel & Pradeep Venkatachalam, Google
Kubernetes supports efficient utilization of resources by enabling applications to request the precise amounts of resources it needs. Unlike fractional requests for CPUs, fractional requests for GPUs are not allowed in Kubernetes. GPU resources requested in the pod manifest must be an integer number. This means one GPU is fully allocated to one container even if the container only needs a fraction of GPU for its workload. Without the support for fractional GPUs, GPU resources are invariably over provisioned leading to a wastage. This is especially true for inference workloads that process a handful of data samples in real-time. To address this limitation, we have developed user-friendly solutions that allow a single GPU to be shared by multiple containers thereby improving utilization of GPUs and saving cost. In this talk, we will show the demos of our solutions and share performance results.
- 6 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to Kubernetes, GitOps, and Observability Hands-On Tutorial - Joaquin Rodriguez, Microsoft & Tiffany Wang, Weaveworks
This tutorial offers newcomers a quick way to experience Kubernetes and its natural evolutionary developments: GitOps and Observability. Attendees will be able to use and experience the benefits of Kubernetes that impact reliability, velocity, security, and more. The session will cover key concepts and practices, as well as offer attendees a way to experience the commands in real-time. The tutorial covers: - kubectl - K9s - Metrics (Prometheus) - Dashboards (Grafana) - Logging (Fluent Bit) - GitOps (FluxCD) Attendees will be able to walk through the steps via a browser-based platform. Instructors will lead the topics and help to troubleshoot. Prerequisites: A computer with a modern browser (Edge, Chrome, Safari, Firefox) GitHub ID with 2FA enabled.
Intro to Kubernetes, GitOps, and Observability Hands-On Tutorial - Joaquin Rodriguez, Microsoft & Tiffany Wang, Weaveworks
This tutorial offers newcomers a quick way to experience Kubernetes and its natural evolutionary developments: GitOps and Observability. Attendees will be able to use and experience the benefits of Kubernetes that impact reliability, velocity, security, and more. The session will cover key concepts and practices, as well as offer attendees a way to experience the commands in real-time. The tutorial covers: - kubectl - K9s - Metrics (Prometheus) - Dashboards (Grafana) - Logging (Fluent Bit) - GitOps (FluxCD) Attendees will be able to walk through the steps via a browser-based platform. Instructors will lead the topics and help to troubleshoot. Prerequisites: A computer with a modern browser (Edge, Chrome, Safari, Firefox) GitHub ID with 2FA enabled.
- 8 participants
- 1:17 hours
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to the Cloud Native Maturity Model - Danielle Cook, Fairwinds; Simon Forster, Stakegy; Robbie Glenn & John Forman, Accenture
Since 2021, the Cartografos Working Group has produced the Cloud Native Maturity Model. In this session, the chairs will review the Cloud Native Maturity, discuss the latest updates and inclusions and solicit participation in the group.
Intro to the Cloud Native Maturity Model - Danielle Cook, Fairwinds; Simon Forster, Stakegy; Robbie Glenn & John Forman, Accenture
Since 2021, the Cartografos Working Group has produced the Cloud Native Maturity Model. In this session, the chairs will review the Cloud Native Maturity, discuss the latest updates and inclusions and solicit participation in the group.
- 9 participants
- 34 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to the Kubernetes WG Batch - Aldo Culquicondor & Abdullah Gharaibeh, Google; Alex Wang, Alibaba
The Kubernetes Working Group Batch was newly formed in the beginning of 2022. The Working Group aims to be a forum to discuss and propose enhancements to support for Batch (eg. HPC, AI/ML, data analytics, CI) workloads in core Kubernetes. We want to unify the way users deploy batch workloads to improve portability and to simplify supportability for Kubernetes providers. In this session, you will learn about the WG goals and roadmap , as well as the early efforts performed by our contributors.
Introduction to the Kubernetes WG Batch - Aldo Culquicondor & Abdullah Gharaibeh, Google; Alex Wang, Alibaba
The Kubernetes Working Group Batch was newly formed in the beginning of 2022. The Working Group aims to be a forum to discuss and propose enhancements to support for Batch (eg. HPC, AI/ML, data analytics, CI) workloads in core Kubernetes. We want to unify the way users deploy batch workloads to improve portability and to simplify supportability for Kubernetes providers. In this session, you will learn about the WG goals and roadmap , as well as the early efforts performed by our contributors.
- 7 participants
- 37 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
It’s All for the Users. More Durable, Secure, and Pluggable. KubeVirt v0.53 - Alice Frosi, Red Hat
If you liked KubeVirt before, you'll like it even better now, and if you ignored it before, it's time you tried it out. In the last year, KubeVirt has added numerous features, improving scalability, security, storage, network options, and usage for specialized hardware and edge applications. Join the KubeVirt contributors for a brief tour of what's new, including: - Additional traditional storage features for hotplug and snapshots - More mature high performance computing with SRIOV and vNUMA availability - Improved security with unprivileged VMs - Foundation for technical workstations using vGPU slicing - Don’t fear updates with mature Live Migrations - Improved automation with new like Argo CD and Tekton integrations - Rapid Kubernetes tenant cluster using ClusterAPI - On the verge to CNCF Incubator? We'll explain and even demo some of the new features. KubeVirt is going places, join our session to find out how it can help you go places too.
It’s All for the Users. More Durable, Secure, and Pluggable. KubeVirt v0.53 - Alice Frosi, Red Hat
If you liked KubeVirt before, you'll like it even better now, and if you ignored it before, it's time you tried it out. In the last year, KubeVirt has added numerous features, improving scalability, security, storage, network options, and usage for specialized hardware and edge applications. Join the KubeVirt contributors for a brief tour of what's new, including: - Additional traditional storage features for hotplug and snapshots - More mature high performance computing with SRIOV and vNUMA availability - Improved security with unprivileged VMs - Foundation for technical workstations using vGPU slicing - Don’t fear updates with mature Live Migrations - Improved automation with new like Argo CD and Tekton integrations - Rapid Kubernetes tenant cluster using ClusterAPI - On the verge to CNCF Incubator? We'll explain and even demo some of the new features. KubeVirt is going places, join our session to find out how it can help you go places too.
- 6 participants
- 35 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Jaeger: Present and Future - Pavol Loffay, Red Hat & Jonah Kowall, Logz.io
In this session, we will start with an introduction to the Jaeger distributed tracing project and the basics of distributed tracing. For the deeper dive, we will discuss the future of Jaeger and its relation to OpenTelemetry. We will cover how OpenTelemetry and Jaeger work together to unlock new use cases for operational monitoring using the new monitoring tab, which adds metrics capabilities to Jaeger UI. We will also take a closer look at the Jaeger Kubernetes operator and discuss deployment strategies. Jaeger is the most popular open-source distributed tracing backend. We are always seeking new collaborators, contributors, and users. We need your help! Whether your goal is to get acquainted with Jaeger and distributed tracing or to keep abreast with the latest and greatest, please join us!
Jaeger: Present and Future - Pavol Loffay, Red Hat & Jonah Kowall, Logz.io
In this session, we will start with an introduction to the Jaeger distributed tracing project and the basics of distributed tracing. For the deeper dive, we will discuss the future of Jaeger and its relation to OpenTelemetry. We will cover how OpenTelemetry and Jaeger work together to unlock new use cases for operational monitoring using the new monitoring tab, which adds metrics capabilities to Jaeger UI. We will also take a closer look at the Jaeger Kubernetes operator and discuss deployment strategies. Jaeger is the most popular open-source distributed tracing backend. We are always seeking new collaborators, contributors, and users. We need your help! Whether your goal is to get acquainted with Jaeger and distributed tracing or to keep abreast with the latest and greatest, please join us!
- 6 participants
- 45 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
K8s and Active Directory Can Be Friends! How to Use Dex to Bridge the Gap - Onkar Bhat, Kasten by Veeam
So, you’ve decided to migrate your applications to Kubernetes, but you still want to leverage your legacy Active Directory services to authenticate access to those applications. With Dex, this isn’t just possible, it’s easy! Dex is an identity service that uses OpenID connect to authenticate apps by configuring connectors to defer authentication to an external entity, such as an AD server using the LDAP protocol. Onkar has worked with multiple organizations to help them deploy Dex and configure the LDAP connector to meet such authentication requirements. During this hands-on tutorial, attendees will set up an open source AD server and add users and groups, then configure the Dex LDAP connector. Onkar will guide them through the process step-by-step, then wrap up with a demonstration of how to use Dex to authenticate access to a sample application. You’ll leave with practical experience and confidence to deploy the same configuration in a production environment.
K8s and Active Directory Can Be Friends! How to Use Dex to Bridge the Gap - Onkar Bhat, Kasten by Veeam
So, you’ve decided to migrate your applications to Kubernetes, but you still want to leverage your legacy Active Directory services to authenticate access to those applications. With Dex, this isn’t just possible, it’s easy! Dex is an identity service that uses OpenID connect to authenticate apps by configuring connectors to defer authentication to an external entity, such as an AD server using the LDAP protocol. Onkar has worked with multiple organizations to help them deploy Dex and configure the LDAP connector to meet such authentication requirements. During this hands-on tutorial, attendees will set up an open source AD server and add users and groups, then configure the Dex LDAP connector. Onkar will guide them through the process step-by-step, then wrap up with a demonstration of how to use Dex to authenticate access to a sample application. You’ll leave with practical experience and confidence to deploy the same configuration in a production environment.
- 2 participants
- 1:07 hours
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KubeEdge: From Fixed Location to Movable Edge, Latest Updates and Future - Kevin Wang (Zefeng), Huawei & Yin Ding, Google
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since last met, KubeEdge has made big progress on user adoption, community development, cross-community collaborations. In this talk, Kevin and Yin will cover: 1. latest user adoptions in several new industries, including: cloud native satellite, smart vehicles, offshore oil fields, etc; 2. development updates, including: significant scalability improvement, brand new device mapping interface, 3. Project roadmap, SIG and subproject updates. 4. Useful informations on how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
KubeEdge: From Fixed Location to Movable Edge, Latest Updates and Future - Kevin Wang (Zefeng), Huawei & Yin Ding, Google
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since last met, KubeEdge has made big progress on user adoption, community development, cross-community collaborations. In this talk, Kevin and Yin will cover: 1. latest user adoptions in several new industries, including: cloud native satellite, smart vehicles, offshore oil fields, etc; 2. development updates, including: significant scalability improvement, brand new device mapping interface, 3. Project roadmap, SIG and subproject updates. 4. Useful informations on how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
- 4 participants
- 33 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Event-driven Autoscaling with KEDA - Zbynek Roubalik, Red Hat & Jorge Turrado, Docplanner Tech
Nowadays, the popularity of event-driven applications is rising, they enable us to design and develop scalable, distributed, and flexible systems. Kubernetes platform brings the distributed and flexible aspect, though it doesn't provide any built-in way to deal with event-driven scaling properly. Scaling based on CPU and/or memory usage doesn’t fit well with event-driven processes. The majority of autoscaling solutions are usually complex, and their scopes are too attached to a specific provider. KEDA came to solve these problems, providing a simple way to gather the metrics from external sources and translate them into Kubernetes metrics to drive the event-driven autoscaling. During this session, we will introduce KEDA: what it is, how it works, show it in action, and discuss future development.
Kubernetes Event-driven Autoscaling with KEDA - Zbynek Roubalik, Red Hat & Jorge Turrado, Docplanner Tech
Nowadays, the popularity of event-driven applications is rising, they enable us to design and develop scalable, distributed, and flexible systems. Kubernetes platform brings the distributed and flexible aspect, though it doesn't provide any built-in way to deal with event-driven scaling properly. Scaling based on CPU and/or memory usage doesn’t fit well with event-driven processes. The majority of autoscaling solutions are usually complex, and their scopes are too attached to a specific provider. KEDA came to solve these problems, providing a simple way to gather the metrics from external sources and translate them into Kubernetes metrics to drive the event-driven autoscaling. During this session, we will introduce KEDA: what it is, how it works, show it in action, and discuss future development.
- 8 participants
- 37 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Storage Deep Dive - Xing Yang, VMware & Jan Šafránek, Red Hat
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
Kubernetes SIG Storage Deep Dive - Xing Yang, VMware & Jan Šafránek, Red Hat
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
- 7 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG UI Introduction and Updates - Sebastian Florek & Marcin Maciaszczyk, Kubermatic; Shu Muto, NEC
SIG UI is the special interest group developing Kubernetes Dashboard. In this session the SIG UI leads will provide an overview of what was accomplished over the past year, including new views, functions, internationalizations, leadership changes etc. They will also share plans for the upcoming releases. The session will conclude with an open discussion and Q&A.
Kubernetes SIG UI Introduction and Updates - Sebastian Florek & Marcin Maciaszczyk, Kubermatic; Shu Muto, NEC
SIG UI is the special interest group developing Kubernetes Dashboard. In this session the SIG UI leads will provide an overview of what was accomplished over the past year, including new views, functions, internationalizations, leadership changes etc. They will also share plans for the upcoming releases. The session will conclude with an open discussion and Q&A.
- 6 participants
- 22 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Steering Committee AMA - Christoph Blecker, Red Hat; Bob Killen, Google; Tim Pepper & Davanum Srinivas, VMware; Paris Pittman, Apple; Stephen Augustus, Cisco
The steering committee is tasked with decision-making and oversight with all things related to Kubernetes. This panel discussion is a chance for some navel gazing on where we are today, what got us here and where we are headed to next. This will also be a chance for the steering committee to meet face to face with their constituents in the community and wider ecosystem. https://github.com/kubernetes/steering
Kubernetes Steering Committee AMA - Christoph Blecker, Red Hat; Bob Killen, Google; Tim Pepper & Davanum Srinivas, VMware; Paris Pittman, Apple; Stephen Augustus, Cisco
The steering committee is tasked with decision-making and oversight with all things related to Kubernetes. This panel discussion is a chance for some navel gazing on where we are today, what got us here and where we are headed to next. This will also be a chance for the steering committee to meet face to face with their constituents in the community and wider ecosystem. https://github.com/kubernetes/steering
- 10 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes for Mac: How to Consume Shiny AWS Mac Shapes for iOS Builds - Madhuri Yechuri, Elotl & Zach Gray, Flare.build
iOS builds have traditionally run on manually managed Mac servers sitting in brick and mortar data centers. Availability of Mac compute shapes on AWS presents a unique opportunity to move these builds into the cloud along with the ease of managing them via Kubernetes, thereby simplifying Operations. This talk describes Flare.build’s journey of evaluating manually-managed vs Kubernetes-managed Mac compute shapes on AWS, lessons learnt, and suggested best practices.
Kubernetes for Mac: How to Consume Shiny AWS Mac Shapes for iOS Builds - Madhuri Yechuri, Elotl & Zach Gray, Flare.build
iOS builds have traditionally run on manually managed Mac servers sitting in brick and mortar data centers. Availability of Mac compute shapes on AWS presents a unique opportunity to move these builds into the cloud along with the ease of managing them via Kubernetes, thereby simplifying Operations. This talk describes Flare.build’s journey of evaluating manually-managed vs Kubernetes-managed Mac compute shapes on AWS, lessons learnt, and suggested best practices.
- 5 participants
- 37 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes is Your Platform: Design Patterns For Extensible Controllers - Rafael Fernández López, SUSE & Fabrizio Pandini, VMware
Developing Controllers -- as well as other Kubernetes native extensions like admission webhooks -- is quickly becoming a mainstream practice to solve problems in a Kubernetes native way; but while developing a simple controller is pretty straightforward, things become complex as soon as you have behavioral dependencies with other components. But don't worry, this talk will provide you with reusable design patterns derived from the concrete experience and the hard lessons learned by the maintainers of Cluster API and Kubewarden, two projects built around the idea of extensible controllers. How to develop a plug-in system for your controller/admission webhook? How to add to your controller the capability to do RPC calls to pluggable external components? How to orchestrate many controllers co-operating in solving complex tasks? Come to this talk, we got you covered!
Kubernetes is Your Platform: Design Patterns For Extensible Controllers - Rafael Fernández López, SUSE & Fabrizio Pandini, VMware
Developing Controllers -- as well as other Kubernetes native extensions like admission webhooks -- is quickly becoming a mainstream practice to solve problems in a Kubernetes native way; but while developing a simple controller is pretty straightforward, things become complex as soon as you have behavioral dependencies with other components. But don't worry, this talk will provide you with reusable design patterns derived from the concrete experience and the hard lessons learned by the maintainers of Cluster API and Kubewarden, two projects built around the idea of extensible controllers. How to develop a plug-in system for your controller/admission webhook? How to add to your controller the capability to do RPC calls to pluggable external components? How to orchestrate many controllers co-operating in solving complex tasks? Come to this talk, we got you covered!
- 3 participants
- 31 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Maintainers, Project Services and CNCF - Amye Scarvada Perrin & Jeffrey Sica, Cloud Native Computing Foundation
Curious about the support that CNCF provides for projects?
Come join a conversation with Amye Scavarda Perrin, Director of Developer Programs, and Jeffrey Sica, Principal Developer Experience Engineer as they discuss options for projects, maintainers, and help answer questions from project maintainers about where to go for more resources.
Maintainers, Project Services and CNCF - Amye Scarvada Perrin & Jeffrey Sica, Cloud Native Computing Foundation
Curious about the support that CNCF provides for projects?
Come join a conversation with Amye Scavarda Perrin, Director of Developer Programs, and Jeffrey Sica, Principal Developer Experience Engineer as they discuss options for projects, maintainers, and help answer questions from project maintainers about where to go for more resources.
- 9 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Make the Secure Kubernetes Supply Chain Work for You - Adolfo García Veytia, Chainguard
Starting in Kubernetes 1.22, SIG Release started building new security features into Kubernetes releases to make the project a better citizen in the software supply chain. The push to secure the release process has produced tools and processes that have improved the way other projects in the ecosystem are released. At the same time, we have made sure that Kubernetes plays well in the wider chain: verifying what we get from upstream and making sure consumers of our artifacts can trust what they get from us. This talk will give an overview of lessons learned and tools we have created that you can reuse in your own projects to secure your releases. It will center around three key moments and technologies: The initial effort involved producing SBOMs to describe sources and artifacts along with their dependencies. Then, we'll understand the provenance attestations that make the release process SLSA compliant. Finally, we'll see how digital signatures are implemented in the project.
Make the Secure Kubernetes Supply Chain Work for You - Adolfo García Veytia, Chainguard
Starting in Kubernetes 1.22, SIG Release started building new security features into Kubernetes releases to make the project a better citizen in the software supply chain. The push to secure the release process has produced tools and processes that have improved the way other projects in the ecosystem are released. At the same time, we have made sure that Kubernetes plays well in the wider chain: verifying what we get from upstream and making sure consumers of our artifacts can trust what they get from us. This talk will give an overview of lessons learned and tools we have created that you can reuse in your own projects to secure your releases. It will center around three key moments and technologies: The initial effort involved producing SBOMs to describe sources and artifacts along with their dependencies. Then, we'll understand the provenance attestations that make the release process SLSA compliant. Finally, we'll see how digital signatures are implemented in the project.
- 6 participants
- 34 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-cluster Failover Using Linkerd - Charles Pretzer, Buoyant, Inc.
Failover across clusters is a great way to improve the overall uptime and reliability of Kubernetes applications. While whole-cluster failover can be accomplished at the global ingress layer, failing over individual services is a little more difficult. During this hands-on tutorial, Charles Pretzer, Linkerd team member, will walk attendees through how to use Linkerd, the CNCF graduated service mesh, to enable traffic failover for individual services across clusters. Attendees will learn how to combine service mesh metrics, traffic shifting, and cross-cluster communication in a cohesive and automated way using pure open source, while preserving fundamental security guarantees such as mutual TLS.
Multi-cluster Failover Using Linkerd - Charles Pretzer, Buoyant, Inc.
Failover across clusters is a great way to improve the overall uptime and reliability of Kubernetes applications. While whole-cluster failover can be accomplished at the global ingress layer, failing over individual services is a little more difficult. During this hands-on tutorial, Charles Pretzer, Linkerd team member, will walk attendees through how to use Linkerd, the CNCF graduated service mesh, to enable traffic failover for individual services across clusters. Attendees will learn how to combine service mesh metrics, traffic shifting, and cross-cluster communication in a cohesive and automated way using pure open source, while preserving fundamental security guarantees such as mutual TLS.
- 3 participants
- 1:31 hours
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Network-aware Scheduling in Kubernetes - José Santos, Ghent University
Recent applications are latency-sensitive, demanding low latency between microservices in the application. Current scheduling algorithms in Kubernetes aim to reduce costs and increase resource efficiency, which is not enough for applications where end-to-end latency becomes a primary objective. Applications such as databases and multi-tier web services would benefit the most from network-aware scheduling policies that consider latency and bandwidth in addition to default resources (CPU and memory). We introduce a network-aware scheduling framework to tackle this challenge, including two controllers (AppGroup and NetworkTopology) and three scheduling plugins (TopologicalSort, NodeNetworkCostFit, and NetworkMinCost). The framework ensures bandwidth reservations and optimizes the end-to-end application latency since it schedules pods in an application with chained dependencies close to each other. We will show a demo highlighting the benefits of our framework.
Network-aware Scheduling in Kubernetes - José Santos, Ghent University
Recent applications are latency-sensitive, demanding low latency between microservices in the application. Current scheduling algorithms in Kubernetes aim to reduce costs and increase resource efficiency, which is not enough for applications where end-to-end latency becomes a primary objective. Applications such as databases and multi-tier web services would benefit the most from network-aware scheduling policies that consider latency and bandwidth in addition to default resources (CPU and memory). We introduce a network-aware scheduling framework to tackle this challenge, including two controllers (AppGroup and NetworkTopology) and three scheduling plugins (TopologicalSort, NodeNetworkCostFit, and NetworkMinCost). The framework ensures bandwidth reservations and optimizes the end-to-end application latency since it schedules pods in an application with chained dependencies close to each other. We will show a demo highlighting the benefits of our framework.
- 6 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
No Docker, No YAML and a Polyglot Developer Experience on Top of Kubernetes - Thomas Vitale, Systematic & Mauricio Salatino, VMware
Let's build a CaaS (Containers-as-a-Service) platform that delivers a similar experience to well-loved solutions like Google Cloud Run and Azure Container Apps. Those platforms allow you to run your applications without the need to know about containers or Kubernetes. They take your source code and remotely build and deploy your software while hiding away the complexity of Docker and Kubernetes. This presentation gives practical advice on how to build such a platform in a cloud provider-agnostic way on top of Kubernetes using only open-source projects.
Thomas and Mauricio will show how the platform can scale and provide developers with a polyglot environment to code, build and deploy their event-driven applications. The presentation will cover how tools like Knative, CloudEvents, Buildpacks, func CLI, and popular languages like Java, Go, and Python can be glued together to provide an optimized polyglot developer experience that can be tested and demoed in front of a live audience.
No Docker, No YAML and a Polyglot Developer Experience on Top of Kubernetes - Thomas Vitale, Systematic & Mauricio Salatino, VMware
Let's build a CaaS (Containers-as-a-Service) platform that delivers a similar experience to well-loved solutions like Google Cloud Run and Azure Container Apps. Those platforms allow you to run your applications without the need to know about containers or Kubernetes. They take your source code and remotely build and deploy your software while hiding away the complexity of Docker and Kubernetes. This presentation gives practical advice on how to build such a platform in a cloud provider-agnostic way on top of Kubernetes using only open-source projects.
Thomas and Mauricio will show how the platform can scale and provide developers with a polyglot environment to code, build and deploy their event-driven applications. The presentation will cover how tools like Knative, CloudEvents, Buildpacks, func CLI, and popular languages like Java, Go, and Python can be glued together to provide an optimized polyglot developer experience that can be tested and demoed in front of a live audience.
- 2 participants
- 33 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OSS Docs and How to Scale Them: Common Themes From the CNCF Ecosystem - Celeste Horgan, CNCF
The first interaction new users have with an open source project is documentation. Documentation is a key adoption driver for open source projects, and the professionalism, completeness, and presentation of your documentation has a dramatic impact on how your project is perceived by potential users. How do you get your project’s docs to shine? How do you set your tooling up to support you as you grow? What metrics can we use to evaluate the quality of a project’s documentation? In this talk we use data from the CNCF’s documentation assessment service to give an overview of common issues we see with open source project’s documentation and how to resolve them. She breaks out these issues by project maturity and community size, and discusses how a given project’s documentation needs change as it grows. Finally, we discuss how projects can best get documentation done as they grow, based on what we’ve seen work in various CNCF project communities.
OSS Docs and How to Scale Them: Common Themes From the CNCF Ecosystem - Celeste Horgan, CNCF
The first interaction new users have with an open source project is documentation. Documentation is a key adoption driver for open source projects, and the professionalism, completeness, and presentation of your documentation has a dramatic impact on how your project is perceived by potential users. How do you get your project’s docs to shine? How do you set your tooling up to support you as you grow? What metrics can we use to evaluate the quality of a project’s documentation? In this talk we use data from the CNCF’s documentation assessment service to give an overview of common issues we see with open source project’s documentation and how to resolve them. She breaks out these issues by project maturity and community size, and discusses how a given project’s documentation needs change as it grows. Finally, we discuss how projects can best get documentation done as they grow, based on what we’ve seen work in various CNCF project communities.
- 2 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Overview and State of Knative - Mauricio Salatino, VMware & Carlos Santana, IBM
As the most widely-adopted serverless platform on Kubernetes, Knative offers a simplified developer experience deploying and managing stateless and event-driven applications. In this session, we'll give attendees an overview of the Knative philosophy of being Kubernetes-native and working well with existing Kubernetes tools. Then we'll provide a demo of FaaS using Knative and conclude with a roadmap for what's next. Most importantly, we'll provide information on how you can get involved either as a contributor or end-user who wants to give feedback on its future direction. With its recent donation to the CNCF at the incubating level, there's never been a better time to get started with Knative.
Overview and State of Knative - Mauricio Salatino, VMware & Carlos Santana, IBM
As the most widely-adopted serverless platform on Kubernetes, Knative offers a simplified developer experience deploying and managing stateless and event-driven applications. In this session, we'll give attendees an overview of the Knative philosophy of being Kubernetes-native and working well with existing Kubernetes tools. Then we'll provide a demo of FaaS using Knative and conclude with a roadmap for what's next. Most importantly, we'll provide information on how you can get involved either as a contributor or end-user who wants to give feedback on its future direction. With its recent donation to the CNCF at the incubating level, there's never been a better time to get started with Knative.
- 3 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Prow! Leveraging Developer-Centric CI for Your OSS Project! - Nabarun Pal, VMware & Arsh Sharma, Okteto
Prow is a CI system maintained by Kubernetes SIG Testing to test Kubernetes on Kubernetes. Prow is designed as a pluggable system of components and it can be used as a generic CI system. The robust architecture of Prow can lead to challenges in deploying it. In the talk, we will navigate the challenges faced when deploying and using Prow, including setting up the Prow control plane components, configuring access for GitHub repos, and enabling Prow plugins. Prow is used by large projects in the CNCF landscape like Kubernetes, Knative, cert-manager, Falco, to name a few. Even though a lot of these projects have deployed Prow successfully, it is a challenge to set up Prow. The talk will highlight the common pitfalls and gotchas that one will run into when deploying Prow. The talk would cover * A roundup of Prow Architecture * Cloud resources required for Prow and setting them up * Capabilities of Prow like running tests, using GitHub comments for interaction, auto merging pull requests.
Prow! Leveraging Developer-Centric CI for Your OSS Project! - Nabarun Pal, VMware & Arsh Sharma, Okteto
Prow is a CI system maintained by Kubernetes SIG Testing to test Kubernetes on Kubernetes. Prow is designed as a pluggable system of components and it can be used as a generic CI system. The robust architecture of Prow can lead to challenges in deploying it. In the talk, we will navigate the challenges faced when deploying and using Prow, including setting up the Prow control plane components, configuring access for GitHub repos, and enabling Prow plugins. Prow is used by large projects in the CNCF landscape like Kubernetes, Knative, cert-manager, Falco, to name a few. Even though a lot of these projects have deployed Prow successfully, it is a challenge to set up Prow. The talk will highlight the common pitfalls and gotchas that one will run into when deploying Prow. The talk would cover * A roundup of Prow Architecture * Cloud resources required for Prow and setting them up * Capabilities of Prow like running tests, using GitHub comments for interaction, auto merging pull requests.
- 2 participants
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation
Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation
- 13 participants
- 39 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Real World SPIFFE Scenarios and Outcomes - Andres Vega & Frederick Kautz, SPIFFE Steering Committee
SPIFFE aims to strengthen the identification of software components in a common way that can be leveraged across distributed systems by anyone, anywhere. The ability to maintain software security by standardizing how systems define, attest, and maintain software identity, regardless of where systems are deployed or who deploys those systems, confers many benefits. The use of SPIFFE can significantly reduce costs associated with the overhead of managing and issuing cryptographic identity documents and accelerate development by removing the need for developers to understand the complexity involved to secure service-to-service communication, but that is not the only outcome. Production identity can have a positive impact on many areas such as interoperability, compliance, audibility, and more. This presentation demonstrates the real world scenarios and outcomes of deploying SPIFFE across your infrastructure and also using it to bridge and integrate the infrastructure of others.
Real World SPIFFE Scenarios and Outcomes - Andres Vega & Frederick Kautz, SPIFFE Steering Committee
SPIFFE aims to strengthen the identification of software components in a common way that can be leveraged across distributed systems by anyone, anywhere. The ability to maintain software security by standardizing how systems define, attest, and maintain software identity, regardless of where systems are deployed or who deploys those systems, confers many benefits. The use of SPIFFE can significantly reduce costs associated with the overhead of managing and issuing cryptographic identity documents and accelerate development by removing the need for developers to understand the complexity involved to secure service-to-service communication, but that is not the only outcome. Production identity can have a positive impact on many areas such as interoperability, compliance, audibility, and more. This presentation demonstrates the real world scenarios and outcomes of deploying SPIFFE across your infrastructure and also using it to bridge and integrate the infrastructure of others.
- 7 participants
- 49 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Releasing Kubernetes Less Often and More Secure – The SIG Release Update - Adolfo García Veytia & Carlos Panato, Chainguard; Sascha Grunert, Red Hat; Stephen Augustus, Cisco
The Kubernetes Special Interest Group (SIG) Release is inviting you to join their project update at KubeCon! Adolfo, Carlos, Sascha and Stephen will speak about the latest changes to the SIG as well as its influence on the overall Kubernetes project. The session will cover how the SIG Release roadmap and vision maps to recent project development efforts, which enhancements to the general release process they’re currently working on, as well as the lessons learned from past release cycles. As part of that update, the Release Engineering subproject of SIG Release will speak about how the community hardens their software supply chain by driving towards full SLSA (Supply-chain Levels for Software Artifacts) compliance, including SBOM generation and container image signing. Do you wanna be part one of the largest Kubernetes SIGs? Then join this session to learn more about our latest efforts and how to contribute to them! Maintainers of other projects under the Kubernetes organization are strongly encouraged to attend this session to learn more about extending the SIG Release tools to their own releases.
Releasing Kubernetes Less Often and More Secure – The SIG Release Update - Adolfo García Veytia & Carlos Panato, Chainguard; Sascha Grunert, Red Hat; Stephen Augustus, Cisco
The Kubernetes Special Interest Group (SIG) Release is inviting you to join their project update at KubeCon! Adolfo, Carlos, Sascha and Stephen will speak about the latest changes to the SIG as well as its influence on the overall Kubernetes project. The session will cover how the SIG Release roadmap and vision maps to recent project development efforts, which enhancements to the general release process they’re currently working on, as well as the lessons learned from past release cycles. As part of that update, the Release Engineering subproject of SIG Release will speak about how the community hardens their software supply chain by driving towards full SLSA (Supply-chain Levels for Software Artifacts) compliance, including SBOM generation and container image signing. Do you wanna be part one of the largest Kubernetes SIGs? Then join this session to learn more about our latest efforts and how to contribute to them! Maintainers of other projects under the Kubernetes organization are strongly encouraged to attend this session to learn more about extending the SIG Release tools to their own releases.
- 3 participants
- 19 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Autoscaling Updates and Feature Highlights - Michael McCune, Red Hat; Joachim Bartosik, Google; Guy Templeton, Skyscanner; David Morrison, Airbnb
Come hear about the latest updates and features from the Kubernetes Autoscaling community. In this talk, we will cover the current status and future plans for the SIG owned projects (Cluster Autoscaler, Horizontal Pod Autoscaler, Vertical Pod Autoscaler), the timeline for deprecating the autoscaling v2beta2 API, improvements to the Vertical Pod Autoscaler API, and a highlight of gRPC extensions to the Cluster Autoscaler. If you are curious about autoscaling in Kubernetes or would like to learn more about how to get involved with this community, come join us!
SIG Autoscaling Updates and Feature Highlights - Michael McCune, Red Hat; Joachim Bartosik, Google; Guy Templeton, Skyscanner; David Morrison, Airbnb
Come hear about the latest updates and features from the Kubernetes Autoscaling community. In this talk, we will cover the current status and future plans for the SIG owned projects (Cluster Autoscaler, Horizontal Pod Autoscaler, Vertical Pod Autoscaler), the timeline for deprecating the autoscaling v2beta2 API, improvements to the Vertical Pod Autoscaler API, and a highlight of gRPC extensions to the Cluster Autoscaler. If you are curious about autoscaling in Kubernetes or would like to learn more about how to get involved with this community, come join us!
- 7 participants
- 33 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Instrumentation Introduction and Deep Dive - Damien Grisonnet, Red Hat & Patrick Ohly, Intel
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!
SIG Instrumentation Introduction and Deep Dive - Damien Grisonnet, Red Hat & Patrick Ohly, Intel
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!
- 6 participants
- 35 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling Open Source ML: How Wolt Uses K8s To Deliver Great Food to Millions - Stephen Batifol, Wolt & Ed Shee, Seldon
Forecasting supply and demand, serving restaurant recommendations and predicting delivery times. These are just a few examples of how Machine Learning is being applied at Wolt. Now with over 12 million users, scaling the ML infrastructure has been a significant challenge. This talk will highlight those challenges and how they were addressed by building an end to end MLOps platform on Kubernetes. You'll learn about the open source frameworks that Wolt integrated, specifically Flyte, MLFlow and Seldon Core.
Scaling Open Source ML: How Wolt Uses K8s To Deliver Great Food to Millions - Stephen Batifol, Wolt & Ed Shee, Seldon
Forecasting supply and demand, serving restaurant recommendations and predicting delivery times. These are just a few examples of how Machine Learning is being applied at Wolt. Now with over 12 million users, scaling the ML infrastructure has been a significant challenge. This talk will highlight those challenges and how they were addressed by building an end to end MLOps platform on Kubernetes. You'll learn about the open source frameworks that Wolt integrated, specifically Flyte, MLFlow and Seldon Core.
- 6 participants
- 33 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Seeing is Believing: Debugging with Ephemeral Containers - Aaron Alpar, Kasten
Most Kuberrnetes developers are familiar with the painful process of debugging a pod within a cluster. Fortunately, a new, cutting-edge approach — ephemeral containers — simplifies debugging running pods and more! With ephemeral containers, you can dynamically deploy a container that shares pod resources. These containers use Linux namespaces to share network and process resources so debugging can occur using a container image of your choosing. During this talk, Aaron will cover the what, why and how of ephemeral containers, and the underlying mechanics that make ephemeral containers useful for debugging and testing.
Seeing is Believing: Debugging with Ephemeral Containers - Aaron Alpar, Kasten
Most Kuberrnetes developers are familiar with the painful process of debugging a pod within a cluster. Fortunately, a new, cutting-edge approach — ephemeral containers — simplifies debugging running pods and more! With ephemeral containers, you can dynamically deploy a container that shares pod resources. These containers use Linux namespaces to share network and process resources so debugging can occur using a container image of your choosing. During this talk, Aaron will cover the what, why and how of ephemeral containers, and the underlying mechanics that make ephemeral containers useful for debugging and testing.
- 3 participants
- 39 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sharing Knowledge: Writing Good Docs for Quick Approval - Jared Bhatti, Waymo
The goal of this talk is to increase your ability to write good documentation that gets approved quickly. Good documentation has a profound impact on the visibility, quality, and inclusivity of open source projects. Documentation creates a shared understanding of work, helps onboard new developers, and improves the overall quality and reliability of the project.
Based on Jared's experience leading Kubernetes SIG Docs from 2016 to 2020, this presentation walks developers through best practices for creating inclusive, accessible, high quality documentation in pull requests designed for quick approval. This demonstration includes how to structure documentation using content templates, write with clarity and technical accuracy, and avoid common pitfalls that trap PRs in prolonged reviews.
Sharing Knowledge: Writing Good Docs for Quick Approval - Jared Bhatti, Waymo
The goal of this talk is to increase your ability to write good documentation that gets approved quickly. Good documentation has a profound impact on the visibility, quality, and inclusivity of open source projects. Documentation creates a shared understanding of work, helps onboard new developers, and improves the overall quality and reliability of the project.
Based on Jared's experience leading Kubernetes SIG Docs from 2016 to 2020, this presentation walks developers through best practices for creating inclusive, accessible, high quality documentation in pull requests designed for quick approval. This demonstration includes how to structure documentation using content templates, write with clarity and technical accuracy, and avoid common pitfalls that trap PRs in prolonged reviews.
- 5 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Supporting Long-Lived Pods Using a Simple Kubernetes Webhook - Clément Labbe, Slack
Today's applications strive to boot fast, be stateless, and handle unexpected terminations gracefully. However, some applications like distributed caches can take a while to warm up to a running state, while batch workers would rather avoid being terminated before they're done. At Slack, such applications found their home in Kubernetes thanks to a two-sided system: one one hand an admission webhook injects tolerations in pods to inform their requirement to be long-lived, and on the other hand a custom service taints nodes with their uptime. This results in pods desiring a long life to be scheduled on young nodes less likely to be terminated early. This talk will first describe how to write a simple Kubernetes admission webhook (https://github.com/slackhq/simple-kubernetes-webhook) to inject tolerations in pods, then move onto the symbiotic node tainting system, and end with gotchas and some metrics on how this long-lived pod support is used at Slack.
Supporting Long-Lived Pods Using a Simple Kubernetes Webhook - Clément Labbe, Slack
Today's applications strive to boot fast, be stateless, and handle unexpected terminations gracefully. However, some applications like distributed caches can take a while to warm up to a running state, while batch workers would rather avoid being terminated before they're done. At Slack, such applications found their home in Kubernetes thanks to a two-sided system: one one hand an admission webhook injects tolerations in pods to inform their requirement to be long-lived, and on the other hand a custom service taints nodes with their uptime. This results in pods desiring a long life to be scheduled on young nodes less likely to be terminated early. This talk will first describe how to write a simple Kubernetes admission webhook (https://github.com/slackhq/simple-kubernetes-webhook) to inject tolerations in pods, then move onto the symbiotic node tainting system, and end with gotchas and some metrics on how this long-lived pod support is used at Slack.
- 6 participants
- 30 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The CRDs that Broke the Camel's Back - Alper Rifat Ulucinar, Upbound
Custom resources are the preferred way to extend the K8s API server with a declarative API. They enable us to implement our very own control planes on top of K8s. K8s has performance guidelines and thoroughly investigated scalability thresholds but no guidelines for CRDs are available yet. Our initial attempts to install 1000s of CRDs revealed severe performance issues related to the API server, such as service disruptions and client-side throttling. And this further led to investigations to reveal the root causes of those issues. This talk aims to discuss how one can troubleshoot API server performance issues using profiling tools and to present some real world data that allowed us to pinpoint the root causes of the scaling issues that we initially hit. As the troubleshooting process is explained, the talk will also deliver some insights into the mechanics of CRDs. We would also like to share some tips in successfully getting changes into upstream and moving the ecosystem forward.
The CRDs that Broke the Camel's Back - Alper Rifat Ulucinar, Upbound
Custom resources are the preferred way to extend the K8s API server with a declarative API. They enable us to implement our very own control planes on top of K8s. K8s has performance guidelines and thoroughly investigated scalability thresholds but no guidelines for CRDs are available yet. Our initial attempts to install 1000s of CRDs revealed severe performance issues related to the API server, such as service disruptions and client-side throttling. And this further led to investigations to reveal the root causes of those issues. This talk aims to discuss how one can troubleshoot API server performance issues using profiling tools and to present some real world data that allowed us to pinpoint the root causes of the scaling issues that we initially hit. As the troubleshooting process is explained, the talk will also deliver some insights into the mechanics of CRDs. We would also like to share some tips in successfully getting changes into upstream and moving the ecosystem forward.
- 2 participants
- 37 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Hitchhiker's Guide to Pod Security - Lachlan Evenson, Microsoft
With the release of Kubernetes v1.23, Pod Security admission has now entered beta. Pod Security is a built-in admission controller that evaluates Pod specifications against a predefined set of Pod Security Standards and determines whether to admit or deny the pod from running. Pod Security is the successor to PodSecurityPolicy which was deprecated in the v1.21 release, and will be removed in Kubernetes v1.25. In this presentation I cover the key concepts of Pod Security along with how to use it walking through practical examples. Through education of this new security focused API I hope that cluster administrators and developers alike will use this new mechanism to enforce secure defaults for their workloads.
The Hitchhiker's Guide to Pod Security - Lachlan Evenson, Microsoft
With the release of Kubernetes v1.23, Pod Security admission has now entered beta. Pod Security is a built-in admission controller that evaluates Pod specifications against a predefined set of Pod Security Standards and determines whether to admit or deny the pod from running. Pod Security is the successor to PodSecurityPolicy which was deprecated in the v1.21 release, and will be removed in Kubernetes v1.25. In this presentation I cover the key concepts of Pod Security along with how to use it walking through practical examples. Through education of this new security focused API I hope that cluster administrators and developers alike will use this new mechanism to enforce secure defaults for their workloads.
- 1 participant
- 31 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Power of Cloud Native in Financial Institutions - Mateusz Pruchniak, mBank SA
Cloud Native architecture and public clouds have become the standard solution for modern IT for fast innovation, delivering more value to their customers, with dramatically less effort. This is a big challenge, especially for regulated financial sectors such as banking due to the complexity of their legacy systems, and compliance challenges including concerns raised by European regulators. For authorities (EBA, EIOPA, ESMA) having a flexible multicloud strategy and solid foundations for portability and interoperability has never been more relevant. In this session, Mateusz will present a good practice guide offering practical tips and tricks for designing and deploying Cloud Native business-critical systems in Financial Institutions fulfilling the assumption of having an easily portable architecture, with an easily tested Exit Plan and finally minimizing cloud concentration risk. Presented practical ideas can be used for designing from scratch and during migration to Cloud Native.
The Power of Cloud Native in Financial Institutions - Mateusz Pruchniak, mBank SA
Cloud Native architecture and public clouds have become the standard solution for modern IT for fast innovation, delivering more value to their customers, with dramatically less effort. This is a big challenge, especially for regulated financial sectors such as banking due to the complexity of their legacy systems, and compliance challenges including concerns raised by European regulators. For authorities (EBA, EIOPA, ESMA) having a flexible multicloud strategy and solid foundations for portability and interoperability has never been more relevant. In this session, Mateusz will present a good practice guide offering practical tips and tricks for designing and deploying Cloud Native business-critical systems in Financial Institutions fulfilling the assumption of having an easily portable architecture, with an easily tested Exit Plan and finally minimizing cloud concentration risk. Presented practical ideas can be used for designing from scratch and during migration to Cloud Native.
- 8 participants
- 39 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Risks of Single Maintainer Dependencies - John McBride, VMware
John McBride is a single maintainer for Cobra; a Go command line bootstrapping library and core dependency for many CNCF projects, including Kubernetes, Helm, Etcd, Istio, Linkerd, and many more. John will discuss the challenges of being a single maintainer on such an important project, the lottery factor, the need for contributor community, and the secure software supply chain implications this has for the entire CNCF ecosystem.
The Risks of Single Maintainer Dependencies - John McBride, VMware
John McBride is a single maintainer for Cobra; a Go command line bootstrapping library and core dependency for many CNCF projects, including Kubernetes, Helm, Etcd, Istio, Linkerd, and many more. John will discuss the challenges of being a single maintainer on such an important project, the lottery factor, the need for contributor community, and the secure software supply chain implications this has for the entire CNCF ecosystem.
- 9 participants
- 40 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Thinking Cloud Native, CloudEvents Future - Scott Nichols, Chainguard
Being a part of the CNCF brings huge opportunities for us as a community to define and embrace common ways of communicating between the projects with the ultimate goal of integrators selecting and connecting projects and products. We will pitch what this world looks like and how it will turn our collection of projects into an ecosystem of solutions. We then will provide a status of the CloudEvents project with the focus on where we are headed in the working group, including specifications helping with the interoperable discovery of event sinks and sources and the metadata description of events and their contents. We will also touch on the integration of CloudEvents with Open Telemetry.
Thinking Cloud Native, CloudEvents Future - Scott Nichols, Chainguard
Being a part of the CNCF brings huge opportunities for us as a community to define and embrace common ways of communicating between the projects with the ultimate goal of integrators selecting and connecting projects and products. We will pitch what this world looks like and how it will turn our collection of projects into an ecosystem of solutions. We then will provide a status of the CloudEvents project with the focus on where we are headed in the working group, including specifications helping with the interoperable discovery of event sinks and sources and the metadata description of events and their contents. We will also touch on the integration of CloudEvents with Open Telemetry.
- 6 participants
- 40 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Threat Modelling Kubernetes: A Lightspeed Introduction - Lewis Denham-Parry, Control Plane
Cloud native container and Kubernetes systems bring new threats and risks to our precious workloads. As cloud technologies undergo rapid innovation and new tools and techniques emerge, security can get left behind. The answer to this conveyor-belt of potential insecurity? Threat modelling! Join us for a primer on threat modelling cloud native systems, understanding adversarial techniques and preventative measures, and helping security and engineering teams increase the security and velocity of system delivery.
Threat Modelling Kubernetes: A Lightspeed Introduction - Lewis Denham-Parry, Control Plane
Cloud native container and Kubernetes systems bring new threats and risks to our precious workloads. As cloud technologies undergo rapid innovation and new tools and techniques emerge, security can get left behind. The answer to this conveyor-belt of potential insecurity? Threat modelling! Join us for a primer on threat modelling cloud native systems, understanding adversarial techniques and preventative measures, and helping security and engineering teams increase the security and velocity of system delivery.
- 2 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tower of Babel: Making Apache Spark, Kubeflow, and Kubernetes Play Nice - Holden Karau, Netflix
Working with big data matrices is challenging, Kubernetes allows users to elastically scale, but can only have a pod as large as a node, which may not be large enough to fit the matrix in memory. While Kubernetes allows for other paradigms on top of it which allows pods to coordinate on individual jobs, setting them up and making them play nice with ML platforms is not straightforward. Using Apache Spark and Apache Mahout we can work with matrices of any dimension and distribute them across an unbounded number of pods/nodes, and we can use Kubeflow to make our work quickly and easily reproducible. In this talk, we’ll discuss how we used Apache Spark and Mahout to denoise DICOM images of lungs of COVID patients and published our Pipeline with Kubeflow to make the process easily repeatable which could help doctors in more resource limited hospitals, as well as other researchers seeking to automate the detection of COVID.
Tower of Babel: Making Apache Spark, Kubeflow, and Kubernetes Play Nice - Holden Karau, Netflix
Working with big data matrices is challenging, Kubernetes allows users to elastically scale, but can only have a pod as large as a node, which may not be large enough to fit the matrix in memory. While Kubernetes allows for other paradigms on top of it which allows pods to coordinate on individual jobs, setting them up and making them play nice with ML platforms is not straightforward. Using Apache Spark and Apache Mahout we can work with matrices of any dimension and distribute them across an unbounded number of pods/nodes, and we can use Kubeflow to make our work quickly and easily reproducible. In this talk, we’ll discuss how we used Apache Spark and Mahout to denoise DICOM images of lungs of COVID patients and published our Pipeline with Kubeflow to make the process easily repeatable which could help doctors in more resource limited hospitals, as well as other researchers seeking to automate the detection of COVID.
- 1 participant
- 36 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms - Yuval Avrahami & Shaul Ben Hai, Palo Alto Networks
Security teams work to prevent the next container escape while attackers do the opposite. Inevitably, we sometimes lose this battle, but we can still win the fight! It's all about *containing* the next container escape - making sure a rogue node cannot take over the entire cluster. K8s has done a great job at de-privileging the node agent, the Kubelet, but nodes also host other credentials - their pods' service account tokens. Following an escape, the attacker can easily harvest and abuse tokens of neighboring pods.
In this talk, Yuval and Shaul will introduce the concept of Trampoline Pods - pods so powerful that if their node goes rogue, it could launch devastating attacks against the cluster and in some cases completely take over it. Covering managed K8s services and common cluster add-ons, they'll reveal the trampoline pods installed by popular K8s platforms. They'll also demo exploits, discuss mitigations, and release rbac-police: a tool that detects trampoline pods and K8s privEscs.
Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms - Yuval Avrahami & Shaul Ben Hai, Palo Alto Networks
Security teams work to prevent the next container escape while attackers do the opposite. Inevitably, we sometimes lose this battle, but we can still win the fight! It's all about *containing* the next container escape - making sure a rogue node cannot take over the entire cluster. K8s has done a great job at de-privileging the node agent, the Kubelet, but nodes also host other credentials - their pods' service account tokens. Following an escape, the attacker can easily harvest and abuse tokens of neighboring pods.
In this talk, Yuval and Shaul will introduce the concept of Trampoline Pods - pods so powerful that if their node goes rogue, it could launch devastating attacks against the cluster and in some cases completely take over it. Covering managed K8s services and common cluster add-ons, they'll reveal the trampoline pods installed by popular K8s platforms. They'll also demo exploits, discuss mitigations, and release rbac-police: a tool that detects trampoline pods and K8s privEscs.
- 6 participants
- 38 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Unlimited Data Science Libraries, One Container Image, No Installation! - Guillaume Moutier, Red Hat & Kenneth Hoste, Ghent University
Kubernetes' agility, versatility, and resource scaling make it a platform of choice for data science, especially for shared environments. However, data scientists often need to work with lots of different libraries, languages, and applications, often with multiple versions. Conventional approaches, with a legion of tailored images or a huge 20GB golden image, do not match the reality of production. In this session, we will demonstrate how you can leverage the concept of environment modules inside Kubernetes to solve the challenges of synchronously managing multiple containers of different types, making thousands of scientific libraries, languages and packages dynamically available in a simple way. Inspired by work done and heavily used in the High Performance Computing (HPC) community, we will share a specific implementation that brings this production-proven architecture to Kubernetes and talk about how you can implement it in your own environment.
Unlimited Data Science Libraries, One Container Image, No Installation! - Guillaume Moutier, Red Hat & Kenneth Hoste, Ghent University
Kubernetes' agility, versatility, and resource scaling make it a platform of choice for data science, especially for shared environments. However, data scientists often need to work with lots of different libraries, languages, and applications, often with multiple versions. Conventional approaches, with a legion of tailored images or a huge 20GB golden image, do not match the reality of production. In this session, we will demonstrate how you can leverage the concept of environment modules inside Kubernetes to solve the challenges of synchronously managing multiple containers of different types, making thousands of scientific libraries, languages and packages dynamically available in a simple way. Inspired by work done and heavily used in the High Performance Computing (HPC) community, we will share a specific implementation that brings this production-proven architecture to Kubernetes and talk about how you can implement it in your own environment.
- 5 participants
- 41 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Unraveling the Magic Behind Buildpacks - Sambhav Kothari, Bloomberg & Natalie Arellano, VMware
Cloud Native Buildpacks makes building container images a breeze. It comes with out-of-the-box support for rebasing, reproducibility, multiple entrypoints and more! In this talk we’ll uncover the magic that the lifecycle - the binary at the heart of CNB - uses to convert source code into OCI images.
Unraveling the Magic Behind Buildpacks - Sambhav Kothari, Bloomberg & Natalie Arellano, VMware
Cloud Native Buildpacks makes building container images a breeze. It comes with out-of-the-box support for rebasing, reproducibility, multiple entrypoints and more! In this talk we’ll uncover the magic that the lifecycle - the binary at the heart of CNB - uses to convert source code into OCI images.
- 2 participants
- 39 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
West Side CD: The Deployment Ballet Goes On - Benoit Moussaud, VMware Tanzu
The way to bring a new version into production has changed a lot in recent years. From a slow, manual, and uncontrolled processor it has become over time fast, automated, and versioned. The tools have evolved, changed, been modernized, or even containerized, but they have remained centralized. The new generation of solutions intends to reverse this point of view by relying no longer on orchestration but on choreography between the different stakeholders. This session shows the difference between these two concepts and how it applies to the CI/CD domain that has remained ultimately very centralized and old-school then describes an innovative solution, (cartographer.sh) based on the concept of supply chains.
West Side CD: The Deployment Ballet Goes On - Benoit Moussaud, VMware Tanzu
The way to bring a new version into production has changed a lot in recent years. From a slow, manual, and uncontrolled processor it has become over time fast, automated, and versioned. The tools have evolved, changed, been modernized, or even containerized, but they have remained centralized. The new generation of solutions intends to reverse this point of view by relying no longer on orchestration but on choreography between the different stakeholders. This session shows the difference between these two concepts and how it applies to the CI/CD domain that has remained ultimately very centralized and old-school then describes an innovative solution, (cartographer.sh) based on the concept of supply chains.
- 1 participant
- 32 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Working your Cluster: Smarter Scheduling Decisions for Your Workloads - Madalina Lazar & Denisio Togashi, Intel
When deciding where to schedule your workloads, you have to consider more than just CPU and memory. Whether you are in 5G, AI/ML, HPC, or NFV, you have many more considerations to optimize your workloads. You may care about how busy the node is, how many GPU cards are attached, whether a minimal throughput is available, or whether the node is cooler than the temperature required for basic cooking. Fortunately, Kubernetes allows for extensions to its scheduling paradigm, which allows for new creative solutions going forward. Using these capabilities, we have created a way to use knowledge of your resources to impact your scheduling decisions. Telemetry Aware Scheduling and GPU Aware Scheduling, both open-source projects, enable you to use a variety of metrics in intelligent scheduling. In this talk, we will explain how to deploy and configure your system to handle your varied use cases.
Working your Cluster: Smarter Scheduling Decisions for Your Workloads - Madalina Lazar & Denisio Togashi, Intel
When deciding where to schedule your workloads, you have to consider more than just CPU and memory. Whether you are in 5G, AI/ML, HPC, or NFV, you have many more considerations to optimize your workloads. You may care about how busy the node is, how many GPU cards are attached, whether a minimal throughput is available, or whether the node is cooler than the temperature required for basic cooking. Fortunately, Kubernetes allows for extensions to its scheduling paradigm, which allows for new creative solutions going forward. Using these capabilities, we have created a way to use knowledge of your resources to impact your scheduling decisions. Telemetry Aware Scheduling and GPU Aware Scheduling, both open-source projects, enable you to use a variety of metrics in intelligent scheduling. In this talk, we will explain how to deploy and configure your system to handle your varied use cases.
- 8 participants
- 34 minutes
2 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
containerd: Project Update and Deep Dive - Derek McGowan, Apple
Join containerd maintainers for an introduction and deep dive into the latest updates on containerd. With many exciting features currently in development, the upcoming release of container promises to deliver many new capabilities while retaining the stability containerd is known for amongst users. The deprecation of dockershim in Kubernetes has brought many new users to containerd along with greater need for documentation and tooling. We will cover how to get started and configure containerd for Kubernetes users. Additionally, nerdctl has filled a crucial usability gap for operators and developers coming to containerd. We will discuss how to make use of this important new containerd sub-project.
containerd: Project Update and Deep Dive - Derek McGowan, Apple
Join containerd maintainers for an introduction and deep dive into the latest updates on containerd. With many exciting features currently in development, the upcoming release of container promises to deliver many new capabilities while retaining the stability containerd is known for amongst users. The deprecation of dockershim in Kubernetes has brought many new users to containerd along with greater need for documentation and tooling. We will cover how to get started and configure containerd for Kubernetes users. Additionally, nerdctl has filled a crucial usability gap for operators and developers coming to containerd. We will discuss how to make use of this important new containerd sub-project.
- 1 participant
- 21 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
"My CNI Plugin Did… What?!": Debugging CNI with Style and Aplomb - Douglas Smith & Daniel Mellado Area, Red Hat
Just because CNI is simple – doesn't mean it's easy. We're going to hook you up with the tools of the trade to analyze what's up when your CNI plugin is feeling down. It sure is easy to speak STDIN and STDOUT and write CNI plugins, but debugging CNI plugins in production takes more than brute force and will power – it takes a toolbox. From cnitool, to dummy CNI plugins, to enhancing your logging, we'll show the tools we use every day to make zeroing in on CNI problems a cool breeze. Not only will we crash CNI plugins on-the-fly to show you how we inspect what's happening, we'll also show you how we handle logging so you can analyze reports from your users when you don't have direct access to systems. We'll talk about how we architect CNI plugins to make debugging easier, and talk about thin plugin vs. thick plugins programming patterns, and show you how it impacts debuggability. Not only does it make debugging easier, it'll make developing easier.
"My CNI Plugin Did… What?!": Debugging CNI with Style and Aplomb - Douglas Smith & Daniel Mellado Area, Red Hat
Just because CNI is simple – doesn't mean it's easy. We're going to hook you up with the tools of the trade to analyze what's up when your CNI plugin is feeling down. It sure is easy to speak STDIN and STDOUT and write CNI plugins, but debugging CNI plugins in production takes more than brute force and will power – it takes a toolbox. From cnitool, to dummy CNI plugins, to enhancing your logging, we'll show the tools we use every day to make zeroing in on CNI problems a cool breeze. Not only will we crash CNI plugins on-the-fly to show you how we inspect what's happening, we'll also show you how we handle logging so you can analyze reports from your users when you don't have direct access to systems. We'll talk about how we architect CNI plugins to make debugging easier, and talk about thin plugin vs. thick plugins programming patterns, and show you how it impacts debuggability. Not only does it make debugging easier, it'll make developing easier.
- 6 participants
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Guided Tour of Cilium Service Mesh - Liz Rice, Isovalent
The Cilium project is adding Service Mesh features to its existing eBPF-enabled, identity-aware Kubernetes networking capabilities. This demo-driven talk explores how this works, and shows why it’s now possible to create a service mesh without sidecars. - Demonstrate why, before eBPF, the sidecar model was necessary for accessing an application pod’s network traffic - Explore how Cilium uses eBPF programs to connect Kubernetes endpoints - Show how this makes the sidecar model unnecessary for identity-aware connectivity - Demonstrate an example Cilium Service Mesh in use - Compare the resources used (in both userspace and the kernel) for both models Along the way, this talk will clarify some container and kernel concepts so that attendees can leave with a mental model of how eBPF-enabled service mesh really works.
A Guided Tour of Cilium Service Mesh - Liz Rice, Isovalent
The Cilium project is adding Service Mesh features to its existing eBPF-enabled, identity-aware Kubernetes networking capabilities. This demo-driven talk explores how this works, and shows why it’s now possible to create a service mesh without sidecars. - Demonstrate why, before eBPF, the sidecar model was necessary for accessing an application pod’s network traffic - Explore how Cilium uses eBPF programs to connect Kubernetes endpoints - Show how this makes the sidecar model unnecessary for identity-aware connectivity - Demonstrate an example Cilium Service Mesh in use - Compare the resources used (in both userspace and the kernel) for both models Along the way, this talk will clarify some container and kernel concepts so that attendees can leave with a mental model of how eBPF-enabled service mesh really works.
- 8 participants
- 43 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Treasure Map of Hacking (and Defending) Kubernetes - Andrew Martin, ControlPlane
In this ultimate guide to threat-driven defence, we threat model Kubernetes and detail how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to defend against a range of historical and current CVEs, misconfigurations, and advanced attacks: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security.
A Treasure Map of Hacking (and Defending) Kubernetes - Andrew Martin, ControlPlane
In this ultimate guide to threat-driven defence, we threat model Kubernetes and detail how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to defend against a range of historical and current CVEs, misconfigurations, and advanced attacks: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security.
- 1 participant
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Adapting TiKV for Cloud Storage - Xinye Tao & Jinpeng Zhang, PingCAP
TiKV is a cloud-native key-value database built in Rust. As a distributed storage layer, the underlying storage hardware plays a key role in how it performs. This session will start with an introduction to the modern cloud storage stack, highlighting the challenges and opportunities that come with it. After that, we will deep dive into several new features aimed at improving TiKV's service quality in the cloud, including Raft Engine, Prioritized I/O Rate Limiting and [...]. Finally, we'd love to get feedback as we lay out the future plan on bringing TiKV even closer to the cloud.
Adapting TiKV for Cloud Storage - Xinye Tao & Jinpeng Zhang, PingCAP
TiKV is a cloud-native key-value database built in Rust. As a distributed storage layer, the underlying storage hardware plays a key role in how it performs. This session will start with an introduction to the modern cloud storage stack, highlighting the challenges and opportunities that come with it. After that, we will deep dive into several new features aimed at improving TiKV's service quality in the cloud, including Raft Engine, Prioritized I/O Rate Limiting and [...]. Finally, we'd love to get feedback as we lay out the future plan on bringing TiKV even closer to the cloud.
- 1 participant
- 11 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Alerting in the Prometheus Ecosystem: The Past, Present and Future - Josue (Josh) Abreu, Grafana Labs
One of the most important functionalities of Prometheus is being able to alert based on your metrics. The Prometheus Alertmanager is a critical piece of cloud native observability, and in this talk, Josue wants to share a bit more of its past, present and future. About a year ago, he set out on a path to improve scaling in the Cortex Alertmanager component, then he decided to include the Alertmanager within Grafana to continue fostering open source collaboration. For the future, his plan is to take all the good parts of what he learned on this journey back to the Prometheus Alertmanager thus going full cycle. He’ll cover: The Prometheus Alertmanager and the benefits of its modular architecture (past) The benefits of the new architecture of the Cortex Alertmanager: Like Cortex but for Alerts (past) Inclusion of the Prometheus Alertmanager within Grafana (present) The future of the Prometheus Alertmanager (future).
Alerting in the Prometheus Ecosystem: The Past, Present and Future - Josue (Josh) Abreu, Grafana Labs
One of the most important functionalities of Prometheus is being able to alert based on your metrics. The Prometheus Alertmanager is a critical piece of cloud native observability, and in this talk, Josue wants to share a bit more of its past, present and future. About a year ago, he set out on a path to improve scaling in the Cortex Alertmanager component, then he decided to include the Alertmanager within Grafana to continue fostering open source collaboration. For the future, his plan is to take all the good parts of what he learned on this journey back to the Prometheus Alertmanager thus going full cycle. He’ll cover: The Prometheus Alertmanager and the benefits of its modular architecture (past) The benefits of the new architecture of the Cortex Alertmanager: Like Cortex but for Alerts (past) Inclusion of the Prometheus Alertmanager within Grafana (present) The future of the Prometheus Alertmanager (future).
- 1 participant
- 23 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Attacking & Defending Kubernetes TEE Enclaves in Critical Infrastructure - Robert Ficcaglia, SunStone Secure, LLC
Trusted Execution Environments (TEE)s are a feature of Intel, AMD, ARM and other chip platforms, widely available on public clouds for high security infrastructure. Kubernetes can be deployed with TEE enclaves to create a Trusted Computing Base (TCB) which can cryptographically protect the compute and memory environment for the Kubernetes control plane, data flows, and CI/CD pipelines on-chip. This greatly reduces the attack "surface area" and reduces 3rd party supply chain risks. The session will examine detailed Kubernetes threat models for critical infrastructure and demonstrate how to attack and defend Kubernetes workloads in the context of TEEs. Attendees will learn how to use enclaves to protect the integrity of container images used for workloads, deploy TEE-based Pods,.examine development and operational challenges with TEE usage, and explore compliance benefits including specific policy and control mappings for GDPR, CCPA, PCI, HIPAA and NIST 800-53.
Attacking & Defending Kubernetes TEE Enclaves in Critical Infrastructure - Robert Ficcaglia, SunStone Secure, LLC
Trusted Execution Environments (TEE)s are a feature of Intel, AMD, ARM and other chip platforms, widely available on public clouds for high security infrastructure. Kubernetes can be deployed with TEE enclaves to create a Trusted Computing Base (TCB) which can cryptographically protect the compute and memory environment for the Kubernetes control plane, data flows, and CI/CD pipelines on-chip. This greatly reduces the attack "surface area" and reduces 3rd party supply chain risks. The session will examine detailed Kubernetes threat models for critical infrastructure and demonstrate how to attack and defend Kubernetes workloads in the context of TEEs. Attendees will learn how to use enclaves to protect the integrity of container images used for workloads, deploy TEE-based Pods,.examine development and operational challenges with TEE usage, and explore compliance benefits including specific policy and control mappings for GDPR, CCPA, PCI, HIPAA and NIST 800-53.
- 2 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Autoscaling Elasticsearch for Logs on Kubernetes - Radu Gheorghe, Sematext Group & Ciprian Hacman, polypoly
Elasticsearch (and its fork, OpenSearch) is the go-to storage for logs. As with any storage, the cluster likely needs to scale to keep up with the change of load. But autoscaling Elasticsearch isn't trivial: indices and shards need to be well sized and well balanced across nodes. Otherwise the cluster will have hotspots and scaling it further will be less and less efficient. This talk focuses on two aspects: - best practices around scaling Elasticsearch for logs and other time-series data - how to apply them when deploying Elasticsearch on Kubernetes. In the process, a new (open-source) operator will be introduced (yes, there will be a demo!). This operator will autoscale Elasticsearch while keeping a good balance of load. It does so by changing the number of shards in the index template and rotating indices when the number of nodes changes.
Autoscaling Elasticsearch for Logs on Kubernetes - Radu Gheorghe, Sematext Group & Ciprian Hacman, polypoly
Elasticsearch (and its fork, OpenSearch) is the go-to storage for logs. As with any storage, the cluster likely needs to scale to keep up with the change of load. But autoscaling Elasticsearch isn't trivial: indices and shards need to be well sized and well balanced across nodes. Otherwise the cluster will have hotspots and scaling it further will be less and less efficient. This talk focuses on two aspects: - best practices around scaling Elasticsearch for logs and other time-series data - how to apply them when deploying Elasticsearch on Kubernetes. In the process, a new (open-source) operator will be introduced (yes, there will be a demo!). This operator will autoscale Elasticsearch while keeping a good balance of load. It does so by changing the number of shards in the index template and rotating indices when the number of nodes changes.
- 6 participants
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Backstage: Restoring Order To Your Chaos - Dave Zolotusky, Spotify
The CNCF Landscape is a complex ecosystem of frameworks, technologies, and platforms. Your teams have their own implementations of these technologies. Onboarding new developers is super confusing, and docs are scattered around the place. In short: chaos. The solution to this might be… another portal? Backstage (https://backstage.io), a platform you can use to build your own developer portal. It is highly customisable and adopted by companies like Expedia, Netflix, American Airlines, and Epic Games. Dave will share why Backstage was developed at Spotify, how it became the core of their developer experience, and a CNCF project. You’ll get a quick tour of Backstage, the plugin ecosystem, and some of the key use cases for Backstage. Then he will dig into the Software Templates feature. How templates can help developers quickly get started with new code repositories. He will also cover how you can create custom templates to have your organizations best practices built-in, right from the start!
Backstage: Restoring Order To Your Chaos - Dave Zolotusky, Spotify
The CNCF Landscape is a complex ecosystem of frameworks, technologies, and platforms. Your teams have their own implementations of these technologies. Onboarding new developers is super confusing, and docs are scattered around the place. In short: chaos. The solution to this might be… another portal? Backstage (https://backstage.io), a platform you can use to build your own developer portal. It is highly customisable and adopted by companies like Expedia, Netflix, American Airlines, and Epic Games. Dave will share why Backstage was developed at Spotify, how it became the core of their developer experience, and a CNCF project. You’ll get a quick tour of Backstage, the plugin ecosystem, and some of the key use cases for Backstage. Then he will dig into the Software Templates feature. How templates can help developers quickly get started with new code repositories. He will also cover how you can create custom templates to have your organizations best practices built-in, right from the start!
- 4 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Better Bandwidth Management with eBPF - Daniel Borkmann & Christopher M. Luciano, Isovalent
Kubernetes provides many knobs for managing common system resources such as vCPUs and memory limits per Pod, but often forgotten is the effect of unbounded network communication in a cluster. A large churn of packets from several services can starve bandwidth for other services. Also, out of the box TCP congestion management is not optimal for Internet-facing services. In this talk we will explore how eBPF can be leveraged to dynamically insert logic for flexible, efficient and scalable rate limiting and bandwidth management on a per-Pod basis. This talk details: - The scalability limits of token bucket filters by the bandwidth plugin, and why EDT (Earliest Departure Time) combined with eBPF is a major step forward. - How TCP congestion control with BBR can now be leveraged for Pods thanks to eBPF for significantly improving application latency and throughput. - The benefits of enforcing bandwidth limits at the egress point and considerations when to use ingress enforcement.
Better Bandwidth Management with eBPF - Daniel Borkmann & Christopher M. Luciano, Isovalent
Kubernetes provides many knobs for managing common system resources such as vCPUs and memory limits per Pod, but often forgotten is the effect of unbounded network communication in a cluster. A large churn of packets from several services can starve bandwidth for other services. Also, out of the box TCP congestion management is not optimal for Internet-facing services. In this talk we will explore how eBPF can be leveraged to dynamically insert logic for flexible, efficient and scalable rate limiting and bandwidth management on a per-Pod basis. This talk details: - The scalability limits of token bucket filters by the bandwidth plugin, and why EDT (Earliest Departure Time) combined with eBPF is a major step forward. - How TCP congestion control with BBR can now be leveraged for Pods thanks to eBPF for significantly improving application latency and throughput. - The benefits of enforcing bandwidth limits at the egress point and considerations when to use ingress enforcement.
- 2 participants
- 31 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Better Reliability Through Observability and Experimentation - Julie Gunderson, Gremlin & Kerim Satirli, HashiCorp
Site Reliability Engineering (SRE) treats reliability as a software problem, but it really is an organizational problem that requires a different mindset. When the reliability of our service drops, so does our ability to create value for the organization we represent. In this talk, Julie and Kerim will take the audience on a guided journey, starting with how to determine if and how workloads are misbehaving and ending with practical approaches to improve reliability. Through simulated outages (of all types!), observability, and analysis, Julie and Kerim will show attendees how to catch and prepare for service disruptions. Going beyond deployments, attendees will also learn how to combine OpenTelemetry and OpenTracing to instill reliability into their systems.
Better Reliability Through Observability and Experimentation - Julie Gunderson, Gremlin & Kerim Satirli, HashiCorp
Site Reliability Engineering (SRE) treats reliability as a software problem, but it really is an organizational problem that requires a different mindset. When the reliability of our service drops, so does our ability to create value for the organization we represent. In this talk, Julie and Kerim will take the audience on a guided journey, starting with how to determine if and how workloads are misbehaving and ending with practical approaches to improve reliability. Through simulated outages (of all types!), observability, and analysis, Julie and Kerim will show attendees how to catch and prepare for service disruptions. Going beyond deployments, attendees will also learn how to combine OpenTelemetry and OpenTracing to instill reliability into their systems.
- 2 participants
- 37 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Build Your Own Cluster API Provider the Easy Way - Anusha Hegde, VMware & Richard Case, Weaveworks
Over the past year, the adoption of Cluster API (CAPI) has been growing with more end-users using it to provision their clusters. And increasingly it’s being adopted inside commercial products and other OSS projects (e.g. EKS-Anywhere). With this growth comes an increase in the variety of the Cluster API Providers you can choose from. What if none of the existing providers suit your use case? Perhaps you want to bring your own hosts or integrate with a custom infrastructure provisioning mechanism. If that's the case, this talk is for you. Come learn from the maintainers of existing CAPI providers on how to get started creating your own provider. It’s hard but at the same time easier than it sounds. Although every provider has unique considerations in its offering, there is a lot of commonality when it comes to writing a provider. This talk will highlight the common patterns, develop and debug workflows, and common pitfalls / gotchas to take into account when writing your own provider.
Build Your Own Cluster API Provider the Easy Way - Anusha Hegde, VMware & Richard Case, Weaveworks
Over the past year, the adoption of Cluster API (CAPI) has been growing with more end-users using it to provision their clusters. And increasingly it’s being adopted inside commercial products and other OSS projects (e.g. EKS-Anywhere). With this growth comes an increase in the variety of the Cluster API Providers you can choose from. What if none of the existing providers suit your use case? Perhaps you want to bring your own hosts or integrate with a custom infrastructure provisioning mechanism. If that's the case, this talk is for you. Come learn from the maintainers of existing CAPI providers on how to get started creating your own provider. It’s hard but at the same time easier than it sounds. Although every provider has unique considerations in its offering, there is a lot of commonality when it comes to writing a provider. This talk will highlight the common patterns, develop and debug workflows, and common pitfalls / gotchas to take into account when writing your own provider.
- 2 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Build a Cloud Native Logging Pipeline on the Edge with Fluentbit Operator - Feynman Zhou, QingCloud
FluentBit Operator was created by the KubeSphere community to solve several problems: 1. Collect K8s logs through a light-weighted agent like Fluent Bit 2. Control Fluent Bit via Kubernetes API 3. Collect logs and then send them to the final destination without having to go through Fluentd 4. Enable dynamic config reloading for Fluent Bit to reload its config whenever the config changes without restarting the Fluent Bit Pod. FluentBit Operator has reached its maturity level gradually after two and a half years of iterations, now it has became the subproject of Fluent community. In this talk, FluentBit Operator maintainers will talk about the architecture and design of Fluent Operator, and demonstrate how to use FluentBit Operator on K3s to process logs for the edge and IoT scenarios.
Build a Cloud Native Logging Pipeline on the Edge with Fluentbit Operator - Feynman Zhou, QingCloud
FluentBit Operator was created by the KubeSphere community to solve several problems: 1. Collect K8s logs through a light-weighted agent like Fluent Bit 2. Control Fluent Bit via Kubernetes API 3. Collect logs and then send them to the final destination without having to go through Fluentd 4. Enable dynamic config reloading for Fluent Bit to reload its config whenever the config changes without restarting the Fluent Bit Pod. FluentBit Operator has reached its maturity level gradually after two and a half years of iterations, now it has became the subproject of Fluent community. In this talk, FluentBit Operator maintainers will talk about the architecture and design of Fluent Operator, and demonstrate how to use FluentBit Operator on K3s to process logs for the edge and IoT scenarios.
- 1 participant
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building an Agile Platform in a Highly Regulated Industry - Fredrik Klingenberg, Aurum AS & Jonas Samuelson, If Insurance
During this talk, Jonas Samuelson, Platform Engineer at If-Insurance, and Fredrik Klingenberg, Principal Software Engineer at Aurum AS, will share how If-Insurance — the leading property and casualty insurer in the Nordics — built an agile platform based on Kubernetes, Linkerd, and GitOps within the constraints of a highly regulated industry. How does a large enterprise like If-Insurance balance rapid innovation to compete with disruptive newcomers while adhering to strict security and regulatory requirements? Jonas and Fredrik will discuss If-Insurance's GitOps-based platform and application deployment engine and their tools and techniques to remake the way If-Insurance runs and manages software. This talk will cover how If's immutable platform allows them to train for disaster recovery constantly, how their entire platform was built using GitOps, and how they onboarded teams shifting from a deployment mindset to a GitOps one.
Building an Agile Platform in a Highly Regulated Industry - Fredrik Klingenberg, Aurum AS & Jonas Samuelson, If Insurance
During this talk, Jonas Samuelson, Platform Engineer at If-Insurance, and Fredrik Klingenberg, Principal Software Engineer at Aurum AS, will share how If-Insurance — the leading property and casualty insurer in the Nordics — built an agile platform based on Kubernetes, Linkerd, and GitOps within the constraints of a highly regulated industry. How does a large enterprise like If-Insurance balance rapid innovation to compete with disruptive newcomers while adhering to strict security and regulatory requirements? Jonas and Fredrik will discuss If-Insurance's GitOps-based platform and application deployment engine and their tools and techniques to remake the way If-Insurance runs and manages software. This talk will cover how If's immutable platform allows them to train for disaster recovery constantly, how their entire platform was built using GitOps, and how they onboarded teams shifting from a deployment mindset to a GitOps one.
- 10 participants
- 42 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building for the (Inevitable) Next Cloud Outage - Pavel Nikolov, Section
It seems that every few months we hear about the widespread impact of a major cloud outage. Cloud outages are unpredictable and inevitable; this is what keeps SRE teams up at night. Public cloud remains the most popular data center approach among the cloud native community, with multi-cloud growing in adoption. However, adopting a multi-cloud strategy isn’t as simple as hitting the go button. In this session, we will demonstrate how to deploy a Kubernetes application across clusters in multiple clouds and regions with built-in failover to automatically adapt to cloud outages. You will witness how BGP directs traffic across clusters in a healthy state. Then, we will take one of the clusters offline and show how workloads are automatically rescheduled and traffic is rerouted to healthy clusters in real-time. We will dive into the technologies and logic that are driving this engine and discuss how you can build this type of resilience into your own applications.
Building for the (Inevitable) Next Cloud Outage - Pavel Nikolov, Section
It seems that every few months we hear about the widespread impact of a major cloud outage. Cloud outages are unpredictable and inevitable; this is what keeps SRE teams up at night. Public cloud remains the most popular data center approach among the cloud native community, with multi-cloud growing in adoption. However, adopting a multi-cloud strategy isn’t as simple as hitting the go button. In this session, we will demonstrate how to deploy a Kubernetes application across clusters in multiple clouds and regions with built-in failover to automatically adapt to cloud outages. You will witness how BGP directs traffic across clusters in a healthy state. Then, we will take one of the clusters offline and show how workloads are automatically rescheduled and traffic is rerouted to healthy clusters in real-time. We will dive into the technologies and logic that are driving this engine and discuss how you can build this type of resilience into your own applications.
- 3 participants
- 39 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Bypassing Falco: How to Compromise a Cluster without Tripping the SOC - Shay Berkovich, BlackBerry
The explosive growth of Kubernetes has left security professionals scrambling to deploy innovative tools to address the inherent security risks. One such tool is The Falco Project - an incubating CNCF tool for detecting malicious activity at run time. Falco, like many security tools, has some gaps. This talk highlights these gaps by introducing various techniques to silently bypass the default Falco ruleset (based on Falco v0.30.0 release). The attendees will learn 9 different classes of bypasses, 7 of which are novel and have never been presented. The bypasses allow for stealthy target enumeration, privilege escalation and lateral movement. To aid with the bypass automation, Shay will introduce a special container image and multiple code snippets built specifically for Falco bypasses. To wrap up, we will apply the bypass techniques on securekubernetes cluster (presented on KubeCon NA 2019) and demonstrate how an attacker can achieve full cluster compromise without tripping the SOC.
Bypassing Falco: How to Compromise a Cluster without Tripping the SOC - Shay Berkovich, BlackBerry
The explosive growth of Kubernetes has left security professionals scrambling to deploy innovative tools to address the inherent security risks. One such tool is The Falco Project - an incubating CNCF tool for detecting malicious activity at run time. Falco, like many security tools, has some gaps. This talk highlights these gaps by introducing various techniques to silently bypass the default Falco ruleset (based on Falco v0.30.0 release). The attendees will learn 9 different classes of bypasses, 7 of which are novel and have never been presented. The bypasses allow for stealthy target enumeration, privilege escalation and lateral movement. To aid with the bypass automation, Shay will introduce a special container image and multiple code snippets built specifically for Falco bypasses. To wrap up, we will apply the bypass techniques on securekubernetes cluster (presented on KubeCon NA 2019) and demonstrate how an attacker can achieve full cluster compromise without tripping the SOC.
- 1 participant
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF TAG Network and Service Mesh Working Group Deep-Dive - Lee Calcote, Layer5; Ken Owens, Fiserv; Ed Warnicke, Cisco
With the increasing prevalence of microservice-based distributed systems, this is true: the network, as a discipline, has never been so critical in the efficient operation of cloud-native deployments. Network primitives including load balancing, observability, authentication, authorization, policies, rate limiting, QoS, mesh networks, traditional infrastructure bridging, and so on are now being developed and invested by the entire industry, and are the focus of the Service Mesh Working Group withing the CNCF TAG Network. Listen to our introduction and get an in-depth understanding of the service mesh projects being managed within the working group.
CNCF TAG Network and Service Mesh Working Group Deep-Dive - Lee Calcote, Layer5; Ken Owens, Fiserv; Ed Warnicke, Cisco
With the increasing prevalence of microservice-based distributed systems, this is true: the network, as a discipline, has never been so critical in the efficient operation of cloud-native deployments. Network primitives including load balancing, observability, authentication, authorization, policies, rate limiting, QoS, mesh networks, traditional infrastructure bridging, and so on are now being developed and invested by the entire industry, and are the focus of the Service Mesh Working Group withing the CNCF TAG Network. Listen to our introduction and get an in-depth understanding of the service mesh projects being managed within the working group.
- 2 participants
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF TAG-Runtime: Cloud Native Open Source Core Components - Alex Scammon, G-Research; Zbynek Roubalik, Red Hat; Ricardo Aravena, Rakuten; Samuel Ortiz, Apple
Learn about the CNCF open source projects that allow users to run cloud native workloads! This session will cover: 1) Overview of the TAG-Runtime, how to join, and how to get involved. 2) Update of working groups (new, existing, and potential) within the scope of the TAG . 3) How the TAG provides advise to the CNCF TOC. 4) Future trends for cloud native runtime technologies in the TAG scope such as containers, Virtual Machines, Edge/MLOps and WebAssembly.
CNCF TAG-Runtime: Cloud Native Open Source Core Components - Alex Scammon, G-Research; Zbynek Roubalik, Red Hat; Ricardo Aravena, Rakuten; Samuel Ortiz, Apple
Learn about the CNCF open source projects that allow users to run cloud native workloads! This session will cover: 1) Overview of the TAG-Runtime, how to join, and how to get involved. 2) Update of working groups (new, existing, and potential) within the scope of the TAG . 3) How the TAG provides advise to the CNCF TOC. 4) Future trends for cloud native runtime technologies in the TAG scope such as containers, Virtual Machines, Edge/MLOps and WebAssembly.
- 11 participants
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CRI-O: Secure, Performant, and Boring as Ever! - Peter Hunt, Urvashi Mohnani, Mrunal Patel & Sascha Grunert, Red Hat
Anyone who has followed CRI-O, the OCI compliant implementation of the Kubernetes Container Runtime Interface (CRI), knows that it aims to be secure, performant, and over-all boring. Implemented as exactly the CRI implementation Kubernetes needs, and nothing more, allows it to be optimized, secured, and version-locked for Kubernetes. In this talk, Sascha Grunert, Mrunal Patel, Urvashi Mohnani, and Peter Hunt will give an overview of CRI-O, as well as discuss some recent improvements that highlight these three key aspects of CRI-O. The talk will cover the ease with which it transitioned between CRI versions, optimizations in container exec probes with conmon-rs, security improvements regarding SELinux relabelling for container volumes, and general security enhancements by running seccomp by default. People who join us, whether seasoned end-users or budding community members, should learn what CRI-O has to offer as the container manager that loves Kubernetes the most.
CRI-O: Secure, Performant, and Boring as Ever! - Peter Hunt, Urvashi Mohnani, Mrunal Patel & Sascha Grunert, Red Hat
Anyone who has followed CRI-O, the OCI compliant implementation of the Kubernetes Container Runtime Interface (CRI), knows that it aims to be secure, performant, and over-all boring. Implemented as exactly the CRI implementation Kubernetes needs, and nothing more, allows it to be optimized, secured, and version-locked for Kubernetes. In this talk, Sascha Grunert, Mrunal Patel, Urvashi Mohnani, and Peter Hunt will give an overview of CRI-O, as well as discuss some recent improvements that highlight these three key aspects of CRI-O. The talk will cover the ease with which it transitioned between CRI versions, optimizations in container exec probes with conmon-rs, security improvements regarding SELinux relabelling for container volumes, and general security enhancements by running seccomp by default. People who join us, whether seasoned end-users or budding community members, should learn what CRI-O has to offer as the container manager that loves Kubernetes the most.
- 5 participants
- 21 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Case Study: Bringing Chaos Engineering to the Cloud Native Developers - Uma Mukkara, ChaosNative & Ramiro Berrelleza, Okteto
Though Chaos Engineering started as a solution for fixing unknown problems at scale, it has evolved in recent years into a totally different practice area. It is now beginning to play a major role in CI/CD apart from Ops and figures as an aid that improves developer experience. Chaos frameworks are beginning to feature in the list of must-have dev tools. In this session, we discuss the role of Chaos Engineering in stepping up the cloud native dev experience and how developers can use cloud native chaos tests to verify the resilience of their application even before the code is merged. Okteto is an open source tool that enables developers to deploy development environments directly in Kubernetes. The community behind Okteto has succeeded with the idea of providing cloud native chaos tests to the developers in their toolset. In this session we take examples of Litmus chaos tests on Okteto and show how developers can run them as part of the development process, rather than just on CI.
Case Study: Bringing Chaos Engineering to the Cloud Native Developers - Uma Mukkara, ChaosNative & Ramiro Berrelleza, Okteto
Though Chaos Engineering started as a solution for fixing unknown problems at scale, it has evolved in recent years into a totally different practice area. It is now beginning to play a major role in CI/CD apart from Ops and figures as an aid that improves developer experience. Chaos frameworks are beginning to feature in the list of must-have dev tools. In this session, we discuss the role of Chaos Engineering in stepping up the cloud native dev experience and how developers can use cloud native chaos tests to verify the resilience of their application even before the code is merged. Okteto is an open source tool that enables developers to deploy development environments directly in Kubernetes. The community behind Okteto has succeeded with the idea of providing cloud native chaos tests to the developers in their toolset. In this session we take examples of Litmus chaos tests on Okteto and show how developers can run them as part of the development process, rather than just on CI.
- 5 participants
- 29 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Charting Your Own Course Through the Cloud Native Landscape - Matty Stratton, Pulumi & Whitney Lee, VMware
The cloud native landscape is notoriously vast, and there is no hope of one human ever understanding every piece of it. Perhaps you should just quit now! Or instead, join Matty and Whitney on a journey with three fictional learners who are all trying to level up their Kubernetes knowledge, but with different backgrounds, goals, and learning styles. They will share resources and learning strategies that are beneficial to each. Anecdotal stories about how some real-life, well-known Kubernetes community members got their start will be sprinkled in along the way! The goal is not to give a comprehensive view of the Kubernetes learning landscape but instead to leave you feeling empowered to define your own personal learning strategies and goals, and then to seek out the resources that will best help you!
Charting Your Own Course Through the Cloud Native Landscape - Matty Stratton, Pulumi & Whitney Lee, VMware
The cloud native landscape is notoriously vast, and there is no hope of one human ever understanding every piece of it. Perhaps you should just quit now! Or instead, join Matty and Whitney on a journey with three fictional learners who are all trying to level up their Kubernetes knowledge, but with different backgrounds, goals, and learning styles. They will share resources and learning strategies that are beneficial to each. Anecdotal stories about how some real-life, well-known Kubernetes community members got their start will be sprinkled in along the way! The goal is not to give a comprehensive view of the Kubernetes learning landscape but instead to leave you feeling empowered to define your own personal learning strategies and goals, and then to seek out the resources that will best help you!
- 2 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Choosing Cloud Native Technologies for the Journey to Multi-cloud - Adelina Simion, Form3
Building, deploying and maintaining systems has become increasingly more complicated in recent years. Now, as engineers look toward migrating to multi-cloud architectures, systems and processes may need to be migrated to new technologies. But what choices are available, how do they fit together and how can the CNCF landscape help? This talk discusses the cloud native technologies that can be used to convert to a multi-cloud architecture and highlights some of the lessons learned from taking this journey on at Form3. The audience will learn: - How to decide if multi-cloud is essential for them - The fundamentals of deploying services across multiple clouds with Kubernetes - How to leverage Cilium to mesh together multiple clusters - The basics of event sourcing using NATS in the multi-cloud world - Resilient and performant data storage using CockroachDB This talk is useful for any new comers to the cloud native landscape, as well as those curious about going multi-cloud!
Choosing Cloud Native Technologies for the Journey to Multi-cloud - Adelina Simion, Form3
Building, deploying and maintaining systems has become increasingly more complicated in recent years. Now, as engineers look toward migrating to multi-cloud architectures, systems and processes may need to be migrated to new technologies. But what choices are available, how do they fit together and how can the CNCF landscape help? This talk discusses the cloud native technologies that can be used to convert to a multi-cloud architecture and highlights some of the lessons learned from taking this journey on at Form3. The audience will learn: - How to decide if multi-cloud is essential for them - The fundamentals of deploying services across multiple clouds with Kubernetes - How to leverage Cilium to mesh together multiple clusters - The basics of event sourcing using NATS in the multi-cloud world - Resilient and performant data storage using CockroachDB This talk is useful for any new comers to the cloud native landscape, as well as those curious about going multi-cloud!
- 4 participants
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Mentorship: Tips for Being a Great Mentor to CNCF Students - Lucas Servén Marín, Private
The CNCF and broader Linux Foundation offer generous mentorship programs that connect students around the world with open source projects. The whole open source community can benefit from and grow thanks to these opportunities, however, many technically talented maintainers are not trained as teachers or equipped with the tools to lead student projects. So what can open source maintainers do to help ensure mentees are successful in their cloud native journeys? And more broadly, how can maintainers use these opportunities to build a long lasting and inclusive community? In this talk, Lucas discusses challenges, successes, and lucky breaks he experienced through two years of non-stop mentorship as a maintainer of Thanos. Based on these lessons, he provides concrete strategies and tips that Thanos mentors and mentees have leveraged to communicate effectively and empathically and to meet the community's goals, whatever they may be.
Cloud Native Mentorship: Tips for Being a Great Mentor to CNCF Students - Lucas Servén Marín, Private
The CNCF and broader Linux Foundation offer generous mentorship programs that connect students around the world with open source projects. The whole open source community can benefit from and grow thanks to these opportunities, however, many technically talented maintainers are not trained as teachers or equipped with the tools to lead student projects. So what can open source maintainers do to help ensure mentees are successful in their cloud native journeys? And more broadly, how can maintainers use these opportunities to build a long lasting and inclusive community? In this talk, Lucas discusses challenges, successes, and lucky breaks he experienced through two years of non-stop mentorship as a maintainer of Thanos. Based on these lessons, he provides concrete strategies and tips that Thanos mentors and mentees have leveraged to communicate effectively and empathically and to meet the community's goals, whatever they may be.
- 3 participants
- 26 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Storage: The CNCF Storage TAG, Projects, Technology & Landscape - Alex Chircop, Ondat; Xing Yang, VMware; Raffaele Spazzoli, RedHat
This talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with CNCF Storage projects, and the work we have done to build guidance and write whitepapers for the ecosystem. During this session we will cover an overview of storage projects in the CNCF, including the broader ecosystem, as well as projects that are currently being reviewed. We will also share updates of our latest work including the CNCF Storage Whitepaper, Performance and Benchmarking whitepaper and the Cloud Native Disaster Recovery whitepaper. Join us to find out how to contribute and participate in the CNCF storage community and discover practical guidance on how to use cloud native storage in your environments.
Cloud Native Storage: The CNCF Storage TAG, Projects, Technology & Landscape - Alex Chircop, Ondat; Xing Yang, VMware; Raffaele Spazzoli, RedHat
This talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with CNCF Storage projects, and the work we have done to build guidance and write whitepapers for the ecosystem. During this session we will cover an overview of storage projects in the CNCF, including the broader ecosystem, as well as projects that are currently being reviewed. We will also share updates of our latest work including the CNCF Storage Whitepaper, Performance and Benchmarking whitepaper and the Cloud Native Disaster Recovery whitepaper. Join us to find out how to contribute and participate in the CNCF storage community and discover practical guidance on how to use cloud native storage in your environments.
- 7 participants
- 42 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud-Native Building Blocks: An Interactive Envoy Proxy Workshop - Adam Sayah & Jim Barton, Solo.io
Envoy Proxy is a foundational layer for many of the innovations propelling the Kubernetes community, including service meshes and cloud-native API gateways. But many engineers understand it only as a black-box, hidden by simplifying levels of abstraction. The purpose of this workshop is to provide a hands-on workshop that will bridge those gaps in Envoy understanding. Participants will explore first principles regarding Envoy architecture, filter chains, and a day-in-the-life of a request. Users will then put those principles to work interactively. Every participant will have access to a computing environment via their web browsers to a Kubernetes K3s platform provisioned with Envoy and supporting tools. From there, users will explore the life of a request through a maze of transforms, custom processing with WebAssembly, and request routing. They will further learn to employ standard Envoy tools like metrics, access logging, and the Tap filter to solve real-world problems.
Cloud-Native Building Blocks: An Interactive Envoy Proxy Workshop - Adam Sayah & Jim Barton, Solo.io
Envoy Proxy is a foundational layer for many of the innovations propelling the Kubernetes community, including service meshes and cloud-native API gateways. But many engineers understand it only as a black-box, hidden by simplifying levels of abstraction. The purpose of this workshop is to provide a hands-on workshop that will bridge those gaps in Envoy understanding. Participants will explore first principles regarding Envoy architecture, filter chains, and a day-in-the-life of a request. Users will then put those principles to work interactively. Every participant will have access to a computing environment via their web browsers to a Kubernetes K3s platform provisioned with Envoy and supporting tools. From there, users will explore the life of a request through a maze of transforms, custom processing with WebAssembly, and request routing. They will further learn to employ standard Envoy tools like metrics, access logging, and the Tap filter to solve real-world problems.
- 3 participants
- 1:25 hours
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cluster API Intro and Deep Dive - Yuvaraj Balaji Rao Kakaraparthi & Vince Prignano, VMware
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. In this deep dive, we will examine how Cluster API simplifies the cluster management experience for cluster operators by enabling consistent machine management across environments and quick stamping of Clusters using some new exciting features like ClusterClass.
Cluster API Intro and Deep Dive - Yuvaraj Balaji Rao Kakaraparthi & Vince Prignano, VMware
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. In this deep dive, we will examine how Cluster API simplifies the cluster management experience for cluster operators by enabling consistent machine management across environments and quick stamping of Clusters using some new exciting features like ClusterClass.
- 11 participants
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Composability is to Software as Compounding Interest is to Finance - Bill Mulligan, Isovalent
The cloud native ecosystem is built of composable projects that can be stacked, recombined, reused, and built upon. This composability allows cloud native developers to iterate and ship functionality fast and creates compounding value to businesses from telcos to machine learning to gaming. This talk will trace the history of composability within the cloud native landscape from making Kubernetes pluggable and extensible through the CNI and CRI to standardizing observability with Prometheus and OTel to eBPF making security and networking composable with Cilium. Along the way we will discover how each interface and extension built the value of the project and the ecosystem as a whole creating a learning and business value flywheel. The audience will learn how the composability of cloud native has helped grow the public cloud, generated many successful startups, given meaningful careers to a wide variety of people, and why buying into composable ecosystems compounds business value.
Composability is to Software as Compounding Interest is to Finance - Bill Mulligan, Isovalent
The cloud native ecosystem is built of composable projects that can be stacked, recombined, reused, and built upon. This composability allows cloud native developers to iterate and ship functionality fast and creates compounding value to businesses from telcos to machine learning to gaming. This talk will trace the history of composability within the cloud native landscape from making Kubernetes pluggable and extensible through the CNI and CRI to standardizing observability with Prometheus and OTel to eBPF making security and networking composable with Cilium. Along the way we will discover how each interface and extension built the value of the project and the ecosystem as a whole creating a learning and business value flywheel. The audience will learn how the composability of cloud native has helped grow the public cloud, generated many successful startups, given meaningful careers to a wide variety of people, and why buying into composable ecosystems compounds business value.
- 1 participant
- 23 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Contour Ingress Intro and Deep Dive - Nick Young, Orlin Vasilev & Nigel Brown, VMware
Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providing a control plane for the Envoy edge and service proxy. This session will show you how to leverage Contour and Envoy for Kubernetes workloads in a multi-tenant environment as well as include a demo of recent Contour features. We will also focus on the project roadmap including enhanced support for Gateway API, the Contour Operator for enhanced lifecycle management, distributed tracing support, and much more.
Contour Ingress Intro and Deep Dive - Nick Young, Orlin Vasilev & Nigel Brown, VMware
Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providing a control plane for the Envoy edge and service proxy. This session will show you how to leverage Contour and Envoy for Kubernetes workloads in a multi-tenant environment as well as include a demo of recent Contour features. We will also focus on the project roadmap including enhanced support for Gateway API, the Contour Operator for enhanced lifecycle management, distributed tracing support, and much more.
- 5 participants
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CoreDNS: Intro and Deep Dive - John Belamaric, Google & Yong Tang, Ivanti, Inc
Come to learn about CoreDNS and the latest updates to the project and roadmap. Stay to learn about how to write your own CoreDNS plugin!
CoreDNS: Intro and Deep Dive - John Belamaric, Google & Yong Tang, Ivanti, Inc
Come to learn about CoreDNS and the latest updates to the project and roadmap. Stay to learn about how to write your own CoreDNS plugin!
- 5 participants
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Crack the FaaS Cold Start and Scalability Bottleneck - Cathy Zhang & Rui Zang, Intel
FaaS provides many benefits to the end-users, such as zero maintenance and on-demand auto-scaling. As each new technology brings benefits, it brings challenges. There are two major challenges: cold start latency and autoscaling speed in response to bursty traffic. Cold start latency refers to the time it takes to create a new function instance and get it ready to start execution. Autoscaling refers to the operation of automatically adjusting the number of running function instances to meet the traffic demand. This talk provides a detailed analysis of what causes the cold start latency and the autoscaling bottleneck. It then presents a new approach that reduces the cold start latency through instantiating a new function instance from a combination of its memory snapshot and its essential code chunks. The authors will share their learnings and test results. On the autoscaling part, the authors will share their insight of using an elastic function sandbox to boost the auto-scaling speed.
Crack the FaaS Cold Start and Scalability Bottleneck - Cathy Zhang & Rui Zang, Intel
FaaS provides many benefits to the end-users, such as zero maintenance and on-demand auto-scaling. As each new technology brings benefits, it brings challenges. There are two major challenges: cold start latency and autoscaling speed in response to bursty traffic. Cold start latency refers to the time it takes to create a new function instance and get it ready to start execution. Autoscaling refers to the operation of automatically adjusting the number of running function instances to meet the traffic demand. This talk provides a detailed analysis of what causes the cold start latency and the autoscaling bottleneck. It then presents a new approach that reduces the cold start latency through instantiating a new function instance from a combination of its memory snapshot and its essential code chunks. The authors will share their learnings and test results. On the autoscaling part, the authors will share their insight of using an elastic function sandbox to boost the auto-scaling speed.
- 2 participants
- 23 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Crossplane Intro & Deep Dive - Compose Your Custom Cloud Platform - Jared Watts, Steven Borreli & Yury Tsarev, Upbound; Christopher Haar, DKB AG
The maintainers of Crossplane, a CNCF Incubating project, will lead this session that will introduce the project to new attendees, as well as dive into the finer details of Crossplane’s functionality and roadmap. We will explain how Crossplane enables you to compose cloud infrastructure and services into your custom platform APIs, and how best to get started building a platform of your own. We will take a tour through the key features included in the latest releases, what problems and use cases they are solving, and how you can adopt them into your control planes. Finally, there will be an interactive opportunity to engage with the maintainers, ask questions, and influence the future of the project direction.
Crossplane Intro & Deep Dive - Compose Your Custom Cloud Platform - Jared Watts, Steven Borreli & Yury Tsarev, Upbound; Christopher Haar, DKB AG
The maintainers of Crossplane, a CNCF Incubating project, will lead this session that will introduce the project to new attendees, as well as dive into the finer details of Crossplane’s functionality and roadmap. We will explain how Crossplane enables you to compose cloud infrastructure and services into your custom platform APIs, and how best to get started building a platform of your own. We will take a tour through the key features included in the latest releases, what problems and use cases they are solving, and how you can adopt them into your control planes. Finally, there will be an interactive opportunity to engage with the maintainers, ask questions, and influence the future of the project direction.
- 5 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive into Minikube - Medya Ghazizadeh & Sharif Elgamal, Google
A deep dive into minikube's architecture and sharing top 20 useful tips on using minikube and sharing lessons from 5 years of maintaining minikube.
Deep Dive into Minikube - Medya Ghazizadeh & Sharif Elgamal, Google
A deep dive into minikube's architecture and sharing top 20 useful tips on using minikube and sharing lessons from 5 years of maintaining minikube.
- 3 participants
- 39 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Distributing PromQL for Fast and Efficient Kubernetes Fleet Monitoring - Moad Zardab, Red Hat & Filip Petkovski, Shopify
Both Thanos and Cortex have enabled the cloud native ecosystem to scale Prometheus storage with the use of blocks of data persisted across many clusters into single object storage. Whilst this unlocks cheap long term retention of metrics, it presents a significant challenge of being able to efficiently read and process large volumes of data. This talk outlines the Thanos community's efforts to improve read path performance through query pushdown and query sharding and how it compares with existing Cortex approaches. Thanos deployment's are composed of stores; components that expose a consistent Prometheus compliant read API for retrieving timeseries, and queriers; components that combine raw timeseries and evaluate PromQL expressions against them. Query pushdown gives the opportunity to pre-evaluate these expressions closer to the data, while query sharding breaks down a query into distinct, disassociated datesets that can be computed concurrently thanks to Kubernetes.
Distributing PromQL for Fast and Efficient Kubernetes Fleet Monitoring - Moad Zardab, Red Hat & Filip Petkovski, Shopify
Both Thanos and Cortex have enabled the cloud native ecosystem to scale Prometheus storage with the use of blocks of data persisted across many clusters into single object storage. Whilst this unlocks cheap long term retention of metrics, it presents a significant challenge of being able to efficiently read and process large volumes of data. This talk outlines the Thanos community's efforts to improve read path performance through query pushdown and query sharding and how it compares with existing Cortex approaches. Thanos deployment's are composed of stores; components that expose a consistent Prometheus compliant read API for retrieving timeseries, and queriers; components that combine raw timeseries and evaluate PromQL expressions against them. Query pushdown gives the opportunity to pre-evaluate these expressions closer to the data, while query sharding breaks down a query into distinct, disassociated datesets that can be computed concurrently thanks to Kubernetes.
- 5 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Distributing Supply Chain Artifacts with OCI & ORAS Artifacts - Steve Lasker, Microsoft
In a world of continuous supply chain attacks, secure distribution matters more than ever. Your images are now signed, with systems bill of materials (SBOM) and frequent scan results. How will you consume them from public endpoints, promoting them across environments into private network environments where there's no external access? ORAS Artifacts lifts OCI Artifacts to the next level by enabling graphs of artifact relationships to be established. When you archive or delete any given container image, the related artifacts are archived or deleted as well, providing predictable lifecycle management. ORAS Artifacts enable you to build upon the hardened, performant, securely distributed registries you're already using. Come see how registries are evolving, enabling all your cloud-native artifacts to be distributed from the public registries to your private environments, wherever they may be.
Distributing Supply Chain Artifacts with OCI & ORAS Artifacts - Steve Lasker, Microsoft
In a world of continuous supply chain attacks, secure distribution matters more than ever. Your images are now signed, with systems bill of materials (SBOM) and frequent scan results. How will you consume them from public endpoints, promoting them across environments into private network environments where there's no external access? ORAS Artifacts lifts OCI Artifacts to the next level by enabling graphs of artifact relationships to be established. When you archive or delete any given container image, the related artifacts are archived or deleted as well, providing predictable lifecycle management. ORAS Artifacts enable you to build upon the hardened, performant, securely distributed registries you're already using. Come see how registries are evolving, enabling all your cloud-native artifacts to be distributed from the public registries to your private environments, wherever they may be.
- 1 participant
- 40 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Empower Autonomous Driving with Cloud Native Serverless Technologies - Benjamin Huo, QingCloud Technologies & Xiuming Lu, UISEE
For an Autonomous-Driving platform, the complex use cases and numerous modules pose huge challenges to the entire architecture. Take data-archiving as an example, large amounts of time-sensitive data are generated in the vehicle and cloud every second, scattered in various devices and clusters. Challenges like multi-types of storage media, non-uniform data size, mixed asynchronous operations, steep resource overhead curves all prompt for a more flexible, elastic, and cost-saving architecture. In this talk, UISEE developers and OpenFunction maintainers will talk about: - Why does Autonomous-Driving need a modern FaaS platform powered by Dapr, Keda, and Knative? - Cloud Native FaaS Platform OpenFunction Intro. - Why is an asynchronous function a good fit for Autonomous-Driving? - How does UISEE use the Asynchronous functions in Autonomous-Driving? - The benefits that a modern FaaS platform brings to Autonomous-Driving. - OpenFunction updates & roadmap.
Empower Autonomous Driving with Cloud Native Serverless Technologies - Benjamin Huo, QingCloud Technologies & Xiuming Lu, UISEE
For an Autonomous-Driving platform, the complex use cases and numerous modules pose huge challenges to the entire architecture. Take data-archiving as an example, large amounts of time-sensitive data are generated in the vehicle and cloud every second, scattered in various devices and clusters. Challenges like multi-types of storage media, non-uniform data size, mixed asynchronous operations, steep resource overhead curves all prompt for a more flexible, elastic, and cost-saving architecture. In this talk, UISEE developers and OpenFunction maintainers will talk about: - Why does Autonomous-Driving need a modern FaaS platform powered by Dapr, Keda, and Knative? - Cloud Native FaaS Platform OpenFunction Intro. - Why is an asynchronous function a good fit for Autonomous-Driving? - How does UISEE use the Asynchronous functions in Autonomous-Driving? - The benefits that a modern FaaS platform brings to Autonomous-Driving. - OpenFunction updates & roadmap.
- 2 participants
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Cloud Naive to Cloud Native – Avoiding Mistakes Everyone Does - Max Körbächer, Liquid Reply
“Cloud native” is nowadays a very brought word, used for everything from projects going to the cloud, open source solutions or in architecture terminology. This misleads initiatives and corporate decisions on cloud-first projects as well as their promised savings, improvements or speed gain. In this talk, we will have a look at common mistakes, how corporations place them elf into a twister and why you first need to really understand Netflix, Spotify and co, so that you can understand that you are very much different. Because migrating to the cloud, doesn’t make you native. Feel the passive-aggressive vibes? Good, now we can talk! Let us seriously discuss about architectural patterns, what really matters in your cloud provider, leading decision processes on a technical level and finally what are the steps to become cloud native and not cloud naive.
From Cloud Naive to Cloud Native – Avoiding Mistakes Everyone Does - Max Körbächer, Liquid Reply
“Cloud native” is nowadays a very brought word, used for everything from projects going to the cloud, open source solutions or in architecture terminology. This misleads initiatives and corporate decisions on cloud-first projects as well as their promised savings, improvements or speed gain. In this talk, we will have a look at common mistakes, how corporations place them elf into a twister and why you first need to really understand Netflix, Spotify and co, so that you can understand that you are very much different. Because migrating to the cloud, doesn’t make you native. Feel the passive-aggressive vibes? Good, now we can talk! Let us seriously discuss about architectural patterns, what really matters in your cloud provider, leading decision processes on a technical level and finally what are the steps to become cloud native and not cloud naive.
- 1 participant
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Monitoring to Observability: Left Shift your SLOs with Chaos - Michael Friedrich, GitLab
Security has shifted left in CI/CD pipelines. Traditional service monitoring moved on with metrics, logs and traces and observability embraces the unknown unknowns. Developers and SREs are instrumenting applications with distributed tracing. How do service level objectives (SLOs) add to the bigger picture? This talk invites into a developer’s tale about ops deployment scalability, availability threshold definitions and measuring application performance. What are the benefits of app instrumentation, metrics and traces and where does the journey start? Dev becomes Ops: SLOs need to be well understood and simulated early in the development process. New building blocks come to play: Continuous Delivery, quality gates and chaos engineering - is it possible to left shift SLOs with Chaos in your CI/CD pipelines?
From Monitoring to Observability: Left Shift your SLOs with Chaos - Michael Friedrich, GitLab
Security has shifted left in CI/CD pipelines. Traditional service monitoring moved on with metrics, logs and traces and observability embraces the unknown unknowns. Developers and SREs are instrumenting applications with distributed tracing. How do service level objectives (SLOs) add to the bigger picture? This talk invites into a developer’s tale about ops deployment scalability, availability threshold definitions and measuring application performance. What are the benefits of app instrumentation, metrics and traces and where does the journey start? Dev becomes Ops: SLOs need to be well understood and simulated early in the development process. New building blocks come to play: Continuous Delivery, quality gates and chaos engineering - is it possible to left shift SLOs with Chaos in your CI/CD pipelines?
- 1 participant
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Student to SRE That Loves CNCF in No Time - Jacob Valdemar Andreasen, Lunar
A year ago Jacob knew nothing about Kubernetes, Linkerd, or any other fancy CNCF projects. Jacob had been studying Software Technology for two years where he learned to write code and use software design patterns. In his fifth semester, Jacob decided to try something new and joined Lunar as a Site Reliability Engineer for a five-month full-time internship where he contributed to CNCF projects and learned to develop and maintain a GitOps based Kubernetes platform. By constantly questioning his knowledge and pushing his boundaries Jacob steadily learned how to navigate the CNCF environment. Now, 1 year and 6 months later, Jacob is a Certified Kubernetes Administrator and continues to work at Lunar where he plays with Kubernetes, Flux, Fluent Bit, Prometheus, Backstage, Linkerd, and many other exciting CNCF projects. By following Jacob’s journey we will explore the opportunities and obstacles you face as a student wanting to start their journey towards working as a platform engineer.
From Student to SRE That Loves CNCF in No Time - Jacob Valdemar Andreasen, Lunar
A year ago Jacob knew nothing about Kubernetes, Linkerd, or any other fancy CNCF projects. Jacob had been studying Software Technology for two years where he learned to write code and use software design patterns. In his fifth semester, Jacob decided to try something new and joined Lunar as a Site Reliability Engineer for a five-month full-time internship where he contributed to CNCF projects and learned to develop and maintain a GitOps based Kubernetes platform. By constantly questioning his knowledge and pushing his boundaries Jacob steadily learned how to navigate the CNCF environment. Now, 1 year and 6 months later, Jacob is a Certified Kubernetes Administrator and continues to work at Lunar where he plays with Kubernetes, Flux, Fluent Bit, Prometheus, Backstage, Linkerd, and many other exciting CNCF projects. By following Jacob’s journey we will explore the opportunities and obstacles you face as a student wanting to start their journey towards working as a platform engineer.
- 2 participants
- 24 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From `docker push` to Bytes on Disk: Inside Distribution - Wayne Warren & Adam Wolfe Gordon, DigitalOcean
If you use containers, at some point you've probably done a `docker pull` or a `docker push`. But, have you ever thought about how those operations work? How does a container image travel to persistent storage in the cloud? What does it look like when it gets there? We hadn't thought much about these questions until we started building DigitalOcean Container Registry (DOCR) on top of the CNCF Distribution codebase in 2019. Working on DOCR required us to learn a lot of the answers and we're excited to share them. In this talk we'll pull back the curtain on how Distribution works. From your registry client, to the OCI Distribution API, to the CNCF Distribution codebase, to bytes on disk, we'll explain exactly how a container image makes it from your computer to the cloud, what it looks like when it gets there, and what happens when you ask for it back. We'll also touch on less-standardized topics such as authentication and the evolving garbage collection implementation in Distribution.
From `docker push` to Bytes on Disk: Inside Distribution - Wayne Warren & Adam Wolfe Gordon, DigitalOcean
If you use containers, at some point you've probably done a `docker pull` or a `docker push`. But, have you ever thought about how those operations work? How does a container image travel to persistent storage in the cloud? What does it look like when it gets there? We hadn't thought much about these questions until we started building DigitalOcean Container Registry (DOCR) on top of the CNCF Distribution codebase in 2019. Working on DOCR required us to learn a lot of the answers and we're excited to share them. In this talk we'll pull back the curtain on how Distribution works. From your registry client, to the OCI Distribution API, to the CNCF Distribution codebase, to bytes on disk, we'll explain exactly how a container image makes it from your computer to the cloud, what it looks like when it gets there, and what happens when you ask for it back. We'll also touch on less-standardized topics such as authentication and the evolving garbage collection implementation in Distribution.
- 5 participants
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Full Mesh Encryption in Kubernetes with WireGuard and Calico - Peter Kelly, Tigera
Encrypting data-in-transit is an important feature for many Kubernetes users especially for compliance and a zero-trust model. There are several ways this can be achieved, including using WireGuard, an exciting new lightweight VPN in the Linux kernel. This talk explains why you would choose WireGuard for this task and how it can work in a dynamic platform such as Kubernetes using Project Calico to provide a full host-to-host encrypted mesh at a layer below your application workloads. WireGuard is popular for good reason; lightweight, fast, scalable and easy. We’ll show you how easy it is to make it work but also dig in to the implementation details for those who love to sweat the details.
Full Mesh Encryption in Kubernetes with WireGuard and Calico - Peter Kelly, Tigera
Encrypting data-in-transit is an important feature for many Kubernetes users especially for compliance and a zero-trust model. There are several ways this can be achieved, including using WireGuard, an exciting new lightweight VPN in the Linux kernel. This talk explains why you would choose WireGuard for this task and how it can work in a dynamic platform such as Kubernetes using Project Calico to provide a full host-to-host encrypted mesh at a layer below your application workloads. WireGuard is popular for good reason; lightweight, fast, scalable and easy. We’ll show you how easy it is to make it work but also dig in to the implementation details for those who love to sweat the details.
- 7 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Gateway API: Beta to GA - Rob Scott, Google & Nick Young, VMware
In the past year, Gateway API has made some significant progress, becoming an official Kubernetes API and graduating to Beta. As part of that process, it gained some exciting new features, including custom policy attachment, advanced rewrite configuration, cross-namespace references, and a lot more. In this talk, we’ll provide an overview of all the new features in Gateway API, demonstrating many of them with different implementations of the API. We’ll then discuss our plans going forward, including new features we’re working on and our goals for a GA release. Most importantly, we’ll share how you can get involved with the project.
Gateway API: Beta to GA - Rob Scott, Google & Nick Young, VMware
In the past year, Gateway API has made some significant progress, becoming an official Kubernetes API and graduating to Beta. As part of that process, it gained some exciting new features, including custom policy attachment, advanced rewrite configuration, cross-namespace references, and a lot more. In this talk, we’ll provide an overview of all the new features in Gateway API, demonstrating many of them with different implementations of the API. We’ll then discuss our plans going forward, including new features we’re working on and our goals for a GA release. Most importantly, we’ll share how you can get involved with the project.
- 7 participants
- 43 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger, DigitalOcean
In this workshop, you will experience the power of Infrastructure as Code and GitOps to automate the provisioning, modification, and extension of a Kubernetes cluster. Join me to learn how to use Terraform to spin up a Kubernetes cluster and install FluxCD, which will watch a GitHub repo and automatically apply any changes made via git commit. In order to keep all of your credentials like secrets, passwords, and tokens in your GitHub repo, we will show you how to use the sealed-secrets project to enable one-way encrypted secrets that can only be decoded inside the cluster. Finally, you will install and use Crossplane to provision digital infrastructure from inside your Kubernetes cluster, including resources from different cloud providers, giving you a chance to experiment with multi-cloud infrastructure.
GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger, DigitalOcean
In this workshop, you will experience the power of Infrastructure as Code and GitOps to automate the provisioning, modification, and extension of a Kubernetes cluster. Join me to learn how to use Terraform to spin up a Kubernetes cluster and install FluxCD, which will watch a GitHub repo and automatically apply any changes made via git commit. In order to keep all of your credentials like secrets, passwords, and tokens in your GitHub repo, we will show you how to use the sealed-secrets project to enable one-way encrypted secrets that can only be decoded inside the cluster. Finally, you will install and use Crossplane to provision digital infrastructure from inside your Kubernetes cluster, including resources from different cloud providers, giving you a chance to experiment with multi-cloud infrastructure.
- 10 participants
- 1:25 hours
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
GitOpsify Everything: When Crossplane Meets Argo CD - Ying Mo & Ken Murray, IBM
Argo CD is a popular CNCF incubating project that implements GitOps on Kubernetes to drive continuous delivery of Cloud Native applications. Using Git at its core, it's been widely adopted across the industry. However, real-world organizations may still have many traditional IT systems, they may have invested heavily on management automation for these systems. How can they benefit from GitOps? This session will share the magic to combine Argo CD and existing non cloud native IT automation assets by crafting a bridge using Crossplane, another popular CNCF incubating project. It works seamlessly with existing automation technologies such as Ansible and Terraform, with a large user base and mature eco-systems. This empowers you to GitOpsify everything, cloud native or non cloud native, to manage hybrid technologies using GitOps consistently. The session will also share some best practices and lessons learned that you may consider when you start the GitOps transition with your IT systems.
GitOpsify Everything: When Crossplane Meets Argo CD - Ying Mo & Ken Murray, IBM
Argo CD is a popular CNCF incubating project that implements GitOps on Kubernetes to drive continuous delivery of Cloud Native applications. Using Git at its core, it's been widely adopted across the industry. However, real-world organizations may still have many traditional IT systems, they may have invested heavily on management automation for these systems. How can they benefit from GitOps? This session will share the magic to combine Argo CD and existing non cloud native IT automation assets by crafting a bridge using Crossplane, another popular CNCF incubating project. It works seamlessly with existing automation technologies such as Ansible and Terraform, with a large user base and mature eco-systems. This empowers you to GitOpsify everything, cloud native or non cloud native, to manage hybrid technologies using GitOps consistently. The session will also share some best practices and lessons learned that you may consider when you start the GitOps transition with your IT systems.
- 2 participants
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Harbor - Enterprise Cloud Native Artifact Registry - Yan Wang, Chenyu Zhang, Daojun Zhang, VMware & Vadim Bauer, Container Registry
Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this presentation, we will cover some advanced features of using Harbor, such as image signature management(cosign), image management in a cloud environment, unified management of Helm chart and container images, and highly-available deployments.Furthermore, the team would love to get feedback from users and contributors to current features and future roadmap.
Harbor - Enterprise Cloud Native Artifact Registry - Yan Wang, Chenyu Zhang, Daojun Zhang, VMware & Vadim Bauer, Container Registry
Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this presentation, we will cover some advanced features of using Harbor, such as image signature management(cosign), image management in a cloud environment, unified management of Helm chart and container images, and highly-available deployments.Furthermore, the team would love to get feedback from users and contributors to current features and future roadmap.
- 4 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Adobe is Optimizing Resource Usage in Kubernetes - Carlos Sanchez, Adobe
Moving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. At Adobe we make extensive use of standard Kubernetes capabilities to reduce resource usage and we have also built some solutions at several levels of the stack to improve it. From autoscaling to workload hibernation, from automated resource requests to Kubernetes Jobs, we have experimented with and implemented several features that decrease our resource usage and lower the cost of running many Kubernetes clusters at scale. Both at workload resource level and also at achieving higher density clusters that reduce the number of clusters we need and the operating costs.
How Adobe is Optimizing Resource Usage in Kubernetes - Carlos Sanchez, Adobe
Moving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. At Adobe we make extensive use of standard Kubernetes capabilities to reduce resource usage and we have also built some solutions at several levels of the stack to improve it. From autoscaling to workload hibernation, from automated resource requests to Kubernetes Jobs, we have experimented with and implemented several features that decrease our resource usage and lower the cost of running many Kubernetes clusters at scale. Both at workload resource level and also at achieving higher density clusters that reduce the number of clusters we need and the operating costs.
- 11 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Linkerd Helped bink Partner up with Barclays - Mark Swarbrick, bink
In this session, Mark Swarbrick, Bink's Head of Infrastructure, will share how Linkerd gave the fintech startup the confidence to partner up with Barclays and serve millions of customers in the UK. Around 2016, the Bink infrastructure team started containerizing their apps. Not long after they migrated to the cloud and moved their apps onto Kubernetes. Still in the early days, they experienced issues with the cloud's unstable networking infrastructure, leading to multiple issues including huge amounts of random TCP disconnects, UDP connections just going missing, and other faults. After a little research, they gave Linkerd a try and, lo and behold, as soon as they started experimenting with it, network faults caused by the instabilities dropped significantly. The timing could not have been better. The team was just starting conversations with Barclays and Linkerd's metrics allowed them to monitor their SLOs and agree to the bank's ambitious latency and success rated based SLAs.
How Linkerd Helped bink Partner up with Barclays - Mark Swarbrick, bink
In this session, Mark Swarbrick, Bink's Head of Infrastructure, will share how Linkerd gave the fintech startup the confidence to partner up with Barclays and serve millions of customers in the UK. Around 2016, the Bink infrastructure team started containerizing their apps. Not long after they migrated to the cloud and moved their apps onto Kubernetes. Still in the early days, they experienced issues with the cloud's unstable networking infrastructure, leading to multiple issues including huge amounts of random TCP disconnects, UDP connections just going missing, and other faults. After a little research, they gave Linkerd a try and, lo and behold, as soon as they started experimenting with it, network faults caused by the instabilities dropped significantly. The timing could not have been better. The team was just starting conversations with Barclays and Linkerd's metrics allowed them to monitor their SLOs and agree to the bank's ambitious latency and success rated based SLAs.
- 1 participant
- 18 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How a Couple of Characters (and GitOps) Brought Down Our Site - Guy Templeton & Stuart Davidson, Skyscanner
Skyscanner have been enthusiastic adopters of Cloud-Native technologies and practices, adopting Kubernetes, Helm and ArgoCD as well as a wide range of other open-source technologies. However, adopting these technologies and practices in an existing environment doesn’t come without challenges. In this talk, Stuart and Guy will walk you through the longer-term cultural and technical challenges and benefits brought by adopting a GitOps model, as well as digging deeper into a global outage of Skyscanner’s website and mobile apps and how these approaches both exacerbated the problem but also sped up the time to resolution. They’ll then take the opportunity to explain some of the learnings from the incident with the hope that the insight they gained from this catastrophic situation will help you and your organisation not make the same mistakes.
How a Couple of Characters (and GitOps) Brought Down Our Site - Guy Templeton & Stuart Davidson, Skyscanner
Skyscanner have been enthusiastic adopters of Cloud-Native technologies and practices, adopting Kubernetes, Helm and ArgoCD as well as a wide range of other open-source technologies. However, adopting these technologies and practices in an existing environment doesn’t come without challenges. In this talk, Stuart and Guy will walk you through the longer-term cultural and technical challenges and benefits brought by adopting a GitOps model, as well as digging deeper into a global outage of Skyscanner’s website and mobile apps and how these approaches both exacerbated the problem but also sped up the time to resolution. They’ll then take the opportunity to explain some of the learnings from the incident with the hope that the insight they gained from this catastrophic situation will help you and your organisation not make the same mistakes.
- 13 participants
- 48 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime - Tobias Giese & Sean Schneeweiss, Mercedes-Benz Tech Innovation
Cluster API promises "to simplify provisioning, upgrading, and operating multiple Kubernetes clusters." Do you find it challenging to migrate your existing Kubernetes cluster provisioning to Cluster API? Would you like to benefit from all the features that Cluster API offers and manage your infrastructure the Kubernetes style? At Mercedes-Benz, we run and operate more than 700 Kubernetes clusters and 3,500 machines all over the world in on-premises OpenStack data centers. By migrating to Cluster API, we replaced our legacy provisioning, consisting of Terraform, custom self-written tools and Kubernetes operators. Expect valuable insights on what it takes to transfer production systems into the control of Cluster API with zero downtime and zero customer impact. Get to know the technical challenges of migrating, how they can be solved and how to extend Cluster API functionality to fit your needs.
How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime - Tobias Giese & Sean Schneeweiss, Mercedes-Benz Tech Innovation
Cluster API promises "to simplify provisioning, upgrading, and operating multiple Kubernetes clusters." Do you find it challenging to migrate your existing Kubernetes cluster provisioning to Cluster API? Would you like to benefit from all the features that Cluster API offers and manage your infrastructure the Kubernetes style? At Mercedes-Benz, we run and operate more than 700 Kubernetes clusters and 3,500 machines all over the world in on-premises OpenStack data centers. By migrating to Cluster API, we replaced our legacy provisioning, consisting of Terraform, custom self-written tools and Kubernetes operators. Expect valuable insights on what it takes to transfer production systems into the control of Cluster API with zero downtime and zero customer impact. Get to know the technical challenges of migrating, how they can be solved and how to extend Cluster API functionality to fit your needs.
- 8 participants
- 31 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Implementing Anti-patterns: Kubernetes Cross-namespace Resource Ownership - Tom Coufal, Red Hat
Kubernetes is a very open system allowing developers a great extent of freedom. However it still follows rules, design principles and sets well-described boundaries. It constrains developers to well understood cans and cants. Prohibiting cross-namespace ownership of resources is one of such rules. A namespace scoped resource can't be an owner to a resource in a different namespace. Yet, there always is that one use case that we can't solve in any other way than by smashing through those walls of rules. We will explore why such a use case makes sense. And what challenges rigid namespace isolation brings to integration between Kubernetes native services. We will discover how one can construct a solution to this problem. Without re-implementing or replacing default core services - like the native garbage collection mechanisms.
Implementing Anti-patterns: Kubernetes Cross-namespace Resource Ownership - Tom Coufal, Red Hat
Kubernetes is a very open system allowing developers a great extent of freedom. However it still follows rules, design principles and sets well-described boundaries. It constrains developers to well understood cans and cants. Prohibiting cross-namespace ownership of resources is one of such rules. A namespace scoped resource can't be an owner to a resource in a different namespace. Yet, there always is that one use case that we can't solve in any other way than by smashing through those walls of rules. We will explore why such a use case makes sense. And what challenges rigid namespace isolation brings to integration between Kubernetes native services. We will discover how one can construct a solution to this problem. Without re-implementing or replacing default core services - like the native garbage collection mechanisms.
- 1 participant
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro + Deep Dive: SIG Scalability - Marcel Zięba & Wojciech Tyczyński, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
Intro + Deep Dive: SIG Scalability - Marcel Zięba & Wojciech Tyczyński, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
- 7 participants
- 43 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Jet Energy Corrections with GNN Regression using Kubeflow at CERN - Daniel Holmberg & Dejan Golubovic, CERN
The Large Hadron Collider is the world’s largest particle accelerator measuring 27 km in circumference. It accelerates beams of particles in opposite directions almost to the speed of light before making them collide. The particles emerging from the collisions are then measured in large detectors such as the Compact Muon Solenoid. An especially important object of study are so-called jets composed of multiple particles shooting out in the same direction from the collision point. Data-driven methods are used to correct the energy values for these jets, and what we’ll present here is the utilization of Kubeflow to enable state-of-the-art graph neural network based corrections. Kubeflow’s pipeline component allows us to define our machine learning workflow in a well-structured and reproducible manner, and its built-in training operators are used to scale up the training with ease. This work is expected to pave the way for future adoption of Kubeflow among the physics community at CERN.
Jet Energy Corrections with GNN Regression using Kubeflow at CERN - Daniel Holmberg & Dejan Golubovic, CERN
The Large Hadron Collider is the world’s largest particle accelerator measuring 27 km in circumference. It accelerates beams of particles in opposite directions almost to the speed of light before making them collide. The particles emerging from the collisions are then measured in large detectors such as the Compact Muon Solenoid. An especially important object of study are so-called jets composed of multiple particles shooting out in the same direction from the collision point. Data-driven methods are used to correct the energy values for these jets, and what we’ll present here is the utilization of Kubeflow to enable state-of-the-art graph neural network based corrections. Kubeflow’s pipeline component allows us to define our machine learning workflow in a well-structured and reproducible manner, and its built-in training operators are used to scale up the training with ease. This work is expected to pave the way for future adoption of Kubeflow among the physics community at CERN.
- 2 participants
- 24 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keep Calm and Containerd On! - Anusha Ragunathan, Intuit Inc
Letting go isn't easy! Especially when it comes to your Kubernetes cluster’s CRI implementation. Like most big Kubernetes deployments, Intuit’s 200+ clusters with 20000 nodes were running ‘dockerd’ as the CRI runtime, with dependencies on the docker API and CLI. We migrated our fleet of clusters to ‘containerd’. Whether you have a complicated Kubernetes installation with customized cluster addons or a simple set of clusters, you will be affected by the upcoming removal of dockerd from upstream Kubernetes. Come listen to us, learn from our journey and be prepared to make this migration smooth and seamless. We will share lessons learned migrating clusters to containerd. From issues faced with log management, SELinux and GPU support, to rewiring cluster addons related to CNI and runtime security, this talk is about Intuit’s journey moving to containerd. We will also talk about rollout of containerd to our production clusters and how we handled compatibility issues during cluster upgrades.
Keep Calm and Containerd On! - Anusha Ragunathan, Intuit Inc
Letting go isn't easy! Especially when it comes to your Kubernetes cluster’s CRI implementation. Like most big Kubernetes deployments, Intuit’s 200+ clusters with 20000 nodes were running ‘dockerd’ as the CRI runtime, with dependencies on the docker API and CLI. We migrated our fleet of clusters to ‘containerd’. Whether you have a complicated Kubernetes installation with customized cluster addons or a simple set of clusters, you will be affected by the upcoming removal of dockerd from upstream Kubernetes. Come listen to us, learn from our journey and be prepared to make this migration smooth and seamless. We will share lessons learned migrating clusters to containerd. From issues faced with log management, SELinux and GPU support, to rewiring cluster addons related to CNI and runtime security, this talk is about Intuit’s journey moving to containerd. We will also talk about rollout of containerd to our production clusters and how we handled compatibility issues during cluster upgrades.
- 3 participants
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: 7 Years of Running Kubernetes for Mercedes-Benz - Jens Erat, DevOps Engineer; Peter Mueller, Lead Expert; Sabine Wolz, Product Owner, Mercedes-Benz Tech Innovation
Years ago, software engineers faced hard times at Mercedes-Benz: spreadsheet operations, manual processes, grown infrastructure and strict governance. A grassroots initiative of engineers accepted the challenge to change the game – and their silver bullet was Kubernetes. Join us on our journey from introducing Kubernetes 0.9 on managed servers to an on-premises self-service cloud platform with close to 1000 clusters on Cluster API. You will learn about our stake transforming a data center with a young team that mostly did not know enterprise processes before. We describe how mixing naive visions and a strong believe in open source with lots of resilience made the project a success.
Keynote: 7 Years of Running Kubernetes for Mercedes-Benz - Jens Erat, DevOps Engineer; Peter Mueller, Lead Expert; Sabine Wolz, Product Owner, Mercedes-Benz Tech Innovation
Years ago, software engineers faced hard times at Mercedes-Benz: spreadsheet operations, manual processes, grown infrastructure and strict governance. A grassroots initiative of engineers accepted the challenge to change the game – and their silver bullet was Kubernetes. Join us on our journey from introducing Kubernetes 0.9 on managed servers to an on-premises self-service cloud platform with close to 1000 clusters on Cluster API. You will learn about our stake transforming a data center with a young team that mostly did not know enterprise processes before. We describe how mixing naive visions and a strong believe in open source with lots of resilience made the project a success.
- 3 participants
- 16 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Building Bridges: Cloud Native and High Performance Computing - Ricardo Rocha, Computing Engineer, CERN
Kubernetes and Cloud Native have taken over the modern IT deployments, but challenges remain in areas where its impact can still be much larger. The world of High Performance Computing (HPC), often air-gapped, tightly secured and with strong requirements regarding resource sharing for compute intensive workloads has yet to see its needs fully accomplished. This session will cover recent work where the last bits of the bridge are being finished.
Keynote: Building Bridges: Cloud Native and High Performance Computing - Ricardo Rocha, Computing Engineer, CERN
Kubernetes and Cloud Native have taken over the modern IT deployments, but challenges remain in areas where its impact can still be much larger. The world of High Performance Computing (HPC), often air-gapped, tightly secured and with strong requirements regarding resource sharing for compute intensive workloads has yet to see its needs fully accomplished. This session will cover recent work where the last bits of the bridge are being finished.
- 1 participant
- 19 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: CNCF Project Updates - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple
Keynote: CNCF Project Updates - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple
- 3 participants
- 18 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Exploring the Frontiers of Cloud Native - Bryan Che, Chief Strategy Officer, Huawei
Cloud native technologies and adoption have certainly come a long way since the early days of small-cluster Kubernetes and containers. But, there are still so many exciting frontiers for cloud native to explore. At Huawei, we have been working to push cloud native deployments into the depths of even outer space, to wider scales than ever before, and to higher-level workloads such as AI and machine learning. And, we have been working together with others to broaden the cloud native community.
Keynote: Exploring the Frontiers of Cloud Native - Bryan Che, Chief Strategy Officer, Huawei
Cloud native technologies and adoption have certainly come a long way since the early days of small-cluster Kubernetes and containers. But, there are still so many exciting frontiers for cloud native to explore. At Huawei, we have been working to push cloud native deployments into the depths of even outer space, to wider scales than ever before, and to higher-level workloads such as AI and machine learning. And, we have been working together with others to broaden the cloud native community.
- 1 participant
- 7 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Finding Your Power to Accelerate to a Sustainable Future - Kate Mulhall, Senior Cloud Software Engineering Manager & Emma Collins, Product Manager for Observability and Power Management, Intel
Accelerated digital transformation and increasing data volumes reinforce the need for data center energy efficiency. From power-aware hardware, better workload design, and smart orchestration, we can reduce energy consumption and lower our carbon footprint. There is a need to accommodate a variety of workloads across domains such as finance, health care, telecommunications, and scientific computing, where connectivity, data gathering, machine learning, and data analytics play a significant role. Optimizations can be made across compute, networking, and storage. Intel, along with the cloud native community, has been working on aligning platforms and technologies to achieve better resource utilization through innovations and tooling for observability, orchestration, and management. Come learn more about these energy sustainability efforts, where to find us in the community, and how to engage to achieve a greener future.
Keynote: Finding Your Power to Accelerate to a Sustainable Future - Kate Mulhall, Senior Cloud Software Engineering Manager & Emma Collins, Product Manager for Observability and Power Management, Intel
Accelerated digital transformation and increasing data volumes reinforce the need for data center energy efficiency. From power-aware hardware, better workload design, and smart orchestration, we can reduce energy consumption and lower our carbon footprint. There is a need to accommodate a variety of workloads across domains such as finance, health care, telecommunications, and scientific computing, where connectivity, data gathering, machine learning, and data analytics play a significant role. Optimizations can be made across compute, networking, and storage. Intel, along with the cloud native community, has been working on aligning platforms and technologies to achieve better resource utilization through innovations and tooling for observability, orchestration, and management. Come learn more about these energy sustainability efforts, where to find us in the community, and how to engage to achieve a greener future.
- 2 participants
- 7 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Incremental Deep Learning For Satellite with KubeEdge and MindSpore - Xiaoman Hu, Community Operation Director; Zhipeng Huang, Director of AI Open Source; Yue Bao, Software Engineer, Huawei
Low Earth Orbit (LEO) has become a hot topic in recent years and KubeEdge has managed to bring the cloud native to the space. With several small research satellite equipped with KubeEdge, edge computing with AI was experimented at the furthest frontier. In this talk we will present how we combine KubeEdge Sedna, the cloud native edge machine learning suite, with TinyMS which is a high level API toolkit for MindSpore deep learning framework, to enable incremental learning at the satellite to accomplish tasks like remote sensing and earth observing. We will also discuss how utilize TinyMS that KubeEdge Sedna's semantics could be integrated as an integral part of AI framework.
Keynote: Incremental Deep Learning For Satellite with KubeEdge and MindSpore - Xiaoman Hu, Community Operation Director; Zhipeng Huang, Director of AI Open Source; Yue Bao, Software Engineer, Huawei
Low Earth Orbit (LEO) has become a hot topic in recent years and KubeEdge has managed to bring the cloud native to the space. With several small research satellite equipped with KubeEdge, edge computing with AI was experimented at the furthest frontier. In this talk we will present how we combine KubeEdge Sedna, the cloud native edge machine learning suite, with TinyMS which is a high level API toolkit for MindSpore deep learning framework, to enable incremental learning at the satellite to accomplish tasks like remote sensing and earth observing. We will also discuss how utilize TinyMS that KubeEdge Sedna's semantics could be integrated as an integral part of AI framework.
- 3 participants
- 15 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Kubernetes Project Updates - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple
Keynote: Kubernetes Project Updates - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple
- 1 participant
- 8 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Landscape Sustainability: The Pillars of Cloud Native Growth - Dave Zolotusky, Software Engineer, Spotify & Katie Gamanji, Senior Kubernetes Field Engineer, Apple
The CNCF ecosystem provides a vendor-neutral space for contributors and adopters to share their technical advancements, and cross-check innovation strategies while seeking guidance on emerging technologies. The TOC members steer the evolution of the CNCF landscape, prompting the growth of the adopter base and the number of use cases where cloud native technology can be applied. Organic adoption and development of new tools created the ecosystem and community as we know it today. However, to continue our growth, we need to identify the sustainability pillars of our community.
This keynote will feature updates on TOC strategy and core pillars that define the future of the CNCF landscape in a scalable and sustainable manner. It will highlight the latest impactful projects and initiatives that drive the ubiquity of the cloud native.
Keynote: Landscape Sustainability: The Pillars of Cloud Native Growth - Dave Zolotusky, Software Engineer, Spotify & Katie Gamanji, Senior Kubernetes Field Engineer, Apple
The CNCF ecosystem provides a vendor-neutral space for contributors and adopters to share their technical advancements, and cross-check innovation strategies while seeking guidance on emerging technologies. The TOC members steer the evolution of the CNCF landscape, prompting the growth of the adopter base and the number of use cases where cloud native technology can be applied. Organic adoption and development of new tools created the ecosystem and community as we know it today. However, to continue our growth, we need to identify the sustainability pillars of our community.
This keynote will feature updates on TOC strategy and core pillars that define the future of the CNCF landscape in a scalable and sustainable manner. It will highlight the latest impactful projects and initiatives that drive the ubiquity of the cloud native.
- 2 participants
- 15 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Nurturing The Whole Project - Josh Berkus, Community Architect, Red Hat & Catherine Paganini, Head of Marketing & Community, Buoyant
Your code is reviewed, docs are being written, and the CNCF is hosting an event for you. What else does an open source project need?
As it turns out, a lot. You need to deliberately create a welcoming community, publicize your project, manage contributors' expectations, motivate them to take on more responsibility, develop project policies and processes, and more. With so many things to tackle, it can feel overwhelming. Fortunately, lots of people have done this before — and the CNCF and TAG Contributor Strategy are here to help.
Keynote: Nurturing The Whole Project - Josh Berkus, Community Architect, Red Hat & Catherine Paganini, Head of Marketing & Community, Buoyant
Your code is reviewed, docs are being written, and the CNCF is hosting an event for you. What else does an open source project need?
As it turns out, a lot. You need to deliberately create a welcoming community, publicize your project, manage contributors' expectations, motivate them to take on more responsibility, develop project policies and processes, and more. With so many things to tackle, it can feel overwhelming. Fortunately, lots of people have done this before — and the CNCF and TAG Contributor Strategy are here to help.
- 2 participants
- 10 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: PlatformOps: It’s all about Developer Experience - Ben Hale, Technical Lead, VMware Tanzu
Kubernetes has reached mainstream adoption, with 5.6 million developers using it worldwide. But, organizations are still challenged to make developers productive using Kubernetes. PlatformOps teams are now being asked to build, run, and manage platforms that lead with developer experience.
This requires embracing a PlatformOps philosophy that treats developers as customers while meeting their organization’s policies. VMware understands this transition building on 20 years of stewarding the most popular Java framework, Spring, which fundamentally changed the enterprise Java landscape on the back of a superior developer experience. That history allows us to identify patterns and attributes that we believe are critical to delivering a better cloud native developer experience on Kubernetes.
In this talk we’ll focus on three things PlatformOps teams should focus on:
Reducing complexity without sacrificing flexibility
Shifting outcomes left without shifting the burden left
Ensuring consistency and security without giving up agility
Join Ben Hale, VMware Senior Staff Engineer and Technical Lead for VMware Tanzu® developer experience, as he shares the core values of a great developer experience on Kubernetes based on his multi-decade career building application development tools and working with one of today’s most thriving open source developer communities, Spring.
Keynote: PlatformOps: It’s all about Developer Experience - Ben Hale, Technical Lead, VMware Tanzu
Kubernetes has reached mainstream adoption, with 5.6 million developers using it worldwide. But, organizations are still challenged to make developers productive using Kubernetes. PlatformOps teams are now being asked to build, run, and manage platforms that lead with developer experience.
This requires embracing a PlatformOps philosophy that treats developers as customers while meeting their organization’s policies. VMware understands this transition building on 20 years of stewarding the most popular Java framework, Spring, which fundamentally changed the enterprise Java landscape on the back of a superior developer experience. That history allows us to identify patterns and attributes that we believe are critical to delivering a better cloud native developer experience on Kubernetes.
In this talk we’ll focus on three things PlatformOps teams should focus on:
Reducing complexity without sacrificing flexibility
Shifting outcomes left without shifting the burden left
Ensuring consistency and security without giving up agility
Join Ben Hale, VMware Senior Staff Engineer and Technical Lead for VMware Tanzu® developer experience, as he shares the core values of a great developer experience on Kubernetes based on his multi-decade career building application development tools and working with one of today’s most thriving open source developer communities, Spring.
- 1 participant
- 6 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Push It to the Limit: From Canary Deployments to Canary Clusters - Henrik Høegh, Platform Engineer, Lunar
At Lunar bank we had a good problem, our customers rely on us to move quickly and provide new features and to do so in a highly reliable manner. To meet their needs we set out on a journey to move from canary deployments, where we could test new features in a safe fashion, to canary clusters. We envisioned a world where our production clusters were truly disposable and after 3 years we finally achieved that goal. In this session we will share how we did it, and how you can too. Today any engineer at Lunar bank can fail over the entire platform in 40 minutes. By deeply integrating with our infrastructure provider, writing some new custom operators, and moving most state out of the cluster Lunar is in a position to make disaster recovery a day to day operation. Listen as Henrik shares the successes, key learnings, and challenges we faced along the way.
Keynote: Push It to the Limit: From Canary Deployments to Canary Clusters - Henrik Høegh, Platform Engineer, Lunar
At Lunar bank we had a good problem, our customers rely on us to move quickly and provide new features and to do so in a highly reliable manner. To meet their needs we set out on a journey to move from canary deployments, where we could test new features in a safe fashion, to canary clusters. We envisioned a world where our production clusters were truly disposable and after 3 years we finally achieved that goal. In this session we will share how we did it, and how you can too. Today any engineer at Lunar bank can fail over the entire platform in 40 minutes. By deeply integrating with our infrastructure provider, writing some new custom operators, and moving most state out of the cluster Lunar is in a position to make disaster recovery a day to day operation. Listen as Henrik shares the successes, key learnings, and challenges we faced along the way.
- 1 participant
- 15 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Securing Shopify's Software Supply Chain - Shane Lawrence, Staff Infrastructure Security Engineer, Shopify
Recent compromises of Codecov and Solar Winds have put a spotlight on software supply chain attacks, but this focus has led to new innovations for solving an old problem. In this talk, we'll discuss lessons that Shopify has learned in protecting millions of businesses and demonstrate these techniques using open source software. We'll look at how traditional defensive techniques can be applied in the cloud, how voucher and grafeas implementations can give you control over the software that runs in your clusters, and how the SLSA framework can guide you toward establishing trust in your software. We'll also look at how Falco can be used to detect malicious behaviour or indicators that your supply chain has been compromised. Attendees can expect to learn how to apply specific techniques for mitigating supply chain attacks.
Keynote: Securing Shopify's Software Supply Chain - Shane Lawrence, Staff Infrastructure Security Engineer, Shopify
Recent compromises of Codecov and Solar Winds have put a spotlight on software supply chain attacks, but this focus has led to new innovations for solving an old problem. In this talk, we'll discuss lessons that Shopify has learned in protecting millions of businesses and demonstrate these techniques using open source software. We'll look at how traditional defensive techniques can be applied in the cloud, how voucher and grafeas implementations can give you control over the software that runs in your clusters, and how the SLSA framework can guide you toward establishing trust in your software. We'll also look at how Falco can be used to detect malicious behaviour or indicators that your supply chain has been compromised. Attendees can expect to learn how to apply specific techniques for mitigating supply chain attacks.
- 1 participant
- 16 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran, Member of Technical Staff, Kasten by Veeam
Modern software is built on open source projects, and in turn, the success of any open source project hinges on its community members and their contributions. So how do we create communities with active contributors and ensure our open source projects benefit from their innovative ideas? At Kasten by Veeam, we are working to build an open source community whose members contribute often, and in meaningful ways to our open source cloud native projects. During this session, a member of the technical staff from Kasten, Le Tran will share some insights on our journey to build an open source community, including the benefits and challenges that come with creating a contributing culture in an organization.
Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran, Member of Technical Staff, Kasten by Veeam
Modern software is built on open source projects, and in turn, the success of any open source project hinges on its community members and their contributions. So how do we create communities with active contributors and ensure our open source projects benefit from their innovative ideas? At Kasten by Veeam, we are working to build an open source community whose members contribute often, and in meaningful ways to our open source cloud native projects. During this session, a member of the technical staff from Kasten, Le Tran will share some insights on our journey to build an open source community, including the benefits and challenges that come with creating a contributing culture in an organization.
- 1 participant
- 6 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: The Cloud Native Chasm - Emily Fox, Security Engineer, Apple
They jumped, they leapt, they soared - and graduated. Cloud native projects each have their own path for crossing the chasm. Some projects front load - they spend a lot of time going over every detail, building governance and technical strategy while others run and jump, catching their breath on the other side to regain composure, build endurance, and continue moving forward. But for some projects, they’re still on the precipice, staring wistfully at the other edge, yearning to get there. There is no road to drive down, and no bridge to cross. In this talk, we’ll explore what it means to build that bridge, add side rails, and enable other projects continue improving that bridge, bringing everyone forward together.
Keynote: The Cloud Native Chasm - Emily Fox, Security Engineer, Apple
They jumped, they leapt, they soared - and graduated. Cloud native projects each have their own path for crossing the chasm. Some projects front load - they spend a lot of time going over every detail, building governance and technical strategy while others run and jump, catching their breath on the other side to regain composure, build endurance, and continue moving forward. But for some projects, they’re still on the precipice, staring wistfully at the other edge, yearning to get there. There is no road to drive down, and no bridge to cross. In this talk, we’ll explore what it means to build that bridge, add side rails, and enable other projects continue improving that bridge, bringing everyone forward together.
- 1 participant
- 11 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation
Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation
- 7 participants
- 51 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for K8s - Aaron Rinehart, Verica.io & Matas Kulkovas, Cast.ai
Security Chaos Engineering (SCE) is an emerging discipline that serves as a foundation for proactively discovering system weaknesses before they become an opportunity for a malicious actor. The goal of SCE experiments is to move security toward continuous recalibration and increased confidence by deriving a more realistic understanding of how well security practices perform under expected conditions. This new technique of instrumentation proactively injects security turbulent conditions or faults into systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session, the speakers will dive into SCE as a discipline as well as showcase a demo of 'komrade', the 1st Open-Source Tool for running SCE experiments on Kubernetes.
Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for K8s - Aaron Rinehart, Verica.io & Matas Kulkovas, Cast.ai
Security Chaos Engineering (SCE) is an emerging discipline that serves as a foundation for proactively discovering system weaknesses before they become an opportunity for a malicious actor. The goal of SCE experiments is to move security toward continuous recalibration and increased confidence by deriving a more realistic understanding of how well security practices perform under expected conditions. This new technique of instrumentation proactively injects security turbulent conditions or faults into systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session, the speakers will dive into SCE as a discipline as well as showcase a demo of 'komrade', the 1st Open-Source Tool for running SCE experiments on Kubernetes.
- 2 participants
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KubeFlux: An HPC Scheduler Plugin for Kubernetes - Claudia Misale, IBM T.J. Watson Research Center & Daniel Milroy, Lawrence Livermore National Laboratory
Adoption of cloud technologies by high performance computing (HPC) is accelerating, and HPC users want their applications to perform well everywhere. While container orchestration frameworks provide advantages like resiliency, elasticity, and declarative management, they are not designed to enable application performance to the same degree as HPC workload managers and schedulers. In response to increased interest in scheduling flexibility, the Kubernetes community developed the Scheduling Framework to facilitate integration of new policies and schedulers. We present KubeFlux, a Scheduling Framework plugin based on the Fluxion open-source HPC scheduler developed at the Lawrence Livermore National Laboratory. We discuss uses for KubeFlux and compare the performance of an application scheduled by the Kubernetes default scheduler and KubeFlux. KubeFlux is an example of the rich capability that can be added to Kubernetes and paves the way to democratization of the cloud for HPC workloads.
KubeFlux: An HPC Scheduler Plugin for Kubernetes - Claudia Misale, IBM T.J. Watson Research Center & Daniel Milroy, Lawrence Livermore National Laboratory
Adoption of cloud technologies by high performance computing (HPC) is accelerating, and HPC users want their applications to perform well everywhere. While container orchestration frameworks provide advantages like resiliency, elasticity, and declarative management, they are not designed to enable application performance to the same degree as HPC workload managers and schedulers. In response to increased interest in scheduling flexibility, the Kubernetes community developed the Scheduling Framework to facilitate integration of new policies and schedulers. We present KubeFlux, a Scheduling Framework plugin based on the Fluxion open-source HPC scheduler developed at the Lawrence Livermore National Laboratory. We discuss uses for KubeFlux and compare the performance of an application scheduled by the Kubernetes default scheduler and KubeFlux. KubeFlux is an example of the rich capability that can be added to Kubernetes and paves the way to democratization of the cloud for HPC workloads.
- 2 participants
- 28 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubectl Said What? - Christopher Hanson, RX-M, LLC
Pods in a pending state? Containers in a Crashloop? DNS acting dastardly? (okay that last one was a stretch) You’ve definitely deployed your application but it isn’t available. Kubernetes is confirming the conundrum but what exactly is it trying to communicate? The goal of this session is to explore the causes of various phases, conditions, states, and events related to Kubernetes objects that are produced by kubectl so that you debug from an informed position. By understanding the possible causes of these conditions you will learn where to start, what to pay attention to, and what unrelated messages to ignore. Attendees should be interested in saving time, reducing effort, and minimizing frustration. We will interactively examine Kubernetes objects in various error states and the clues being presented by kubectl get, describe, events, and more.
Kubectl Said What? - Christopher Hanson, RX-M, LLC
Pods in a pending state? Containers in a Crashloop? DNS acting dastardly? (okay that last one was a stretch) You’ve definitely deployed your application but it isn’t available. Kubernetes is confirming the conundrum but what exactly is it trying to communicate? The goal of this session is to explore the causes of various phases, conditions, states, and events related to Kubernetes objects that are produced by kubectl so that you debug from an informed position. By understanding the possible causes of these conditions you will learn where to start, what to pay attention to, and what unrelated messages to ignore. Attendees should be interested in saving time, reducing effort, and minimizing frustration. We will interactively examine Kubernetes objects in various error states and the clues being presented by kubectl get, describe, events, and more.
- 1 participant
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google & Xing Yang, VMware
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google & Xing Yang, VMware
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
- 2 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Everywhere: Lessons Learned From Going Multi-Cloud - Niko Smeds, Grafana Labs
Many companies are interested in deploying their products across multiple cloud providers, but few actually see it through. While benefits like avoiding provider lock-in and increased uptime during provider outages are attractive, several factors are important to consider. Grafana Labs successfully deployed across AWS, Azure, DigitalOcean, GCP, and Linode in more than 30 regions; that includes inter-cloud network connections. This talk will explore some of the large and subtle differences in networking and managed Kubernetes services between said providers. We’ll discuss the approaches we took while scaling our infrastructure across multiple environments, the challenges we faced, and what worked in the end.
Kubernetes Everywhere: Lessons Learned From Going Multi-Cloud - Niko Smeds, Grafana Labs
Many companies are interested in deploying their products across multiple cloud providers, but few actually see it through. While benefits like avoiding provider lock-in and increased uptime during provider outages are attractive, several factors are important to consider. Grafana Labs successfully deployed across AWS, Azure, DigitalOcean, GCP, and Linode in more than 30 regions; that includes inter-cloud network connections. This talk will explore some of the large and subtle differences in networking and managed Kubernetes services between said providers. We’ll discuss the approaches we took while scaling our infrastructure across multiple environments, the challenges we faced, and what worked in the end.
- 1 participant
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes IoT Edge Working Group: Edge Device Onboarding and Management - Steven Wong, VMware; Kate Goldenring, Microsoft; Kilton Hopkins, Edgeworx
Integrating I/O and compute devices at edge locations requires automated processes to work at large scale. This session will cover open source tools that support device lifecycles, from secure onboarding and discovery, through monitoring, maintenance, and use in production. We'll survey CNCF, LF Edge, and Eclipse projects designed to extend the cloud to inter-operate with edge devices and I/O; for example, one CNCF project, Akri, discovers edge devices and exposes them as Kubernetes resources. The K8s IoT Edge working group focuses on using Kubernetes as a tool to support applications running on, communicating with, or using information gathered from edge devices. There are opportunities to contribute to the evolution of Kubernetes to better serve edge use cases. We will close with details on how you can get involved with the community effort to help this happen.
Kubernetes IoT Edge Working Group: Edge Device Onboarding and Management - Steven Wong, VMware; Kate Goldenring, Microsoft; Kilton Hopkins, Edgeworx
Integrating I/O and compute devices at edge locations requires automated processes to work at large scale. This session will cover open source tools that support device lifecycles, from secure onboarding and discovery, through monitoring, maintenance, and use in production. We'll survey CNCF, LF Edge, and Eclipse projects designed to extend the cloud to inter-operate with edge devices and I/O; for example, one CNCF project, Akri, discovers edge devices and exposes them as Kubernetes resources. The K8s IoT Edge working group focuses on using Kubernetes as a tool to support applications running on, communicating with, or using information gathered from edge devices. There are opportunities to contribute to the evolution of Kubernetes to better serve edge use cases. We will close with details on how you can get involved with the community effort to help this happen.
- 6 participants
- 39 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Networking 101 - Randy Abernethy, RX-M LLC
Kubernetes Networking 101 will introduce attendees to the world of network communications in a hands on Cloud Native setting. This talk delivers a high level but completely practical end to end look at service communications within and without a Kubernetes cluster. Attendees will see how the many facets of Kubernetes networking come together to enable powerful communications solutions first hand. The tutorial begins with the simplest types of service communications, using Kubernetes services, DNS (CoreDNS) and CNI plugins (Cilium) to facilitate interprocess communications and load balancing. The tutorial builds additional scenarios on this base, including ingress (Emissary/Envoy), NodePort / HostPort features, load balancing (Metal-lb) and finally a short look at service mesh functionality (Linkerd). Upon completion of this tutorial, attendees will have a clear understanding of the Kubernetes communications possibilities and pointers to next steps in the learning journey.
Kubernetes Networking 101 - Randy Abernethy, RX-M LLC
Kubernetes Networking 101 will introduce attendees to the world of network communications in a hands on Cloud Native setting. This talk delivers a high level but completely practical end to end look at service communications within and without a Kubernetes cluster. Attendees will see how the many facets of Kubernetes networking come together to enable powerful communications solutions first hand. The tutorial begins with the simplest types of service communications, using Kubernetes services, DNS (CoreDNS) and CNI plugins (Cilium) to facilitate interprocess communications and load balancing. The tutorial builds additional scenarios on this base, including ingress (Emissary/Envoy), NodePort / HostPort features, load balancing (Metal-lb) and finally a short look at service mesh functionality (Linkerd). Upon completion of this tutorial, attendees will have a clear understanding of the Kubernetes communications possibilities and pointers to next steps in the learning journey.
- 1 participant
- 1:27 hours
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Persistent Data Challenges – AZ, Region and Multi-Cloud Patterns - Chris Milsted, Ondat & Patrick McFadin, DataStax
In this talk we are going to explore the patterns for building resilient applications with data persistence requirements on Kubernetes. We will be discussing deploying stateful workloads like Cassandra in Kubernetes using operators, with demos and examples at each stage using native objects like PVCs, dynamic provisioning and the k8ssandra operator. We will also be providing a sneak peek of some of the multi-cluster challenges with Kubernetes and Kube-Fed. Four architectural patterns will be covered with worked examples: The first pattern will be within an AZ, how to work with PVs. The next pattern will be spanning three AZs, and how to embrace or work around PV/AZ affinity constraints. The next pattern is three AZs and two regions within a single provider. Here we start to see physical limitations such as the speed of light begin to impinge on our patterns. Lastly, we move to two providers and hybrid-cloud patterns, leveraging operators to deliver our sample Cassandra workload.
Kubernetes Persistent Data Challenges – AZ, Region and Multi-Cloud Patterns - Chris Milsted, Ondat & Patrick McFadin, DataStax
In this talk we are going to explore the patterns for building resilient applications with data persistence requirements on Kubernetes. We will be discussing deploying stateful workloads like Cassandra in Kubernetes using operators, with demos and examples at each stage using native objects like PVCs, dynamic provisioning and the k8ssandra operator. We will also be providing a sneak peek of some of the multi-cluster challenges with Kubernetes and Kube-Fed. Four architectural patterns will be covered with worked examples: The first pattern will be within an AZ, how to work with PVs. The next pattern will be spanning three AZs, and how to embrace or work around PV/AZ affinity constraints. The next pattern is three AZs and two regions within a single provider. Here we start to see physical limitations such as the speed of light begin to impinge on our patterns. Lastly, we move to two providers and hybrid-cloud patterns, leveraging operators to deliver our sample Cassandra workload.
- 3 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Apps Updates - Maciej Szulik, Red Hat; Janet Kuo, Google; Kenneth Owens, Brex
SIG Apps is the special interest group covering deploying and operating applications in Kubernetes with a focus on the application developer and application operator experience. In this session the SIG Apps leads will provide an overview of what we’ve accomplished over the past year, including API promotions, controller improvements, leadership changes, subprojects status etc. They will also share the work that is being planned for the upcoming releases. The session will conclude with an open discussion and Q&A.
Kubernetes SIG Apps Updates - Maciej Szulik, Red Hat; Janet Kuo, Google; Kenneth Owens, Brex
SIG Apps is the special interest group covering deploying and operating applications in Kubernetes with a focus on the application developer and application operator experience. In this session the SIG Apps leads will provide an overview of what we’ve accomplished over the past year, including API promotions, controller improvements, leadership changes, subprojects status etc. They will also share the work that is being planned for the upcoming releases. The session will conclude with an open discussion and Q&A.
- 2 participants
- 26 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG CLI: Intro and Updates - Eddie Zaneski, Chainguard; Katrina Verey, Shopify; Maciej Szulik, Red Hat
SIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work that's been done the past year, an introduction to the KRM Functions subproject, and thoughts on declarative vs. imperative workflows. The session will conclude with open discussion and Q&A.
Kubernetes SIG CLI: Intro and Updates - Eddie Zaneski, Chainguard; Katrina Verey, Shopify; Maciej Szulik, Red Hat
SIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work that's been done the past year, an introduction to the KRM Functions subproject, and thoughts on declarative vs. imperative workflows. The session will conclude with open discussion and Q&A.
- 6 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Node Intro and Deep Dive - Sergey Kanzhelev & Dawn Chen, Google; Elana Hashman & Derek Carr, Red Hat
These are exciting times for Kubernetes SIG Node. Come to our maintainers track session to learn about the just released version 1.24 of Kubernetes, full of exciting improvements and get a glance into the SIG Node roadmap. SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with the various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! We will discuss how Container Runtime logic was streamlined and simplified with dockershim removal, progress on cgroup v2 support, as well as many other improvements. Join this session to learn more about our SIG, and how you might get involved to make Node even better!
Kubernetes SIG Node Intro and Deep Dive - Sergey Kanzhelev & Dawn Chen, Google; Elana Hashman & Derek Carr, Red Hat
These are exciting times for Kubernetes SIG Node. Come to our maintainers track session to learn about the just released version 1.24 of Kubernetes, full of exciting improvements and get a glance into the SIG Node roadmap. SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with the various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! We will discuss how Container Runtime logic was streamlined and simplified with dockershim removal, progress on cgroup v2 support, as well as many other improvements. Join this session to learn more about our SIG, and how you might get involved to make Node even better!
- 4 participants
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes as a Substrate for ATLAS Compute - Fernando Barreiro Megino, University of Texas at Arlington & Lukas Heinrich, TU München
The ATLAS experiment at CERN is one of the largest scientific machines built to date and will have ever growing computing needs as it explores higher energy and luminosity proton collisions. Recent R&D on the integration of cloud infrastructures with ATLAS' Worldwide LHC Computing Grid resources identified Kubernetes as a commonly available, ideal substrate. While Kubernetes is widely known for its service management capabilities, it also offers powerful batch controllers for containerised workloads. We exploited these capabilities to build ephemeral batch clusters with over 100k vCPU to process tasks that require quick turnaround, make available GPU resources that are not widely available in our own infrastructure, or create interactive facilities, where users can easily spin up private clusters for their distributed analysis from a notebook.
Kubernetes as a Substrate for ATLAS Compute - Fernando Barreiro Megino, University of Texas at Arlington & Lukas Heinrich, TU München
The ATLAS experiment at CERN is one of the largest scientific machines built to date and will have ever growing computing needs as it explores higher energy and luminosity proton collisions. Recent R&D on the integration of cloud infrastructures with ATLAS' Worldwide LHC Computing Grid resources identified Kubernetes as a commonly available, ideal substrate. While Kubernetes is widely known for its service management capabilities, it also offers powerful batch controllers for containerised workloads. We exploited these capabilities to build ephemeral batch clusters with over 100k vCPU to process tasks that require quick turnaround, make available GPU resources that are not widely available in our own infrastructure, or create interactive facilities, where users can easily spin up private clusters for their distributed analysis from a notebook.
- 2 participants
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Learnings From Providing A Platform API With Kubernetes And Crossplane - Hannes Blut & Jan Willies, Accenture
Kubernetes' extensible API has turned it into a de-facto abstraction layer not just for building, deploying and operating cloud-native apps, but also as the control plane for the entire enterprise, to provision and manage cloud resources and complex platform components. This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes “native” experience. The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.
Learnings From Providing A Platform API With Kubernetes And Crossplane - Hannes Blut & Jan Willies, Accenture
Kubernetes' extensible API has turned it into a de-facto abstraction layer not just for building, deploying and operating cloud-native apps, but also as the control plane for the entire enterprise, to provision and manage cloud resources and complex platform components. This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes “native” experience. The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.
- 2 participants
- 31 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Beginner to Maintainer Journey of a Student - Debabrata Panigrahi, National Institute of Technology Rourkela
The session will highlight my learning as a student during the journey as a new contributor starting to contribute after attending a New Contributor Workshop during KCD Bengaluru to becoming an approver recently. I will share the nuances of working together in the community and will focus on areas that need a lot of contributors now especially with the "chop wood and carry water" kind of work that could be easily done by students. I will further focus on how various sigs runs mentoring cohort for contributors to grow up the contributing ladder and learn stuff necessary for taking leadership or helping the leadership, I have been part of such mentoring cohort under sig-contribex and now I'm a moderator of the k-dev mailing list. Also, I will try to focus on how new contributors loose interest while looking for good-first-issues, and I will try to emphasize the importance of regular sig meetings and discussions and help they have helped me to come up with solutions to help the project.
Lightning Talk: Beginner to Maintainer Journey of a Student - Debabrata Panigrahi, National Institute of Technology Rourkela
The session will highlight my learning as a student during the journey as a new contributor starting to contribute after attending a New Contributor Workshop during KCD Bengaluru to becoming an approver recently. I will share the nuances of working together in the community and will focus on areas that need a lot of contributors now especially with the "chop wood and carry water" kind of work that could be easily done by students. I will further focus on how various sigs runs mentoring cohort for contributors to grow up the contributing ladder and learn stuff necessary for taking leadership or helping the leadership, I have been part of such mentoring cohort under sig-contribex and now I'm a moderator of the k-dev mailing list. Also, I will try to focus on how new contributors loose interest while looking for good-first-issues, and I will try to emphasize the importance of regular sig meetings and discussions and help they have helped me to come up with solutions to help the project.
- 1 participant
- 6 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Introducing O-Cloud, or How 5G Leverages Kubernetes - Nikolay Nikolaev, Juniper Networks
Raise the awareness of the applications of the Cloud Native technologies in the modern generations of the Radio Access Network. Share the approach that the O-RAN Alliance is taking to solve the high demands towards the platform that handles the critical workloads with significant impact to their business and our daily live.
Lightning Talk: Introducing O-Cloud, or How 5G Leverages Kubernetes - Nikolay Nikolaev, Juniper Networks
Raise the awareness of the applications of the Cloud Native technologies in the modern generations of the Radio Access Network. Share the approach that the O-RAN Alliance is taking to solve the high demands towards the platform that handles the critical workloads with significant impact to their business and our daily live.
- 1 participant
- 5 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Locating and Debugging Failures with Linkerd and Telepresence - Alejandro Pedraza, Buoyant & Edidiong Asikpo, Ambassador Labs
Cloud native applications that consist of many services running in K8s clusters can become hard to maintain and evolve. From our experience and what we see in the Kubernetes community Slack channels, when developers hit the tipping point of not being able to run all their services locally, they run into trouble. At this time, they suddenly realize they need new tooling and approaches for observing and debugging applications that will spread across their local dev machines and remote clusters. This presentation will show operators and developers how Linkerd and Telepresence offer a simple way to better observe and debug applications running in their clusters. Easy to follow and replicate (with sample code made available), users will be able to get results quickly, without disrupting their existing services architecture.
Lightning Talk: Locating and Debugging Failures with Linkerd and Telepresence - Alejandro Pedraza, Buoyant & Edidiong Asikpo, Ambassador Labs
Cloud native applications that consist of many services running in K8s clusters can become hard to maintain and evolve. From our experience and what we see in the Kubernetes community Slack channels, when developers hit the tipping point of not being able to run all their services locally, they run into trouble. At this time, they suddenly realize they need new tooling and approaches for observing and debugging applications that will spread across their local dev machines and remote clusters. This presentation will show operators and developers how Linkerd and Telepresence offer a simple way to better observe and debug applications running in their clusters. Easy to follow and replicate (with sample code made available), users will be able to get results quickly, without disrupting their existing services architecture.
- 2 participants
- 5 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Secure Multi User HPC Jobs in Kubernetes with Kyverno - Trey Dockendorf, Ohio Supercomputer Center
Sites running traditional High Performance Computing workloads are more frequently also deploying Kubernetes for infrastructure. By leveraging the Kubernetes infrastructure, HPC centers can supplement their HPC batch environment with Kubernetes for some very specific use cases, such as interactive HPC jobs. This approach to securely using Kubernetes to support many user’s interactive workloads has been presented and well received at HPC conferences such as Supercomputing 2021. The Ohio Supercomputer Center is currently using Open OnDemand and Kubernetes to securely support virtual classrooms that require running RStudio Server and Jupyter. The benefits of multi-user Kubernetes workloads can also benefit sites who are not traditional HPC but maybe wanting to allow staff a secure place to run containers themselves without necessarily involving the team who maintains Kubernetes.
Lightning Talk: Secure Multi User HPC Jobs in Kubernetes with Kyverno - Trey Dockendorf, Ohio Supercomputer Center
Sites running traditional High Performance Computing workloads are more frequently also deploying Kubernetes for infrastructure. By leveraging the Kubernetes infrastructure, HPC centers can supplement their HPC batch environment with Kubernetes for some very specific use cases, such as interactive HPC jobs. This approach to securely using Kubernetes to support many user’s interactive workloads has been presented and well received at HPC conferences such as Supercomputing 2021. The Ohio Supercomputer Center is currently using Open OnDemand and Kubernetes to securely support virtual classrooms that require running RStudio Server and Jupyter. The benefits of multi-user Kubernetes workloads can also benefit sites who are not traditional HPC but maybe wanting to allow staff a secure place to run containers themselves without necessarily involving the team who maintains Kubernetes.
- 1 participant
- 5 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Thank you Keptn Obvious! Making SLOs observable with Prometheus and Keptn - Andreas Grabner, Dynatrace
This talk shows how to not only collect metrics and provide application monitoring using Prometheus, but to also make them visible as SLOs and then act on them in a fully automated and cloud native way.
Lightning Talk: Thank you Keptn Obvious! Making SLOs observable with Prometheus and Keptn - Andreas Grabner, Dynatrace
This talk shows how to not only collect metrics and provide application monitoring using Prometheus, but to also make them visible as SLOs and then act on them in a fully automated and cloud native way.
- 1 participant
- 6 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: What I’ve Learned by Running Local CNCF Chapter Cloud-native Islamabad - Saim Safdar, Neomeric Digitals
I struggled a lot when I started learning about cloud-native technologies because not many people around me were also talking about k8s or other cloud-native things. I always felt shy asking people for help when I got stuck with cloud-native tooling. However, I’ve found that many people are experiencing the same even though opensource is all about engaging with others, helping others and collaborative knowledge, and collaborative power of mind and energy. I want to share how I overcome this challenge of talking about cloud-native language in public while building out my local community. Attendees will walk away from this talk having learned the easy way of learning Kubernetes, how to build out local their own CNCF chapters, how this will help overcome the shyness of asking people for help in public, how to create empathy within the community, how to talk about open-source publicly, and how to start contributing to a worldwide community.
Lightning Talk: What I’ve Learned by Running Local CNCF Chapter Cloud-native Islamabad - Saim Safdar, Neomeric Digitals
I struggled a lot when I started learning about cloud-native technologies because not many people around me were also talking about k8s or other cloud-native things. I always felt shy asking people for help when I got stuck with cloud-native tooling. However, I’ve found that many people are experiencing the same even though opensource is all about engaging with others, helping others and collaborative knowledge, and collaborative power of mind and energy. I want to share how I overcome this challenge of talking about cloud-native language in public while building out my local community. Attendees will walk away from this talk having learned the easy way of learning Kubernetes, how to build out local their own CNCF chapters, how this will help overcome the shyness of asking people for help in public, how to create empathy within the community, how to talk about open-source publicly, and how to start contributing to a worldwide community.
- 1 participant
- 6 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: What Made Your Container Fat? Visualizing the Size of Container Layers - Dan Čermák, SUSE
The analysis of container images is becoming increasingly important to deliver a high quality product. We have found it rather challenging to continously monitor the size of our container images that we were producing and existing tools were not focused on data visualization, which we wanted initially. The presented tool was born out of this necessity: it has a very simple user interface, requires no installation (it can be hosted on a server somewhere else) and features sunburst graphs showing the file system usage. This allows everyone to easily check which layer is where responsible for the overall image's size.
Lightning Talk: What Made Your Container Fat? Visualizing the Size of Container Layers - Dan Čermák, SUSE
The analysis of container images is becoming increasingly important to deliver a high quality product. We have found it rather challenging to continously monitor the size of our container images that we were producing and existing tools were not focused on data visualization, which we wanted initially. The presented tool was born out of this necessity: it has a very simple user interface, requires no installation (it can be hosted on a server somewhere else) and features sunburst graphs showing the file system usage. This allows everyone to easily check which layer is where responsible for the overall image's size.
- 1 participant
- 5 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Whyhappn Instead of Whodunnit: Avoiding the Term “Human Error” - Silvia Pina, Independent
One of the keys to achieving reliable and secure systems is psychological safety, and this comes from having a truly blameless culture. In the past, I have encountered the term "human error" as the outcome of a "root cause analysis" process, and advocated within the company I was working for against its usage. This is the main motivator for proposing this talk. I would like also to gather some insights, from a systems thinking and organisational psychology standpoint, on how highly resilient organisations in different domains handle the human component of failures, as I think it is useful to have this perspective.
Lightning Talk: Whyhappn Instead of Whodunnit: Avoiding the Term “Human Error” - Silvia Pina, Independent
One of the keys to achieving reliable and secure systems is psychological safety, and this comes from having a truly blameless culture. In the past, I have encountered the term "human error" as the outcome of a "root cause analysis" process, and advocated within the company I was working for against its usage. This is the main motivator for proposing this talk. I would like also to gather some insights, from a systems thinking and organisational psychology standpoint, on how highly resilient organisations in different domains handle the human component of failures, as I think it is useful to have this perspective.
- 1 participant
- 5 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Linkerd End User Panel: Case Studies from Production - Catherine Paganini, Buoyant; Kasper Nissen, Lunar; Fredrik Klingenberg, Aurum AS; Eli Goldberg, Salt Security; Christian Hüning, Finleap Connect
Paganini, Eli Goldberg
In this panel, you'll hear from end users across a variety of industries on how they use the Linkerd service mesh in real-world production scenarios. Use cases range from applying mutual TLS to encrypt and secure all service-to-service communication, load balancing gRPC requests, and troubleshooting services before they're pushed to production. Panelists represent a variety of companies with very different environments, goals, and priorities, and discussion will be focused on real-world outcomes.
Linkerd End User Panel: Case Studies from Production - Catherine Paganini, Buoyant; Kasper Nissen, Lunar; Fredrik Klingenberg, Aurum AS; Eli Goldberg, Salt Security; Christian Hüning, Finleap Connect
Paganini, Eli Goldberg
In this panel, you'll hear from end users across a variety of industries on how they use the Linkerd service mesh in real-world production scenarios. Use cases range from applying mutual TLS to encrypt and secure all service-to-service communication, load balancing gRPC requests, and troubleshooting services before they're pushed to production. Panelists represent a variety of companies with very different environments, goals, and priorities, and discussion will be focused on real-world outcomes.
- 7 participants
- 37 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Logs Told Us It Was DNS, It Felt Like DNS, It Had To Be DNS, It Wasn’t DNS - Laurent Bernaille & Elijah Andrews, Datadog
It all started with a team reaching out because they had DNS issues during rolling updates. Business as usual when you host hundreds of applications on dozens of Kubernetes clusters… Four weeks later: We are reading kernel code to understand the corner cases of dropping Martian packets. Could this be the connection between gRPC client reconnect algorithms and the overflowing conntrack table we can feel but not see? In time, we solved the issue. And for once… it wasn't DNS! In this talk, we will focus on one of the most complex incidents we have faced in our Kubernetes environment. We will go through the debugging steps in detail, dive deep into the mysterious behaviors we discovered and explain how we finally addressed the incident by simply removing three lines of code.
Logs Told Us It Was DNS, It Felt Like DNS, It Had To Be DNS, It Wasn’t DNS - Laurent Bernaille & Elijah Andrews, Datadog
It all started with a team reaching out because they had DNS issues during rolling updates. Business as usual when you host hundreds of applications on dozens of Kubernetes clusters… Four weeks later: We are reading kernel code to understand the corner cases of dropping Martian packets. Could this be the connection between gRPC client reconnect algorithms and the overflowing conntrack table we can feel but not see? In time, we solved the issue. And for once… it wasn't DNS! In this talk, we will focus on one of the most complex incidents we have faced in our Kubernetes environment. We will go through the debugging steps in detail, dive deep into the mysterious behaviors we discovered and explain how we finally addressed the incident by simply removing three lines of code.
- 2 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Longhorn: Intro, Deep Dive and Q&A - Sheng Yang, Joshua Moody, SUSE
Longhorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. In this talk, there will be several parts to have an introduction of Longhorn and have deep-dive discussions to talk about the technical details, the recent release, and future plans. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021.
Longhorn: Intro, Deep Dive and Q&A - Sheng Yang, Joshua Moody, SUSE
Longhorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. In this talk, there will be several parts to have an introduction of Longhorn and have deep-dive discussions to talk about the technical details, the recent release, and future plans. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021.
- 4 participants
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Make Cloud Native Chaos Engineering Easier - Deep Dive into Chaos Mesh - Cwen Yin, PingCAP
Chaos Mesh is one of the most popular open-source chaos engineering platforms, with the goal of making chaos engineering easier and more accessible. In this session, Cwen will provide a brief overview of Chaos Mesh. He will then dive deep into how Chaos Mesh is implemented and its concrete practices. Cwen will also guide the audience through how to better apply observability to a chaos engineering Workflow, in order to improve the efficiency and effectiveness of chaos experiments. In the end, he will share how the team’s latest exploration around chaos engineering and their plan to evolve Chaos Mesh.
Make Cloud Native Chaos Engineering Easier - Deep Dive into Chaos Mesh - Cwen Yin, PingCAP
Chaos Mesh is one of the most popular open-source chaos engineering platforms, with the goal of making chaos engineering easier and more accessible. In this session, Cwen will provide a brief overview of Chaos Mesh. He will then dive deep into how Chaos Mesh is implemented and its concrete practices. Cwen will also guide the audience through how to better apply observability to a chaos engineering Workflow, in order to improve the efficiency and effectiveness of chaos experiments. In the end, he will share how the team’s latest exploration around chaos engineering and their plan to evolve Chaos Mesh.
- 1 participant
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Making On-Prem Bare-Metal Kubernetes Network Stack Telco Ready - Christopher Dziomba & Marcel Fest, Deutsche Telekom
If your task is to do Kubernetes at scale and at speed (read: 100s & 1000s of clusters instantly provisioned on-demand), in a complex on-prem environment, on bare metal (yes, no overlay networks, raw power) you will quickly find that the legacy network and network legacy are some of your biggest enemies. No matter how much Kubernetes gets easy on its own, making it usable in such context will require a lot of plumbing, workflows, host tuning etc. If you are a telco, like Deutsche Telekom with historically grown multitude of heavily segmented networks with 100s of historically grown overlapping VRFs it is practically mission impossible. In this talk Deutsche Telekom will share how they tackled that challenge and how they reimagined and implemented network fabric for on-prem bare metal Kubernetes cloud which pretty cloud natively supports their internal Cluster-as-a-Service offering. This cloud is hosting clusters where some of their most demanding applications like 5G core are running.
Making On-Prem Bare-Metal Kubernetes Network Stack Telco Ready - Christopher Dziomba & Marcel Fest, Deutsche Telekom
If your task is to do Kubernetes at scale and at speed (read: 100s & 1000s of clusters instantly provisioned on-demand), in a complex on-prem environment, on bare metal (yes, no overlay networks, raw power) you will quickly find that the legacy network and network legacy are some of your biggest enemies. No matter how much Kubernetes gets easy on its own, making it usable in such context will require a lot of plumbing, workflows, host tuning etc. If you are a telco, like Deutsche Telekom with historically grown multitude of heavily segmented networks with 100s of historically grown overlapping VRFs it is practically mission impossible. In this talk Deutsche Telekom will share how they tackled that challenge and how they reimagined and implemented network fabric for on-prem bare metal Kubernetes cloud which pretty cloud natively supports their internal Cluster-as-a-Service offering. This cloud is hosting clusters where some of their most demanding applications like 5G core are running.
- 2 participants
- 22 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Making Sense of Chaos: Implementing Chaos Engineering in a Fintech Company - Iqbal Farabi & Giovanni Sakti, GoTo Financial
Chaos engineering is defined as “the facilitation of experiments to uncover systemic weaknesses” by The Principles of Chaos Engineering. This is done by building a hypothesis around the behavior of a system and running experiments to vary real-world events. By doing these experiments, we can build confidence on the behavior of a complex system in the face of disruptions. In this talk, we will discuss our experience in implementing chaos engineering principles in GoTo Financial (GTF), one of Indonesia’s biggest fintech startups. As GTF is operating in a heavily regulated industry, we have the obligation to comply with financial regulations. One of those is adhering to certain service level objectives (SLO) for all cloud native infrastructures we maintain. Implementing chaos engineering in such a system should be handled with care. We will delve into both technical aspects of adopting chaos engineering practices and the approaches to roll out such initiatives to the wider organization.
Making Sense of Chaos: Implementing Chaos Engineering in a Fintech Company - Iqbal Farabi & Giovanni Sakti, GoTo Financial
Chaos engineering is defined as “the facilitation of experiments to uncover systemic weaknesses” by The Principles of Chaos Engineering. This is done by building a hypothesis around the behavior of a system and running experiments to vary real-world events. By doing these experiments, we can build confidence on the behavior of a complex system in the face of disruptions. In this talk, we will discuss our experience in implementing chaos engineering principles in GoTo Financial (GTF), one of Indonesia’s biggest fintech startups. As GTF is operating in a heavily regulated industry, we have the obligation to comply with financial regulations. One of those is adhering to certain service level objectives (SLO) for all cloud native infrastructures we maintain. Implementing chaos engineering in such a system should be handled with care. We will delve into both technical aspects of adopting chaos engineering practices and the approaches to roll out such initiatives to the wider organization.
- 2 participants
- 29 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Making Your Apps and Infrastructure Services Failure-Resilient with Dapr - Yaron Schneider, Diagrid & Henry Spang, Microsoft
Microservices architectures see a growing number of deployments and with it a larger number of infrastructure dependencies like databases, caches, message buses, secret stores and others. To prevent cascading failures, developers need to make sure that not only their apps are recoverable and resilient to failures, but also the underlying infrastructure that their applications interact with. In this talk, we'll explore how Dapr helps developers apply global resiliency policies across their apps and cloud or on-premises infrastructure services, irrespective of where their apps are deployed or what programming language they are using.
Making Your Apps and Infrastructure Services Failure-Resilient with Dapr - Yaron Schneider, Diagrid & Henry Spang, Microsoft
Microservices architectures see a growing number of deployments and with it a larger number of infrastructure dependencies like databases, caches, message buses, secret stores and others. To prevent cascading failures, developers need to make sure that not only their apps are recoverable and resilient to failures, but also the underlying infrastructure that their applications interact with. In this talk, we'll explore how Dapr helps developers apply global resiliency policies across their apps and cloud or on-premises infrastructure services, irrespective of where their apps are deployed or what programming language they are using.
- 2 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Metrics as a First-Class Citizen in the E2E Testing Landscape - Matej Gera & Jéssica Lins, Red Hat
Exposing metrics through the metrics HTTP endpoint is the de facto standard when it comes to exporting application metrics in the cloud native universe. But did you know this well-known pattern can be used for more than just collecting metrics? This talk will show how instrumenting applications can be leveraged to improve your experience with end-to-end (E2E) testing. If your application is already instrumented for collecting metrics, why not take it a step further and use the exposed data to bring your E2E testing to the next level? This has the enormous benefits of giving you detailed insight into the state of the tested application and allows for more complex testing scenarios, which are not possible without observing the behavior of an application from the inside. The talk will also describe how this framework has been employed in several open-source projects, including Thanos and Observatorium, and what benefits have been gained from the change.
Metrics as a First-Class Citizen in the E2E Testing Landscape - Matej Gera & Jéssica Lins, Red Hat
Exposing metrics through the metrics HTTP endpoint is the de facto standard when it comes to exporting application metrics in the cloud native universe. But did you know this well-known pattern can be used for more than just collecting metrics? This talk will show how instrumenting applications can be leveraged to improve your experience with end-to-end (E2E) testing. If your application is already instrumented for collecting metrics, why not take it a step further and use the exposed data to bring your E2E testing to the next level? This has the enormous benefits of giving you detailed insight into the state of the tested application and allows for more complex testing scenarios, which are not possible without observing the behavior of an application from the inside. The talk will also describe how this framework has been employed in several open-source projects, including Thanos and Observatorium, and what benefits have been gained from the change.
- 4 participants
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-Cloud Workload Identity With SPIFFE - Jake Sanders & Charlie Egan, Jetstack
Within a single cloud provider, accessing secured APIs using your own workload identity is simple. Cloud SDKs used by application developers know how to retrieve identities and credentials from the cloud environment for each workload based on its context. A cloud administrator can then assign permissions to these identities which allow access to the required APIs. This is seamless for developers - simply calling an API in their code just works, while behind the scenes the network call is cryptographically authenticated / authorized. Unfortunately for the user, this identity is cloud-specific. With few alternatives, this often leads to long-lived credentials being mounted into workloads instead. This is less secure and harder to use. This presentation will show an alternative solution which combines features of open source CNCF projects Kubernetes, cert-manager, cert-manager-csi-driver-spiffe, cert-manager-trust and spiffe-connector to expand your SPIFFE trust domain to any cloud.
Multi-Cloud Workload Identity With SPIFFE - Jake Sanders & Charlie Egan, Jetstack
Within a single cloud provider, accessing secured APIs using your own workload identity is simple. Cloud SDKs used by application developers know how to retrieve identities and credentials from the cloud environment for each workload based on its context. A cloud administrator can then assign permissions to these identities which allow access to the required APIs. This is seamless for developers - simply calling an API in their code just works, while behind the scenes the network call is cryptographically authenticated / authorized. Unfortunately for the user, this identity is cloud-specific. With few alternatives, this often leads to long-lived credentials being mounted into workloads instead. This is less secure and harder to use. This presentation will show an alternative solution which combines features of open source CNCF projects Kubernetes, cert-manager, cert-manager-csi-driver-spiffe, cert-manager-trust and spiffe-connector to expand your SPIFFE trust domain to any cloud.
- 5 participants
- 40 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Navigating the CNCF Landscape, the Right Way - Divya Mohan, SUSE; Savitha Raghunathan, Red Hat; Kunal Kushwaha & Saiyam Pathak, Civo
CNCF is the vendor-neutral home for cloud native projects. Including the most famous open source project in recent times, Kubernetes, it currently houses ~1,019 cards with a total of 2,957,938 stars. With a growing ecosystem, at an initial glance, the landscape may seem intimidating to newcomers, especially students. Journeying through the entire development and operations lifecycle, this panel aims to take a guided approach to cover the various projects involved right from the creation of the application to the deployment & monitoring. With various pit stops & forks along the way, the speakers hope to leave the audience with a fair idea of how to navigate the landscape effectively and embark on their cloud native journey. Should they also wish to contribute to any of the projects, the session also covers various tips & tricks on how to take their very first steps in the ecosystem as well.
Navigating the CNCF Landscape, the Right Way - Divya Mohan, SUSE; Savitha Raghunathan, Red Hat; Kunal Kushwaha & Saiyam Pathak, Civo
CNCF is the vendor-neutral home for cloud native projects. Including the most famous open source project in recent times, Kubernetes, it currently houses ~1,019 cards with a total of 2,957,938 stars. With a growing ecosystem, at an initial glance, the landscape may seem intimidating to newcomers, especially students. Journeying through the entire development and operations lifecycle, this panel aims to take a guided approach to cover the various projects involved right from the creation of the application to the deployment & monitoring. With various pit stops & forks along the way, the speakers hope to leave the audience with a fair idea of how to navigate the landscape effectively and embark on their cloud native journey. Should they also wish to contribute to any of the projects, the session also covers various tips & tricks on how to take their very first steps in the ecosystem as well.
- 6 participants
- 41 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Notary v2: Deep Dive and Open Issues - Justin Cormack, Docker & Steve Lasker, Microsoft
Notary v2 is a community project to solve the issues that the existing Notary project has that have hindered widespread adoption. The project is a community initiative with the main registry operators, including Docker, Microsoft and Amazon, as well as a broad community of other interested parties and end users. This talk will cover an overview of the project status and cover the open issues and current working areas for the project, around formats and standardisation, open security issues and future work.
Notary v2: Deep Dive and Open Issues - Justin Cormack, Docker & Steve Lasker, Microsoft
Notary v2 is a community project to solve the issues that the existing Notary project has that have hindered widespread adoption. The project is a community initiative with the main registry operators, including Docker, Microsoft and Amazon, as well as a broad community of other interested parties and end users. This talk will cover an overview of the project status and cover the open issues and current working areas for the project, around formats and standardisation, open security issues and future work.
- 2 participants
- 40 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Observing Fastly’s Network at Scale Thanks to K8s and the Strimzi Operator - Fernando Crespo & Daniel Caballero, Fastly
Fastly efficiently delivers many Tbps thanks to an Edge Network that expands across tens of PoP across the globe; operating such a network comes with many challenges, so Fastly keeps investing in tooling and automated systems to make that journey as pleasant as possible. One of these systems is Fastly’s Autopilot: an automated system that performs egress traffic optimizations. This talk will provide a system overview, focusing then on the associated telemetry pipeline and how it leverages from our internal k8s-based platform (elevation), some key operators, like the Strimzi Kafka one, opensource networking libraries, like GoBGP, and tooling like FluxCD. Finally, this talk will also share some challenges and findings associated with this very network-related use case.
Observing Fastly’s Network at Scale Thanks to K8s and the Strimzi Operator - Fernando Crespo & Daniel Caballero, Fastly
Fastly efficiently delivers many Tbps thanks to an Edge Network that expands across tens of PoP across the globe; operating such a network comes with many challenges, so Fastly keeps investing in tooling and automated systems to make that journey as pleasant as possible. One of these systems is Fastly’s Autopilot: an automated system that performs egress traffic optimizations. This talk will provide a system overview, focusing then on the associated telemetry pipeline and how it leverages from our internal k8s-based platform (elevation), some key operators, like the Strimzi Kafka one, opensource networking libraries, like GoBGP, and tooling like FluxCD. Finally, this talk will also share some challenges and findings associated with this very network-related use case.
- 2 participants
- 37 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Open Policy Agent (OPA) Intro & Deep Dive - Anders Eknert, Styra & Will Beason, Google
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
Open Policy Agent (OPA) Intro & Deep Dive - Anders Eknert, Styra & Will Beason, Google
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
- 9 participants
- 41 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenTelemetry: The Road Ahead + Meet the Community - Morgan McLean, Splunk; Alolita Sharma, Amazon; Ted Young, Lightstep; Daniel Dyla, Dynatrace
This session is for anyone interested in observability or OpenTelemetry to learn more about the project, and to meet and discuss our status and roadmap with maintainers! We will begin with a brief presentation of our recent releases and roadmap for the next year, followed by a panel discussion hosted by governance committee members, technical committee members, and maintainers.
OpenTelemetry: The Road Ahead + Meet the Community - Morgan McLean, Splunk; Alolita Sharma, Amazon; Ted Young, Lightstep; Daniel Dyla, Dynatrace
This session is for anyone interested in observability or OpenTelemetry to learn more about the project, and to meet and discuss our status and roadmap with maintainers! We will begin with a brief presentation of our recent releases and roadmap for the next year, followed by a panel discussion hosted by governance committee members, technical committee members, and maintainers.
- 5 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenTelemetry: The Vision, Reality, and How to Get Started - Dotan Horovits, Logz.io
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agents and collectors. In this talk Horovits will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others. Horovits will cover the current state of the various projects comprising OpenTelemetry (across programming languages, exporters, receivers, protocols and more), some of which are not even GA yet, and provide practical guidance on how to get started with OpenTelemetry in your own system.
OpenTelemetry: The Vision, Reality, and How to Get Started - Dotan Horovits, Logz.io
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agents and collectors. In this talk Horovits will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others. Horovits will cover the current state of the various projects comprising OpenTelemetry (across programming languages, exporters, receivers, protocols and more), some of which are not even GA yet, and provide practical guidance on how to get started with OpenTelemetry in your own system.
- 3 participants
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Operating Prometheus in a Serverless World - Colin Douch, Cloudflare
The traditional Prometheus configuration makes several assumptions about the architecture of the systems that it is monitoring that fail to be met in the world of Serverless Architectures. With the increasing adoption of Serverless computing in Distributed Systems architectures, the question then arises of how to achieve the same insight into them that we can achieve with more traditional architectures. In particular, with Timeseries Metrics, the choice is often to choose between substandard upstream offerings (such as the Prometheus Pushgateway), or capitulate to vendor lock-in and utilise a platform provided by your Cloud provider. So if we want to continue to use our existing Prometheus systems, then what choices do we have? This talk will cover the issues around existing solutions, Colin's solution to these issues that is currently in production at Cloudflare, and where we can go in upstream to make the experience better going forward.
Operating Prometheus in a Serverless World - Colin Douch, Cloudflare
The traditional Prometheus configuration makes several assumptions about the architecture of the systems that it is monitoring that fail to be met in the world of Serverless Architectures. With the increasing adoption of Serverless computing in Distributed Systems architectures, the question then arises of how to achieve the same insight into them that we can achieve with more traditional architectures. In particular, with Timeseries Metrics, the choice is often to choose between substandard upstream offerings (such as the Prometheus Pushgateway), or capitulate to vendor lock-in and utilise a platform provided by your Cloud provider. So if we want to continue to use our existing Prometheus systems, then what choices do we have? This talk will cover the issues around existing solutions, Colin's solution to these issues that is currently in production at Cloudflare, and where we can go in upstream to make the experience better going forward.
- 1 participant
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Optimize Kubernetes on vSphere with Event-Driven Automation - Steven Wong & Michael Gasch, VMware
Kubernetes abstracts out differences across hosting infrastructure, but there are cases when integrated monitoring across the layers of storage, compute, etc, are essential. When faults or reconfiguration happen, manual monitoring, diagnosis and remediation can be slow, costly, and error prone. The VMware Event Broker Appliance is an open-source project, usable with Cloud Events and Knative to optimize availability, auditing, compliance, etc. based on vSphere events. We'll cover popular use cases and how to get started. The K8s VMware User Group shares best practices for hosting K8s on VMware infrastructure, and we will close the session with details on how you can participate in the group.
Optimize Kubernetes on vSphere with Event-Driven Automation - Steven Wong & Michael Gasch, VMware
Kubernetes abstracts out differences across hosting infrastructure, but there are cases when integrated monitoring across the layers of storage, compute, etc, are essential. When faults or reconfiguration happen, manual monitoring, diagnosis and remediation can be slow, costly, and error prone. The VMware Event Broker Appliance is an open-source project, usable with Cloud Events and Knative to optimize availability, auditing, compliance, etc. based on vSphere events. We'll cover popular use cases and how to get started. The K8s VMware User Group shares best practices for hosting K8s on VMware infrastructure, and we will close the session with details on how you can participate in the group.
- 2 participants
- 44 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Overview and State of Linkerd - Matei David, Buoyant, Inc.
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They’ll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF’s most talked-about projects. This talk will cover Linkerd’s recently-introduced policy, circuit breaking, and header-based routing features.
Overview and State of Linkerd - Matei David, Buoyant, Inc.
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They’ll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF’s most talked-about projects. This talk will cover Linkerd’s recently-introduced policy, circuit breaking, and header-based routing features.
- 6 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
PolicyReport CRD: Manage Admission Control, Runtime, and Scan Reports! - Anushka Mittal & Mritunjay Sharma, Nirmata; Frank Jogeleit, Lovoo GmbH; Stephen Adeniyi
Policies help secure and automate Kubernetes. To standardize and simplify the management of policy reports across multiple tools, the Kubernetes Policy WG created a reusable PolicyReport Custom Resource Definition (CRD). In this session, Anushka, Mritunjay, and Stephen who are all LFX mentorship graduates will discuss the PolicyReport CRD and demonstrate adapters for policy and verification engines like Falco, kube-bench, KubeArmor, Kyverno, and Trivy to produce standardized policy reports. Frank will then present Policy Reporter, a Web UI with dashboards for policy reporting and integrations with Slack, Discord, Grafana, Teams, and Elasticsearch. You will learn how to easily manage policy results across admission controls, runtime, and vulnerability scanning leveraging the powerful CRD capabilities of Kubernetes.
PolicyReport CRD: Manage Admission Control, Runtime, and Scan Reports! - Anushka Mittal & Mritunjay Sharma, Nirmata; Frank Jogeleit, Lovoo GmbH; Stephen Adeniyi
Policies help secure and automate Kubernetes. To standardize and simplify the management of policy reports across multiple tools, the Kubernetes Policy WG created a reusable PolicyReport Custom Resource Definition (CRD). In this session, Anushka, Mritunjay, and Stephen who are all LFX mentorship graduates will discuss the PolicyReport CRD and demonstrate adapters for policy and verification engines like Falco, kube-bench, KubeArmor, Kyverno, and Trivy to produce standardized policy reports. Frank will then present Policy Reporter, a Web UI with dashboards for policy reporting and integrations with Slack, Discord, Grafana, Teams, and Elasticsearch. You will learn how to easily manage policy results across admission controls, runtime, and vulnerability scanning leveraging the powerful CRD capabilities of Kubernetes.
- 6 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Production-scale Containerized Game Platform Practice in Bytedance - Chenyu Jiang, ByteDance, Inc & Viktor Farcic, Upbound
Classical games servers are running on physical machines or virtual machines to provide services to players. However, packaging game servers as in containers is quickly gaining traction across the tech landscape because of container's isolated runtime paradigm, cost efficiency and elasticity. In Bytedance, games is one of the major vertical domains and we need a mature games-centric platform to serve games from both in-house games studios and agents of game manufacturers globally. In this talk, a Bytedance's practice will be shared in establishing a Kubernetes based Game platform. It leverages multiple CNCF open source frameworks: Crossplane, KubeVela, Agones to address challenges and requirements for games to go cloud-native, such as game servers and dependency resource deployment in multi-cloud/multi-region, game servers orchestration and stateful games service autoscaling.
Production-scale Containerized Game Platform Practice in Bytedance - Chenyu Jiang, ByteDance, Inc & Viktor Farcic, Upbound
Classical games servers are running on physical machines or virtual machines to provide services to players. However, packaging game servers as in containers is quickly gaining traction across the tech landscape because of container's isolated runtime paradigm, cost efficiency and elasticity. In Bytedance, games is one of the major vertical domains and we need a mature games-centric platform to serve games from both in-house games studios and agents of game manufacturers globally. In this talk, a Bytedance's practice will be shared in establishing a Kubernetes based Game platform. It leverages multiple CNCF open source frameworks: Crossplane, KubeVela, Agones to address challenges and requirements for games to go cloud-native, such as game servers and dependency resource deployment in multi-cloud/multi-region, game servers orchestration and stateful games service autoscaling.
- 2 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Prometheus Intro and Deep Dive - Julius Volz, PromLabs; Björn Rabenstein, Grafana Labs; Matthias Rampke, SoundCloud
As the 2nd oldest project in the CNCF, you have probably heard about Prometheus before. Nevertheless, the project maintainers will give you an introduction from the very beginning, followed by a deep dive into the exciting new features that have been released recently or are in the pipeline. You will learn about many opportunities to use Prometheus, and maybe we can even tempt you to contribute to the project yourself.
Prometheus Intro and Deep Dive - Julius Volz, PromLabs; Björn Rabenstein, Grafana Labs; Matthias Rampke, SoundCloud
As the 2nd oldest project in the CNCF, you have probably heard about Prometheus before. Nevertheless, the project maintainers will give you an introduction from the very beginning, followed by a deep dive into the exciting new features that have been released recently or are in the pipeline. You will learn about many opportunities to use Prometheus, and maybe we can even tempt you to contribute to the project yourself.
- 2 participants
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Prometheus Sparse High-Resolution Histograms in Action - Ganesh Vernekar, Grafana Labs
Sparse high-resolution histograms are going to totally revamp how Prometheus works with histograms. Maybe you have heard about the ongoing development efforts in previous talks. Now, for the first time, you will witness a complete working setup, from instrumentation over ingestion, storage, and querying all the way to graphical representation. Ganesh will demonstrate the breathtaking possibilities of these histograms, which include precise quantile estimations and high-resolution heatmaps, both aggregated and partitioned at will, even if, over time or between different targets, histograms of different resolutions are involved. Accompanied by benchmark results from real world load.
Prometheus Sparse High-Resolution Histograms in Action - Ganesh Vernekar, Grafana Labs
Sparse high-resolution histograms are going to totally revamp how Prometheus works with histograms. Maybe you have heard about the ongoing development efforts in previous talks. Now, for the first time, you will witness a complete working setup, from instrumentation over ingestion, storage, and querying all the way to graphical representation. Ganesh will demonstrate the breathtaking possibilities of these histograms, which include precise quantile estimations and high-resolution heatmaps, both aggregated and partitioned at will, even if, over time or between different targets, histograms of different resolutions are involved. Accompanied by benchmark results from real world load.
- 7 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Registries After Dark, Part 2: Distributed Random Access Merkledags - Daniel Mangum, Upbound & Jason Hall, Chainguard
Our friend the registry is back and is getting into more mischief than ever. After stretching the OCI image and distribution specifications to implement a registry that acts as a chat server, Dan and Jon have continued to exploit the generality of the spec to support more use cases. In this session, they’ll move beyond what actually happens when you “push” and “pull” or use tags as identifiers. Taking a step back and looking at the landscape of hosted registries offers a unique view of the capabilities of this network of systems we all rely on - capabilities exhibited by other systems we are familiar with: computers. Attendees will join Dan and Jon on a crash course through the history of computer architecture, making stops along the way at Turing machines, load-store architectures, and compiler design, before finding themselves faced with a new definition of DRAM: Distributed Random Access Merkledag.
Registries After Dark, Part 2: Distributed Random Access Merkledags - Daniel Mangum, Upbound & Jason Hall, Chainguard
Our friend the registry is back and is getting into more mischief than ever. After stretching the OCI image and distribution specifications to implement a registry that acts as a chat server, Dan and Jon have continued to exploit the generality of the spec to support more use cases. In this session, they’ll move beyond what actually happens when you “push” and “pull” or use tags as identifiers. Taking a step back and looking at the landscape of hosted registries offers a unique view of the capabilities of this network of systems we all rely on - capabilities exhibited by other systems we are familiar with: computers. Attendees will join Dan and Jon on a crash course through the history of computer architecture, making stops along the way at Turing machines, load-store architectures, and compiler design, before finding themselves faced with a new definition of DRAM: Distributed Random Access Merkledag.
- 2 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Removing Language Barriers for Spanish-speaking Professionals - Rael Garcia Arnés, Red Hat & Victor Morales, Samsung Electronics
In 2020 the Apache Software Foundation Community published a survey[1] which suggests that language can be one of the major barriers to contribute to any open source project. According to some estimates[2] in Latin America, open source technologies will grow five times in the coming years. Talented professionals, students and enthusiasts demand access to documentation written in their own language. That's why the Spanish documentation team has been participating in different initiatives to help others to contribute into the translation process. During this session, it's going to be shared what the Kubernetes Spanish documentation team has been accomplished and walkthrough the process to translate and contribute to the CNCF documentation. The prime audience for this sessions are spanish-speaking professionals and enthusiasts willing to participate in improving the CNCF documentation. They will understand the workflow to submit documentation changes and help to participate in the localization process. [1] https://cwiki.apache.org/confluence/download/attachments/158865837/The%202020%20ASF%20Community%20Survey%20-%20Readout%20%281%29.pdf?api=v2 [2] http://www.latinamerica.tech/2019/11/12/latins-contribute-little-to-open-source-software/
Removing Language Barriers for Spanish-speaking Professionals - Rael Garcia Arnés, Red Hat & Victor Morales, Samsung Electronics
In 2020 the Apache Software Foundation Community published a survey[1] which suggests that language can be one of the major barriers to contribute to any open source project. According to some estimates[2] in Latin America, open source technologies will grow five times in the coming years. Talented professionals, students and enthusiasts demand access to documentation written in their own language. That's why the Spanish documentation team has been participating in different initiatives to help others to contribute into the translation process. During this session, it's going to be shared what the Kubernetes Spanish documentation team has been accomplished and walkthrough the process to translate and contribute to the CNCF documentation. The prime audience for this sessions are spanish-speaking professionals and enthusiasts willing to participate in improving the CNCF documentation. They will understand the workflow to submit documentation changes and help to participate in the localization process. [1] https://cwiki.apache.org/confluence/download/attachments/158865837/The%202020%20ASF%20Community%20Survey%20-%20Readout%20%281%29.pdf?api=v2 [2] http://www.latinamerica.tech/2019/11/12/latins-contribute-little-to-open-source-software/
- 1 participant
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Reproducing Production Issues in your CI Pipeline Using eBPF - Matthew LeRay, Speedscale & Omid Azizi, New Relic
Observing production workloads with enough detail to find real problems is difficult, but it's getting easier with the community adoption of eBPF. As the technology becomes better understood, tools like Falco, Cilium and Pixie are increasingly appearing in production clusters. But have you ever considered using eBPF data to help with unit tests, Continuous Integration and load testing? This talk will explain the basic technology behind eBPF while presenting some examples of how to use data collected via eBPF for a variety of software quality use cases. We'll use the Pixie CNCF sandbox project to pull data and replicate production issues on the developer desktop for debugging. You'll also get some ideas on using those calls in your Continuous Integration pipeline to sanity check builds before they are deployed. Included in that discussion will be handling some common issues like timestamp skew and authentication. All examples are open source and available after the talk.
Reproducing Production Issues in your CI Pipeline Using eBPF - Matthew LeRay, Speedscale & Omid Azizi, New Relic
Observing production workloads with enough detail to find real problems is difficult, but it's getting easier with the community adoption of eBPF. As the technology becomes better understood, tools like Falco, Cilium and Pixie are increasingly appearing in production clusters. But have you ever considered using eBPF data to help with unit tests, Continuous Integration and load testing? This talk will explain the basic technology behind eBPF while presenting some examples of how to use data collected via eBPF for a variety of software quality use cases. We'll use the Pixie CNCF sandbox project to pull data and replicate production issues on the developer desktop for debugging. You'll also get some ideas on using those calls in your Continuous Integration pipeline to sanity check builds before they are deployed. Included in that discussion will be handling some common issues like timestamp skew and authentication. All examples are open source and available after the talk.
- 2 participants
- 29 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Rook: Intro and Deep Dive with Ceph Storage - Travis Nielsen, Sebastien Han & Blaine Gardner, Red Hat; Satoru Takeuchi, Cybozu, Inc.
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.9 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
Rook: Intro and Deep Dive with Ceph Storage - Travis Nielsen, Sebastien Han & Blaine Gardner, Red Hat; Satoru Takeuchi, Cybozu, Inc.
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.9 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
- 2 participants
- 26 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Running Containerd and k3s on MacOS - Akihiro Suda, NTT Corporation & Jan Dubois, SUSE
It has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI.
Running Containerd and k3s on MacOS - Akihiro Suda, NTT Corporation & Jan Dubois, SUSE
It has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI.
- 2 participants
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Running Kubernetes in a Manufacturing Line – What Could Possibly Go Wrong? - Mario Fahlandt & Tobias Schneck, Kubermatic GmbH
Imagine your manufacturing line is controlled by services running in your datacenters’ Kubernetes clusters. You have facilities in locations all over the world. You provide a managed service with uptime SLA. Now, there is an issue with the internet connection. Or security is shutting down all connections to defend against a cyberattack. And your production line must keep working because every downtime is money. This was the challenge to solve, and we did! Did you ever think about - How to run basic Infrastructure Services like DHCP and DNS in a cloud native way for manufacturing services? How to autoscale cluster on-prem? Follow us in the rabbit hole using all kinds of CNCF projects to build a setup that scales, is able to shift and redeploy workloads, and continues to function without relying on cloud vendors or external services. We will show you the obvious and non-obvious challenges of cloud native adopters in the industry 4.0 sector, including some true edge computing cases.
Running Kubernetes in a Manufacturing Line – What Could Possibly Go Wrong? - Mario Fahlandt & Tobias Schneck, Kubermatic GmbH
Imagine your manufacturing line is controlled by services running in your datacenters’ Kubernetes clusters. You have facilities in locations all over the world. You provide a managed service with uptime SLA. Now, there is an issue with the internet connection. Or security is shutting down all connections to defend against a cyberattack. And your production line must keep working because every downtime is money. This was the challenge to solve, and we did! Did you ever think about - How to run basic Infrastructure Services like DHCP and DNS in a cloud native way for manufacturing services? How to autoscale cluster on-prem? Follow us in the rabbit hole using all kinds of CNCF projects to build a setup that scales, is able to shift and redeploy workloads, and continues to function without relying on cloud vendors or external services. We will show you the obvious and non-obvious challenges of cloud native adopters in the industry 4.0 sector, including some true edge computing cases.
- 2 participants
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Architecture Intro and Update - Davanum Srinivas, VMware & John Belamaric, Google
SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.
SIG Architecture Intro and Update - Davanum Srinivas, VMware & John Belamaric, Google
SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.
- 6 participants
- 37 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Auth Deep Dive - Margo Crawford, VMware & Mike Danese, Google
After a quick intro, this presentation will touch upon the current items the SIG is working on. These include the ongoing Pod Security effort, KMS encryption at rest observability and performance enhancements, structured configuration for authentication and authorization, reduction of legacy service account token attack surface area, certificate signing request duration control, etc. We will also discuss how to get involved with the SIG: https://docs.google.com/document/d/1sY8fRyRtk4eG9R439z5ao5i9bFuuxilS03XaNlqoni0
SIG Auth Deep Dive - Margo Crawford, VMware & Mike Danese, Google
After a quick intro, this presentation will touch upon the current items the SIG is working on. These include the ongoing Pod Security effort, KMS encryption at rest observability and performance enhancements, structured configuration for authentication and authorization, reduction of legacy service account token attack surface area, certificate signing request duration control, etc. We will also discuss how to get involved with the SIG: https://docs.google.com/document/d/1sY8fRyRtk4eG9R439z5ao5i9bFuuxilS03XaNlqoni0
- 6 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Cloud Provider: Portable K8s Across all Clouds, Roadmap and Updates - Nick Turner, Amazon & Steve Wong, VMware
Cloud Provider code allows Kubernetes to run on top of different platforms, with an implementation for each. The agenda will include: An overall status report on removing the cloud provider code from the main Kubernetes repository to “out of tree repositories; “Lightning talks” for individual cloud providers, reporting efforts, accomplishments, and roadmap for features and getting "out-of-tree". We’ll also discuss the plans to handle cloud provider migration - including interesting topics like building and migrating to cloud controller managers, and kubelet image credential providers. The goal of SIG Cloud Provider is to promote a vendor-neutral ecosystem for our community. We will close with details on how you can get involved with the SIG as either a cloud infrastructure supporter, a K8s distribution author, or a K8s user.
SIG Cloud Provider: Portable K8s Across all Clouds, Roadmap and Updates - Nick Turner, Amazon & Steve Wong, VMware
Cloud Provider code allows Kubernetes to run on top of different platforms, with an implementation for each. The agenda will include: An overall status report on removing the cloud provider code from the main Kubernetes repository to “out of tree repositories; “Lightning talks” for individual cloud providers, reporting efforts, accomplishments, and roadmap for features and getting "out-of-tree". We’ll also discuss the plans to handle cloud provider migration - including interesting topics like building and migrating to cloud controller managers, and kubelet image credential providers. The goal of SIG Cloud Provider is to promote a vendor-neutral ecosystem for our community. We will close with details on how you can get involved with the SIG as either a cloud infrastructure supporter, a K8s distribution author, or a K8s user.
- 3 participants
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Contributor Experience Deep Dive - Alison Dowdney, Kasten By Veeam; Christoph Blecker, Red Hat; Bob Killen, Google
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. Things like feature velocity, community scaling, mentoring, pull request latency, and more all fall within scope of the SIG. In this talk, we will provide an introduction to SIG Contributor Experience, its role within the project, and dive into the various subprojects that support its mission. Additionally, we will provide a general community update and go over how you can get involved.
SIG Contributor Experience Deep Dive - Alison Dowdney, Kasten By Veeam; Christoph Blecker, Red Hat; Bob Killen, Google
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. Things like feature velocity, community scaling, mentoring, pull request latency, and more all fall within scope of the SIG. In this talk, we will provide an introduction to SIG Contributor Experience, its role within the project, and dive into the various subprojects that support its mission. Additionally, we will provide a general community update and go over how you can get involved.
- 5 participants
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Security Update: We Lift Together - Tabitha Sable, Datadog; Pushkar Joglekar, VMware; Rey Lejano, SUSE; Savitha Raghunathan, Red Hat
SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join organizers Pushkar, Rey, Savitha, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our tooling and third-party audit subgroups and information about guided security self-assessments for Kubernetes subprojects. In closing, a deep-dive into our efforts to improve security documentation through blogs, tutorials, whitepapers, and goose honking! You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there!
SIG Security Update: We Lift Together - Tabitha Sable, Datadog; Pushkar Joglekar, VMware; Rey Lejano, SUSE; Savitha Raghunathan, Red Hat
SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join organizers Pushkar, Rey, Savitha, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our tooling and third-party audit subgroups and information about guided security self-assessments for Kubernetes subprojects. In closing, a deep-dive into our efforts to improve security documentation through blogs, tutorials, whitepapers, and goose honking! You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there!
- 5 participants
- 37 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Paul Morie, Apple
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.
SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Paul Morie, Apple
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.
- 3 participants
- 29 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SPIRE: Intro & Deep Dive Into Windows Support - Agustín Martínez Fayó & Marcos Yacob, Hewlett Packard Enterprise
Join this session for an introduction of the SPIRE project and deep dive into the new Windows support. SPIRE (the SPIFFE Runtime Environment) implements the SPIFFE standards to securely identify software systems in dynamic and heterogeneous environments. This session provides a high level overview of the basic concepts behind SPIRE and why you should consider it if you find issuing workload identities at scale challenging for you. This talk will also give a deep dive into the Windows support that is being introduced in SPIRE, offering detailed information about the implementation details, what is the difference between running SPIRE on Windows and Linux platforms, and how will be the experience from both a user and developer perspective.
SPIRE: Intro & Deep Dive Into Windows Support - Agustín Martínez Fayó & Marcos Yacob, Hewlett Packard Enterprise
Join this session for an introduction of the SPIRE project and deep dive into the new Windows support. SPIRE (the SPIFFE Runtime Environment) implements the SPIFFE standards to securely identify software systems in dynamic and heterogeneous environments. This session provides a high level overview of the basic concepts behind SPIRE and why you should consider it if you find issuing workload identities at scale challenging for you. This talk will also give a deep dive into the Windows support that is being introduced in SPIRE, offering detailed information about the implementation details, what is the difference between running SPIRE on Windows and Linux platforms, and how will be the experience from both a user and developer perspective.
- 4 participants
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sailing Multi Cloud Traffic Management With Karmada - Zhonghu Xu, Huawei
Multi-Cloud is becoming a new trend in recent years. It is the superset of multiple public cloud, hybrid, on-premises, and edge. It not only provides higher availability and flexibility but also prevents vendor lock-in. Karmada is a kubernets management system, it is natively suitable for multi-cloud application management. In this topic, Zhonghu will show you what Karmada can do for Multi-Cloud applications communicating on flat network and different networks. There are already many solutions that can help acquire L3 network connectivity cross multi-cloud, like VPN peering, submariner, etc. So the biggest challenge is L7 traffic management, Zhonghu will elaborate on how Karmada perfectly integrates with Istio to provide flexible and rich L7 traffic management features: priority routing, failover to another cloud, and also brings natural security in east-west traffic.
Sailing Multi Cloud Traffic Management With Karmada - Zhonghu Xu, Huawei
Multi-Cloud is becoming a new trend in recent years. It is the superset of multiple public cloud, hybrid, on-premises, and edge. It not only provides higher availability and flexibility but also prevents vendor lock-in. Karmada is a kubernets management system, it is natively suitable for multi-cloud application management. In this topic, Zhonghu will show you what Karmada can do for Multi-Cloud applications communicating on flat network and different networks. There are already many solutions that can help acquire L3 network connectivity cross multi-cloud, like VPN peering, submariner, etc. So the biggest challenge is L7 traffic management, Zhonghu will elaborate on how Karmada perfectly integrates with Istio to provide flexible and rich L7 traffic management features: priority routing, failover to another cloud, and also brings natural security in east-west traffic.
- 1 participant
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling Databases with Vitess - Harshit Gangal & Manan Gupta, Planetscale
Vitess is a cloud-native storage solution that provides horizontal scaling of MySQL. In this session we will cover the high level architecture and the feature set offered including the ease of database management. We will showcase its compatibility with the popular web framework Rails and will demo how to bring up Vitess with Rails using the Kubernetes operator. Realizing the need to scale out already running applications, we will also demonstrate how to scale out an existing database running on AWS RDS/Aurora using Vitess.
Scaling Databases with Vitess - Harshit Gangal & Manan Gupta, Planetscale
Vitess is a cloud-native storage solution that provides horizontal scaling of MySQL. In this session we will cover the high level architecture and the feature set offered including the ease of database management. We will showcase its compatibility with the popular web framework Rails and will demo how to bring up Vitess with Rails using the Kubernetes operator. Realizing the need to scale out already running applications, we will also demonstrate how to scale out an existing database running on AWS RDS/Aurora using Vitess.
- 9 participants
- 41 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling K8s Nodes Without Breaking the Bank or Your Sanity - Brandon Wagner & Nick Tran, Amazon
Kubernetes (k8s) has enabled applications to be mostly agnostic to the underlying VM infrastructure it is running on. Many clusters can benefit from the cost savings of utilizing spare VM capacity offerings commonly called Spot. In this session, we will discuss some of the best practices for utilizing spot capacity within a k8s cluster and some of the tools that will make your life easier managing the underlying VM infrastructure.
Scaling K8s Nodes Without Breaking the Bank or Your Sanity - Brandon Wagner & Nick Tran, Amazon
Kubernetes (k8s) has enabled applications to be mostly agnostic to the underlying VM infrastructure it is running on. Many clusters can benefit from the cost savings of utilizing spare VM capacity offerings commonly called Spot. In this session, we will discuss some of the best practices for utilizing spot capacity within a k8s cluster and some of the tools that will make your life easier managing the underlying VM infrastructure.
- 9 participants
- 26 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling and Orchestrating “Good Bot” With Kubernetes - Aris Cahyadi Risdianto, National University of Singapore (NUS)
During testing in the testbed, we need to emulate the production environment where there is plenty of normal traffic from the real users. High-quality normal traffic generated by the ‘human’ operator, has a significant impact on the testing results. Since the scale of testing is growing, increasing the number of operators is not practical and not cost-effective, so automating the generation of realistic normal traffic is becoming necessary. A BotNet can launch large-scale DDoS by orchestrating thousands of "infected" clients or “bad bots”. Similarly, if we can deploy thousands of human activity agents or “good bots” and orchestrate them together, we can generate a large number of emulated normal traffic from users. This talk will show how to utilize Kubernetes to orchestrate a large number of containerized bots to execute human activities in the testbed. Each bot is customized with special logic of activity workflows and it can be scaled and controlled by the orchestrator in real-time.
Scaling and Orchestrating “Good Bot” With Kubernetes - Aris Cahyadi Risdianto, National University of Singapore (NUS)
During testing in the testbed, we need to emulate the production environment where there is plenty of normal traffic from the real users. High-quality normal traffic generated by the ‘human’ operator, has a significant impact on the testing results. Since the scale of testing is growing, increasing the number of operators is not practical and not cost-effective, so automating the generation of realistic normal traffic is becoming necessary. A BotNet can launch large-scale DDoS by orchestrating thousands of "infected" clients or “bad bots”. Similarly, if we can deploy thousands of human activity agents or “good bots” and orchestrate them together, we can generate a large number of emulated normal traffic from users. This talk will show how to utilize Kubernetes to orchestrate a large number of containerized bots to execute human activities in the testbed. Each bot is customized with special logic of activity workflows and it can be scaled and controlled by the orchestrator in real-time.
- 1 participant
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Securing Kubernetes Applications by Crafting Custom Seccomp Profiles - Sascha Grunert, Red Hat
Applying seccomp profiles to Kubernetes workloads is one of the most efficient ways in securing containers. The profiles have to be created with care and need to be maintained over the complete lifecycle of the application. This manual effort causes that many applications either stick to the runtime default profile or turn the feature off at all. In this talk, Sascha will demonstrate how to create a custom seccomp profile for a specific containerized application. It will cover the basic techniques of collecting the required syscalls by hand, and also advanced ways of utilizing eBPF and automatic audit log tracing. The session will also discuss the drawbacks of relying on automations. In the end, Sascha will show how to create multi architecture profiles and utilizes in-cluster enhancements like the Security Profiles Operator to create an application specific profile. Join this talk to learn more about seccomp in Kubernetes and how to secure your applications!
Securing Kubernetes Applications by Crafting Custom Seccomp Profiles - Sascha Grunert, Red Hat
Applying seccomp profiles to Kubernetes workloads is one of the most efficient ways in securing containers. The profiles have to be created with care and need to be maintained over the complete lifecycle of the application. This manual effort causes that many applications either stick to the runtime default profile or turn the feature off at all. In this talk, Sascha will demonstrate how to create a custom seccomp profile for a specific containerized application. It will cover the basic techniques of collecting the required syscalls by hand, and also advanced ways of utilizing eBPF and automatic audit log tracing. The session will also discuss the drawbacks of relying on automations. In the end, Sascha will show how to create multi architecture profiles and utilizes in-cluster enhancements like the Security Profiles Operator to create an application specific profile. Join this talk to learn more about seccomp in Kubernetes and how to secure your applications!
- 1 participant
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Securing Your Container Native Supply Chain with SLSA, Github and Tekton - Laurent Simon, Google & Priya Wadhwa, Chainguard
Supply chain security has been a huge topic of discussion in recent months, and protecting your supply chain has become more important than ever. In this talk, Laurent Simon and Priya Wadhwa will discuss how to practically apply the principles of SLSA to secure your container native build system. They’ll start by covering how to use the in-toto project to create and verify source code attestations. They’ll also do a step-by-step demo of achieving SLSA Level 2 in common build systems like Tekton and Github Actions. If you’ve been wanting to secure your supply chain, but haven’t known where to start, then this talk is for you! Priya has given a related talk at SupplyChainSecurityCon on integrating Sigstore with Tekton. That talk focused on the theoretical integration, and this talk will practically show users how to secure an existing Tekton instance. This talk will also cover other build systems (e.g. Github Actions) which users may be using as part of their cloud native deployments.
Securing Your Container Native Supply Chain with SLSA, Github and Tekton - Laurent Simon, Google & Priya Wadhwa, Chainguard
Supply chain security has been a huge topic of discussion in recent months, and protecting your supply chain has become more important than ever. In this talk, Laurent Simon and Priya Wadhwa will discuss how to practically apply the principles of SLSA to secure your container native build system. They’ll start by covering how to use the in-toto project to create and verify source code attestations. They’ll also do a step-by-step demo of achieving SLSA Level 2 in common build systems like Tekton and Github Actions. If you’ve been wanting to secure your supply chain, but haven’t known where to start, then this talk is for you! Priya has given a related talk at SupplyChainSecurityCon on integrating Sigstore with Tekton. That talk focused on the theoretical integration, and this talk will practically show users how to secure an existing Tekton instance. This talk will also cover other build systems (e.g. Github Actions) which users may be using as part of their cloud native deployments.
- 2 participants
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Service Mesh at Scale: How Xbox Cloud Gaming Secures 22k Pods with Linkerd - Christopher Voss, Microsoft
During this session, Chris Voss, Senior Software Engineer at Microsoft, will share how Microsoft deployed Linkerd to apply mutual TLS, observability, and reliability to 22,000 meshed pods across 26 clusters. Xbox Cloud Gaming is Microsoft's game streaming service. With over 300 games available in 26 countries. The app is massive: 26 clusters across 18 regions, each with 50+ microservices and 700 to 1,000 pods — all of which are meshed with Linkerd. Chris will cover Xbox Cloud Gaming's Kubernetes and Linkerd journey, including how they: * Applied mutual TLS to 22k pods with zero config * Reduced pod/container monitoring cost by thousands of dollars using Linkerd observability * Integrated Prometheus, Linkerd, Flagger and Azure ADO for progressive delivery.
Service Mesh at Scale: How Xbox Cloud Gaming Secures 22k Pods with Linkerd - Christopher Voss, Microsoft
During this session, Chris Voss, Senior Software Engineer at Microsoft, will share how Microsoft deployed Linkerd to apply mutual TLS, observability, and reliability to 22,000 meshed pods across 26 clusters. Xbox Cloud Gaming is Microsoft's game streaming service. With over 300 games available in 26 countries. The app is massive: 26 clusters across 18 regions, each with 50+ microservices and 700 to 1,000 pods — all of which are meshed with Linkerd. Chris will cover Xbox Cloud Gaming's Kubernetes and Linkerd journey, including how they: * Applied mutual TLS to 22k pods with zero config * Reduced pod/container monitoring cost by thousands of dollars using Linkerd observability * Integrated Prometheus, Linkerd, Flagger and Azure ADO for progressive delivery.
- 1 participant
- 22 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Show Me Your Labels and I’ll Tell You Who You Are - Sandor Guba, Cisco
One of the underestimated benefits of Kubernetes is the standardization of labels. Of course in every provision system, you have the ability to mark the assets with taints, tags, labels, or something. Prometheus raised the stakes and built a whole metric system on labels. The concept was so successful that more and more tooling tries to benefit from it. Modern logging, tracing, and metric systems have at least one common characteristic: they have labels. In this talk, Sandor will demonstrate how to fully exploit labels with tools that are available already at your hands. Correlate different inputs, transform logs to metrics, and more!
Show Me Your Labels and I’ll Tell You Who You Are - Sandor Guba, Cisco
One of the underestimated benefits of Kubernetes is the standardization of labels. Of course in every provision system, you have the ability to mark the assets with taints, tags, labels, or something. Prometheus raised the stakes and built a whole metric system on labels. The concept was so successful that more and more tooling tries to benefit from it. Modern logging, tracing, and metric systems have at least one common characteristic: they have labels. In this talk, Sandor will demonstrate how to fully exploit labels with tools that are available already at your hands. Correlate different inputs, transform logs to metrics, and more!
- 2 participants
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Simplifying Service Mesh Operations with Flux and Flagger - Mitch Connors, Google & Stefan Prodan, Weaveworks
Distributed Proxies have opened the floodgates for Service Meshes to provide substantial value at the Application Networking Layer, but early adopters of Service Meshes are often overwhelmed by operational complexities. How do you ensure that the proxy is distributed everywhere your software runs? How do you safely upgrade or roll back all those proxies? How can you ensure that your network config is correct - without pushing it to production and risking an outage? Following the GitOps Principles is key to simplifying Service Mesh Operations. Defining the entire service mesh declaratively - be it installation, proxy injection, or configuration - provides a mechanism to safely manage the complexities of a service mesh. Continuously reconciling declarative config with the latest service mesh release keeps you from being caught off-guard by CVEs. Progressive Delivery tools enable seamless movement from one version of a service mesh to another - and back - with minimal impact to traffic.
Simplifying Service Mesh Operations with Flux and Flagger - Mitch Connors, Google & Stefan Prodan, Weaveworks
Distributed Proxies have opened the floodgates for Service Meshes to provide substantial value at the Application Networking Layer, but early adopters of Service Meshes are often overwhelmed by operational complexities. How do you ensure that the proxy is distributed everywhere your software runs? How do you safely upgrade or roll back all those proxies? How can you ensure that your network config is correct - without pushing it to production and risking an outage? Following the GitOps Principles is key to simplifying Service Mesh Operations. Defining the entire service mesh declaratively - be it installation, proxy injection, or configuration - provides a mechanism to safely manage the complexities of a service mesh. Continuously reconciling declarative config with the latest service mesh release keeps you from being caught off-guard by CVEs. Progressive Delivery tools enable seamless movement from one version of a service mesh to another - and back - with minimal impact to traffic.
- 5 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Spark on Kubernetes: The Elastic Story - Bowen Li & Huichao Zhao, Apple
Apache Spark is a unified analytics engine for large-scale data processing. People are moving Spark and batch workload to Kubernetes due to its uprising popularity. There are many challenges to running Spark efficiently on Kubernetes, for example, supporting autoscaling-based workloads. In this talk, we discuss building a large scale Spark Service on top of Kubernetes. We will also walk through autoscaling on a multi-tenant platform with advanced features such as physical isolation, min/max capacity setting, bin-packing, scale-in and scale out controls, and more. These improvements show significant CPU and memory utilization savings for Spark on Kubernetes.
Spark on Kubernetes: The Elastic Story - Bowen Li & Huichao Zhao, Apple
Apache Spark is a unified analytics engine for large-scale data processing. People are moving Spark and batch workload to Kubernetes due to its uprising popularity. There are many challenges to running Spark efficiently on Kubernetes, for example, supporting autoscaling-based workloads. In this talk, we discuss building a large scale Spark Service on top of Kubernetes. We will also walk through autoscaling on a multi-tenant platform with advanced features such as physical isolation, min/max capacity setting, bin-packing, scale-in and scale out controls, and more. These improvements show significant CPU and memory utilization savings for Spark on Kubernetes.
- 2 participants
- 21 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Staring Into the Abyss with the Security Technical Advisory Group - Andres Vega, VMware & Brandon Lum, Google
The CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved.
Staring Into the Abyss with the Security Technical Advisory Group - Andres Vega, VMware & Brandon Lum, Google
The CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved.
- 6 participants
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
State of NATS: Core, Persistence, & Materialized Views - Tomasz Pietrek, Synadia Communications
NATS is a high performance cloud native distributed communications utility that allows you to build globally available and secure applications based on streams and services that are both fast and simple to operate. In this talk you will learn about the advanced features of NATS JetStream persistence implementation that includes both Key-Value & Object Store use-cases. You will also see a demo showcasing the flexibility of the NATS newly added Materialized Views capabilities. We will also discuss how it integrates with other CNCF projects, and simplifies your distributed application code base with functions like: watches, history, & sealed streams that are seamlessly integrated via the NATS CLI & API.
State of NATS: Core, Persistence, & Materialized Views - Tomasz Pietrek, Synadia Communications
NATS is a high performance cloud native distributed communications utility that allows you to build globally available and secure applications based on streams and services that are both fast and simple to operate. In this talk you will learn about the advanced features of NATS JetStream persistence implementation that includes both Key-Value & Object Store use-cases. You will also see a demo showcasing the flexibility of the NATS newly added Materialized Views capabilities. We will also discuss how it integrates with other CNCF projects, and simplifies your distributed application code base with functions like: watches, history, & sealed streams that are seamlessly integrated via the NATS CLI & API.
- 1 participant
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Story of Correlation: Integrating Thanos Metrics with Observability Signals - Bartłomiej Płotka, Red Hat & Kemal Akkoyun, Polar Signals
The CNCF Incubated Thanos project with the large open-source community continues to push boundaries regarding observability and monitoring using Prometheus-based metrics. Together with the Prometheus community, it improves the metric story for Kubernetes clusters and beyond. Things like improved performance, better scalability, debuggability, security, metrics backfilling and query QoS is only the tip of the iceberg. As we know, observability nowadays comes in many flavours. Bunching them together is not a trivial side, given many shapes and collection points. Aside from metrics, we have logs, traces or even continuous profiling. In this talk, Kemal and Bartek, Thanos maintainers, after a quick overview of Thanos, will explain how Thanos can be integrated with those non-metric observability signals. The audience will learn an example, end-to-end ways to correlate multiple observability backends with Thanos for enhanced observability and monitoring experience.
Story of Correlation: Integrating Thanos Metrics with Observability Signals - Bartłomiej Płotka, Red Hat & Kemal Akkoyun, Polar Signals
The CNCF Incubated Thanos project with the large open-source community continues to push boundaries regarding observability and monitoring using Prometheus-based metrics. Together with the Prometheus community, it improves the metric story for Kubernetes clusters and beyond. Things like improved performance, better scalability, debuggability, security, metrics backfilling and query QoS is only the tip of the iceberg. As we know, observability nowadays comes in many flavours. Bunching them together is not a trivial side, given many shapes and collection points. Aside from metrics, we have logs, traces or even continuous profiling. In this talk, Kemal and Bartek, Thanos maintainers, after a quick overview of Thanos, will explain how Thanos can be integrated with those non-metric observability signals. The audience will learn an example, end-to-end ways to correlate multiple observability backends with Thanos for enhanced observability and monitoring experience.
- 4 participants
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Future Of Reproducible Research: Powered By Kubeflow - Trevor Grant
Reproducibility has been a cornerstone of scientific research for the last 400 years;, often that means charts or a sample of data. With the advent of Github, sometimes now code and sample data too, unfortunately this still leaves a lot of “leg work” to the person reproducing (which is why this is often a task for graduate students). But Kubeflow, an Open Source, Cloud Native, Data Science Platform, changes that by making all steps from data cleansing to visualization quickly and easily reproducible which in turn makes iterative advances much easier and faster. In this talk, we’ll discuss a peer review article that was published not only with corresponding code, but with a Kubeflow Pipeline, so that anyone may download, check, and iteratively improve the results. While the paper itself is interesting- the talk will focus on why publishing not only code and data but full pipelines benefits not only grad students tasked with verifying results, but the entire academic community.
The Future Of Reproducible Research: Powered By Kubeflow - Trevor Grant
Reproducibility has been a cornerstone of scientific research for the last 400 years;, often that means charts or a sample of data. With the advent of Github, sometimes now code and sample data too, unfortunately this still leaves a lot of “leg work” to the person reproducing (which is why this is often a task for graduate students). But Kubeflow, an Open Source, Cloud Native, Data Science Platform, changes that by making all steps from data cleansing to visualization quickly and easily reproducible which in turn makes iterative advances much easier and faster. In this talk, we’ll discuss a peer review article that was published not only with corresponding code, but with a Kubeflow Pipeline, so that anyone may download, check, and iteratively improve the results. While the paper itself is interesting- the talk will focus on why publishing not only code and data but full pipelines benefits not only grad students tasked with verifying results, but the entire academic community.
- 1 participant
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Maintainer's Toolkit: Must-know CNCF Resources for Project Owners - Catherine Paganini, Bouyant & Dawn Foster, VMware
Whether you are trying to build an active, welcoming community, manage contributors' expectations, or motivate members to take on more responsibility, managing an open source project can feel overwhelming. During this talk, TAG Contributor Strategy leads will discuss CNCF resources available to project owners to help achieve exactly that. You'll learn what resources are available, where to find them, and how to get involved to develop new resources for your project and others. Developed for maintainers by maintainers, these resources help projects implement battle-tested best practices from fellow project owners. They include templates for a contributing guide, contributor ladder, governance frameworks, security disclosures, and more. Plus general guidance to grow your contributor base. There is no need to reinvent the wheel. Whatever challenge you are facing today, someone surely solved it before. Join this community to exchange ideas, learn from one another, and build a thriving ecosystem of successful open source projects.
The Maintainer's Toolkit: Must-know CNCF Resources for Project Owners - Catherine Paganini, Bouyant & Dawn Foster, VMware
Whether you are trying to build an active, welcoming community, manage contributors' expectations, or motivate members to take on more responsibility, managing an open source project can feel overwhelming. During this talk, TAG Contributor Strategy leads will discuss CNCF resources available to project owners to help achieve exactly that. You'll learn what resources are available, where to find them, and how to get involved to develop new resources for your project and others. Developed for maintainers by maintainers, these resources help projects implement battle-tested best practices from fellow project owners. They include templates for a contributing guide, contributor ladder, governance frameworks, security disclosures, and more. Plus general guidance to grow your contributor base. There is no need to reinvent the wheel. Whatever challenge you are facing today, someone surely solved it before. Join this community to exchange ideas, learn from one another, and build a thriving ecosystem of successful open source projects.
- 8 participants
- 31 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Road to IPv6 Support in kOps - John Gardiner Myers, Proofpoint; Ciprian Hacman, polypoly; Ole Markus, Sportradar; Justin Santa Barbara, Google
kOps has been adding support for IPv6 clusters. Learn about the design of and challenges faced in providing a turnkey IPv6 Kubernetes infrastructure, including on AWS and other clouds. kOps maintainers will describe the use cases they are targeting, the network architecture they chose, and how they are managing address allocation. They will give details on the components, both internal and in upstream projects, that needed changes to support IPv6 and the bugs and limitations they had to work around. They will also reveal trivia, such as why the kOps service network is fd00:5e4f:ce::/108.
The Road to IPv6 Support in kOps - John Gardiner Myers, Proofpoint; Ciprian Hacman, polypoly; Ole Markus, Sportradar; Justin Santa Barbara, Google
kOps has been adding support for IPv6 clusters. Learn about the design of and challenges faced in providing a turnkey IPv6 Kubernetes infrastructure, including on AWS and other clouds. kOps maintainers will describe the use cases they are targeting, the network architecture they chose, and how they are managing address allocation. They will give details on the components, both internal and in upstream projects, that needed changes to support IPv6 and the bugs and limitations they had to work around. They will also reveal trivia, such as why the kOps service network is fd00:5e4f:ce::/108.
- 4 participants
- 18 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Soul of a New Command: Adding ‘Events’ to kubectl - Bryan Boreham, Grafana Labs
Introduced as an alpha feature in the Kubernetes 1.23 release, the ‘kubectl alpha events’ command resolves some issues that could not be fixed within the generic ‘kubectl get’ command. Join us to re-live and explore: * How the need for ‘kubectl events’ came about. * How Bryan got involved and how you can, too. * The lifecycle of a Kubernetes enhancement.. * How a kubectl command is structured. * Helper libraries to fetch and print Kubernetes objects, and how you can use them in your own code. * Possible future directions for `kubectl [alpha] events`.
The Soul of a New Command: Adding ‘Events’ to kubectl - Bryan Boreham, Grafana Labs
Introduced as an alpha feature in the Kubernetes 1.23 release, the ‘kubectl alpha events’ command resolves some issues that could not be fixed within the generic ‘kubectl get’ command. Join us to re-live and explore: * How the need for ‘kubectl events’ came about. * How Bryan got involved and how you can, too. * The lifecycle of a Kubernetes enhancement.. * How a kubectl command is structured. * Helper libraries to fetch and print Kubernetes objects, and how you can use them in your own code. * Possible future directions for `kubectl [alpha] events`.
- 7 participants
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
This is The Way: A Crash Course on the Intricacies of Managing CPUs in K8s - Swati Sehgal, Red Hat & Marlow Weston, Intel
Optimizing CPU management improves cluster performance and security, but is daunting to almost everyone. CPU management may seem complex, but it can be explained in such a way that even your inner toddler will comprehend. With this talk, we will give a path to success. You may have a multi-socket node cluster where your AI/ML workloads care about the proximity of your CPUs to GPUs. You may be running scientific workloads where you want to pin in cores within containers instead of just a pod level. You may have a single-socket server where you want to save a single core outside of Kubernetes for a daemon dedicated to mining bitcoin, without affecting your other jobs (please do not do this). We will cover these and more, helping you understand the intricacies of CPU management within the kubelet and what Kuberenetes can and cannot currently do. We will also cover how you can help escalate the visibility of use cases not currently covered within Kubernetes.
This is The Way: A Crash Course on the Intricacies of Managing CPUs in K8s - Swati Sehgal, Red Hat & Marlow Weston, Intel
Optimizing CPU management improves cluster performance and security, but is daunting to almost everyone. CPU management may seem complex, but it can be explained in such a way that even your inner toddler will comprehend. With this talk, we will give a path to success. You may have a multi-socket node cluster where your AI/ML workloads care about the proximity of your CPUs to GPUs. You may be running scientific workloads where you want to pin in cores within containers instead of just a pod level. You may have a single-socket server where you want to save a single core outside of Kubernetes for a daemon dedicated to mining bitcoin, without affecting your other jobs (please do not do this). We will cover these and more, helping you understand the intricacies of CPU management within the kubelet and what Kuberenetes can and cannot currently do. We will also cover how you can help escalate the visibility of use cases not currently covered within Kubernetes.
- 2 participants
- 23 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent - Furkan Türkal & Emin Aktaş, Trendyol
At Trendyol, we are running thousands of production-grade Kubernetes clusters to make our customers always happy. The challenge that we have to achieve is to track every component, resource, user, and team in a timeline manner. This is where we have to collect audit events from almost everywhere! Kubernetes audit logs can effectively track the changes made to our clusters. By using Falco, we consume the kernel events and enrich those events with information from Kubernetes. Enabling Kubernetes Audit Logs feature allows us to scan audit events that forwarded from Kubernetes. By using Fluent Bit, we collect logs from different sources such as containers and Falco; furthermore, we extend them with filters, and send them to multiple destinations. By using Loki, we build a highly-available log aggregation system. We create and manage all of our alerting rules for the log data. In this session, we try to combine pieces and introduce a brand new Audit Monitoring System!
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent - Furkan Türkal & Emin Aktaş, Trendyol
At Trendyol, we are running thousands of production-grade Kubernetes clusters to make our customers always happy. The challenge that we have to achieve is to track every component, resource, user, and team in a timeline manner. This is where we have to collect audit events from almost everywhere! Kubernetes audit logs can effectively track the changes made to our clusters. By using Falco, we consume the kernel events and enrich those events with information from Kubernetes. Enabling Kubernetes Audit Logs feature allows us to scan audit events that forwarded from Kubernetes. By using Fluent Bit, we collect logs from different sources such as containers and Falco; furthermore, we extend them with filters, and send them to multiple destinations. By using Loki, we build a highly-available log aggregation system. We create and manage all of our alerting rules for the log data. In this session, we try to combine pieces and introduce a brand new Audit Monitoring System!
- 2 participants
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance, ControlPlane
Kubernetes' networking model simplifies the user experience, but abstractions can introduce and hide complexity under the hood. This talk challenges perceived trust boundaries in Kubernetes networking and demonstrates some non-obvious and counter-intuitive behaviours. Left unchecked, these issues can mean Kubernetes clusters present a wider attack surface than may be immediately evident. The talk will cover: * The external attack surface of a Kubernetes node * Enumerating externally available cluster information * Exploiting Linux networking to access internal pods and services * Misusing CNI configurations to access internal pods and services You will gain an understanding of these attacks and how to use them, learn mitigation strategies and pragmatic defences, and be able to protect your clusters to avoid compromise.
Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance, ControlPlane
Kubernetes' networking model simplifies the user experience, but abstractions can introduce and hide complexity under the hood. This talk challenges perceived trust boundaries in Kubernetes networking and demonstrates some non-obvious and counter-intuitive behaviours. Left unchecked, these issues can mean Kubernetes clusters present a wider attack surface than may be immediately evident. The talk will cover: * The external attack surface of a Kubernetes node * Enumerating externally available cluster information * Exploiting Linux networking to access internal pods and services * Misusing CNI configurations to access internal pods and services You will gain an understanding of these attacks and how to use them, learn mitigation strategies and pragmatic defences, and be able to protect your clusters to avoid compromise.
- 1 participant
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Throw Away Your Passwords: Trusting Workload Identity - Ric Featherstone, ControlPlane
Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system?
Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:
Demystify machine identity and its relationship to secrets management and access control
Discuss the issues with historical approaches in a cloud native environment
Solve the "bottom turtle" trust bootstrap quandary
Appraise the open source implementations and technologies available to you
Demonstrate practical examples of how to acquire a workload identity or secret zero
Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust
Throw Away Your Passwords: Trusting Workload Identity - Ric Featherstone, ControlPlane
Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system?
Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:
Demystify machine identity and its relationship to secrets management and access control
Discuss the issues with historical approaches in a cloud native environment
Solve the "bottom turtle" trust bootstrap quandary
Appraise the open source implementations and technologies available to you
Demonstrate practical examples of how to acquire a workload identity or secret zero
Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust
- 1 participant
- 34 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
TikTok’s Story: How To Manage a Thousand Applications on Edge With Argo CD - Qingkun Li, TikTok/Bytedance Inc. & Jesse Suen, Akuity, Inc.
This talk will share a case study of how TikTok manages its global edge clusters with Kubernetes and operates continuous delivery with Argo CD concluding with a demo. The talk will also dive into the scalability challenges faced by Tiktok to manage edge services using Argo CD (with ~100 edge clusters, ~150k CPUs and ~3000 applications), as well as how the Argo community plans to address them in future. TikTok operates a large network of Kubernetes edge clusters around the world, hosting apps such as Tiktok, live and gaming, using cache and traffic acceleration services offered at our edge clusters. The challenge arises when it comes to the deployment management of those edge services on hundreds of edge clusters. Normally, an edge service shares a lot of common configurations when deployed globally, but still has cluster-specific configurations (e.g. resource quota, service hostname, etc.). From this talk, people will learn how to deploy and manage such kind of services using Argo CD.
TikTok’s Story: How To Manage a Thousand Applications on Edge With Argo CD - Qingkun Li, TikTok/Bytedance Inc. & Jesse Suen, Akuity, Inc.
This talk will share a case study of how TikTok manages its global edge clusters with Kubernetes and operates continuous delivery with Argo CD concluding with a demo. The talk will also dive into the scalability challenges faced by Tiktok to manage edge services using Argo CD (with ~100 edge clusters, ~150k CPUs and ~3000 applications), as well as how the Argo community plans to address them in future. TikTok operates a large network of Kubernetes edge clusters around the world, hosting apps such as Tiktok, live and gaming, using cache and traffic acceleration services offered at our edge clusters. The challenge arises when it comes to the deployment management of those edge services on hundreds of edge clusters. Normally, an edge service shares a lot of common configurations when deployed globally, but still has cluster-specific configurations (e.g. resource quota, service hostname, etc.). From this talk, people will learn how to deploy and manage such kind of services using Argo CD.
- 2 participants
- 26 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
To IPv6 - The Dual-stack Adoption Advisory Panel - Bridget Kromhout, Microsoft; Tim Hockin, Google; Dinesh Majrekar, Civo; Lachie Evenson, Microsoft; Rags Srinivas, InfoQ
We all know we’re running out of IPv4 addresses. Kubernetes introduced the current implementation of dual-stack networking (supporting both IPv4 and IPv6 at the same time) in v1.20, and the dual-stack feature graduated to stable in v1.23. While the world has been slow to adopt IPv6, it is happening. It’s time to learn about using dual-stack to start your own move away from IPv4, supported by changes in Kubernetes components such as pods and services. Join for the discussion as SIG Network members and Kubernetes contributors dive into the technical details underlying the move to dual-stack networking, and leave with recommendations to shape your IPv4/IPv6 rollout strategy.
To IPv6 - The Dual-stack Adoption Advisory Panel - Bridget Kromhout, Microsoft; Tim Hockin, Google; Dinesh Majrekar, Civo; Lachie Evenson, Microsoft; Rags Srinivas, InfoQ
We all know we’re running out of IPv4 addresses. Kubernetes introduced the current implementation of dual-stack networking (supporting both IPv4 and IPv6 at the same time) in v1.20, and the dual-stack feature graduated to stable in v1.23. While the world has been slow to adopt IPv6, it is happening. It’s time to learn about using dual-stack to start your own move away from IPv4, supported by changes in Kubernetes components such as pods and services. Join for the discussion as SIG Network members and Kubernetes contributors dive into the technical details underlying the move to dual-stack networking, and leave with recommendations to shape your IPv4/IPv6 rollout strategy.
- 11 participants
- 33 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Too Much to Choose – Making Sense of a Smorgasbord of Security Standards - Anais Urlichs & Rory McCune, Aqua Security
As time goes by, there are an increasing number of security standards which Kubernetes cluster operators may be asked to comply with or get audited against. This talk will look at how Kubernetes security standards like the CIS benchmarks, DISA STIG, Pod Security Standards and the NSA hardening guide compare, where they compare and where they don’t. Additionally, we will also cover the recently released PCI guidance on container orchestration security. Once a standard has been chosen, the remaining pain lies in compliance. Luckily, the cloud native ecosystem provides several open-source tools to make it easier. We will look at using open source tooling to assess Kubernetes clusters against these standards. At the end of the presentation, the audience will gain a clear understanding of the benefits of each standard and the processes that can be adopted to comply with common requirements.
Too Much to Choose – Making Sense of a Smorgasbord of Security Standards - Anais Urlichs & Rory McCune, Aqua Security
As time goes by, there are an increasing number of security standards which Kubernetes cluster operators may be asked to comply with or get audited against. This talk will look at how Kubernetes security standards like the CIS benchmarks, DISA STIG, Pod Security Standards and the NSA hardening guide compare, where they compare and where they don’t. Additionally, we will also cover the recently released PCI guidance on container orchestration security. Once a standard has been chosen, the remaining pain lies in compliance. Luckily, the cloud native ecosystem provides several open-source tools to make it easier. We will look at using open source tooling to assess Kubernetes clusters against these standards. At the end of the presentation, the audience will gain a clear understanding of the benefits of each standard and the processes that can be adopted to comply with common requirements.
- 7 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Transparent Live Migration of Services Between Kubernetes Cluster - Adam Janikowski & Jörg Schad, ArangoDB
Operating a distributed database on a single Kubernetes cluster is interesting, but how about transparently migrating it from one cluster to another–potentially between different cloud providers– without impacting user workloads? Kubernetes has become the de facto default deployment for ArangoDB, a distributed Graph database. Consider for example ArangoDB Oasis, a managed Cloud Database service with over 200 deployments (aka highly available database clusters) across three major cloud providers and many regions. But outages, (Kubernetes) upgrades, resource considerations, and cost optimizations require the underlying infrastructure to be very dynamic including migration between Kubernetes cluster, datacenter, or even cloud providers. This talk provides insights into how Kube-Arango, the OSS operator for ArangoDB, supports live migration of distributed stateful applications without impact on users. Challenges in such migration include for example networking, DNS, and persistent data.
Transparent Live Migration of Services Between Kubernetes Cluster - Adam Janikowski & Jörg Schad, ArangoDB
Operating a distributed database on a single Kubernetes cluster is interesting, but how about transparently migrating it from one cluster to another–potentially between different cloud providers– without impacting user workloads? Kubernetes has become the de facto default deployment for ArangoDB, a distributed Graph database. Consider for example ArangoDB Oasis, a managed Cloud Database service with over 200 deployments (aka highly available database clusters) across three major cloud providers and many regions. But outages, (Kubernetes) upgrades, resource considerations, and cost optimizations require the underlying infrastructure to be very dynamic including migration between Kubernetes cluster, datacenter, or even cloud providers. This talk provides insights into how Kube-Arango, the OSS operator for ArangoDB, supports live migration of distributed stateful applications without impact on users. Challenges in such migration include for example networking, DNS, and persistent data.
- 2 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tweezering Kubernetes Resources: Operating on Operators - Kevin Ward, ControlPlane
Operators have become prevalent for the automation of repeatable cluster operations, replacing engineers in the Kubernetes configuration process. Although removing human error from the equation solves repeatability issues, Operators are often highly privileged with namespace or cluster-wide access to change resources. A compromised operator allows an attacker to deploy custom workloads very discreetly, and a rogue resource could go completely undetected. This talk asks and shows “what’s the worst that could happen?” to Operators by: - showing you how to threat model core Operator functionality - demonstrating how an Operator-based attacker can modify resources and gain persistence - how to securely appraise and test third-party Operators before trusting them - what to look out for during a code review or security related events.
Tweezering Kubernetes Resources: Operating on Operators - Kevin Ward, ControlPlane
Operators have become prevalent for the automation of repeatable cluster operations, replacing engineers in the Kubernetes configuration process. Although removing human error from the equation solves repeatability issues, Operators are often highly privileged with namespace or cluster-wide access to change resources. A compromised operator allows an attacker to deploy custom workloads very discreetly, and a rogue resource could go completely undetected. This talk asks and shows “what’s the worst that could happen?” to Operators by: - showing you how to threat model core Operator functionality - demonstrating how an Operator-based attacker can modify resources and gain persistence - how to securely appraise and test third-party Operators before trusting them - what to look out for during a code review or security related events.
- 5 participants
- 40 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Understanding Kubernetes Through Real-World Phenomena and Analogies - Lucas Käldström
How is the Kubernetes controller model similar to a taxi driver? Why is Kubernetes so differently designed compared to similar systems? How has the second law of thermodynamics and randomness theory shaped Kubernetes design? How the shift from traditionally managing servers to using Kubernetes operators similar to the Industrial Revolution? This talk offers the audience a unique perspective into why Kubernetes is designed the way it is. Kubernetes is often described as designed from “decades of experience”, but it is not as often mentioned what that means in practice. Quite conversely, many newcomers to Kubernetes find it “too complex”. Why is it, or why is that the impression? After this talk, the audience can make sense out of why Kubernetes does what it does. This by learning the fundamental design philosophies of Kubernetes and cloud native through well-known phenomena and real-world analogies. With the right mental model, hopefully it doesn’t seem overwhelmingly complex anymore.
Understanding Kubernetes Through Real-World Phenomena and Analogies - Lucas Käldström
How is the Kubernetes controller model similar to a taxi driver? Why is Kubernetes so differently designed compared to similar systems? How has the second law of thermodynamics and randomness theory shaped Kubernetes design? How the shift from traditionally managing servers to using Kubernetes operators similar to the Industrial Revolution? This talk offers the audience a unique perspective into why Kubernetes is designed the way it is. Kubernetes is often described as designed from “decades of experience”, but it is not as often mentioned what that means in practice. Quite conversely, many newcomers to Kubernetes find it “too complex”. Why is it, or why is that the impression? After this talk, the audience can make sense out of why Kubernetes does what it does. This by learning the fundamental design philosophies of Kubernetes and cloud native through well-known phenomena and real-world analogies. With the right mental model, hopefully it doesn’t seem overwhelmingly complex anymore.
- 2 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Updates from The Update Framework - Lukas Pühringer, NYU & Jussi Kukkonen, VMware
The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. In this talk Jussi and Lukas, both maintainers of the TUF reference implementation and core contributors to the TUF specification, will show why content delivery is such a crucial part of the supply chain, how TUF can be used to protect it, and where TUF is already used in practice. They will talk about how the TUF ecosystem is evolving: what is happening within the various sub projects and how some well-known adoptions and integration projects are proceeding. Finally, some interesting future developments are discussed.
Updates from The Update Framework - Lukas Pühringer, NYU & Jussi Kukkonen, VMware
The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. In this talk Jussi and Lukas, both maintainers of the TUF reference implementation and core contributors to the TUF specification, will show why content delivery is such a crucial part of the supply chain, how TUF can be used to protect it, and where TUF is already used in practice. They will talk about how the TUF ecosystem is evolving: what is happening within the various sub projects and how some well-known adoptions and integration projects are proceeding. Finally, some interesting future developments are discussed.
- 3 participants
- 27 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Volcano: Intro & Deep Dive - Klaus Ma, Huawei Cloud
Volcano is a system for running high-performance workloads on Kubernetes. It features powerful batch scheduling capability that Kubernetes cannot provide but is commonly required by many classes of high-performance workloads such as ML/DL, big data application and Bioinformatics/Genomics. During this session the Volcano maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in Volcano. If you are interested in running high-performance workloads in Kubernetes, this session is for you.
Volcano: Intro & Deep Dive - Klaus Ma, Huawei Cloud
Volcano is a system for running high-performance workloads on Kubernetes. It features powerful batch scheduling capability that Kubernetes cannot provide but is commonly required by many classes of high-performance workloads such as ML/DL, big data application and Bioinformatics/Genomics. During this session the Volcano maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in Volcano. If you are interested in running high-performance workloads in Kubernetes, this session is for you.
- 1 participant
- 32 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What Anime Taught Me About K8s Development & Tech Careers - Annie Talvasto, Camunda
From One piece and Naruto to Neon Genesis Evangelion and Dragon Ball, Japanese animation is a cultural phenomenon. This session will take you through both the landscape of anime and Kubernetes development, with helpful beginner tips to get you started on your cloud native journey. The session will also cover what the heroes of East blue and Planet 4032-877 can teach us about career development in the tech world. Importance of perseverance, inclusion & diversity as well as always having a snack at hand - come and learn how anime can boost your Kubernetes and tech career to the next level!
What Anime Taught Me About K8s Development & Tech Careers - Annie Talvasto, Camunda
From One piece and Naruto to Neon Genesis Evangelion and Dragon Ball, Japanese animation is a cultural phenomenon. This session will take you through both the landscape of anime and Kubernetes development, with helpful beginner tips to get you started on your cloud native journey. The session will also cover what the heroes of East blue and Planet 4032-877 can teach us about career development in the tech world. Importance of perseverance, inclusion & diversity as well as always having a snack at hand - come and learn how anime can boost your Kubernetes and tech career to the next level!
- 2 participants
- 28 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What If... Kube-Apiserver Could be Extended Via WebAssembly? - Flavio Castelli, SUSE
Dynamic Admission Controllers are currently the only way to extend the Kubernetes API Server to implement security and conformance policies. They work great, but they also have drawbacks. How would it be to have a flexible way to extend the built-in admission controllers that doesn’t resort on Webhooks? This talk will show a prototype that leverages WebAssembly as a way to enrich the Kubernetes API Server capabilities. What if this is just the beginning of extending Kubernetes core pieces with WebAssembly? Do you want to join us in this experiment?
What If... Kube-Apiserver Could be Extended Via WebAssembly? - Flavio Castelli, SUSE
Dynamic Admission Controllers are currently the only way to extend the Kubernetes API Server to implement security and conformance policies. They work great, but they also have drawbacks. How would it be to have a flexible way to extend the built-in admission controllers that doesn’t resort on Webhooks? This talk will show a prototype that leverages WebAssembly as a way to enrich the Kubernetes API Server capabilities. What if this is just the beginning of extending Kubernetes core pieces with WebAssembly? Do you want to join us in this experiment?
- 1 participant
- 26 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What Is the CNCF TAG Observability and How You Can Join Our Effort! - Bartłomiej Płotka, Red Hat; Alolita Sharma, Amazon; Richard Hartmann, Grafana Labs; Matthew Young, Everquote
The Technical Advisory Groups (TAGs, formerly SIGs) were created by the CNCF to help provide technical guidance and expertise across projects pertaining to a specific domain. One of the domains that are continuously demanded and show great innovation within the cloud-native ecosystem is Observability. In this talk, the TAG Observability co-chairs and team lead will introduce the activities we do with TAG members and the community. You will learn what has been done so far and how you can join us in our efforts to improve the observability ecosystem around us. We are looking for a diversity of skills and backgrounds, so we can give out more supporting materials and best practices for end-users and contributors around monitoring and observability. The audience will learn what TAG Observability is responsible for, how to contribute and where to find us. Hopefully, this talk will inspire your to join our Observability community!
What Is the CNCF TAG Observability and How You Can Join Our Effort! - Bartłomiej Płotka, Red Hat; Alolita Sharma, Amazon; Richard Hartmann, Grafana Labs; Matthew Young, Everquote
The Technical Advisory Groups (TAGs, formerly SIGs) were created by the CNCF to help provide technical guidance and expertise across projects pertaining to a specific domain. One of the domains that are continuously demanded and show great innovation within the cloud-native ecosystem is Observability. In this talk, the TAG Observability co-chairs and team lead will introduce the activities we do with TAG members and the community. You will learn what has been done so far and how you can join us in our efforts to improve the observability ecosystem around us. We are looking for a diversity of skills and backgrounds, so we can give out more supporting materials and best practices for end-users and contributors around monitoring and observability. The audience will learn what TAG Observability is responsible for, how to contribute and where to find us. Hopefully, this talk will inspire your to join our Observability community!
- 8 participants
- 30 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What's New With SIG Windows and Deep Dive Into Windows Container Users - Mark Rossetti & Brandon Smith, Microsoft; Jay Vyas, VMware; Claudiu Belu, Cloudbase Solutions
Running Kubernetes on Windows is increasingly a viable production strategy for complex applications in multitenant environments. In this presentation we'll highlight recent improvements - such as the pod.OS field and advancements in host-process containers for infrstractuure - that make it easier to manage production clusters/workloads, show people how to rapidly prototype the development of new Kubernetes features using the SIG-Windows developer tools project, and also do a deep-dive into how container users work on Windows.
What's New With SIG Windows and Deep Dive Into Windows Container Users - Mark Rossetti & Brandon Smith, Microsoft; Jay Vyas, VMware; Claudiu Belu, Cloudbase Solutions
Running Kubernetes on Windows is increasingly a viable production strategy for complex applications in multitenant environments. In this presentation we'll highlight recent improvements - such as the pod.OS field and advancements in host-process containers for infrstractuure - that make it easier to manage production clusters/workloads, show people how to rapidly prototype the development of new Kubernetes features using the SIG-Windows developer tools project, and also do a deep-dive into how container users work on Windows.
- 4 participants
- 26 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What's New in Operator Framework? - Jonathan Berkhahn, IBM; Varsha Prasad, Jesus Rodriguez & Austin Macdonald, Red Hat
This session covers recently added features in Operator Framework, particularly the Operator SDK CLI. We'll walk through scaffolding a Java operator using the newly-added Quarkus plugin, discuss how to add custom login to a Helm operator with the Hybrid-Helm feature, or how to best test your operator.
What's New in Operator Framework? - Jonathan Berkhahn, IBM; Varsha Prasad, Jesus Rodriguez & Austin Macdonald, Red Hat
This session covers recently added features in Operator Framework, particularly the Operator SDK CLI. We'll walk through scaffolding a Java operator using the newly-added Quarkus plugin, discuss how to add custom login to a Helm operator with the Hybrid-Helm feature, or how to best test your operator.
- 4 participants
- 28 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Why Kubernetes Can't Get Around FinOps – Cost Management Best Practice - Vanessa Kantner & Manuela Latz, Liquid Reply
Anyone with the right permissions on a cloud provider can acquire resources or spin up Kubernetes Clusters. While developers can joyfully make cloud spending explode, traditional finance and procurement departments look around in wonder. The FinOps approach and the Foundation, which coined the word, dedicate itself to continuously enhancing best practices around cloud financial management. Managing Kubernetes resources is the masterclass of it. Having cost transparency and control over many dynamically scaling containers across many server instances can be difficult. Vanessa and Manuela share the experience in monitoring Kubernetes costs and planning budgets accordingly. This session covers how engineers – responsible for incurring costs – can support cloud cost management to prevent overspending and how this approach enables and empowers colleagues from finance, procurement and business in their daily doing. This, in turn, gives the engineer more freedom to explore new solutions.
Why Kubernetes Can't Get Around FinOps – Cost Management Best Practice - Vanessa Kantner & Manuela Latz, Liquid Reply
Anyone with the right permissions on a cloud provider can acquire resources or spin up Kubernetes Clusters. While developers can joyfully make cloud spending explode, traditional finance and procurement departments look around in wonder. The FinOps approach and the Foundation, which coined the word, dedicate itself to continuously enhancing best practices around cloud financial management. Managing Kubernetes resources is the masterclass of it. Having cost transparency and control over many dynamically scaling containers across many server instances can be difficult. Vanessa and Manuela share the experience in monitoring Kubernetes costs and planning budgets accordingly. This session covers how engineers – responsible for incurring costs – can support cloud cost management to prevent overspending and how this approach enables and empowers colleagues from finance, procurement and business in their daily doing. This, in turn, gives the engineer more freedom to explore new solutions.
- 7 participants
- 35 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Why, How to, and Issues: Tail-Based Sampling in the OpenTelemetry Collector - Reese Lee, New Relic
When you are running OpenTelemetry in production and your services are producing a firehouse of spans, the traditional and default head-based sampling approach won’t cut it. This is because traces are sampled at initiation, which can be useful for some environments, but for larger systems, it can mean you miss out on key trace data. This is where configuring the Collector to sample your traces after they have fully completed–tail-based sampling–becomes a great option. In this talk, you’ll learn about head- and tail-based sampling, and why the latter approach is useful for obtaining the highest level of granularity in troubleshooting. You’ll learn how to configure your OpenTelemetry Collector to do this, and see the implementation in a suite of microservices, with traces exported to Jaeger. You’ll also learn of the current issues with implementing tail-based sampling in the OpenTelemetry Collector in production so you can take the challenges into account for your own deployments.
Why, How to, and Issues: Tail-Based Sampling in the OpenTelemetry Collector - Reese Lee, New Relic
When you are running OpenTelemetry in production and your services are producing a firehouse of spans, the traditional and default head-based sampling approach won’t cut it. This is because traces are sampled at initiation, which can be useful for some environments, but for larger systems, it can mean you miss out on key trace data. This is where configuring the Collector to sample your traces after they have fully completed–tail-based sampling–becomes a great option. In this talk, you’ll learn about head- and tail-based sampling, and why the latter approach is useful for obtaining the highest level of granularity in troubleshooting. You’ll learn how to configure your OpenTelemetry Collector to do this, and see the implementation in a suite of microservices, with traces exported to Jaeger. You’ll also learn of the current issues with implementing tail-based sampling in the OpenTelemetry Collector in production so you can take the challenges into account for your own deployments.
- 5 participants
- 39 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Writing Crossplane Providers with Code Generation - Muvaffak Onuş & Hasan Türken, Upbound
Crossplane providers are Kubernetes controllers that act as the bridges between your cluster and any external API. However, it’s always been a challenge to write them with CRDs that satisfy the Crossplane Resource Model and in turn Kubernetes Resource Model. In this talk, we will go over the steps of creating a provider with the latest Crossplane Runtime and code generation tooling and then we will see how we can wire that provider up to our application to provision external infrastructure.
Writing Crossplane Providers with Code Generation - Muvaffak Onuş & Hasan Türken, Upbound
Crossplane providers are Kubernetes controllers that act as the bridges between your cluster and any external API. However, it’s always been a challenge to write them with CRDs that satisfy the Crossplane Resource Model and in turn Kubernetes Resource Model. In this talk, we will go over the steps of creating a provider with the latest Crossplane Runtime and code generation tooling and then we will see how we can wire that provider up to our application to provision external infrastructure.
- 5 participants
- 1:39 hours
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
You're a Community Manager? But What Do You REALLY Do?! - Nanci Lancaster, VMware & Karen Chu, Microsoft
When it comes to open source software, having a strong, active community that feels supported is imperative to success. Oftentimes, maintainers are tasked with an abundance of responsibilities but are also expected to set aside time to inform and engage with community members such as users, contributors, and others who are interested in the project. This is where community managers can step in to alleviate the burden and provide support.
For those who are trying to understand what this hard-to-define role is, the responsibilities involved, and the value of having a community manager dedicated to your project, join Nanci (community manager for Carvel and Tanzu Community Edition(TCE) Open Source Software projects) and Karen (community manager for Helm and other CNCF projects) for a breakdown of what a community manager role can look like and the value of the role as they cover topics including:
• Maintainer and Contributor experience
• Events
• Social media/communications
• GitHub Repo Health
• Community Meetings
You're a Community Manager? But What Do You REALLY Do?! - Nanci Lancaster, VMware & Karen Chu, Microsoft
When it comes to open source software, having a strong, active community that feels supported is imperative to success. Oftentimes, maintainers are tasked with an abundance of responsibilities but are also expected to set aside time to inform and engage with community members such as users, contributors, and others who are interested in the project. This is where community managers can step in to alleviate the burden and provide support.
For those who are trying to understand what this hard-to-define role is, the responsibilities involved, and the value of having a community manager dedicated to your project, join Nanci (community manager for Carvel and Tanzu Community Edition(TCE) Open Source Software projects) and Karen (community manager for Helm and other CNCF projects) for a breakdown of what a community manager role can look like and the value of the role as they cover topics including:
• Maintainer and Contributor experience
• Events
• Social media/communications
• GitHub Repo Health
• Community Meetings
- 9 participants
- 38 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Your Manila CephFS Share Backups Belong to S3 - Robert Vasek, CERN
Backups. Boring and mundane, until you lose your application data and need it back. Our Kubernetes users at CERN make extensive use of CephFS-backed storage managed by the OpenStack Manila service. Streamlining and automating the process of backups gives them a chance to prepare so that–should a disaster strike–they can recover. In this talk we will delve into the work we have done to make Velero, CephFS, Manila and an S3 store cooperate together, and bring an application back into life. Expect code snippets and demos. By the end of this session, you should have a clear overview of how each component contributes to our current backup and restore workflow in Kubernetes, and how you can integrate this setup into your clusters too.
Your Manila CephFS Share Backups Belong to S3 - Robert Vasek, CERN
Backups. Boring and mundane, until you lose your application data and need it back. Our Kubernetes users at CERN make extensive use of CephFS-backed storage managed by the OpenStack Manila service. Streamlining and automating the process of backups gives them a chance to prepare so that–should a disaster strike–they can recover. In this talk we will delve into the work we have done to make Velero, CephFS, Manila and an S3 store cooperate together, and bring an application back into life. Expect code snippets and demos. By the end of this session, you should have a clear overview of how each component contributes to our current backup and restore workflow in Kubernetes, and how you can integrate this setup into your clusters too.
- 4 participants
- 36 minutes
1 Jun 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
gRPC For Microservices: Service-mesh and Observability - Sanjay Pujare & Wenbo Zhu, Google
gRPC is a popular and the de facto framework for connecting services. gRPC is language and platform independent. It was initially created by Google, as the next version of “Stubby” where “Stubby” was used to connect Google’s large number of microservices. gRPC recently has added many features for the proxyless service mesh. These features enable gRPC based microservices to do traffic management (which includes service discovery, routing and load balancing), and security without the use of proxies or without rewriting any code to make use of these features. gRPC also offers built-in observability support such as logging, metrics and tracing for microservices. One can try these features out in Google Cloud where the gRPC observability plugins seamlessly integrate with Google Cloud’s Operations Suite to give you dashboards for logs, metrics and traces.
gRPC For Microservices: Service-mesh and Observability - Sanjay Pujare & Wenbo Zhu, Google
gRPC is a popular and the de facto framework for connecting services. gRPC is language and platform independent. It was initially created by Google, as the next version of “Stubby” where “Stubby” was used to connect Google’s large number of microservices. gRPC recently has added many features for the proxyless service mesh. These features enable gRPC based microservices to do traffic management (which includes service discovery, routing and load balancing), and security without the use of proxies or without rewriting any code to make use of these features. gRPC also offers built-in observability support such as logging, metrics and tracing for microservices. One can try these features out in Google Cloud where the gRPC observability plugins seamlessly integrate with Google Cloud’s Operations Suite to give you dashboards for logs, metrics and traces.
- 1 participant
- 33 minutes
28 May 2022
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran, Member of Technical Staff, Kasten by Veeam
Modern software is built on open source projects, and in turn, the success of any open source project hinges on its community members and their contributions. So how do we create communities with active contributors and ensure our open source projects benefit from their innovative ideas? At Kasten by Veeam, we are working to build an open source community whose members contribute often, and in meaningful ways to our open source cloud native projects. During this session, a member of the technical staff from Kasten, Le Tran will share some insights on our journey to build an open source community, including the benefits and challenges that come with creating a contributing culture in an organization.
Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran, Member of Technical Staff, Kasten by Veeam
Modern software is built on open source projects, and in turn, the success of any open source project hinges on its community members and their contributions. So how do we create communities with active contributors and ensure our open source projects benefit from their innovative ideas? At Kasten by Veeam, we are working to build an open source community whose members contribute often, and in meaningful ways to our open source cloud native projects. During this session, a member of the technical staff from Kasten, Le Tran will share some insights on our journey to build an open source community, including the benefits and challenges that come with creating a contributing culture in an organization.
- 1 participant
- 6 minutes
