Cloud Native Computing Foundation / KubeCon + CloudNativeCon North America 2017 (Austin)

''Hot Dogs or Not" - At Scale with Kubernetes [I] - Vish Kannan & David Aronchick, Google

Kubernetes promises to be a multi workload platform. This talk will explore how Kubernetes can be easily leveraged to build a complete Deep Learning pipelines starting all the way from data ingestion/aggregation, pre-processing, ML training, and serving with the mighty Kubernetes APIs. This talk will use Tensorflow and other other ML frameworks to highlight the value that Kubernetes brings to Machine Learning. Along the way, key infrastructure features introduced to abstract and handle hardware accelerators which make Machine Learning possible will also be presented.

About David Aronchick
David Aronchick is the Senior Product Manager for the Google Container Engine, and leads product management on behalf of Google for Kubernetes. David has been helping to ship software for nearly 20 years, founding and being part of the management team for three different startups, as well as squeezing in time at Microsoft, Amazon, Chef, and now Google.

About Vish Kannan
Vishnu Kannan is a Senior Software Engineer at Google. Vishnu received his Masters in ECE from Georgia Tech. He has been a systems engineer ever since he graduated. He hacked on the Linux Kernel for a couple of years at Cisco. He then worked on Borg at Google. He is currently focused on Open Source Containers, spending most of his time on Kubernetes.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

101 Ways to Crash Your Cluster [I] - Marius Grigoriu & Emmanuel Gomez, Nordstrom

Running a kubernetes cluster requires operating many components. One must be good at running and scaling etcd, multiple control plane components, a monitoring system, a logging pipeline, Docker, rkt, and Linux itself. And this list isn't even close to being complete. With such a long list of technologies comes the potential to make a mistake that brings the whole cluster down. Come hear war stories from the Nordstrom's Kubernetes cluster admins. Each is a true story of how the cluster melted down, how they recovered, and what they did to prevent it from happening again. Don't let any of these happen to you...

About Emmanuel Gomez
Emmanuel initiated and served as tech lead on the Kubernetes platform efforts at Nordstrom for the last three years. He was working with and advocating for containers before the Kubernetes 1.0 release and has continuously (and tirelessly) developed, operated, educated, and led containerization efforts there.

This work has forced him to grapple with many of the challenges that come along with the opportunities of containers and container scheduling. Challenges both technical (ex: complex distributed systems, microservices observability), and organizational (ex: inertia, fragmentation, training). Despite these experiences, he wouldn't trade the new problems back for the old.

About Marius Grigoriu
Marius Grigoriu leads the teams responsible for all of the major tools along the software delivery pipeline: issue tracking, version control, continuous integration and deployment, and production through the use of Kubernetes. His focus is to help teams ship high quality systems on time, on budget, and with a smile.

Off the job, Marius can still be found at the keyboard, whether writing Golang or playing classical piano.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

A Practical Guide to Prometheus for App Developers [B] - Ilya Dmitrichenko, Weaveworks

Ilya will first briefly outline how Weaveworks run cloud-native apps in production on Kubernetes, and how they use Prometheus for monitoring, as well as some of the open-source tools the team has built to implement continuous delivery.

In the main section Ilya will turn the spotlight on Prometheus and demonstrate step-by-step how simple it is to instrument an app, using a very generic Node.js app as reference.

About Ilya Dmitrichenko
Twitter Tweet Facebook Message Websitehttps://weave.works
Ilya is a Developer Experience Engineer at Weaveworks, focused on making the adoption of microservices easier. Prior to Weaveworks, Ilya worked at Xively, where he personally experienced the shift to a true DevOps culture. He began to shift focus down the stack, becoming one of the early evangelists of and contributors to open source projects in the emerging Docker/container ecosystem.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Accelerating Humanitarian Relief with Kubernetes [I] - Erik Schlegel & Christoph Schittko, Microsoft

How can UN humanitarian aid field experts use social media to gain insight, understand trends and track key humanitarian issues? Through a collaboration with Microsoft and UN OCHA, Project Fortis was created to accelerate the surveillance around humanitarian disasters and health epidemics around the world.
This talk discusses the architecture of a high-available native spark pipeline running across multiple Kubernetes clusters to support Fortis customers.

About Christoph Schittko
Christoph Schittko is an engineer with Microsoft working with customers on innovative solutions in the areas of containerization and AI. He's been working with Microsoft customers on building cloud solutions since Azure was called "Red Dog". He’s recently been a contributor to kubernetes and the Azure Container Service. Prior to joining Microsoft he was an MVP award winner, built a web conferencing system before WebEx and taught machines to recognize things in images. Christoph lives in Dallas where he enjoys plenty of sunshine, great food and very German things like beer and the best place to watch soccer in the US.

About Erik Schlegel
Erik is an open source engineer at Microsoft, and based in the Austin area. He's one of the original contributors to the React Native Universal Windows Platform (UWP). Erik leads the engineering effort of Project Fortis, an open source data gathering / surveillance insight platform running on Kubernetes and built with React, Spark and other machine learning technologies. Fortis was created through a collaboration with Microsoft and the United Nations, and used as an early warning indicator for humanitarian crisis(s) and health related epidemics.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

All You Need to Know to Build Your GPU Machine Learning Cloud [B] - Ye Lu, Qunar

GPU is becoming the new common, but at the moment, GPU resources are still hard to find for people who wants to have a taste. So how to build your GPU machine learning cloud?

Resource management & App templating
Even if your company or organization have purchased some GPU devices. Environment and resource isolation is always a problem. Also at the beginning the cloud is more used as a playground, so another consideration is to improve usage rate of resources. How we use Kubernetes to solve this problems.

How to use a wizard to generate machine learning, you can choose using tensorflow or theano, how many GPUs you need, etc.

Make the “customized changes” in immutable container be played back.
The features of container is immutable, which is a double-edged sword, which can ensure the environment can be unique/portable. On the other side, any changes inside the running container can be lost after recreation. How the customed env is saved and reuse?

Managing persistence storage in Kubernetes
How to turn our RBD served as hosted s3, to save models, training data, and so on. So The data scientist can access their data both as a volume and s3 standard api.
Support the running machine learning app,like tensorflow to do online resize.

App model & permission control
We'll talk about the app center , design of appcode and permission control.

About Ye Lu
Devops Engineer @Qunar. Experienced in operating and managing OpenStack cloud, including Qunar OpenStack Cloud in 7 regions. Started constructing and using kubernetes Cloud since 2015. | OpenStack Ambassador.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Ask Your Proxy, It Knows Everything - Blake Mizerany, Backplane

Proxies have long been layered into distributed systems but rarely do we lean on them to do more than route, and balance load. In this talk we will go over how to use proxies to replace Service Discovery, control Release Managment and Traffic Shaping, and streamline Employee on-boarding/off-boarding. You'll talk away never looking at your proxies/load-balancers the same.

About Blake Mizerany
Founder / CTO, Backplane
Sinatra, Heroku, Doozer, Etcd, Backplane
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Automating and Testing Production Ready Kubernetes Clusters in the Public Cloud - Ron Lipke, Gannet/USA Today Network

As a large enterprise organization with legacy infrastructure, we were interested in adopting Kubernetes in our internal Platform as a Service in the public cloud. However, we faced several challenges not addressed by the turn key offerings on the market, such as:

- Maintain control over network architecture within the public cloud to integrate with our internal resource
- Allow teams to easily spin up kubernetes clusters on their own for faster development cycles while retaining cost boundaries and charge-back insight
- Quickly iterate as new kubernetes versions are released and make new features available to end-users (most recently: Role Based Access Controls and StatefulSets)

We will share our experience of using configuration management to automate the testing, building and deployment of production ready cloud agnostic kubernetes clusters to the AWS and Google clouds. We will also discuss examples of moving some of our largest application workloads to these clusters.

About Ron Lipke
Senior Developer, Platform as a Service, Gannet/USA Today Network
Nuclear plant operator turned cloud person
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Block Volumes Support in Kubernetes [I] - Mitsuhiro Tanino, Hitachi Data Systems

Storage is an essential part of any computing systems. In current Kubernetes, user can utilize storage volume with filesystem in a container but can't be utilized volume without filesystem called raw block volume.

By adding a feature to enable raw block storage directly, for example, user can use the raw block volume for database applications such as MariaDB and this improves I/O performance.

In this session, I will explain current activity and feature plan of Block Volumes Support in Kubernetes.

About Mitsuhiro Tanino
Mitsuhiro Tanino is a software engineer who has been working for Hitachi since 2004 and a principal software engineer Hitachi Data systems since 2014. He has experience about development of virtual machine manager for heterogeneous cloud systems and RAS features for KVM virtual environments. Also he contributed OpenStack Cinder project for three years. His current working area is Kubernetes sig-storage, he is enhancing reliability and stability for iSCSI and FC drivers and also contributing Block Volumes Support feature developement.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Bottoms-Up Adoption of a Microservices Workflow Using Kubernetes & Envoy - Rafael Schloming & Phil Lombardi, Datawire

Many organizations start their microservices journey by (re)designing their application architecture and operational infrastructure. We started building our cloud application using this approach. We discovered that this takes a long time.

In this talk, we’ll talk about how we ended up with a different approach when we started thinking about microservices as a workflow, and not an architecture. We’ll talk about our first goal: enabling a single developer to be able to code, ship, and manage a microservice, as quickly as possible. We’ll show how we integrated Kubernetes, Docker, Prometheus, and Envoy to achieve this goal.

Finally, we’ll talk about scaling this initial goal beyond a single developer. We’ll talk about the tradeoffs of this bottoms up approach to the conventional PAAS / service mesh / application architecture strategy, and show how you can get to the same place in the end.

About Phil Lombardi
Phil Lombardi is a Senior Platform Engineer at Datawire.io where he is building a development platform aimed at small companies adopting or using microservices and with a need for their platform to be simple, resilient and adaptable to the ever-changing tech landscape. He has spoken on microservices at many technical conferences like Velocity, NGINX Conf, and Boston DevOps Days. When not pounding on his keyboard or wrangling cloud infrastructure Phil is often found hitting the links to play golf or wandering around the city of Boston looking for the next exciting thing to do.

About Rafael Schloming
Rafael Schloming is Co-founder and Chief Architect of Datawire. He is a globally recognized expert on messaging and distributed systems and a spec author of the AMQP specification. He has spoken on microservices at numerous technical conferences including ApacheCon, the O’Reilly Software Architecture Conference, Velocity, and the Microservices Practitioner Summit. Previously, Rafael was a principal software engineer at Red Hat. Rafael has a B.S. in computer science from MIT.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building Better Containers: A Survey of Container Build Tools [I] - Michael Ducy, Chef

If you stick to the “industry standard” method of building containers (Dockerfiles), it’s easy to build containers that contain libraries, tools, binaries, and more that you don’t need. One survey showed that over 75% of containers contain a full Operating Systems. So how can you build containers that only contain the bits you require to run a particular application, and nothing more. This talk will cover various tools in the open source community that provide better methods for building containers, no matter the underlying container runtime. We will explore Bazel (along with Distroless), Smith (from Oracle), and Habitat (from Chef), and we will cover the benefits and drawbacks of each method. A short demo of each tool will be included.

About Michael Ducy
Born on the rolling plains of central Illinois corn fields, Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. Raised in a blue collar family, his first workbench was given to him at the age of 5. His first programming language was BASIC, at the ripe young age of 6. Michael quickly saw the parallels between building physical objects on his workbench, and building virtual objects with his computer. Still an avid woodworker, Michael finds joy in helping people understand technology and the impact it has on the work that we do, and the lives that we lead.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building GPU-Accelerated Workflows with TensorFlow and Kubernetes [I] - Daniel Whitenack, Pachyderm

GPUs are critical to some artificial intelligence workflows. In particular, workflows that utilize TensorFlow, or other deep learning frameworks, need GPUs to efficiently train models on image data. These same workflows typically also involve mutli-stage data pre-processing and post-processing. Thus, a unified framework is needed for scheduling multi-stage workflows, managing data, and offloading certain workloads to GPUs.

In this talk, we will introduce a stack of open source tooling, built around Kubernetes, that is powering these types of GPU-accelerated workflows in production. We will do a live demonstration of a GPU enabled pipeline, illustrating how easy it is to trigger, update, and manage multi-node, accelerated machine learning at scale. The pipeline will be fully containerized, will be deployed on Kubernetes via Pachyderm, and will utilize TensorFlow for model training and inference.

About Daniel Whitenack
Daniel (@dwhitena) is a Ph.D. trained data scientist working with Pachyderm (@pachydermIO). Daniel develops innovative, distributed data pipelines which include predictive models, data visualizations, statistical analyses, and more. He has spoken at conferences around the world (ODSC, Spark Summit, PyCon, GopherCon, JuliaCon, and more), teaches data science/engineering with Purdue University (@LifeAtPurdue) and Ardan Labs (@ardanlabs), maintains the Go kernel for Jupyter, and is actively helping to organize contributions to various open source data science projects.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building Helm Charts From the Ground Up: An Introduction to Kubernetes [I] - Amy Chen, Heptio

Learn the basics of Kubernetes from the perspective of creating a Helm Chart from scratch!

The Kubernetes cluster will be launched from Rancher, an open source container management software. At the end of this workshop, you will have a functional understanding of pods, services, deployments, Helm, Rancher, and more!

Why learn Kubernetes with Helm Charts?
Much of today's beginner educational content for Kubernetes uses the Kubernetes CLI tool. This can make it hard to visualize the relationship between each command and debug your cluster. Learning how to incrementally build Helm Charts provides a bigger picture of your cluster and is more reproducible.

Why is Rancher cool?
Rancher makes it easy to configure, deploy and manage Kubernetes, on any infrastructure!

I'm in, what are we doing?
- Gain a high level understanding of key Kubernetes concepts accompanied with a lot of diagrams
- Gain an understanding of Rancher's open source container management platform
- Incrementally build a Nginx Helm Chart
- Deploy Nginx from a Kubernetes cluster managed by Rancher

About Amy Chen
Amy Chen is a systems software engineer at heptio. She is passionate about containers, orchestration tools, Go, and salsa dancing. In her free time, Amy runs a youtube channel called Amy Codes where she talks about technical and non-technical aspects of being a software engineer. (https://www.youtube.com/AmyCodes). She also founded a grassroots Facebook online community now 8.5K large called Ladies Storm Hackathons. The demographic is largely college and new grad aged people of all genders with the common aim of gender equality in the tech industry. She aims to make the container and infrastructure industry more accessible to women by evangelizing with her excitement to women's communities. You can follow her internet shenanigans here:
https://www.youtube.com/AmyCodes
https://twitter.com/TheAmyCodes
https://medium.com/@amy
https://github.com/amy
https://www.instagram.com/theamycode/
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building Serverless Application Pipelines [A] - Sebastien Goasguen, Bitnami

The serverless paradigm is bringing a new type of applications to the forefront of application architecture. Distributed, containerized, scalable, event-driven and ephemeral with fine grained billing. In this talk we will go through several application use-cases that are driving the serverless movement (e.g data processing, IoT, mobile-backends,machine learning) and demonstrate how these applications can be developed and deployed on top of Kubernetes using an open source serverless solution called kubeless. Through live demos and examples, we will show that Kubernetes with its rich and stable core API is the perfect platform to build FaaS solutions.

About Sebastien Goasguen
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where he currently serves as Senior Director of Cloud Technologies. An avid blogger he enjoys spreading the word about new cutting edge technologies . Sebastien is the author of the O’Reilly Docker Cookbook and the Kubernetes Cookbook.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building Specialized Container-Based Systems with Moby: A Few Use Cases [I] - Patrick Chanezon, Docker

Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.

This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.

About Patrick Chanezon
Patrick Chanezon is Chief Developer Advocate at Docker Inc. He helps to build Docker, the world’s leading software container platform, for developers and sysadmins.
Software developer and storyteller, he spent 10 years building platforms at Netscape & Sun, then 10 years evangelizing platforms at Google, VMware & Microsoft. His main professional interest is in building and kickstarting the network effect for these wondrous two-sided markets called Platforms.
He has worked on platforms for Portals, Ads, Commerce, Social, Web, Distributed Apps, and Cloud.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building a Cluster Management API using Kubicorn [A] - Robert Bailey, Google & Kris Nova, Heptio

Kris Nova (Heptio) and Robert Bailey (Google) join forces and begin the difficult task of looking into the future of the infrastructure layer of Kubernetes. We start the talk with a brief summary of the state of infrastructure today and explain the differences between “infrastructure as code” and “infrastructure as software”. We look at how the lack of definition in the most fundamental layer of the stack has fragmented our community and caused problems with adoption of Kubernetes.

We propose a new way of representing infrastructure (the cluster API) for the Kubernetes community and take a deep dive into its implementation in kubicorn. We look at the structure of the cluster API and share valuable insight on how we took lessons from other areas of Kubernetes to form what it is today. Furthermore we look at the power of having a declarative approach to infrastructure as we start to treat the infrastructure layer the same as the application layer.

The audience will walk away with a clear understanding of the infrastructure layer, as well as a new way of thinking about the infrastructure in the future via the cluster API.

About Robert Bailey
Robert is a lead for the cluster lifecycle SIG and has been working on Kubernetes for more than 3 years. He was one of the founding members of the Google Container Engine team. Prior to Kubernetes, he was a Site Reliability Engineer helping teams at Google launch new products and services.

About Kris Nova
Kris Nova is an Advocacy Boss for Heptio with an emphasis in containers and the Linux operating system. She lives and breathes open source. She believes in advocating for the best interest of the software, and keeping the design process open and honest. She is a backend infrastructure engineer, with roots in Linux, and C. She has a deep technical background in the Go programming language, and has authored many successful tools in Go. She is a Kubernetes maintainer, and the creator of kubicorn, a successful Kubernetes infrastructure management tool. She organizes a special interest group in Kubernetes, and is a leader in the community. Kris understands the grievances with running cloud native infrastructure via a distributed cloud native application, and is authoring an O'Reilly book on the topic called Cloud Native Infrastructure.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building a Secure, Multi-Protocol and Multi-Tenant Cluster for Internet-Facing Services [A] - Bich Le, Platform9

Exposing internal HTTP-based services to the Internet is a well supported and documented feature of Kubernetes. What's less well understood is how to do it for thousands of services running on behalf of hundreds of possibly competing customers, in particular how to do it securely, protect the privacy of each customer, and support binary protocols other than HTTP. This is the problem that our company solved for our SaaS business which requires hosting and operating the control plane of popular infrastructure management software (e.g. Openstack, Big Data, and Kubernetes itself) as a service for our customers. Those control planes contain services exposing protocols as varied as MySQL and AMQP. This talk describes the challenges we faced and how we solved them using multiple technologies from the Kubernetes ecosystem. The solution includes a system that automatically creates namespaces, provisions certificate hierarchies, and manages ingress controllers for new customers, then wraps services with a set of side-car containers to handle tasks such as TLS termination. We describe how we employed Kubernetes native constructs such as Custom Resource Definitions to automate those tasks. For network communications, we discuss how to securely handle ingress, outgress, pod-to-pod, and cross-namespace traffic. To support both HTTP and TCP-based protocols, we describe a two-level network routing system consisting of both a "k8sniff" and an nginx ingress controller. For ensuring customer data privacy we compare these approaches: (1) Network Policy + Layer 2 virtualization; (2) TLS encryption of all pod-to-pod traffic; (3) a combination of the two. Finally, we debate whether the process isolation model of Linux containers is sufficient, and discuss our experience with stronger virtualization-based mechanisms such as Frakti / HyperContainer.

About Bich Le
Co-founder of Platform9 and veteran of VMware. Career in virtualization, cloud management and containerization.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building an Edge Computing Platform for Network Services Using Cloud Native Technology [I] - Stephen Wong & Vikram Dham, Huawei Technologies, Inc.

Edge computing have become increasingly important due to the demands of latency sensitive applications and explosion of data from end user devices in cases such as Internet of Things (IoT). One common intelligent edge deployment is the buildout of mini data centers on network edge that are centrally managed and operated by the cloud. Unlike traditional data centers, these mini data centers are constrained by limited resources and minimal operational supervision, and as such they impose challenges on traditional data center infrastructure including network services, here defined as L3-7 network services such as packet gateway and application firewall. These services usually are implemented with the need for heavy manual configurations and complex provisioning, which are particularly ill-fitted to deploy at the edge.

In this session we will discuss how we built a new edge computing platform for network services that can achieve auto provisioning, dynamic service deployments and updates, and high resiliency. By running componentized network services in containers orchestrated by Kubernetes, and utilizing projects such as gRPC, linkerd, and fluentd, as well as making use of cloud native related projects including etcd and IOvisor, this platform essentially treats network services as cloud native applications, and thereby able to achieve the associated benefits. We will show a demo of the platform as part of the presentation.

About Stephen Wong
Stephen Wong has had 20 years of software development experience in the networking industry. Currently he is a software architect at FutureWei Technologies, the US Research Center of Huawei Technologies. His focus at FutureWei is to advance the field of Network Function Virtualization (NFV) via contributing to the OPNFV project. He is also a long time contributor for various projects under both OpenStack and OpenDaylight —- having co-founded the OpenStack Tacker project (network service orchestration), and was core reviewer for OpenStack networking-sfc (Neutron service function chaining), OpenStack Tacker, and both the OpenStack and OpenDaylight Group-based Policy (network policy framework) projects.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Building and Running an Enterprise-grade Serverless Platform on Kubernetes - Ying Huang & Quinton Hoole, Huawei

Serverless platforms provide functions as a service, and have become a hot topic largely because they allow developers to focus on core business logic, leaving packaging, deployment, monitoring, event propagation, scaling and load balancing to the infrastructure. The serverless billing model is simple - pay-per-invocation - which can being significant benefits for many event-driven applications.

Huawei launched its FunctionStage serverless platform, which is built on Kubernetes, in 2017. In this talk we will explain in detail the design and implementation of FunctionStage. This involved both fairly straightforward function packaging, scheduling, auto-scaling, event triggering and load balancing, as well as some significantly more interesting challenges related to container re-use, on-the-fly micro service provisioning, reliable operation and much more. We will demonstrate the use of our system to solve some complex real-world problems in Huawei Public Cloud.

About Quinton Hoole
Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cloud computing project (2005-2009) where he lead much of the early design, implementation and operation. As a lead engineer at Nimbula (a startup that was sold to Oracle in 2012), lead the design and development of their Cloud IAAS product (both private and public cloud). His experience prior to EC2 includes telecommunications (call center switches, CTI systems, mobile billing systems), financial (data exchanges, point-of-sale systems), travel (internet booking systems, airline and hotel reservation systems) and mobile (aviation GPS navigation, banking etc).

About Ying Huang
Ying is currently a senior software architect at PaaS (Platform-as-a-Service) team at Huawei. She played a key role leading the design and implementation of FaaS (Function-as-a-Service) platform in Huawei. Before that, she worked in Microsoft Azure Identity team as an engineer for two years. She also worked in Amazon as a platform software engineer for seven years.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

CNI, CRI, and OCI - Oh My! [I] - Elsie Phillips & Paul Burt, CoreOS

If you work with containers, it’s easy to get lost in the emerging standards and foundations. You might have questions like:
What is OCI? What happened to appc? Do I need to do anything to take advantage? Don’t we already have container runtimes? So, why do we need CRI? Similarly, what’s the use of CNI with all of the container networking solutions already out there?

Our aim is to answer all of these questions, and showcase places you can find (and use!) each of them. We’ll discuss how these specs affect you when using Kubernetes or other container orchestrated projects. Kubernetes will serve as a handy vehicle for some short, live demos. We’ll explore how each standard is improving our lives today, and what kinds of innovation they open up for the future.

About Paul Burt
Paul Burt is a Community Manager at CoreOS. He’s upvoting your /r/kubernetes threads and answering your #coreos questions on freeNode. Paul has a knack for and demystifying infrastructure, and making gnarly, complex topics approachable. He enjoys home brewing beer, reading independent comics, and yelling at his computer when it doesn’t do what he wants.

About Elsie Phillips
Elsie herds the CoreOS Community and Co-Leads the Kubernetes Contributor Experience SIG. She's a northwest native who got her start in open source working at the Oregon State University Open Source Lab. In her free time she throws wild one woman dance parties and makes a mean vegan chocolate chip cookie.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

CRI-O: All the Runtime Kubernetes Needs, and Nothing More - Mrunal Patel, Red Hat

CRI-O is a brand new container runtime dedicated and optimized to support kubernetes workload. Its goal is to be a stable container runtime tied to kubernetes releases, replacing the docker daemon.

Historically every update of Docker has broken Kubernetes. This has led to major rewriting and fixes of Kubernetes, which is understandable since Docker is not primarily for Kubernetes. Kubernetes needs a container runtime dedicated to its specifications.

CRI-O, the name comes from the Container Runtime Interface for Open container runtimes, takes advantages of emerging standards like OCI Runtime and Image Specification, as well as open source projects to handle container images (github.com:containers/image, github.com:containers/storage) . This means as these projects advance CRI-O will be able to take advantage of the improvements and features, but all the while guaranteeing that it will not break any functionality required by the Kubernetes CRI. CRI-O works with runc and Clear Containers runtimes.

CRI-O was designed from the ground up to satisfy Kubernetes Container Runtime Interface, and currently passes all node and E2E tests. The github repository has been setup to not accept any pull requests that causes these tests to break. We will be tying the versions of CRI-O to the Kubernetes versions, to maintain complete compatibility.

This talk will describe the CRI-O architecture as well as demonstrate different kubernetes features running on top of CRI-O exercising the CRI API. The attendees will learn how to configure CRI-O with kubernetes and use it for their workloads.

About Mrunal Patel
Mrunal Patel is a Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He is the lead developer of CRI-O. He has helped contribute support for user namespaces to the Go programming language and runc/libcontainer. He has also helped contribute various other features to docker and runc.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda

Certificates are an integral part of a secure Kubernetes cluster deployment. They are mainly used to secure the Kubernetes API server using TLS, but certificates (and keys) are also used for other cluster functions such as client authentication, encryption of secrets, TLS bootstrapping, and the generation of service account tokens.

Certificates pose interesting challenges to cluster operators. What does the certificate setup look like in an ideal scenario? How long should certificates be valid for? When nearing expiration dates, how can certificates be rotated to ensure the cluster remains operational? These challenges must be understood when it comes to deploying and operating a Kubernetes cluster.

After this talk, you should have a better understanding of:
- How each cluster component uses certificates for secure communications
- How certificates can be used for authentication, including service account tokens
- How the Kubelet TLS bootstrapping process works
- How to plan, generate and deploy the certificates required for a secure cluster
- How to rotate certificates that are nearing their expiration date

About Alexander Brand
Alex works on the Kismatic Enterprise Toolkit at Apprenda, making the deployment of production Kubernetes clusters easier. He has been involved with Kubernetes and related projects since early 2016. Before Apprenda, Alex attended Queen's University in Canada, where he majored in Biomedical Computing.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Cloud Native Logging 101 [B] - Eduardo Silva, Treasure Data

In the Cloud Native Era logging is a fundamental piece of the instrumentation life cycle. With applications running as micro services the log information generated is much more and understanding how to implement and manage logging with this new architecture is fundamental.

This 101 presentation will introduce the concepts of log processing (end-to-end) applied to applications running in orchestrated environments managed by Kubernetes (live demos included).

About Eduardo Silva
Eduardo is an Open Source Engineer at Treasure Data. He currently leads the efforts to make logging more scalable in Containerized and Orchestrated systems such as Kubernetes.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Cluster-in-a-Box: Deploying Kubernetes on lxd [B] - Rye Terrell, Canonical & Marco Ceppi, The Silph Road

Deploying kubernetes on top of lxd allows you to build and operate one or more clusters within a single machine, virtual or bare metal. Architect your cluster to be used for development, testing, and more. Once you're satisfied, create a machine image of your host VM for fast, reproducible deployments.

About Marco Ceppi
Marco Ceppi: Operations for The Silph Road, the largest grassroots Pokemon Go community, whose infrastructure is run on Kubernetes

Rye Terrell
Engineer at Canonical working on the Canonical Distribution of Kubernetes, a cloud-agnostic deployment and management tool for kubernetes.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Community Awards
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Compliance and Identity Management in Kubernetes [I] - Marc Boorshtein, Tremolo Security, Inc.

Compliance with what? Depends on your industry. As k8s continues to expand into regulated enterprises such as government, health care and financials deployments will need to understand how managing users and their access relates to compliance obligations. This session will focus on how identity management can be approached for solving this issue. How do you onboard users? Authorize their access to a namespace? Offboard them? Is there a need to differentiate between a privileged user and an unprivileged user? I'll go beyond the technical implementation in k8s and tie it to specific compliance requirements in FISMA and demo how solving the compliance issue can also improve the usability and security of your k8s deployment. This talk will follow a similar form to https://www.tremolosecurity.com/openshift-compliance-and-identity-management/ but specifically on k8s.

About Marc Boorshtein
Marc has nearly fifteen years of identity and access management experience as a software engineer, product developer, and consultant. He is experienced building, deploying, and managing identity systems from most major vendors across numerous industries as well as working with security teams to analyze compliance impacts and assist with remediation. Marc has been the lead architect for multiple civilian agency's FICAM programs and has previously spoken at Google DevFest 2016, The Information Security Systems Association conference, given multiple briefings on identity management for OpenShift Commons and presented on OpenShift identity management compliance at Red Hat Summit 2017.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

ConfigMaps 102: Using ConfigMaps in Dynamic Application Deployments - Trevor McKay, Red Hat

ConfigMaps let you “decouple configuration artifacts from image content”. In other words, if you use ConfigMaps wisely in your apps you’ll never have to respin an image just to change a flag. This is a powerful feature which greatly simplifies creating and managing containerized applications. As powerful as they are, however, use of ConfigMaps has typically required a pretty static application deployment -- for example, ConfigMaps must exist before the apps that reference them, their names must be known ahead of time, and it was only recently that the (wonderful) idea of “optional” ConfigMaps was introduced. In this talk we’ll look at several ways we’ve found to use ConfigMaps dynamically in the context of a management platform for Apache Spark clusters we call Oshinko. You’ll leave armed with new ideas of how to leverage the power of ConfigMaps in dynamic applications with a broader set of deployment options.

About Trevor McKay
Trevor McKay is a Principal Software Engineer at Red Hat with a background in distributed computing and big data processing, having worked extensively with Apache Spark on OpenStack and now on Kubernetes. He is passionate about simplifying user experience in general and making analytics accessible in particular.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Container Runtime and Image Format Standards - What it Means to be “OCI-Certified” [I] - Jeff Borek, IBM & Stephen Walli, Microsoft

With the proliferation and rapid growth of container-based solutions over the past few years— including container-based solutions from almost all major IT vendors, cloud providers, and emerging start-ups—the industry needed a standard on which to support container image formats and runtimes while also ensuring interoperability and neutrality. The Open Container Initiative (OCI) was launched with the goal of developing common, minimal, open standards and specifications around container technology without the fear of lock-in. OCI has recently issued v1.0 of its container image format and runtime specifications, which enable a consistent and stable platform for running containerized applications.

The next phase in ensuring broad adoption of common container image format and runtime specifications is the OCI Certification program, which will be launching soon. This session will provide an overview and goals of the program, factors to consider if becoming OCI-certified makes sense for your container project, how to get your container project OCI-certified, and how you might be able to gain interoperability benefits from OCI-certified solutions. This session will also include a demo of the OCI Image validator being run against container images from container image registries from multiple vendors.

About Jeff Borek
Jeffrey Borek is a senior technology and communications executive with over twenty years of leadership and technical experience in the Software, Telecommunications, and Information Technology/Consulting industries. He is currently a WW Program Director for the Open Technologies and Developer Advocacy team - working with developers, business partners, leading industry analysts, and various open source community initiatives including; the Cloud Native Computing Foundation (CNCF) initiative, the Open Container Initiative (OCI), and the Open API Initiative (OAI) to ensure rapid response to changes in the open source ecosystem.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Continuous Delivery with Kubernetes at Box [I] - Greg Lyons, Box

Deploying and managing applications with Kubernetes can be challenging. Organizing configuration across multiple environments, rolling out changes incrementally, safely killing or rolling back failed deployments - these are just a few difficulties that organizations face when running containers in production.

At Box, we've dealt with these issues and more, at the scale of thousands of servers across multiple data centers and public cloud providers. In this talk, we'll share how we set up a continuous delivery pipeline with Jenkins, Docker, Artifactory, and Kubernetes to test, build, and release our software rapidly and reliably. We'll discuss how our pipeline reduces time to ship to production, provides greater visibility into the deployment process, and empowers our engineers to deploy quality code with confidence.

About Greg Lyons
Greg is a software engineer at Box, where he works on tooling for running microservices with Kubernetes. He built and open-sourced kube-applier, a containerized service for deploying Kubernetes apps with declarative configuration.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Continuous Integration at Scale on Kubernetes [B] - Karthik Gajjala, eBay

eBay has a large community of developers working on several thousand applications at any time. To improve developer productivity, we offer Continuous Integration As A Service (CIAAS). This system provides capability to build and test several thousand applications concurrently. This talk will walk the users through our journey of building this system on top of Kubernetes, the challenges
we faced, optimizations we deployed and the scale and reliability we achieved at scale of tens of thousands of builds a day. We plan to continue our journey to leverage public clouds and we want to share our thoughts and initial plans.

About Karthik Gajjala
Karthik Gajjala is a Director of Cloud Engineering at eBay responsible for eBay’s private Cloud that includes Infrastructure As A Service and Platform As A Service. He has been a technologist for close to two decades working in Startups and large enterprises. At eBay, his organization built and operates one of the largest installations of OpenStack Cloud on the planet that powers all of eBay. His organization provides platform services to all of eBay’s developers to improve their productivity through automation, control and transparency.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Cost-effective Compute Clusters with Spot and Pre-emptible Instances [I] - Bich Le & Arun Sriraman, Platform9

Kubernetes and Spot/Pre-emptible Instances (SPIs) are arguably a match made in heaven. Traditionally, the uncertainty of SPIs (they can be terminated at any time due to price fluctuations) have made managing them tricky, and restricted them to specific workloads and use cases.

Kubernetes, in contrast, not only handles node failure very well, it has trained developers and architects to design applications to tolerate and even embrace failure. The prospect of Kubernetes abstracting the complexities of SPIs is now a reality, enabling applications to take advantage of low-cost compute across different clouds and possibly vendors.

The purpose of this talk is to educate the audience on strategies for making the most out of this powerful combination. Specifically, we will discuss these topics:

1. What are spot bidding strategies, and what is their cost vs. predictability trade-off?
2. What class of Kubernetes applications would benefit the most from SPIs?
3. Available Kubernetes mechanisms (e.g taints/tolerations, affinity, availability zones) for placing applications based on their tolerance with SPIs
3. Implementation strategies (e.g. blending multiple autoscaling groups to satisfy both SPI-optimized applications vs. applications that are more mission-critical or stateful)
4. What out-of-the box solutions exist, either free or commercial?
5. How to take abstract away clouds from different regions and vendors, allowing workloads to always take advantage of the best available pricing?

The talk concludes with real-world test results involving multiple use cases and configurations, giving the audience an idea of the potential cost savings and trade-offs (if any) of combining Kubernetes and SPIs.

About Bich Le
Chief Architect, Platform9
Co-founder of Platform9 and veteran of VMware. Career in virtualization, cloud management and containerization.

About Arun Sriraman
At Platform9 Systems I work on everything networking with deeper focus on Kubernetes and Openstack. Architecting, designing and writing code to solve interesting problems gets me on and recently I've been dabbling with the internals of container technology. Before Platform9, I've worked with Cisco Systems, Aruba Networks and Siemens. I hold a Masters in Computer Networking degree from North Carolina State University.My interests are in the field of Computer Networks, Virtualization, Cloud computing, Operating systems, System architecture and of late Machine learning.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

CrashLoopBackoff, Pending, FailedMount and Friends: Debugging Common Kubernetes Cluster and Application Issues [B] - Joe Thompson, Oteemo

Nothing is more frustrating than deploying a shiny new application on Kubernetes and having it fail immediately (usually five minutes before the big demo). Is it a problem with the pod network? Pods Pending or in CrashLoopBackoff, Services not serving, images not pulling? Maybe you're just plain out of resources. If you're new to Kubernetes, figuring it out from scratch can take hours you don't have. We'll show you how to dig in, identify the problem, resolve it, and learn what to watch for so you aren't taken by surprise next time.

About Joe Thompson
I'm a senior consultant in the container practice at Oteemo, a consultancy specializing in innovative IT automation, and also a co-organizer of the NOVA Kubernetes Meetup. Prior to Oteemo I worked at CoreOS and Red Hat, providing practical solutions and training in and for Kubernetes and other cloud environments. My experience in IT operations and engineering stretches from present-day cloud and virtualization back to before you could Google error messages to find out what the problem was, and my blood type is caffeine-positive.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Democratizing Machine Learning on Kubernetes [I] - Joy Qiao & Lachlan Evenson, Microsoft

One of the largest challenges facing the machine learning community today is understanding how to build a platform to run common open-source machine learning libraries such as Tensorflow. Both Joy and Lachie are both passionate about making machine learning accessible to the masses using Kubernetes. In this session they'll share how to deploy a distributed Tensorflow training cluster complete with GPU scheduling on Kubernetes. We’ll also share how distributed Tensorflow training works, various options for distributed training, and when to choose what option. We’ll also share some best practices on using distributed Tensorflow on top of Kubernetes, based on our latest performance tests performed on public cloud providers. All work presented in this session will be accessible via a public Github repository.

About Lachlan Evenson
Lachlan Evenson is a cloud native evangelist and mercenary. Lachlan has spent the last two and a half years working with Kubernetes and enabling cloud native journeys. He is a believer in open source and is an active community member. Lachlan spends his days helping make cloud native projects run great on Azure.

About Joy Qiao
Joy Qiao is a senior solution architect in the AI & Research Group at Microsoft, where she is responsible for driving end-to-end AI/ML solutions on Azure among the partner eco-system. Joy has over 15 years of IT industry experience including 11 years at Microsoft working as technical lead/architect roles at various Azure & AI engineering teams, as well as senior consultant/architect in the Microsoft services team. Joy has mainly been focusing on Microsoft Azure, Big Data and Machine Learning technologies, leading and delivering Machine Learning, Big Data and Cloud-based solutions for both internal and external MS enterprise customers and partners.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Deploying Kubernetes Without Scaring Off Your Security Team [I] - Paul CzarkowskI, Pivotal & Major Hayden, Rackspace

subtitle: "The Major Hayden Center For Kubernauts Who Can't Security Good And Wanna Learn To Do Other Stuff Good Too"

One of the larger roadblocks we face in the enterprise when trying to adopt new technologies is getting the security and compliance teams onboard.

Tools like kubicorn and kubeadm are likely the foundation on which Kubernetes deployments will be performed in the future as they help simplify the deployment and operations of Kubernetes a very complex distributed system.

However concerns about security and compliance, which are not as yet addressed by those tools, may act as inhibitors and road blocks to using these them and thus Kubernetes in the enterprise.

Thankfully the techniques and tools for deploying Enterprise Linux distributions, securing them, and ensuring compliance already exist and can be very easily combined with kubernetes.

In this talk we’ll expand upon these enterprise requirements and use cases and show how we can use existing Ansible tooling to deploy kubernetes on bare metal or the cloud, monitor it with common enterprise monitoring tools, secure it with a 2fa SSH bastion, and ensure [DISA STIG] compliance.

About Paul Czarkowski
Paul Czarkowski is a recovering Systems Administrator who has run infrastructure for longer than he cares to admit. After cutting his teeth in the ISP and Gaming industries Paul changed his focus to using (and contributing to) Open Source Software to improve the Operability of complex distributed systems such as Kubernetes and OpenStack. Oh and he makes the best Queso in Texas.

About Major Hayden
Major Hayden is a principal architect at Rackspace and lives just outside San Antonio, Texas. He automates infrastructure deployments while improving security along the way. He runs icanhazip.com and blogs on major.io. Don't give him new ideas for domain names -- he owns far too many.

When he's not at work, he tinkers with amateur radio (W5WUT), reads lots of books, and runs 5Ks from time to time.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Deploying to Kubernetes Thousands of Times Per/Day - Dan Garfield, Codefresh & William Denniss, Google

Connecting all the pieces to make zero downtime continuous delivery happen at scale. We'll show real teams bring all the components come together to make high-velocity deployment to Kubernetes scale. Get a hands on view of the critical steps that go into making container management a scalable process that not only allows teams to delivery faster but with more confidence in the final result.

About William Denniss
William is a Product Manager at Google and works on Google Cloud and Kubernetes. He has a passion for open source and open standards, is the author of several IETF Internet-Drafts including OAuth 2.0 for Native Apps, and founded AppAuth, the leading open source OAuth client for native apps.

About Dan Garfield
Dan Garfield is a full-stack engineer, kubernaut, and raspberry pi enthusiast. He's contributed to a number of open source projects and has beat Super Mario Bros 3 without a warp whistle. He works at Codefresh, a container delivery platform designed around containers and Kubernetes. Ask him about his robotic chicken coop.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

DevOps Friendly Doc Publishing for APIs & Microservices - Amanda Whaley, Cisco DevNet

Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and API consoles. Keeping docs updated and in sync with code can be a challenge. We’ve been working on a project to help solve this problem for engineering teams internally across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that:

- Has a developer friendly editing flow
- Accepts many API spec formats (Swagger, RAML, etc)
- Supports long form documentation in markdown
- Is CI/CD pipeline friendly so that code and docs stay in sync
- Is flexible enough to be used by a wide scope of teams and technologies

This session will share many lessons learned about tooling and attendees will learn how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure.

About Amanda Whaley
Amanda Whaley is Director of Developer Experience & Developer Evangelism for Cisco DevNet. She spends most of her time thinking about how developers use Cisco APIs, and about how to make their job easier. She also leads a team of developer evangelists who work with Cisco partners and developers in many technology areas including IoT, Collaboration, and Software Defined Networking. Amanda has a background in application development and engineering, and she is interested in all things that help developers build cool stuff – tools, APIs, docs, frameworks. She also a mom of two little boys, novice drummer, and you can often find her on the mountain biking trails in her hometown of Austin, TX.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Developer Tooling for Kubernetes Configuration [I] - Gareth Rushgrove, Puppet

Writing Kubernetes YAML files provides a simple starting point for most users of Kubernetes. Mainly through the power of copy and paste we all get our first examples working. But as usage of Kubernetes grows, spanning teams and time, we build up a lot of those YAML files. Many people reach for templating, or look at higher-level tooling like Helm packages next. But catching errors is still mainly a manual process of running the resulting configuration against a working Kubernetes cluster.

In this talk we’ll look at what’s missing in this workflow, looking for inspiration from developer tooling from other languages and frameworks. In particular we’ll consider:

* Ways of providing feedback about invalid configuration in our text editors
* Validating configuration against the Kubernetes types, especially useful when generating that configuration from templates
* Checking Kubernetes configuration is valid for different versions of Kubernetes
* What unit testing our Kubernetes configuration looks like
* How to integrate all of this together into a continuous integration based workflow

We’ll show examples using straight YAML files, templating and higher-level tooling like Helm and Jsonnet. The talk will also cover the benefits of a standard development environment, especially for new users, and provide tips for those getting started and more experienced users. The audience should come away with ideas for making there Kubernetes experience more efficient and more developer friendly.

About Gareth Rushgrove
Gareth Rushgrove is a principal software engineer at Puppet. He works remotely from Cambridge, UK, building interesting tools for people to better manage infrastructure. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and information security. When not working he can be found writing the Devops Weekly newsletter or hacking on software in new-fangled programming languages.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Developing Locally with Kubernetes [I] - Ryan Jarvinen, Independent

This talk will cover several common local development scenarios, and will review the major tradeoffs found when adopting minikube, minishift, draft, and other popular tools for enabling local development of distributed web solutions.

Learn how using Kubernetes locally can help your web teams deliver solutions faster and more reliably.

About Ryan Jarvinen
Ryan Jarvinen is a Developer Advocate and Open Source Evangelist focusing on improving developer experience in the container community. He lives in Oakland, California and is passionate about open source, open standards, open government, and digital rights. You can reach him as "RyanJ" on twitter, github, and IRC.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Disaster Recovery for your Kubernetes Clusters [I] - Andy Goldstein & Steve Kriss, Heptio

It’s 3am. Your pager is beeping. Your Kubernetes cluster is down. Don’t panic - we’ve got you covered. In this talk, we’ll describe a variety of disaster scenarios you may encounter. We’ll arm you with the knowledge you need to overcome them. Whether you’re a systems administrator, application developer, or end user, after this talk you’ll walk away with a thorough understanding of Kubernetes disaster recovery, including:

A disaster recovery overview
- Strategies for Kubernetes
- Comparisons to federation and high availability
- Which components to back up vs recreating from scratch

How to minimize your time to recovery
- Automate cluster creation and infrastructure configuration
- Back up and quickly restore your cluster applications, workloads, and persistent volumes using tools such as Heptio Ark

How to handle specific disaster scenarios
- Losing nodes
- Recovering from bad configuration updates
- Cloud provider outages

About Andy Goldstein
Andy Goldstein is an engineer at Heptio where he works on tooling to make operating Kubernetes clusters easier, and he also contributes to Kubernetes. Prior to his current role, Andy worked on Kubernetes and OpenShift at Red Hat. Andy lives in Rockville, MD, with his wife, two children, and two noisy cats.

About Steve Kriss
Steve Kriss is a systems engineer at Heptio working on building tools and products to help Kubernetes users be successful, and has been a contributor to upstream Kubernetes as well as a member of the Kubernetes release team in the past. Steve recently relocated to Seattle from New York and is still trying to find a good bagel.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Distributed Database DevOps Dilemmas? Kubernetes to the Rescue - Denis Magda, GridGain

Distributed databases can make so many things easier for a developer... but not always for DevOps. OK, almost never for DevOps. Kubernetes has come to the rescue with an easy application orchestration!

It’s straightforward to do the orchestration leaning on relational databases as a data layer. However, it’s becoming a bit trickier to do the same when a distributed SQL database or other kind of distributed storage is used instead.

In this talk you will learn how Kubernetes can orchestrate distributed database like Apache Ignite, in particular:
Cluster Assembling - database nodes auto-discovery in Kubernetes.
Database Resilience - automated horizontal scalability.
Database Availability - what’s the role of Kubernetes and the database.
Utilizing both RAM and disk - set up Apache Ignite in a way to get in-memory performance with durability of disk.

About Denis Magda
Denis Magda is a Director of Product Management at GridGain Systems and Apache Ignite PMC Chair. He is an expert in distributed systems and platforms. Before joining GridGain and becoming a part of Apache Ignite community, he worked for Oracle where he led the Java ME Embedded Porting Team -- helping Java open cross new boundaries by entering the IoT market.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Distributed Workflows for Microservices-Style Applications [I] - Yun Qin, Nirmata

Microservices-style architectures solve several problems but also introduce new complexities. With Microservices, a best practice is to keep services isolated and loosely coupled. However, in the real world, it is not uncommon to encounter business logic which requires coordination across multiple business functions i,e. microservices.

The distributed workflow pattern addresses this problem. In this presentation we will describe the distributed workflow pattern and its use cases. We will then look at various implementations of this pattern, such as Netflix Conductor, AWS Simple Workflow Service and NirmataOSS Workflow.

We will end by showing a demonstration of a distributed workflow, running on a Kubernetes cluster and show how workflow managers can leverage Kubernetes features like Horizontal Pod Autoscaling.

About YUN QIN
Yun is a software enginner in Nirmata, a company deliverring integrated solutions for multi-cloud application management. Yun has extensive experience in distributed system application development and operations. Prior to joining Nirmata, Yun worked as a senior network engineer at China Unicom, one of the biggest telecommunication company in China. Yun holds a M.S. in Computer Science Engineering from Santa Clara University.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Don’t Hassle Me, I’m Stateful - Jeff Bornemann & Michael Surbey, Red Hat

Stateless, cloud-ready applications are the future for many enterprise users, but what do you do about legacy monoliths, and existing vendor applications? New StatefulSet features within Kubernetes allow developers and administrators to work with these types of applications, and still reap the many rewards of a containerized platform. This session will explore some of these features by deploying a full MongoDB cluster on-top of OpenShift.

About Jeff Bornemann
Jeff has been developing software for Fortune 500 companies for many years, including contributions to multiple OSS projects. Jeff works with Red Hat's OpenShift platform, helping to bring container adoption to Red Hat customers.

About Michael Surbey
With a background in development, design, and management of enterprise IT-driven solutions, Mike enjoys helping U.S. public sector customers, contributors, and partners create better a citizen experience the open source way.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Economics of using Local Storage Attached to VMs on Cloud Providers [I] - Pavel Snagovsky, Quantum

Public cloud storage resource offerings aren't always optimal to run Cloud Native applications. This talk explores several storage options comparing costs, performance, resilience, features and interfaces of file, block and object storage for Cloud Native applications in AWS. EBS vs Instance store for Kubernetes nodes are compared for different scenarios. This talk also covers pros and cons of leveraging object store using resources already provisioned as oppose s3.

About Pavel Snagovsky
Pavel Snagovsky is a Software Engineer at Quantum Corporation, contributing to several projects advancing storage evolution, including rook.io. Previously worked in Operations at Ticketmaster, Limelight Networks, Yellowpages and other companies.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Effective RBAC - Jordan Liggitt, Red Hat

The v1 release of role-based access control (RBAC) in Kubernetes 1.8 provides a flexible way to ensure users and applications have proper access to the Kubernetes API. This talk is for administrators who want to secure their clusters, and for anyone who wants their applications to integrate easily in RBAC-enabled environments. This talk will give an overview of the RBAC design and API, explain how to set up an RBAC-enabled cluster, demonstrate applying policies to existing applications, show how to create custom roles to distribute with applications, and answer the question "Can Bob educate dolphins?"

About Jordan Liggitt
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Embedding the Containerd Runtime for Fun and Profit [I] - Phil Estes, IBM

The containerd project, one of the youngest in CNCF, is purpose-built to be an embeddable container runtime expected for use within higher layer container systems like the Docker engine and the Kubernetes orchestrator. Of course, the intent is that it will be used and embedded within a variety of software systems and has been designed for easy consumption via a gRPC API and client library.

In this talk we'll walk through a straightforward example of building up a container "client" written in Go, using today's containerd client library and API. Similar to how the Kubernetes CRI uses the containerd endpoints or how the Docker engine's libcontainerd operates, our small client will have access to all the same capabilities of container lifecycle management and registry interactions provided by containerd.

To finish our tour of building a fully functioning containerd client, we will pair our new sample application with LinuxKit and the Moby tool project. Using these tools, we'll build a simple virtual machine that embeds containerd and our sample client to test interesting aspects of containerd's capabilities in our own customized Linux OS image.

About Phil Estes
Phil is a Senior Technical Staff Member in the office of the CTO of IBM Cloud. Phil is a core contributor and maintainer on the Docker engine project where he has contributed key features like user namespace support and multi-platform image capabilities. Phil is also a founding maintainer of the containerd project, and participates in the Open Container Initiative (OCI) as a contributor to the development of runc/libcontainer.

Phil guides both IBM product teams and IBM's customers in applying container technology and concepts to their own cloud native efforts. Phil speaks regularly at industry conferences and meetups and enjoys helping customers and developers alike understand this fast growing ecosystem. Phil is a member of the Docker Captains program and maintains an active blog on container topics at https://integratedcode.us. You can find him on Twitter @estesp.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Embracing Cloud Native at a Thriving, Established Company - Brian Akins, MailChimp

We are in the midst of a major shift at MailChimp. In many ways, we are a microcosm of the industry as a whole: moving from large monoliths to microservices and trying to figure out what that even means. I will discuss the hands-on, real world experiences we have had as we embrace microservice techniques and technologies. I’ll discuss why we choose Kubernetes, Prometheus, and other cloud native technologies. I’ll show our approach to building and operating multiple on premise, bare metal clusters. We’ll talk about our existing development and deployment pipeline as well as our current experimental projects. We’ve had a few false starts and failures and will discuss those to help others possibly avoid the same issues. Finally, I’ll speak candidly about the struggles we’ve had getting organizational momentum for this transformation.

About Brian Akins
Brian is a 20 year industry veteran.He has done a bit of everything - from assembly to CSS racking servers to building distributed systems. For the last few years, Brian has been focused on building and operating infrastructure using components such as containers, Kubernetes, Prometheus, etc. He is currently a staff engineer at MailChimp. Brian lives in the suburbs of Atlanta with his wife and four children.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Enable your Microservices with Advanced Resiliency and Fault Tolerance Leveraging Istio [I] - Animesh Singh & Tommy Li, IBM

Building and packaging microservices is one part of the story. Given a highly salable and distributed microservices deployment is going to face failures at different layers, how do we make these microservices resilient and fault tolerant? How do we enforce policy decisions such as fine-grained access control and rate limits? How do we enabled timeouts/retries, health checks etc? Even though some language specific frameworks address these issues, the implementation is often framework or language specific.

If the underlying framework or language changes, the resiliency features need to be reimplemented or ported over. And in some cases, applications also have the responsibility of implementing the code and configuration required for resiliency and fault tolerance. A Service-mesh architecture attempts to solve these issues by extracting the common resiliency features needed by a microservice framework away from the applications and frameworks and into the platform itself. Istio provides an easy way to create this service mesh.

In this talk we will discuss how to build, deploy, connect your Java microservices leveraging Istio service mesh. We then show how to configure and use circuit breakers, timeouts/retries, rate limits and other advanced resiliency features from Istio without changing the application code.

About Tommy Li
Tommy Li is a software developer for IBM focusing on Cloud, Container, and Infrastructure technology. He has worked on various Developer Journeys on Kubernetes, Microservice, and Hybrid Cloud to provide use cases on cloud-computing solutions. He is also passionate about Machine Learning and big Data.

About Animesh Singh
Animesh Singh is an STSM and Lead for IBM Cloud, Containers and InfrastructureDeveloper Technology. He is also a member of IBM Academy of Technology, and has been an active open source IBM champion. Over the course of last few years, he has been leading major initiatives for IBM Cloud and Bluemix and currently works with developers to design and develop cloud-computing solutions around Kubernetes, Docker, Serverless, OpenWhisk, OpenStack and Cloud Foundry. He has also been leading cutting edge technical Cloud products and projects for IBM Customers (US and around the globe) in Telco, Banking, Aviation and Healthcare Industries. Animesh has numerous patents to his credit and runs Bay Area meetups and user group son Cloud Foundry and Serverless technologies, and is an active speaker in conferences around the globe.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Enforcing Bespoke Policies in Kubernetes [I] - Torin Sandall, Styra

Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies.

In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.

About Torin Sandall
Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer at Cyan Inc. (acquired by Ciena Corp.) where he designed and developed core components of their SDN/NFV platform such as modelling languages as well services for resource orchestration and topology discovery. Torin has recently given talks on policy-related topics in Kubernetes at ContainerDaysPDX and LinuxCon Beijing as well as the Kubernetes Community Meeting and the Kubernetes SF meetup.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Establishing Container Trust at Scale [I] - Tim Mackey, Black Duck Software

Quantifying risks in a container image is a critical aspect of production deployments. With orchestration clusters supporting thousands of nodes, any risk assessment solution must work at production scale. Once a trusted image is deemed vulnerable, application risk increases, but which applications are impacted, and how far has trust been broken? Trust is established through best practices including the use of trusted image registries, static code analysis, fuzzing, strong perimeter defenses and deployment controls. Unfortunately, this trust model omits information flow.
Malicious actors succeed when applications are most vulnerable. When devising action plans in response to security disclosures, defenders must quickly assess both the impact and scope of the disclosure. This time to remediation requires accurate and actionable vulnerability assessments as applications are created, deployed and scaled. Enhancing security information flow accelerates risk mitigation at production scale.

About Tim Mackey
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix Open Source Business Office. Tim has held roles in mission critical engineering, performance monitoring, and large-scale data center operations. He has spoken globally on a variety of topics and at well-known events such as OSCON, LinuxCon, CloudOpen, Interop, CA World, Cloud Connect, USENIX LISA and the CloudStack Collaboration Conference. Mr. Mackey is an O'Reilly published author.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Evolving and Supporting Stateful, Multi-Tenant Decisioning Applications in Production [A] - Keith Gasser, Capital One

With our adoption of Kubernetes at Capital One, we have simultaneously reduced our application delivery time-to-market while providing a common platform for streaming pipelines. We leverage Kubernetes to manage stateful decisioning applications for multiple tenants and provide a host of analytical tools as platform services to help data scientists iteratively improve decision models. We will discuss the challenges in operating these pipelines which consist of Apache Nifi canvases/flows for data ingress/egress, Kafka as persistent stream backbone, Flink for decisioning, and a number of other popular open source data analytics packages such as Apache Drill and Zeppelin forming our “Analytical Environment.”

About Keith Gasser
Keith is a Software Engineer specializing in DevOps and Application Security at Capital One currently working on a team which has built a Kubernetes-based streaming and decisioning pipeline for Capital One Bank.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Expand Your Spinnaker Pipeline to the Desktop [I] - Sean Korten, Kenzan

Commit, build, test, push, build, test, deploy, test, promote, test, repeat. You can already use Kubernetes as the common platform for your entire lifecycle, but wouldn’t it be cool to use one tool to manage it? Spinnaker is a multi-cloud CI/CD platform that works well with Kubernetes on many cloud providers. In this talk we will discuss how to turn your workstation running minikube into another cloud provider in your cloud based production Spinnaker and add it to your CI/CD pipeline.

About Sean Korten
Sean is a Lead Platform/DevOps Engineer with Kenzan, a professional services company that provides customized end-to-end solutions to a diverse group of clients. Since joining Kenzan he has contributed to the Spinnaker OSS project and helped implement it internally and with multiple clients. His primary focus for the last several years been on the architecture and implementation of continuous integration and continuous delivery. He has a long and diverse background working with development teams to 24x7 operations, racking and stacking to AWS and GCP, and a few years as a security professional in between.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Extending Kubernetes 101 [A] - Travis Nielsen, Quantum Corp

Kubernetes provides the ability to extend the platform with your own custom types and controllers. We will walk through a tutorial to write a custom controller, also known as an operator. Patterns will be reviewed that will make your application a natural extension of the platform through CRDs and desired state management, all with the same security, lifecycle management, and API surface that native Kubernetes applications expect.

About Travis Nielsen
Travis Nielsen is a Principal Software Engineer for Quantum Corporation where he works on Rook – a software defined storage initiative based in Seattle. Prior to Quantum, Travis was the storage platform tech lead at Symform, a P2P storage startup acquired by Quantum. Before joining the startup world, he was an engineering lead for the Windows Server group at Microsoft.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Extending Kubernetes: Our Journey & Roadmap [I] - Daniel Smith & Eric Tune, Google

What is the vision for Kubernetes Extensibility? Do you know the difference between initializers, cloud providers, and the CRI? In this talk we will describe how extension points in Kubernetes have evolved and go over the options today, and what they let you do. As we go over the extension points, we’ll give our vision for how they will evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build out of them.

About Daniel Smith
Currently TL of Kubernetes’ API Machinery sub-team, Daniel has been working on Kubernetes since before it was open sourced, and contributed enough in the early days that he’s still one of the top contributors overall. Before that, Daniel worked on Google’s borg and AppEngine. He lives in Mountain View with his wife and two children.

About Eric Tune
Eric has worked on Kubernetes since before the first public release. He has contributed to Security, Tenancy, Application Controllers, Charts, Jobs, documentation, and more. Before Kubernetes, he worked on Google's Borg system, on datacenter-scale efficiency and performance measurement, and on web search.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Extending the Kubernetes API: What the Docs Don't Tell You [I] - James Munnelly, Jetstack

At the heart of Kubernetes is its API. Whilst on the surface it may appear relatively simple to use, under the hood is a beast of complex conversions, codecs and generators. In this talk, I'll show you how the Kubernetes maintainers have created their own tooling to make this process easy when contributing to core, and how you can use this to build your own custom controllers, operators and API servers. I'll then demonstrate this technique with a pager extension to Kubernetes.

About James Munnelly
I'm a Solutions Engineer at Jetstack, which involves helping customers bend and break Kubernetes to their will. I've created a number of extensions to Kubernetes core, including cert-manager (a kube-lego successor), Navigator (DBaaS for Kubernetes), and built my own simple cloud provider for bare metal clusters. I mostly spend my time browsing GitHub and then tweeting about it
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

FaaS and Furious - 0 to Serverless in 60 Seconds, Anywhere - Alex Ellis, ADP

OpenFaaS (or Functions as a Service) is a Cloud Native framework for building serverless functions with containers (as popularised by AWS Lambda). With OpenFaaS you can package any process or container as a serverless function for either Linux or Windows - just bring your Kubernetes or Docker cluster. Avoid vendor lock-in by running functions in your own datacenter or the cloud with your existing CI/CD and container ecosystem. The project focuses on ease of use through its UI and CLI which can be used to test and monitor functions in tandem with Prometheus integration that enables auto-scaling as demand increases.

You can deploy OpenFaaS in 60 seconds on Kubernetes and thanks to concise code templates all you need to write is a handler in your favourite programming language then let your cluster do the heavy lifting.

OpenFaaS was recently trending as the top open-source project on GitHub, won Best Cloud Computing Software 2017 from InfoWorld and has a thriving community with 65 contributors, 1400 commits and over 8k stars.

Come and find out how and why people are leveraging an event-driven architecture along with some cool interactive demos and swag.

https://blog.alexellis.io/introducing-functions-as-a-service/

https://github.com/openfaas

Note - OpenFaaS is an independent project started by Alex Ellis and is now being shaped by a growing community of contributors and users.

About Alex Ellis
Alex is a Docker Captain and Principal Developer @ ADP where he has years of experience in the enterprise supporting payroll and HCM for up to 500k clients. He's a polyglot, blogger, published writer and mentor in the Docker/container and Raspberry Pi community.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Fission: Serverless Functions for Kubernetes [B] - Soam Vasani, Platform9 Systems

"Serverless" functions allow users to easily create services from source code without dealing with packaging, deployment, scaling, etc.

Fission is a serverless function framework built on Kubernetes. Users write functions and map them to event sources, such as HTTP requests, timers, Kubernetes watches, and message queues. Users don't have to deal with container images, registries or even learn Kubernetes in much detail.

Functions consume CPU and memory resources only when running. Fission makes on-demand function loading very fast by keeping an idle pool of containers running, in effect creating a distributed "threadpool".

Fission is useful for:
* Creating web app backends or REST APIs
* Implementing webhooks
* Watching Kubernetes Resources for changes to implement simple custom
controllers
* Creating Kubernetes Initializers with minimal work

In this talk we'll give a few demos for these use cases, and cover:

* How fission works with function dependencies in a language-agnostic manner
* The development lifecycle of Functions: testing and incremental deployment
* The composition of functions into workflows using the Fission Workflow project
* Observability: log aggregation, metrics with Prometheus, tracing with Opentracing/Zipkin
* The interaction of functions with service meshes (Istio/Envoy)

About Soam Vasani
Soam Vasani created and works on the Fission framework at Platform9 Systems. He's also worked on Platform9's Kubernetes cluster deployment and management product. His past work includes distributed filesystems, a log analysis stack, and infrastructure management products; as well as the GNU debugger and toolchain. He's interested in distributed systems, devops tools and frameworks, and programming languages.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Fluentd and Distributed Logging [I] - Masahiro Nakagawa, Treasure Data

In container era, logging is very important because applications are distributed. This session talks about why Fluentd is needed and how fluentd resolves the distributed logging problem by flexible and robust ways.

About Masahiro Nakagawa
Senior Software Engineer, Treasure Data Inc
Fluentd maintainer
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

From Monolith to Microservices with Kubernetes and Linkerd - Mason Jones, Credit Karma

After about eight years, Credit Karma had built up an impressive tech infrastructure...based on a PHP monolith. Over the past 18 months we’ve (carefully) adopted Docker, Linkerd, Consul, Kubernetes, and more as we shifted to microservices in order to enable continued engineering innovation. This is the story of our evolution from monolith to microservices, starting with our own homegrown tools. The talk will cover our iterations from basic plumbing to dynamic service discovery; why we started using Linkerd and selected Kubernetes; and how we evolved our systems step by step while continuing to serve 75 million members.

About Mason Jones
Mason leads Credit Karma’s infrastructure services team. His team's work provides a foundation for Credit Karma's microservices to enable our 75 million members and financial institution partners in the U.S. and Canada to use data to guide their financial decisions. Before joining Credit Karma, Mason spent more than 20 years as a technical executive at startups throughout Silicon Valley. He specializes in migrating technical organizations to microservices, securing build pipelines and creating self-service tools to empower development teams. When Mason isn’t shipping code, he manages Charnel Music, an independent record label he founded.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

From Screen to Pods: Bootstrapping a Cloud Agnostic System using Kubernetes [I] - Patrick McQuighan, Algorithmia

Today, Algorithmia runs multiple Kubernetes clusters each with CPU and GPU nodes, 100s of pods, and 10,000s of containers created daily. We can create a copy of our entire stack in a variety of cloud environments in about an hour. Twelve months ago, Algorithmia was limited to AWS and reliant on an enterprise product for deployment management. In that time, we learned how to ensure a highly-available setup in multiple environments, handled networking issues between old applications and pod-based applications, discovered many quirks with cloud components (such as AWS ELB), learned what wrong assumptions we held about the cloud, and migrated our live production services to run within Kubernetes. We also learned the limits of Kubernetes and when to control components on our own. Ultimately, we reduced the number of servers needed to run our full stack, simplified the process of adding services, reduced dependency on particular cloud services, and have a hardened way to deploy our platform.

In this talk I’ll cover why we moved to Kubernetes to build our enterprise product, the benefits it entailed, difficulties we encountered with Kubernetes, containers, cloud providers, and what we’re most excited about in the future of Kubernetes.

About Patrick McQuighan
I joined Algorithmia in December 2015 and have been improving system performance and creating the Algorithmia Enterprise product. In that time we have grown from a single pool of workers to heterogenous groups of machines, and developed support for running the platform in multiple cloud providers. Previously I worked in the display advertising analytics platform at Amazon creating big data pipelines and managing a platform that runs thousands of jobs per day.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Full Stack Visibility with Elastic: Logs, Metrics and Traces - Carlos Pérez-Aradros, Elastic

"With microservices every outage is like a murder mystery" is a common complaint. But it doesn't have to be! This talk gives an overview on how to monitor distributed applications. We dive into:

System metrics: Keep track of network traffic and system load.
Application logs: Collect structured logs in a central location.
Audit info: Watch for user and processes activity in the system.
Uptime monitoring: Ping services and actively monitor their availability and response time.
Application metrics: Get metrics and health information from for application via REST or JMX.
Request tracing: Gather timing data by using tools like Zipkin to retrieve and show call traces.

About Carlos Pérez-Aradros
Carlos is a software engineer at Elastic, working on Beats. With love for distributed systems, he has experience in many container technologies and focuses on bringing the right tools to monitor them. When he is not coding you may find him playing with home automation and all kinds of gadgets.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

GitOps - Operations by Pull Request [B] - Alexis Richardson, Weaveworks & William Denniss, Google

GitOps is the latest exciting evolution in empowering developers to do operations and CICD. Imagine describing your entire infra in Git declaratively and then continually using that to verify your state. Well, with Kubernetes, and tools like Terraform, and Ansible, you can. We've taken this forward by adding continuous diffs and alerting - and even some of our observability stack itself. An introduction is here: https://www.weave.works/blog/gitops-operations-by-pull-request

William (Google PM) and Alexis (Weaveworks, CNCF) will talk about how we jointly developed this pattern based around our own use cases. We shall make reference to other companies using the approach like Github and Atlassian. This is NOT a product pitch - we are going to teach you the PATTERNS.

About William Denniss
William is a Product Manager at Google and works on Google Cloud and Kubernetes. He has a passion for open source and open standards, is the author of several IETF Internet-Drafts including OAuth 2.0 for Native Apps, and founded AppAuth, the leading open source OAuth client for native apps.

About Alexis Richardson
Alexis is the co-founder and CEO of Weaveworks. He is also the chairman of the TOC for CNCF, and the co-founder of the Coed:Code meet ups.

Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for resetting the product direction of Spring and transitioning the vFabric business from VMware.

Alexis co-founded RabbitMQ, and was CEO of the Rabbit company acquired by VMware in 2010, where he worked on numerous cloud platforms. Rumours persist that he co-founded several other software companies including Cohesive Networks, after a career as a prop trader in fixed income derivatives, and a misspent youth studying and teaching mathematical logic.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec

While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent in the out-of-the-box state of most Kubernetes installations and the common practices for deploying workloads that could lead to unintentional compromise. Join Brad Geesaman, the Cyber Skills Development team lead at Symantec, on an eye-opening journey examining real compromises and sensitive data leaks that can occur inside a Kubernetes cluster, highlighting the configurations that allowed them to succeed, applying practical applications of the latest built-in security features and policies to prevent those attacks, and providing actionable steps for future detection.

The hardening measures taken in response to the attacks demonstrated will include guidelines for improving configurations installed by common deployment tools, securing the sources of containers, implementing firewall and networking plugin policies, isolating workloads with namespaces and labels, controlling container security contexts, better handling of secrets and environment variables, limiting API server access, examining audit logs for malicious attack patterns, and more.

About Brad Geesaman
Brad was recently the Cyber Skills Development Engineering Lead at Symantec Corporation where he supported the operations and delivery of ethical hacking learning simulations on top of Kubernetes in AWS. Although he spent several years as a penetration-tester, his real passion is educating others on the real-world security risks inherent in complex infrastructure systems through demonstration followed by practical, usable advice on detection and prevention.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Helm Chart Patterns [I] - Vic Iglesias, Google

You will learn about the patterns and best practices we have learned from reviewing and maintaining the charts in the public Helm Charts repo. You will learn how to make your charts reproducible, scalable, flexible, configurable, and composable.

About Vic Iglesias
Vic Iglesias is a Staff Solutions Architect at Google with years of experience in both on-premise and in-cloud workload deployment, orchestration and management. He is a maintainer of the Kubernetes Charts repo and focuses on helping customers adopt Container Engine reliably, securely, and at scale.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Highly Available Services During Maintenance Events - Maisem Ali & Eric Tune, Google

Maintenance events occur and require taking down nodes for various reasons. Eric and Maisem talk about the best practices and lessons learned trying to minimize downtime during routine maintenance events.

They show how to use StatefulSets and PodDisruptionBudgets to achieve highly available services. They go on to explain what the best practices for performing node maintenance are using scenarios like failed pod evictions, non-responsive kubelets and network bisections.

About Maisem Ali
Maisem has been working on Kubernetes for the last two years. He has heavily contributed to upgradability and upgrade testing between Kubernetes versions, and primarily focuses on the Google Kubernetes Engine control plane

About Eric Tune
Eric has worked on Kubernetes since before the first public release. He has contributed to Security, Tenancy, Application Controllers, Charts, Jobs, documentation, and more. Before Kubernetes, he worked on Google's Borg system, on datacenter-scale efficiency and performance measurement, and on web search.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, Netflix

Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments.

In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent).

This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.

About Manish Mehta
Manish Mehta is Senior Security Software Engineer at Netflix, Los Gatos, CA. He has designed and developed solutions around secure bootstrapping, authentication (service and user), and authorization for cloud-native infrastructure. His professional interests and expertise are cyber security in general, and specifically in security solutions anchored in cryptography. He holds M.S. and Ph.D. in Computer Science from Univ. of Missouri - Kansas City and has authored several research and conference publications.

About Torin Sandall
Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer at Cyan Inc. (acquired by Ciena Corp.) where he designed and developed core components of their SDN/NFV platform such as modelling languages as well services for resource orchestration and topology discovery. Torin has recently given talks on policy-related topics in Kubernetes at ContainerDaysPDX and LinuxCon Beijing as well as the Kubernetes Community Meeting and the Kubernetes SF meetup.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

How We Built a Framework at Twitter to Solve Service Ownership & Improve Infrastructure Utilization at Scale [I] - Vinu Charanya, Twitter

Twitter is powered by thousands of microservices that run on our internal Cloud platform which consists of a suite of multi-tenant platform services that offer Compute, Storage, Messaging, Monitoring, etc as a service. These platforms have thousands of tenants and run atop hundreds of thousands of servers, across on-prem & the public cloud. The scale & diversity in multi-tenant infrastructure services makes it extremely difficult to effectively forecast capacity, compute resource utilization & cost and drive efficiency.

In this talk, I would like to share how my team is building a system (Kite - A unified service manager) to help define, model, provision, meter & charge infrastructure resources. The infrastructure resources include primitive bare metal servers / VMs on the public cloud and abstract resources offered by multi-tenant services such as our Compute platform (powered by Apache Aurora/Mesos), Storage (Manhattan for key/val, Cache, RDBMS), Observability. Along with how we solved this problem, I also intend to share a few case-studies on how we were able to use this data to better plan capacity & drive a cultural change in engineering that helped improve overall resource utilization & drive significant savings in infrastructure spend.

About Vinu Charanya
Vinu Charanya is a Senior Software Engineer at Twitter where she works in the Compute Platform building Twitter’s internal cloud infrastructure management platform. She is also a core team member of Women who code, a non-profit organization dedicated to inspiring women to excel in technology careers. She is also a part-time teacher and a mentor helping students learn iOS and Android development at CodePath. Vinu received her Masters in Computer Science and Engineering from University at Buffalo, where she worked on the PhoneLab Testbed research group under Prof. Geoff Challen and Prof. Steve Ko.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Hybrid Cloud Powered by Kubernetes [I] - Aparna Sinha, Eric Brewer & Matthew DeLio, Google

Open Source Software (OSS) is great because it gives us freedom. OSS users by nature want to roll their own on premises, and use best-of-breed services in public clouds an without lock-in. Fortunately, Kubernetes runs everywhere so developers and operators don't need to learn new technologies to run hybrid and multi-cloud applications.

In this talk, we will demonstrate the use of two new extensibility features in Kubernetes to connect legacy on-premises applications and managed public cloud services with services running on Kubernetes in both places, creating an environment where users can have the best of all worlds. We will show the type of use cases this technology enables using examples from Google's cloud platform.

About Eric Brewer
Eric joined Google in 2011 and leads the company’s compute infrastructure design, including Google Cloud Platform. He focuses on all aspects of Internet-based systems including cloud computing, scalability, containers, and storage.

As a researcher, he has led projects on scalable servers, network infrastructure, IoT, and the CAP Theorem. He has also led work on technology for developing regions, with projects in India, Indonesia, and Kenya among others, and including communications, power, and health care.

In 1996, he co-founded Inktomi Corporation and helped lead it onto the NASDAQ 100. In 2000, working with President Clinton, Prof. Brewer helped to create USA.gov, the official portal of the Federal government.

About Matthew DeLio
Matthew DeLio is product manager at Google for Kubernetes multi-cluster, networking, and storage. He's also the PM SIG representative for storage. Prior to product management, Matthew was a software engineer at Google and has worked on search and platforms. He holds and MBA from the University of Chicago.

About Aparna Sinha
Aparna Sinha leads the product team at Google for Kubernetes and Container Engine. She started and co-leads the community PM Special Interest Group (SIG) to maintain an open backlog for the Kubernetes project on Github. Aparna is currently a secondary member of the CNCF Governing Board. She has worked in enterprise software for 15+ years, and was formerly a Director of Product at NetApp. Aparna holds a PhD in Electrical Engineering from Stanford and has co-authored several technical papers during her research.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Hybrid-Cloud, HIPAA Compliant Enterprise with Kubernetes - Steve Sloka, Heptio

This talk will outline how UPMC Enterprises utilizes Kubernetes on-premises and in a public cloud (AWS). We’ll see how a large enterprise balances SaaS offerings vs Kubernetes hosted services. We will walk through our approach to meet HIPAA compliance and how our deployments and underlying infrastructure changed to meet those requirements.

We'll also look at the Elasticsearch Operator which is an example of how we implement stateful applications. The operator ensures encryption at rest, in transit and provides a managed cloud offering inside Kubernetes. Also, we’ll look at how we implement Kong, an API Gateway in combination with Kubernetes Network Policies to ensure applications are limited to what they can access as well as how security is implemented outside of code.

Healthcare systems have a history of being large and complex, but Kubernetes has allowed UPMC Enterprises to be more agile and bring startup innovations to the enterprise.

About Steve Sloka
Steve Sloka is a Sr. Systems Software Engineer from Pittsburgh, PA currently working at Heptio dealing with all things Cloud, Containers, and Kubernetes. At UPMC Enterprises he managed the open source initiative and has been working with k8s since early 2015.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

IAM on Hybrid Cloud: Next Generation Security Model to Create an Interoperable Cloud [I] - Jeyappragash JJ & Kamil Pawlowski, padme.io

Those developing and operating modern software infrastructure face a myriad of complexity when trying to secure it. While environments like amazon have vastly simplified the supply chain associated with brining up new physical and virtual infrastructure or services, complexity around managing access to and between these services has grown, and continues to expand. The proliferation of configurations, management tools, and management schemes that exists in the modern datacenter has exploded when dealing with multi-cloud, hybrid (cloud + dc), or legacy systems.

Complexity is the enemy of security. This heterogeneity is its embodiment. Having many different ways to configure access policies on different cloud providers or with different vendors, makes it impossible to understand whom has access to what in any given infrastructure. Without this visibility it is impossible to have intelligibility, and hence security.

Worse, today developers and operators must exist in and support a highly dynamic service environment. That is to say existing services must evolve to support new functionality, and new services must be rapidly brought on line to support features in a highly competitive business environment. The miasma of different configuration schemes creates a great deal of friction against this, and impedes security because it is difficult to holistically understand the impact of changes (let alone make them rapidly). Security must be able to accommodate this temporality.

In this talk we introduce PADME as an architecture for policy admission aimed at solving these problems in a distributed environment. PADME operates by normalizing access policy information across underlying clouds and system. It allows policies to be operated up as known fixed building blocks in order to establish end to end security. Finally, it attacks the problem of policy distribution in a distributed environment so that assertions can be made about the security of a system over time, and in the face of CAP theorem issues.

About Jeyappragash JJ
Jeyappragash previously built the team and lead the technical roadmap for Twitter's Cloud Infrastructure Management Platform. This platform helps developers manage their services and provides detailed visibility to the infrastructure and the services that use the infrastructures. Prior to this he was a Distinguished Engineer at Motorola (then Google Company), leading efforts to build their Notification Infrastructure, their Software Upgrade services and a Prospective Search based Content Delivery Service and built a true hybrid infrastructure while migrating these services to Google cloud. Jeyappragash graduated from IIT Madras with a Masters in EE. He holds 5 patents in cloud infrastructure and distributed systems space.

About Kamil Pawlowski
Kamil Pawlowski (Software Engineer) has worked on everything from mobile to high scale/availability systems, network protocols to web stacks. His experience includes early stage startups, large companies, and stages in between. He is presently building services infrastructure for the medical field.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Introducing SPIFFE: An Open Standard for Identity in Cloud Native Environments [I] - Evan Gilman, Scytale

Modern infrastructure patterns like microservices, container orchestration, and hybrid/multi-cloud deployments have turned conventional models for datacenter authentication and security on their heads. In the face of highly dynamic compute and network resources, a new challenge has risen: how to authenticate and secure service-to-service traffic in this brave new world? Enter the problem known as service identity.

Getting service identity right is surprisingly hard, with requirements extending well beyond simple secret management. What kind of credentials to settle on, how to rotate them, how to automatically (and securely) bootstrap them... and even more importantly, how to make sure a wide variety of external systems can authenticate them appropriately? These questions represent only a subset of the points that must be solved for.

In this talk, we introduce both SPIFFE and SPIRE - a new open source project designed to solve exactly these problems. SPIRE, backed by the SPIFFE open standard, performs seamless node and workload attestation across various platforms, and automatically issue short-lived certificates based on those attestations in a controlled manner. Even better, these certificates work across organizational boundaries and heterogeneous environments thanks to SPIFFE, which introduces a standardized identity format and validation methodology for X.509 certificates.

About Evan Gilman
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author, Evan is passionate about designing systems that strike a balance with the networks they run on.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

IoK: Istio-on-Kubernetes Deep Dive [I] - Daneyon Hansen, Cisco

Running microservices at scale is not easy. Istio is an open platform to connect, manage, and secure microservices. Did I mention that Istio runs on Kubernetes? During the talk I will cover the following content:
- Istio Introduction
- Istio Key Concepts- Traffic Management, Auth, Policy, etc.
- Istio Demonstration
- Istio-on-Kubernetes Roadmap
- Q&A

About Daneyon Hansen
Daneyon is a software engineer at Cisco responsible for developing distributed applications. As part of the Cloud CTO Office, Daneyon focuses on contributing to emerging cloud computing technologies such as Kubernetes, Istio and others.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Istio: Sailing to a Secure Services Mesh [I] - Spike Curtis, Tigera & Dan Berg, IBM

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. In this presentation we describe the security features of the Istio service mesh: how it helps you secure service-to-service communication across clouds without application code changes, provide robust identity and strong authentication, and enforce powerful authorization policies for your applications. We discuss the current project status and look ahead to the roadmap for security features.

About Dan Berg
As a Distinguished Engineer within the IBM Cloud unit, Daniel is responsible for the technical strategy, and implementation of the containers and microservices platform available in IBM Cloud. Within this role, Daniel has deep knowledge of container technologies including Docker and Kubernetes and has extensive experience building and operating highly available cloud-native services. Daniel is also a core contributor to the Istio service mesh project.

About Spike Curtis
Spike Curtis is a lead developer on Istio working for Tigera. He was also a core developer for Calico and worked on the initial integrations with Docker, Kubernetes and Mesos. Spike earned his PhD from the University of Oxford where he worked on quantum computing with ion traps. He has also worked for Silicon Valley start-ups Palantir Technologies and Rigetti Computing.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Istio: Weaving the Service Mesh [I] - Shriram Rajagopalan, IBM & Louis Ryan, Google

With the rapid adoption of microservices new tools are needed to load-balance, route, secure and monitor the traffic that flows between them. Istio provides a common networking, security, policy and telemetry substrate for services that we call a ‘Service-Mesh’. Come learn how the service-mesh helps with the transition to microservices, to empower operations teams, to adopt security best-practices and much more. We’ll also cover the state of the project, where it’s headed and how you can get involved.

About Shriram Rajagopalan
Shriram Rajagopalan is a researcher at IBM Research. He works closely with IBM's enterprise customers developing platforms and solutions for microservice deployments. He has had diverse experience in developing various aspects of the software stack over the last decade. He has worked on the Xen hypervisor, the Linux kernel, network function virtualization, and recently on the Istio service mesh and Lyft's Envoy.

About Louis Ryan
Louis Ryan is a Principal Engineer at Google working on APIs and microservices. Prior to working on Istio he co-authored the GRPC spec and ran the infrastructure that supports Googles consumer facing APIs.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Istio’s Mixer: Policy Enforcement with Custom Adapters [I] - Limin Wang, Google & Torin Sandall, Styra

The Istio service mesh provides a highly extensible platform to connect, manage, and secure microservices. Istio’s highly extensible nature is one of the main selling points as it allows you to enforce your own organization-specific policies across large fleets of microservices. At the same time, new technology always has a learning curve, and with all this extensibility and generality the task can be quite daunting.

In this talk, Limin Wang (Software Engineer at Google) and Torin Sandall (Technical Lead of the Open Policy Agent project) explain how Istio’s Mixer works and lead a deep dive into Mixer Adapter development. The talk shows (with demos) how the Mixer Adapter model enables custom policy enforcement and how the model is used to integrate third party policy engines like the Open Policy Agent.

This talk is targeted at platform engineers interested in using the Istio service mesh to enforce custom policies in their microservices. The talk also provides new ideas about the kinds of policies that can be enforced in Istio today.

About Torin Sandall
Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer at Cyan Inc. (acquired by Ciena Corp.) where he designed and developed core components of their SDN/NFV platform such as modelling languages as well services for resource orchestration and topology discovery. Torin has recently given talks on policy-related topics in Kubernetes at ContainerDaysPDX and LinuxCon Beijing as well as the Kubernetes Community Meeting and the Kubernetes SF meetup.

About Limin Wang
Limin Wang is a security technical lead for Istio and Cloud Endpoints projects at Google. Before joining Google, she was a senior software engineer at VMware. Limin holds a PhD degree in Computer Science from Michigan State University.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kafka Operator: Managing and Operating Kafka Clusters in Kubernetes [A] - Nenad Bogojevic, Amadeus

In this talk we will demonstrate an approach to management of kafka clusters in kubernetes deployments. We will show how we can provision kafka clusters and configure it using kubernetes concepts and an operator process. The kafka and zookeeper cluster elements will be provisioned using StatefulSet. As these applications benefit from high performance storage, we will also show how we can use node selectors or persistent volume claims to schedule instances on correct hardware. In order for clients to use it, the necessary message topics have to be configured in kafka cluster. We will show how using an operator process, based on kubernetes custom resources or ConfigMaps we can manage this configuration in descriptive manner and ensure consistent configuration across different development and operations stages as well as cluster restarts. Finally we will discuss how all this ties in with service catalog.

About Nenad Bogojevic
Nenad Bogojevic, platform solutions architect at Amadeus, has 20+ years of experience in software development. He has worked on e-commerce applications, natural language processing tools, and high-performance network middleware. In his job, Nenad is an architect who codes, a technical lead and speaker, open source contributor and an evangelist for application platforms, online and web technologies. Currently, he is driving design of new kubernetes based platform for new data driven services. In his spare time he travels, manages small home clusters or builds and programs robots with his daughters.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kata Containers: Hypervisor-Based Container Runtime - Xu Wang, HyperHQ & Samuel Ortiz, Intel

Kata Containers is a merge of 2 hypervisor based container runtime efforts: Hyper's runV and Intel's Clear Containers. With Kata Containers, each container is hypervisor isolated just like an EC2 or GCE instance. It is an OCI compatible runtime and as such can seamlessly work with containerd or hyperd. Moreover it fully supports the Kubernetes CRI APIs and thus can run and manage hypervisor isolated Kubernetes pods through CRI-O, containerd-cri or frakti. Finally, Kata Containers is a multi architecture project as it supports x86, ARM, Power and s390x platforms.

During this talk we will describe the Kata Containers architecture and how it drastically reduces the virtualization overhead in order to be as fast as a namepace based container runtime while being as secure as a legacy VM. We will also run a multi tenant Kubernetes demo in order to show how Kata Containers could become the cornerstone of a secure, infrastructure free, container cloud.

About Xu Wang
Xu Wang is the CTO and Cofounder of Hyper HQ, which contributed the hypervisor based container runtime runV (secure as VM, fast as container), and provides a runV based container native Cloud. Before founded HyperHQ, Xu worked in a public cloud in China since 2011 and was working for China Mobile cloud team during 2007 to 2011. Xu had experiences on Linux Kernel, virtualization, container, and distributed storage system. And he is also an technical writer and translator on Linux, virtualization, NoSQL etc.

About Samuel Ortiz
Principal Engineer, Intel
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: A Community of Builders: CloudNativeCon Opening Keynote - Dan Kohn, Executive Director, Cloud Native Computing Foundation

About Dan Kohn
Dan is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch the Linux Foundation's Core Infrastructure Initiative as an industry-wide response to the security vulnerabilities demonstrated by Heartbleed.

He previously served as CTO of several startups, including Spreemo, a healthcare marketplace, and Shopbeam, a shoppable ads company. Earlier, he was a general partner at Skymoon Ventures, a seed-stage venture capital firm that created startups in semiconductors and telecom infrastructure.

Dan helped manage a number of telecoms firms controlled by Craig McCaw and started his career as founder and CEO of NetMarket, one of the first Internet companies. In 1994, he led the development of the first music store on the web, conducting the first secure commercial transaction after building the first web shopping cart. Dan lives in Manhattan with his wife and two sons.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: CNCF Project Updates - Michelle Noorali, Senior Software Engineer, Microsoft Azure

Project representatives will share their updates:
Linkerd update, presented by Oliver Gould
Fluentd update, presented by Eduardo Silva
Prometheus update, presented by Tom Wilkie

About Michelle Noorali
Michelle is a software engineer on the Azure Container Service team at Microsoft and a core maintainer on the Kubernetes Helm project. She co-leads SIG-Apps which is the Kubernetes special interest group for running and managing applications and workloads on Kubernetes. She has previously spoken at CloudNativeCon/KubeCon 2016 EU & NA.

About Oliver Gould
Oliver is the CTO of Buoyant, where he leads open source development efforts. Prior to joining Buoyant, he was a staff infrastructure engineer at Twitter, where he was the tech lead of Observability, Traffic, and Configuration & Coordination teams. He is the creator of linkerd and a core contributor to Finagle, the high-volume RPC library used at Twitter, Pinterest, Soundcloud, and many other companies.

About Eduardo Silva
Eduardo is an Open Source Engineer at Treasure Data. He currently leads the efforts to make logging more scalable in Containerized and Orchestrated systems such as Kubernetes.

About Tom Wilkie
Tom is the founder of Kausal, a new company working on Prometheus & Cortex. Previously he worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build home automation systems.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Can 100 Million Developers Use Kubernetes? - Alexis Richardson, CEO, Weaveworks

What is the potential for Kubernetes? Is it like Openstack and Hadoop, a technology for expert operators in the enterprise? Or is it like cloud and mobile, a way for every developer to move the business? What is needed for Kubernetes to have an impact equal to the web? Can 100 million people use Kubernetes?

About Alexis Richardson
Alexis is the co-founder and CEO of Weaveworks. He is also the chairman of the TOC for CNCF, and the co-founder of the Coed:Code meet ups.

Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for resetting the product direction of Spring and transitioning the vFabric business from VMware.

Alexis co-founded RabbitMQ, and was CEO of the Rabbit company acquired by VMware in 2010, where he worked on numerous cloud platforms. Rumours persist that he co-founded several other software companies including Cohesive Networks, after a career as a prop trader in fixed income derivatives, and a misspent youth studying and teaching mathematical logic.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Cloud Native CD: Spinnaker and the Culture Behind the Tech - Dianne Marsh, Director of Engineering, Netflix

Created at Netflix, Spinnaker is an open source, multi-cloud continuous delivery and infrastructure management platform for releasing software changes with high velocity and confidence. Spinnaker’s open source community includes Netflix, Google, Microsoft, Oracle, Target, Kenzan, Schibsted, and many others.

In this keynote, you’ll learn how various aspects of Netflix culture, and open source have shaped Spinnaker and how Spinnaker, in turn, has influenced the engineering culture at Netflix. We’ll discuss how lessons learned from an earlier open source product, Asgard, influenced us and drove a Cloud Native first approach.

About Dianne Marsh
Director of Engineering, Netflix
Engineering Tools, Developer Productivity, Continuous Delivery, Women in Tech
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Cloud Native at AWS - Adrian Cockcroft, Vice President Cloud Architecture Strategy, Amazon Web Services

About Adrian Cockcroft
Adrian Cockcroft has had a long career working at the leading edge of technology, and is fascinated by what happens next. In his role at AWS, Cockcroft is focused on the needs of cloud native and “all-in” customers, and leads the AWS open source community development program.

Prior to AWS, Cockcroft started out as a developer in the UK, joined Sun Microsystems and then moved to the United States in 1993, ending up as a Distinguished Engineer. Cockcroft left Sun in 2004, was a founding member of eBay research labs, and started at Netflix in 2007. He initially directed a team working on personalization algorithms and then became cloud architect, helping teams scale and migrate to AWS. As Netflix shared its architecture publicly, Cockcroft became a regular speaker at conferences and executive summits, and he created and led the Netflix open source program. In 2014, he joined VC firm Battery Ventures, promoting new ideas around DevOps, microservices, cloud and containers, and moved into his current role at AWS in October 2016.

Cockcroft holds a degree in Applied Physics from The City University, London and is a published author of four books, notably Sun Performance and Tuning (Prentice Hall, 1998).
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Introducing Kata Containers - Imad Sousou, VP, Software Services Group & GM, OpenSource Technology Center, Intel Corporation

What happens when you need to get software to run reliably when moving from one computing environment to another? Imad Sousou, Vice President of the Software and Services Group and General Manager of the Open Source Technology Center for Intel Corporation, will highlight how we can use open source software to support our rapidly changing world.

About Imad Sousou
Imad Sousou is vice president in the Software and Services Group at Intel Corporation and general manager of the Intel Open Source Technology Center, a position he's held since its founding in 2003. Sousou is responsible for Intel's efforts in open source software across a wide range of technologies and market segments, including enterprise Linux and related technologies such as virtualization, data center, and cloud software; embedded market segments; and client Linux programs.

The Center also focuses on operating system (OS) stacks, including Android and Chrome OS for Intel architecture and Yocto, in addition to Linux kernel and related projects, user experience, and Web and HTML5 technologies on top of client operating systems. He sits on the board of directors at the OpenStack Foundation and is on the advisory board for the Core Infrastructure Initiative at The Linux Foundation.

Sousou joined Intel in 1994 as a senior software engineer. Before moving into his current role, he was director of telecom software programs in the Intel Communications Group and director of client software engineering in the Home Products Group. He began his career as a software engineer at Central Point Software working on system utilities for the Apple Mac OS.

Sousou holds a bachelor degree in computer science and mathematics from Portland State University.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: KubeCon Opening Keynote - Kelsey Hightower, Staff Developer Advocate, Google

About Kelsey Hightower
Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go code, you can catch him giving technical workshops covering everything from programming to system administration.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Kubernetes Community - Sarah Novotny, Head of Open Source Strategy, Google Cloud Platform, Google

About Sarah Novotny
Sarah Novotny is head of Open Source Strategy group for Google Cloud Platform. She has long been an Open Source community champion in communities such as Kubernetes, NGINX and MySQL and ran large scale technology infrastructures before web-scale had a name. She co-founded Blue Gecko and launched a free-to-play game platform supporting HAWKEN. She is a program chair emeritus for O’Reilly Media’s OSCON.
Novotny talks obsessively about people, technology infrastructure and geek lifestyle.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Kubernetes Secret Superpower - Chen Goldberg & Anthony Yeh, Google

About Chen Goldberg
Chen Goldberg is a technology leader with +18 years of experience leading engineering teams. In her current role as Engineering Director, she leads Google Container Engine (GKE) and the OSS Kubernetes project engineering team in Google Cloud. Her team is the largest team working on Kubernetes today and is committed to Kubernetes success and enabling open cloud.

About Anthony Yeh
Anthony is an engineer on the Kubernetes Engine team at Google, focused on developing tools and best practices for making complex workloads self-managing. Before Kubernetes, Anthony worked on Vitess, the cloud-native MySQL clustering system at the heart of YouTube's main database.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Kubernetes at GitHub - Jesse Newland, Principal Site Reliability Engineer, GitHub

In this talk, Jesse will provide an overview of the on-premesis Kubernetes deployments that currently power 20% of GitHub's production services. He'll also review the challenges GitHub has faced and overcome so far during their Kubernetes journey, and highlight ongoing and future Kubernetes enhancements that GitHub is excited about.

About Jesse Newland
Principal Site Reliability Engineer, GitHub
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Kubernetes: This Job is Too Hard: Building New Tools, Patterns and Paradigms to Democratize Distributed System Development - Brendan Burns, Distinguished Engineer, Microsoft

The simple truth is that there are more reliable online systems that need to be built then there are people who know how to build them. Building a distributed system is bespoke, manual and hard.

Fortunately, with the development of containers and Kubernetes, a foundation has been created for a new type of development environment to make building systems dramatically easier and more modular. But containers and Kubernetes, while necessary, are not sufficient. In this talk I introduce Metaparticle, a new standard library for easy distributed systems development on Kubernetes.

Metaparticle uses familiar, standard programming languages to enable developers and architects to design, develop and deploy their application from a single, easy to use environment.

About Brendan Burns
Brendan Burns is a software engineer at Microsoft Azure and co-founder of the Kubernetes project. Before Kubernetes he worked on search infrastructure at Google. Before Google he was a professor at Union College in Schenectady, NY. He received his PhD in Computer Science from the University of Massachusetts Amherst and his BA in Computer Science and Studio Art from Williams College.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Manage the App on Kubernetes - Brandon Philips, CTO, CoreOS

Kubernetes has yet to close the developer gap from source code to app running in a production Kubernetes cluster. Many build bespoke tools. How can the Kubernetes community come together to build decomposable solutions that help people define their app, deploy it, and manage its lifecycle over time? Learn about the progress we are making together to elevate the conversation from container orchestration to application lifecycles management.

About Brandon Philips
Brandon Philips is helping to build modern Linux server infrastructure at CoreOS as CTO. Prior to CoreOS, he worked at Rackspace hacking on cloud monitoring and was a Linux kernel developer at SUSE. As a graduate of Oregon State's Open Source Lab he is passionate about open source technologies.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Progress Toward Zero Trust Kubernetes Networks - Spike Curtis, Senior Software Engineer, Tigera

Tigera’s Spike Curtis will share how enterprises are starting to embrace a zero trust network security posture, and demonstrate how such an approach can be enabled within an orchestrated environment such as Kubernetes by combining service mesh and network policy with a multi-factor authentication, authorization and encryption strategy.

About Spike Curtis
Spike Curtis is a lead developer on Istio working for Tigera. He was also a core developer for Calico and worked on the initial integrations with Docker, Kubernetes and Mesos. Spike earned his PhD from the University of Oxford where he worked on quantum computing with ion traps. He has also worked for Silicon Valley start-ups Palantir Technologies and Rigetti Computing.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Pushing the Limits of Kubernetes with Game of Thrones - Zihao Yu & Illya Chekrygin, HBO

Do you want to know what it is like to run 15,000 pods in production? Are you interested in seeing how Kubernetes stands up to the record-breaking viewership and a login rate that is beyond belief on Game of Thrones Season 7 premiere? Come and see things we have done for the Game of Thrones preparation. We will talk about how we provision Kubernetes clusters on AWS, and how we monitor them and microservices that are running on the clusters.

In this talk, we will also go over how HBO Go went from deploying and running microservices on virtual machines in AWS EC2 to running the very same services inside the Kubernetes clusters. We were able to dramatically increase the productivity of our engineering teams and efficiency of resource utilization in the process. It wasn’t always a smooth ride and it wasn’t a one shot deal. Instead, it was a long and at times challenging journey starting from operating a reliable, production-ready Kubernetes cluster in AWS, advancing to gradually deploying select services into Kubernetes clusters, load testing them, and running them in parallel to our current EC2 installations, and finally going live. Come and learn some helpful tips and mistakes we made along the way, which could help your organization embrace the Kubernetes world.

About Illya Chekrygin
Illya has been working on Kubernetes adoption at HBO, which includes cluster provisioning, maintenance, telemetry and service migration. He also drove the containerization of HBO's core streaming services and CI/CD integration for their traditional EC2 deployments. Prior to HBO, Illya was using Kubernetes at Zulily, Inc.

About Zihao Yu
Zihao Yu is a Senior Staff Engineer at HBO, helping HBO GO backend services deploy faster and more reliably. He has contributed to the design and development of several iterations of cloud infrastructure and CICD pipelines for deploying microservices at HBO. He is currently working on the operationalization of Kubernetes, including provision and upgrade automation among other DevOps topics.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Red Hat: Making Containers Boring (again) - Clayton Coleman, Architect, Kubernetes and OpenShift, Red Hat

By ensuring everything about containers is standardized and boring, we can now focus on the overall Kubernetes experience when it comes to actually running containers. Freeing Kubernetes to just focus on orchestrating containers from now on and setting the stage for exponential growth. We'll take a brief look at how Kubernetes is prepared to explode in usage because the foundation has been solidified. From container standards to customer-resource definitions to pluggable hardware, Kubernetes is ready for broad usage patterns.

About Clayton Coleman
Clayton is architect and engineer on cloud orchestration and
containers at Red Hat, in charge of both technical direction for
Kubernetes and OpenShift (Red Hat's platform as a service built on top of Kubernetes) as well as the broader container and container content efforts at Red Hat. Clayton is one of the top contributors to both Kubernetes and OpenShift and has been involved in many projects in the container, platform-as-a-service, and ci/cd ecosystem over the last four years. He enjoys sleeping, but rarely has time to do it anymore.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: Service Meshes and Observability - Ben Sigelman, Co-founder & CEO, Lightstep

Service mesh technology facilitates the discovery, interconnection, and authentication of microservices. While it’s straightforward to use a service mesh to measure peer performance, actually explaining the behavior of transactions in a microservices deployment requires distributed tracing.

In this keynote, Ben will explain why distributed tracing is important, where the service mesh comes into play, and how OpenTracing makes it all elegant and portable. We will illustrate these concepts with a live, audience-interactive demo, and provide guidance for those who want to add these technologies to their own microservice deployments.

About Ben Sigelman
Ben is a cofounder at LightStep, a company that makes complex microservice applications more transparent and reliable. Previously, Ben spent nine years at Google where he ate lots of snacks and designed several large (~1M-process) distributed systems. The most significant of these were Dapper, an always-on distributed tracing system; and Monarch, a high-availability timeseries collection, storage, and query system.​
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: The Road Ahead on the Kubernetes Journey - Craig McLuckie, CEO, Heptio

It has been amazing to watch Kubernetes emerge as a standard operating environment for distributed systems development over the past few years. In a short few years it has become embraced by almost every significant vendor in the ecosystem and is going from strength to strength. It is emerging not only as a way to not only solve hard problems deploying and running applications, but is supporting the development of new approaches to building and running applications that power the world.

During this session, Craig McLuckie, one of the Kubernetes founders and CEO of Heptio will look ahead to the coming years and talk about some important trends in the ecosystem that will continue to support and drive the success of the project. We will focus on the emergence of expert operations and talk about how Kubernetes is starting to change the organizations that build and manage distributed systems. This will touch on how SRE values are starting to find their way into modern development teams, what tools are still needed to drive ops maturity and the overall value of this trend to companies adopting cloud native technologies. We will discuss the value of continued focus on modularity and extensibility in the cloud native ecosystem as a way to foster innovation in the ecosystem, and also discuss the the emerging role Kubernetes is playing in the increasingly heterogeneous world of cloud.

About Craig McLuckie
CEO and founder of Heptio, a company built to propagate cloud native computing technologies. Previous Googler and founder of Kubernetes, an Open Source cluster manager.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: What is Kubernetes? - Brian Grant, Principal Engineer, Google

Kubernetes has been described many different ways. How should one think about the platform? It partly depends on the problems you are trying to solve with it. I will discuss 10 ways to view Kubernetes based on use cases, how those uses relate to its features and architecture, how Kubernetes supports the features, and how the architecture is evolving to support them better.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Keynote: What's Next? Getting Excited about Kubernetes in 2018 - Clayton Coleman, Architect, Kubernetes and OpenShift, Red Hat

The Kubernetes ecosystem has grown tremendously over the last three years. Each release pushes the boundaries of what we can accomplish and brings new participants and new success stories. That success has a price: how do we do what's best for the community and for our users, and what's on deck for 2018?

About Clayton Coleman
Clayton is architect and engineer on cloud orchestration and
containers at Red Hat, in charge of both technical direction for
Kubernetes and OpenShift (Red Hat's platform as a service built on top of Kubernetes) as well as the broader container and container content efforts at Red Hat. Clayton is one of the top contributors to both Kubernetes and OpenShift and has been involved in many projects in the container, platform-as-a-service, and ci/cd ecosystem over the last four years. He enjoys sleeping, but rarely has time to do it anymore.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kube-native Postgres [I] - Josh Berkus, RedHat

Database systems remain the last frontier for Kubernetes, and at the Patroni Project we're working on conquering it. Having fully automated PostgreSQL clusters using Patroni, the project is now working on making Patroni more "Kubernetes native", so that SQL databases can be seen simply as a PostgreSQL resource.

In this talk, we will explain and demonstrate the current projects integrating Patroni PostgreSQL with Kubernetes, including:

* Patroni Operator, using the CoreOS Operator pattern
* Kube-native Patroni, which uses the Kubernetes controller instead of its own management

These works in progress will both acquaint attendees with tools they can use for their own high-availability database architectures, and explore some areas where Kubernetes could improve to support database systems better.

About Josh Berkus
Josh Berkus works on Project Atomic at Red Hat, where he is helping build the immutable infrastructure of the future. He loves Atomic Host, Kubernetes, distributed systems, Ansible, container building, PostgreSQL, Django, Python, community building, and the Oxford Comma. Josh lives in Portland with an overly large cat, where he cooks from his garden and makes pottery.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kuberneters in Hybrid Environments Using Cloud Interconnect [A] - Marc Chisinevski, F5 Networks

Solutions to enable customers to apply consistent traffic management and security policies regardless of whether their applications are running on-premises, in a Public Cloud or in a managed Kubernetes environment.


The demos (please below) use Equinix as the cloud interconnection; however, the solution would work very similarly with other colo/interconnect providers.

The demos are using Google Container Engine but this would work very similarly in AWS, Azure and Oracle Baremetal Cloud.

Demo
------------
How it works
---------------------
The F5 Container Connector configures the F5 BIG-IPs to expose applications in a Kubernetes cluster as virtual servers, serving North-South traffic.

Components
---------------------
F5 Container Connector (http://clouddocs.f5.com/containers/v1/kubernetes/)
running in Google Container Engine (GKE).

F5 BIG-IPs running in Equinix and doing IPSec VPN to Google Cloud Platform (using Google Compute Engine VPN gateway).
The F5 BIG-IP routes traffic to the container networks via the IPSec tunnel.

About
Marc Chisinevski
Solution Architect (worldwide), F5 Networks
https://www.linkedin.com/in/chisinevski
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down [I] - Carson Anderson, DOMO

Understanding Kubernetes as a whole can be daunting. With so many different components working together it can be hard to know how the pieces work together or where new products and features fit in. I will start at the highest level and then peel off the layers one at time to explain how some of the "magic" happens. Over the course of the presentation I will break Kubernetes into the following layers:

"Kubernetes for the End User": A quick summary on some of the core components of Kubernetes: Namespaces, Deployments, Pods, Services, and Ingress Rules. At this layer the user just needs to understand the promises made by Kubernetes, not necessarily the way it keeps them. This layer primarily serves to establish a typical cluster workload. The resources defined here will be used when explaining all of the deeper layers.

"Kubernetes for the Cluster Admin": This Layer peels away some of the cluster "Magic". I will cover how the service account, default tokens, ReplicaSet and Pods from the previous layer got created by the kube-controller-manager. I will also explain how the kube-scheduler decided which node the workload should run on and how that decision could have been influenced by fields in the pod spec. This section will touch on the core concepts of Ingress controllers, Admission Controllers, scheduling, and core controller loops.

"Kubernetes for the Cloud Admin": This layer covers Kubernetes at an infrastructure level. Core concepts covered are: Horizontal Scaling, Load Balancing, high availability for masters and nodes, node management, and fault-tolerance levels. Here is also where I set the stage for the network layer that is covered next.

"Kubernetes for the Network Admin": Now we dig deeper into the network infrastructure. Explaining how pods and services work together, how your network traffic figures out where to go, and how it gets there. This section covers the concepts of East-West and North-South load balancing. The goal is to provide an basic understanding of the network promises made by Kubernetes and how you might replace them with other software and services.

"Kubernetes for the Linux Admin": A discussion of Kubernetes at the OS layer. This layer digs into the processes and configuration of the base OS. This includes pluggable container engines ex: Docker vs. Rkt, logging, CNI, metric gathering and volume mounting.

"Kubernetes for the Power-User": Time permitting, the final section will put all of the previous ones together to show how a next-generation application might be deployed on top of Kubernetes and take advantage of the more advanced features.

About Carson Anderson
I've been working as a Sys Admin 8 years. I have been focused on Docker, Kubernetes, and container infrastructure at scale for the last 2 years. | | Unabridged version of Kubernetes Deconstructed: https://vimeo.com/245778144/4d1d597c5e
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes Distributions and 'Kernels' - Tim Hockin & Michael Rubin, Google

Kubernetes has historically released a full fledged distribution - everything you need. As the project gets more modular, that will become more complicated. This talk will explore the problems we face with this, and some ways can solve them, considering other analogous OSS ecosystems.

About Tim Hockin
Tim is a Principal Software Engineer at Google, where he works on the Kubernetes and Google Container Engine (GKE). He is a co-founder of the project, and he is responsible for topics like networking, storage, node, federation, resource isolation, and cluster sharing. Before Kubernetes, he worked on Google's Borg and Omega projects and the Linux Kernel, and before that he enjoyed playing at the boundary between hardware and software in Google's production fleet.

About Michael Rubin
Twenty years in the Systems Software Industry, from developing enterprise file servers and systems. The past ten years he has worked at Google where he founded the Linux Storage group for its data centers and worked on world wide WAN and BGP technologies. Today he is co-leading and managing Kubernetes Infrastructure with a focus on node, networking, storage, sharing, GPUs and multi-cluster efforts. For some reason he is still spending way too much personal time with file servers.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes Feature Prototyping with External Controllers and Custom Resource Definitions [I] - Tomas Smetana, Red Hat

Getting patch into Kubernetes might be difficult. Getting a new feature into Kubernetes is... even more interesting experience. When working on the persistent volume snapshotting feature we realized that the straightest path might not lead us where we wanted, Our original idea of adding few API objects and a controller become more complicated when we presented it to the community. So we took a small detour by creating the feature out-of-tree first.

In the talk I will describe the journey of the volume snapshotting feature, how do the external controllers work, what are Custom Resource Definitions and how to add features to Kubernetes without changing its code base.

About Tomas Smetana
Tomas is a an Engineering manager in Red Hat. He is an Open Source enthusiast who used to work on various userspace Linux components contributing to several FOSS projects. For the past one year he is active in the Kubernetes Storage SIG.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes Ingress Controller with Apache Traffic Server [I] - Mrunmayi Dhume, Oath (Yahoo) & Suresh Visvanathan, Yahoo!

Today, the Oath Media Brands and Products container platform is serving critical application workloads like Yahoo Sports and Yahoo Finance at a large scale using Kubernetes as the orchestration framework.

For a platform at this scale, it is critical to have a powerful and flexible ingress routing layer (controller) that is able to handle the dynamic behavior of container based applications, such as auto-scaling, frequently changing pod IP addresses, self-serve onboarding and cluster-aware routing. This L7 routing layer must be quick to react to changes on the cluster without affecting its routing capabilities and impacting the in-flight requests. In a multi-tenant system it is even more vital that a single application deployment does not cause an impact to user traffic or hinder the release velocity of other tenants.

We developed an ingress controller based on Apache Traffic Server that satisfies the requirements stated above, while remaining scalable and easy to integrate with both Kubernetes and the Oath ecosystem. In this talk/presentation, we will elaborate on the architecture of the ingress controller, the performance metrics we’ve achieved, and the key learnings from supporting such a critical infrastructure component.

About Mrunmayi Dhume
Mrunmayi Dhume is a Senior Software Engineer in the Core Infrastructure team at Oath Media Brands and Products. She was involved early on in the introduction of Kubernetes in the organization and took a leadership role in designing and implementing the ingress routing layer components and container pipelines for core platforms used at Oath. Prior to that she has worked in various other projects focused in the areas of developer productivity tools, CI/CD processes and chaos engineering. Before joining Oath she completed her Masters in Computer Science from Stony Brook University, New York.

About Suresh Visvanathan
Suresh Visvanathan, Sr Architect, has over 13 years of experience in IT and Software. Suresh’s current responsibilities include the architecture, vision, strategy and design of cloud platform as-a-service (PaaS). Suresh has been architecting solutions and building products around resilience engineering, Auto recovery Systems and is a frequent speaker at K8s meetup, Chaos Community Events.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes Storage Evolution: Enabling High Performance Distributed Datastores [A] - Erin A Boyd, Red Hat & Michelle Au, Google

This talk will focus on the recent changes & challenges in Kubernetes to address the need for consistent & secure access to local persistent storage and raw block storage.

About Michelle Au
Michelle Au is a software engineer at Google and is leading the local storage effort in Kubernetes. Prior to Google, she was at EMC, working on cluster management and cluster communication protocols. She received a BS in Electrical Engineering and Computer Science from UC Berkeley.

About Erin A Boyd
Erin Boyd joined Red Hat to work on Big Data & Emerging Technologies in 2013. Since that time she has worked on various Open Source projects with most recently contributing to the Kubernetes Storage SIG, Storage E2E testing, and Container Native Storage. Prior to working at Red Hat, Erin spent 13 years at IBM rocking the boat. Creating a homegrown Enterprise Services Bus for a federated analytic solution using Open Source. When she isn't working, she is out enjoying the Big Sky of Montana with her husband and 5 kids.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes in the Datacenter: Squarespace’s Journey Towards Self-Service Infrastructure [I] - Kevin Lynch, Squarespace

As Squarespace’s engineering organization evolved, microservices became an obvious solution to quickly deliver new features and improve infrastructure reliability. We encountered significant challenges in our transition to a microservice-based architecture. Each new service increased the operations burden to provision and maintain a growing fleet of servers, frequently slowing the process of adding new services and scaling existing services in our datacenters.

I’ll discuss how we used Kubernetes to containerize our microservice ecosystem and solve those challenges. To effectively work with ephemeral Kubernetes pods, we replaced Graphite with Prometheus and Sensu with AlertManager to monitor service health rather than individual instances. We discovered massive performance issues containerizing our Java services and worked around JVM complexities. To ease our transition from virtualization to containerization, services running inside and outside of Kubernetes must seamlessly discover each other with Consul and communicate with each other. Thanks to Calico, BGP, and our Leaf-Spine Layer 3 network topology, we efficiently route pod network traffic with the rest of our network.

About Kevin Lynch
Kevin Lynch is a Staff Engineer on the Infrastructure Engineering team at Squarespace. He focuses his efforts on eliminating the complexities of datacenters with the help of automation. He received his BSc and MSc degrees in Computer Science from Drexel University. During his time there he worked on a variety of different projects including processor design, source code transformation, and autonomic computing.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes on AWS: Practices & Opinions [I] - Arun Gupta, Amazon Web Services & Raffaele di Fazio, Zalando

A lot of progress has been made on how to bootstrap a cluster since Kubernetes' first commit. It is now only a matter of minutes to go from zero to a running cluster on Amazon Web Services. There are still many fundamental topics to take a simple setup to something that can be run in production in a large enterprise and it is easy to get confused by the number of options and customizations.
In this talk we will show both common practices for running Kubernetes on AWS and an opinionated view of those. Specifically, we will cover options and recommendations on how to install and manage clusters, configure high availability, perform rolling upgrades and handle disaster recovery, as well as continuous integration and deployment of applications, logging, and security.
At the same time, we will explain how those topics are addressed at Zalando, Europe's leading fashion platform, based upon their experience of operating tens of Kubernetes clusters in production on AWS.

About Raffaele Di Fazio
Raffaele works with the Zalando's Platform Engineering team in Berlin since 2015. There he is working on container technologies, currently focusing on Kubernetes and cluster orchestration. Over the years, Raffaele developed a genuine passion for simplicity and the Golang language. At Zalando, he also helps promoting open source.

About Arun Gupta
Arun Gupta is a Principal Open Source Technologist at Amazon Web Services. He has built and led developer communities for 12+ years at Sun, Oracle, Red Hat and Couchbase. He has deep expertise in leading cross-functional teams to develop and execute strategy, planning and execution of content, marketing campaigns, and programs. Prior to that he led engineering teams at Sun and is a founding member of the Java EE team.

He has extensive speaking experience in more than 40 countries on myriad topics and is a JavaOne Rock Star for four years in a row. Gupta also founded the Devoxx4Kids chapter in the US and continues to promote technology education among children. A prolific blogger, author of several books, an avid runner, a globe trotter, a Docker Captain, a Java Champion, a JUG leader, NetBeans Dream Team member, he is easily accessible at @arungupta.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Kubernetes, Metadata and You [I] - Liz Rice, Aqua Security & Gareth Rushgrove, Puppet

The combination of CI/CD tools and Kubernetes means we can set up a pipeline for deploying code changes as they happen, triggering a container image build and a rolling update to pull the new image. But what about changes that are about the application and how it should run, rather than the code itself?

This talk will explore tools and approaches for managing application metadata alongside the application code. We will look at:

- The importance of metadata to managing modern Cloud Native systems
- Built-in metadata capabilities in Kubernetes like ConfigMaps, Annotations and Labels
- Ways of making a deployment self-describing as part of a CI/CD workflow
- Using metadata to make the life of Kubernetes operators easier
- Examples of open source tools (like Manifesto, Lumogon and Skopeo) which work with Kubernetes ecosystem metadata

About Liz Rice
Liz Rice is the Technology Evangelist with container security specialists Aqua Security, and also works on container-related open source projects including manifesto and kube-bench. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London.

About Gareth Rushgrove
Gareth Rushgrove is a principal software engineer at Puppet. He works remotely from Cambridge, UK, building interesting tools for people to better manage infrastructure. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and information security. When not working he can be found writing the Devops Weekly newsletter or hacking on software in new-fangled programming languages.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Large Scale Teaching Infrastructure with Kubernetes - Yuvi Panda, Berkeley University

Data Science & Programming literacy is an important aspect of literacy in the 21st century, but teaching these skills at scale is quite difficult. At UC Berkeley, we are trying - our 'Foundations of Data Science' course has no pre-requisites, and routinely attracts more than a 1000 students from across majors.

Requiring students to have local programming environments installed & debugged is a non-starter at this scale. We have been running a Kubernetes based JupyterHub environment that allows them to do all their programming with a web based environment with Jupyter Notebooks. This is an important change in many ways:

1. Lets students start instantly with writing code, rather than dealing with the accidental complexity of installing software locally

2. Acts as an equalizer - a student using a chromebook borrowed from the library has no disadvantage over someone using an expensive Macbook Pro

3. This is course critical infrastructure, and needs high availability at low human / dollar cost

In this talk we'll go over how we have:

1. Used Kubernetes to make reduce our costs while allowing a larger group of people to deploy safely to various cloud providers.

2. Extracted our JupyterHub deployment into a project part of Project Jupyter (Zero to JupyterHub) that is being adopted at other universities & organizations.

About Yuvi Panda
UC Berkeley, Data Science Education Program
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Let's Build Kubernetes, With a Spreadsheet and Volunteers! - Justin Garrison, Independent

An introduction to the core responsibilities of Kubernetes. A visual representation of how Kubernetes works and what each component does. Building from nothing until we have a fully functional Kubernetes cluster built from people.

Our Kubernetes in meat space will teach you where to look when things break and help you remember what every component does. We'll show you how the system behaves when components fail and what you can do to fix it.

About Justin Garrison
Justin is the co-author of Cloud Native Infrastructure and has his name in multiple movie credits. What he enjoys most is helping people and learning new things. He likes to teach with unconventional approaches and being part of community.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Load Testing Kubernetes: How to Optimize Your Cluster Resource Allocation in Production - Harrison Harnisch, Buffer

So you've carefully crafted your first Kubernetes service, and you're ready to deploy it to production. Well, not quite: there are still some important unknowns to understand before your service will be ready for production traffic. It's still unclear how the new service behaves when it's being pushed, and it's possible that Kubernetes will kill the service before serving a single request. At Buffer, we've developed a technique to optimize Kubernetes deployment limits by using load testing to identify optimal values for resource limits. When the service is under heavy load there are a few key metrics to watch to identify bottlenecks. These key metrics can be used to adjust resource limits. This real world approach allowed us to safely and efficiently switch over more than half our production traffic to our Kubernetes cluster and can be applied to any application.

This talk will include a live demo of how to tune Etcd using methods we do at Buffer.

About Harrison Harnisch
Senior Software Engineer at Buffer, implementing the transition to microservices with Kubernetes and Docker
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Local Ephemeral Storage Resource Management - Jing Xu, Google

Currently Kubernetes does not support storage resource usage guarantee and isolation like compute resources such as CPU and memory. This talk will present out effort for improving Storage Resource Management in Kubernetes with focus on capacity isolation in ephemeral storage. It will explain how we support resource guarantee and isolation at node, pod, and container levels.

About Jing Xu
Jing Xu obtained her Ph.D. from Electrical and Computer Engineering Department, University of Florida in May 2011. After graduation, she had been a lecture in School of Computer Science in Florida International University for about 4 years. She moved to Bay area in late 2014 and joined VMware, working on Storage Policy Based Management project. Later in 2016, she joined Kubernetes team in Google and now is working on storage management.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Managing and Running Multiple Kubernetes Clusters in Hybrid Setups [I] - Sebastian Scheele, Loodse & Simon Pearce, SysEleven

As hosting provider, SysEleven, runs and manages multiple Kubernetes clusters for various customers on different platforms. In this talk, we will give you a breakdown on how we run one single Google-like container engine for various clouds and also for bare metal. Moreover, we show how we provide high-availability clusters by running Kubernetes on Kubernetes.

About Simon Pearce
Simon Pearce is a System Architect at SysEleven in Berlin Germany since 2013. He has over 15 years of experience in the web hosting industry. With a focus on building distributed systems on public and private clouds. He is responsible for the kubernetes service team at SysEleven. Working on improving the experience of running multiple kubernetes clusters on a openstack cloud with a quobyte storage cluster.

About Sebastian Scheele
Sebastian Scheele is the CEO and co-founder of Loodse. With Loodse, he wants to empower IT teams to focus on their core: write groundbreaking applications and design the digital future. Sebastian is passionate about the potential of container and cloud native technologies and has been a major contributor to the development of the Open Source projects K8SNIff and Kube-machine. He is a KubeCon EU and Cebit speaker and has published several articles on Kubernetes in leading tech media including The New Stack.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Microservices Patterns with NGINX Proxy in an Istio Services Mesh [I] - A.J. Hunyady, NGINX Inc

Building a cloud native application is only half the battle; running it reliably is the other half.

NGINX, the leading provider of ingress controller functionality in Kubernetes environments, has partnered with Istio to enhance Sidecar proxy capabilities in the Istio' Services Mesh architecture.

A service mesh is highly dependent on the strength of the proxy, and NGINX is the most powerful service proxy in the market. It offers a small footprint high performance engine with advance load balancing algorithms, caching, SSL termination, API gateway, extensibility through broad range of third-party modules, sciptability with Lau and nginScript and various security features with granular access control.

Microservices also require a Web Server to be deployed side-by-side with the service proxy. While optional, deploying NGINX as Web Server technology provides additional benefits in performance, manageability, security and the overall monitoring of the Application.

NGINX is already used by more than half of the top 100,000 websites and this talk will describe how NGINX in Istio environments is a natural extension of this technology.

Our demo will show a sample application running in a Kubernetes/Istio/NGINX environment and we will answer questions from the audience.

About A.J. Hunyady
A.J. Is a technology enthusiast and a Silicon Valley veteran. He founded Zokets where he developed software for managing containerized services in highly dynamic environments. A.J. is now at NGINX, where he leads innovations in new product development.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Microservices, Service Mesh, and CI/CD Pipelines: Making It All Work Together [I] - Brian Redmond, Microsoft

Microservices come with many advantages for massively scaling applications. With that comes many challenges around service communication and application updates. It is pretty simple to do blue/green deployment and canary releases with a basic web site. But what about thousands of microservices? How can we have blue/green deployments at the service level while still allowing for efficient communication? This is one of the areas where service mesh technology is a huge benefit in Kubernetes.

In this session, I will show how to use common CI/CD tooling such as Spinnaker or Jenkins to drive microservices deployments with Kubernetes. I will show how service mesh technologies such as istio and linkerd ease the ability to efficiently deliver and test microservices in Kubernetes. All without substantial changes for the microservice developer. Additionally, I will provide comparisons of the wide variety of tools available in this area.

The overall goal of this demo heavy session is to show the value of these technologies working together to ease the delivery of cloud native applications.

About Brian Redmond
Brian Redmond is an Azure Architect on the Global Black Belt team. Brian focuses on containers, microservices, DevOps, and cloud native applications in the Azure cloud platform. Brian has been working in technology for over 20 years and has a mixed background across application development to infrastructure. Brian is based in Pittsburgh, PA and enjoys running, biking, and tinkering with new technology.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Modern Big Data Pipelines over Kubernetes [I] - Eliran Bivas, Iguazio

Big data used to be synonymous with Hadoop, but our ecosystem has evolved over time with new database, streaming and machine learning solutions which don’t necessarily benefit from the Hadoop deployment model of Map/Reduce, YARN and HDFS. These solutions require a generic cluster scheduling layer to host multiple workloads such as Kafka, Spark and TensorFlow, alongside databases such as Cassandra, Elasticsearch and cloud-based storage.

Eliran Bivas is a senior big data architect with years of hands-on experience working on both big data and cloud native solutions. Eliran will go over a common solution framework to create cloud native end-to-end analytics applications. It involves using Kubernetes as an alternative to Yarn, running Spark, Presto, machine learning frameworks (TensorFlow, Python and Spark ML kits) and serverless functions coupled with local and cloud-based storage. The session will showcase customer use-cases from IoT, automotive, cloud SaaS and finance. It will also include a live solution demo which demonstrates the benefits of using big data and analytics over a cloud native architecture, eliminating the existing challenges of complexity and moving towards a continuous integration and development architecture for big data.

About Eliran Bivas
Eliran Bivas is a senior big data architect at iguazio and a self-proclaimed tech junkie with a passion for innovation. Eliran is skilled with object-oriented design and development, having worked extensively on cloud native environments. He has broad experience developing with cloud services such as Amazon EC2, Google AppEngine, Heroku and VMware CloudFoundry. Eliran is also savvy with Spark, Presto, Flink and TensorFlow, but his main interests are in JVM languages, Golang, Docker and Kubernetes. Prior to iguazio, Eliran worked at global tech leading companies such as VMware and F5 Networks. He has a B.Sc in Math and Computer Science and an MBA from Bar Ilan University.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Modifying gRPC Services Over Time [I] - Eric Anderson, Google

Services grow and stretch over time to accommodate features, bugs, and basic maintenance. Learn how gRPC services can change while managing existing clients.

About Eric Anderson
Staff Software Engineer, Google
Tech Lead for Java gRPC. Contributor to the gRPC wire protocol and experienced with HTTP/2.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Monitoring Kubernetes: Follow the Data [B] - Ilan Rabinovitch, Datadog

At Datadog we help thousands of organizations monitor their infrastructure and applications. In this session, we’ll dive deeper into the several hundred trillion data points we’ve gathered to extract information about the real-world use of Kubernetes and see trends in container and orchestrator usage.

As we look at Kubernetes and container usage data, we’ll also discuss the top applications being used in orchestrated environments and, using the data, provide insight into which metrics you should watch and how to troubleshoot based on those metrics. In this session, we will also look at a framework for your metrics and how to use it to find solutions to the issues that come up.

We will cover the three types of monitoring data; what to collect; what should trigger an alert (avoiding an alert storm and pager fatigue); and how to follow the resources to find the root causes of problems.

Although the real-world Kubernetes and container use data is derived from Datadog users, the focus of this session is not tool specific, so attendees will leave with strategies and frameworks they can implement in their container-based environments today regardless of the platforms and tools they use.

About Ilan Rabinovitch
Ilan Rabinovitch leads the community and product teams at Datadog. He spends his days diving into container monitoring metrics, collaborating with Datadog's open-source community and evangelizing observability best practices.

Previously, Ilan spent a number of years leading infrastructure and reliability engineering teams at organizations such as Ooyala and Edmunds.com. He’s active in the open source and DevOps communities, where he is a co-organizer of events such as SCALE, Texas Linux Fest, and multiple DevOpsDays events.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Moving from Mesos to Kubernetes Without Anyone Noticing [I] - Anubhav Mishra, Hootsuite

At Hootsuite, we’ve been using Mesos and Marathon as our microservices platform for over two years but last year, we made the decision to bet on Kubernetes as its replacement. Eight months later, a small team of three operations engineers had migrated our first microservice from Mesos to Kubernetes. All without developers making any code changes. This was possible by architecting our applications with the proper set of abstractions. Fast-forward three months later and we have almost 20 microservices running on Kubernetes in production.

In this session, we’ll do a live demo of migrating a service from Mesos to Kubernetes, just like how we did it at Hootsuite! We will cover why architecting your infrastructure with the “right” abstractions helps you do these huge migrations with ease and how Kubernetes already contains these abstractions. We will explore how having a service mesh helps routing between two platforms while doing the migration. Also, how a mature CI/CD pipeline can help you deploy to two platforms with ease. To conclude we will explore the differences in running a service in Mesos and Kubernetes.

About Anubhav Mishra
Anubhav Mishra is a Developer Advocate at HashiCorp. He previously worked at Hootsuite. At Hootsuite he was focused on building cloud infrastructure and distributed systems. His work spans developers and operators. He helped create the next generation microservice delivery platform using Kubernetes. He loves DJing, making music and playing football in his free time. He is also a huge Manchester United supporter.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Multi-Cluster Ops in a Hybrid World [A] - Vitaliy Zinchenko & Kire Filipovski, Oracle

The reality of multiple Kubernetes deployments typically leaves you with varied cluster profiles, deployed on a mix of on-prem and public cloud environments. Production ops for large distributed systems is hard enough in a single environment, but becomes even more complex with hybrid conditions.
In this talk, we’ll dissect how to leverage federation for Kubernetes governance across capacity management, micro service dependencies, infrastructure upgrades, versioning, and security, as well as, global high availability, continuity, and resiliency, in a hybrid environment.

About Kire Filipovski
Kire Filipovski works as a Cloud Architect at Oracle leading design and implementation of a distributed containerized application management system. Previously Kire worked as a Distinguished Cloud Architect at Walmart where he designed computing platforms that transformed the world's largest company into a digital business. He joined Walmart in 2013 as part of the OneOps acquisition, a company which he co-founded in 2011.

About Vitaliy Zinchenko
Vitaliy Zinchenko is Oracle’s Cloud Architect working on the design and implementation of a Global Application System for Oracle Cloud customers. Prior to joining Oracle, Vitaliy was with Walmart Labs as a Principal System Engineer, where he implemented a cloud based application lifecycle management system that brought a developers and operations experience to the next level. He joined Walmart in 2013 as part of the OneOps acquisition, a company which he co-founded in 2011.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Multi-Tenancy Support & Security Modeling with RBAC and Namespaces [I] - Fred Vong & Michael Y. Chen, VMware

As container technologies mature, Kubernetes is clearly gaining momentum with developers as a means to deploy their distributed applications. As more applications and clusters are deployed by more developers, multi-tenancy and isolation become concerns not only for the app developer, but also for the cluster admins. In this talk, we will discuss the various cluster security models available today, and how to use namespaces to provide tenant isolation. We will also demonstrate how to use Kubernetes’ Role Based Access Control (RBAC) feature as means of enforcing a multi-tenant security model. By assigning roles and role bindings and creating namespaces, we can implement restrictions on resource consumption and provide tenant isolation throughout the cluster. We’ll also demonstrate how the RBAC feature provides granularity of access control that can be adjusted to suit varying requirements—from granting full access to users or groups to a cluster to only granting access to specific resources within a namespace. Following the discussion of how to build a security model with namespaces and RBAC, this talk will also feature a live demonstration of RBAC and namespaces in action to illustrate the concepts and show how both admins and developers are affected by the model.

About Michael Chen
Senior Manager, VMware

About Fred Vong
Fred Vong is passionate about the cloud and data center automation technologies. Currently, he is actively working on both OpenStack and container orchestration area in VMware. He believes deployment of whole software stack should be as simple as clicking a button.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Next Generation Services at Indeed Using gRPC [I] - Jaye Pitzeruse, Indeed.com

At Indeed, we use an internal framework for interprocess communication called Boxcar. Boxcar was developed in 2010 and provides built-in advantages when used with Indeed’s infrastructure. This framework was originally built as a proof of concept and only targeted Java as a supported language. Due to this limitation, it has not scaled with Indeed’s growth and adoption of more and more languages. Recently, Indeed has started to experiment with gRPC as a replacement for the framework. In this talk, we’ll describe our existing service infrastructure and the changes we made in order to support gRPC. We’ll also discuss the strategy we used to migrate existing Boxcar services over to using gRPC. Finally, we’ll compare benchmarks between Boxcar and the new gRPC-based system. Other technologies mentioned in the talk: linkerd for load balancing, opentracing.

About Jaye Pitzeruse
Senior Software Engineer working out of Indeed's Austin tech office for the last 4 years. Today, I own the distributed services framework that drives many of the systems at Indeed. I also work with our Services Infrastructure Group to expand our service capabilities. Such capabilities include supporting HTTP2 based communication, securing existing interprocess communication, and centralizing load balancing between services.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

One Chart to Rule Them All: Continuous Deployment with Helm at Ticketmaster - Michael Goodness & Raphael Deem, Ticketmaster

As Kubernetes continues to mature, it's increasingly hard for users to keep track of the latest resource types, much less the best way to employ them. ReplicationControllers and Services were easy enough. Then came Deployments and Ingresses. Now we have PodDisruptionBudgets, ClusterRoleBindings, and HorizontalPodAutoscalers. Luckily, we also have Helm to package and deploy these various components (and more) as a single unit.

In this talk we'll dissect the single, flexible Helm chart Ticketmaster developed for use by multiple product teams. We'll show how we use just a handful of variables to enable log collection with Fluentd, metric scraping with Prometheus, and automatic scaling of pods. Then we'll demonstrate the GitLab CI workflow through which we deploy multiple builds of an application to multiple Kubernetes clusters running both on-prem and in AWS.

About Raphael Deem
Raphael is a Systems Engineer at Ticketmaster and open source contributor. He is a relative newcomer to the community, having started working with Kubernetes within the last six months. Prior to working at Ticketmaster, he was a remote engineer for Platform.sh, a Paris-based PaaS built with Python and LXC containers running on AWS. He was (briefly) a high school math teacher, and is a casual juggler.

About Michael Goodness
Mike is a Lead Systems Engineer on the Kubernauts team at Ticketmaster and a CNCF Ambassador. He began working with Kubernetes in late 2015, and quickly became an avid member of the community. While primarily involved with day-to-day cluster operations, he is also keenly interested in helping developers use cloud native technologies to deploy scalable, reliable applications. He is a co-maintainer of the Helm community charts repository and has contributed several popular charts. Hailing from Wisconsin, Mike is a co-organizer of DevOps Days Madison, a dedicated Milwaukee Brewers fan, and a cheese curd aficionado.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Panel: Ask Me Anything: Microservices and Service Mesh [B] - Moderated by Jason McGee, IBM

Have you heard the buzz around microservices and containers lately? With containers becoming the new standard to building microservice based applications for production, users are leveraging the service mesh to solve common issues with routing, re-routing for graceful degradation as services fail, secure inter-service communication and rate limiting between services. Join us for a live interactive session where our panel of experts from IBM, Google, Envoy, Linkerd and RedHat will address your most challenging inquiries around microservice and service mesh!

About Jason McGee
Jason McGee, IBM Fellow, is VP and CTO of Container and Microservice Tribe. Jason leads the technical strategy and architecture across all of IBM Cloud, with specific focus on core foundational cloud services, including containers, micro-services, continuous delivery and operational visibility services. Previously Jason has served as Chief Architect of PureApplication System from inception to a mature $100+ million product.'

About Matt Klein
Matt Klein is a software engineer at Lyft and the architect of Envoy. Matt has been working on operating systems, virtualization, distributed systems, networking, and making systems easy to operate for 15 years across a variety of companies. Some highlights include leading the development of Twitter’s C++ L7 edge proxy and working on high-performance computing and networking in Amazon’s EC2.

About Sven Mawson
Google: Sven Mawson (sven@google.com) Sven is a Senior Staff Software Engineer at Google, and one of the founders of the open source Istio project. He joined Google in 2006, and has spent the past 10 years working on several generations of Google's API Management platform, starting with the AtomPub-based Google Data APIs. Prior to joining Google, Sven worked for Salesforce.com, where he helped design and build the SOQL language for querying hosted object databases.

Sven received his BS in Computer Science from Stanford University and his PhD in Computer Science from UCLA. He currently resides in a redwood forest in the Santa Cruz mountains, east of Half Moon Bay, and enjoys spending time with his wife and three children hiking through the woods and counting banana slugs.

About William Morgan
Twitter Tweet Websitehttps://buoyant.io
William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant microservice architecture. He was a software engineer at Powerset, Microsoft, and Adap.tv, a research scientist at MITRE, and holds an MS in computer science from Stanford University.

About Christian Posta
Christian Posta (@christianposta) is a Chief Architect of cloud applications at Red Hat and well known in the community for being an author (Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects. Christian has spent time at web-scale companies and now helps companies create and deploy large-scale, resilient, distributed architectures - many of what we now call Microservices. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, devops, and cloud-native application design.

About Lin Sun
Lin is a core contributor and maintainer on Istio. She is passionate about new technologies and love to play with them. She is a master inventor, currently, holds 100+ patents filed or pending with USPTO along with hundreds of articles published at IP.com.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Panel: Kubernetes, Cloud Native and the Public Cloud [B] - Moderated by Dan Kohn, Cloud Native Computing Foundation

The six largest public cloud providers -- AWS, Microsoft, Google Cloud, IBM Cloud, Alibaba Cloud and Oracle -- are all now major backers of CNCF and Kubernetes. This is a chance to hear their perspective on investments they are making into Kubernetes and other CNCF technologies. How are they using these technologies internally? What changes are they making in their offerings to better suit cloud native enterprises? What is their perspective on the future of container runtimes? How do they deal with customers that need a hybrid cloud solution? Is the infrastructure layer becoming commoditized? What is their ability to differentiate in value added services at the higher layers? What projects should CNCF bring in to help fill out its stack?

About Dan Kohn
Twitter Tweet LinkedIn Connect Websitehttps://dankohn.com
Dan is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch the Linux Foundation's Core Infrastructure Initiative as an industry-wide response to the security vulnerabilities demonstrated by Heartbleed.

About Jon Mittelhauser
Jon runs engineering for the Container Native Platform team at Oracle (which includes all of Oracle’s Kubernetes offerings). Jon is considered one of the founding fathers of the World Wide Web with more than 20 years of open source and engineering management experience. He wrote the first widely used Web browser (NCSA Mosaic for Windows) as part of his Master’s thesis at the University of Illinois and was a founding engineer of Netscape Communications. More recently he ran engineering for Nebula, Inc., was on the OpenStack foundation board and was CEO of CloudBolt Software.

About Gabe Monroy
Gabe Monroy is the Lead PM for Containers on Microsoft Azure. Gabe was the founder and CTO of Deis, which was acquired by Microsoft in 2017. As an early contributor to Docker and Kubernetes, Gabriel has deep experience with containers in production and frequently advises organizations on PaaS, distributed systems, and cloud-native architectures. Gabriel speaks regularly at industry events including KubeCon, DockerCon, CoreOS Fest, GlueCon, QCon, and Microsoft Build.

About Todd Moore
Todd leads the IBM global team working to develop open communities that fuel both innovation and new business models. Todd can be found engaged with communities and technologies that span Cloud Computing, Mobile, Social Business, and Analytics. He has the pulse of where open innovation is happening around the industry. Todd has a unique background in software and hardware development, architecture, design and product management. He has served in executive roles in both IBM’s Software and Systems.

About Aparna Sinha
Aparna Sinha leads the product team at Google for Kubernetes and Container Engine. She started and co-leads the community PM Special Interest Group (SIG) to maintain an open backlog for the Kubernetes project on Github. Aparna is currently a secondary member of the CNCF Governing Board. She has worked in enterprise software for 15+ years, and was formerly a Director of Product at NetApp. Aparna holds a PhD in Electrical Engineering from Stanford and has co-authored several technical papers during her research.

About Hong Tang
Dr. Hong serves as Chief Architect at Alibaba Cloud, the cloud computing arm of Alibaba Group. He joined Alibaba Cloud in 2010 and has been instrumental in the development of Apsara, Alibaba Cloud’s large-scale computational engine.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Persistent Storage with Kubernetes in Production - Which Solution and Why? [I] - Cheryl Hung, StorageOS

Persistent storage often seems like a confusing plethora of options, from local volumes, NFS, distributed storage like Ceph, cloud storage such as AWS’s EBS and S3, to volume plugins with Docker and Kubernetes integration. This talk compares and contrasts the most popular solutions, and lays out the eight principles for cloud native storage.

About Cheryl Hung
Cheryl is an ex-Google software engineer with a passion for developer tools, experience and community. She founded the Cloud Native London meetup and codes, writes and speaks about containers, storage and cloud computing.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Pinterest's Journey from VMs to Containers [I] - Michael Benedict, Pinterest

Pinterest helps you discover and do what you love. A visual discovery engine at heart, Pinterest guides you through a billion possibilities to quickly discover & get inspired to do something. With over 150MM MAUs across the globe contributing & combing through a billion pins, Pinterest's Infrastructure is built to cater to this scale with very unique requirements -- Today, I'll be talking about how a company operating on the public cloud on VMs since its inception decided to move to containers.

This talk will primarily focus on four things:
1. Pinterest Infrastructure Overview (Offline Compute / Online Serving)
Pinterest was born on AWS. As of today, we operate tens and thousands of instances and process tens and hundreds of PBs of data. Data is the cornerstone of our business where freshness & relevance is key. We will deep dive into our processing & serving stack.

2. VMs vs. Containers - The Pros and Cons
In this section, we will cover the challenges along four key pillars:
a. Developer Velocity - We will discuss the overall job lifecycle workflow i.e build, setup, deploy, operations when using VMs or Containers.
b. Service Reliability - Constraints around resource isolation and standardization across health checks.
c. Infrastructure Governance - Attribution of resources both on utilization & Spend, Quotas
d. Efficiency - Specifically around auto scaling -- our learnings from using ASGs at scale & how this impacts VM vs. Container from an efficiency & operations perspective.

3. Move to Containers
Here we will discuss the use of Docker at Pinterest and more importantly the steps we took around evaluating various orchestration systems. I'll share the various dimensions we evaluated and our learnings when running on a public cloud environment. For ex, docker integration, scheduling, networking, community, stateful support, big data support, security support

4. Vision of the Compute Platform at Pinterest
Finally we will close out with the larger vision (next 18 months) for the Compute Platform at Pinterest.

About Micheal Benedict
Micheal Benedict leads Product Management for Pinterest's Cloud & Data Infrastructure. He and his team are building Pinterest's next generation multi-tenant compute platform for stateless and stateful services. He also manages Infrastructure Governance at Pinterest. Previously, he lead products for Twitter Cloud Platform. Prior to that, he was an engineer building systems for Twitter's Observability Stack. Micheal has a Masters degree in Computer Science from SUNY at Buffalo.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Planes, Raft, and Pods: A Tour of Distributed Systems Within Kubernetes [B] - Bo Ingram, Craftsy

Kubernetes does some pretty neat things for you — autoscaling your app, rolling deploys, and more! In this talk, we’ll take a look at how Kubernetes leverages distributed systems to make its magic happen. We’ll do an overview of all components, but we’ll be concentrating on etcd, the controllers, and the scheduler. We’ll examine etcd and take a dive into the Raft algorithm to show how Kubernetes handles distributed state. We’ll take a look at some of the controllers to show how they reconcile the cluster’s state. We’ll also be shining a spotlight on the scheduler and show how we go from unscheduled to happy and running. Lastly, we’ll take the things we’ve learned and show how they work together to deploy an app by tracing an actual deployment through a cluster.

About Bo Ingram
Bo Ingram is a Java platform engineer at Craftsy who spends his time flipping back and forth between backend feature development and infrastructure work. He has a problem where he buys more books than he can ever hope to read.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Pontoon: An Enterprise Grade Serverless Framework Using Kubernetes – As Used in VMware Cloud Services [I] - Kumar Gaurav & Mageshwaran Rajendran, VMware

In VMware Cloud services, we perform both batch and real-time computations based on periodic schedules and on-demand events, using our in-house developed serverless framework called Pontoon. This provides better utilization of resources and enables our service developers to write serverless functions with simple declarations.
Kubernetes provides Jobs and Deployments as design constructs to handle such needs, while other frameworks like IronIO Functions, Fabric8, et al aim to solve end-to-end use case . However, we had to extend on top of Kubernetes Jobs & Deployments to define the packaging and I/O interactions of the function, implement a priority queue for execution, and provide declarative retry policy while ensuring high availability. A developer 'writes' a function supporting common EAI patterns for start time parameterized variables, and defines it's packaging and scheduling using a yaml file. The framework then packages it as a Container alongwith an 'observer' container in a pod, 'registers' it with the scheduler while ensuring choice of 'warm' vs on-demand requisite replicas of the pod, and then through a 'Scalar' manages the execution and life cycle of job, while logging and tracing failures/success.
This framework is in use over months in VMware Cloud services and we are now open sourcing it.

About Kumar Gaurav
Kumar Gaurav is working on the first set of services under VMware Cloud Services umbrella, a SaaS offering. He is a veteran in VMware, having built many cloud management products over 9 years and holds dozens of US patents, and few academic publications in Container space. He is the host and organizer of Kubernetes meetup Bangalore chapter. He works out of VMware Bangalore office, as Director R&D.

About Mageshwaran Rajendran
Mageshwaran Rajendran is a lead designer and co-architect of Cost Insight- one of the service under VMware Cloud Services SaaS offering. He has earlier built big data based batch & real-time data pipelines handling TB’s data for financial institution and distributed applications handling high concurrency with specific focus on code quality and long-term maintainability. He works out of VMware Bangalore office, as Staff Engineer.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Preventing Attacks at Scale [I] - Dino Dai Zovi, Capsule8

Security hardening for containers, clusters, and operating systems is a very important part of setting up infrastructure and always "Plan A". The world of "Plan A" defends the importance of making sure your cluster is set up securly. Dino comes from the world of "Plan B" and will focus on detecting when security boundaries have been breached. This is necessary for environments where you don't have ability to ensure base OS is fully patched, etc.

Step into the world of Linux kernel features such as seccomp, eBPF, kprobes and Kubernetes tunable security features and learn how to detect and defend against attacks at scale.

About Dino Dai Zovi
Dino Dai Zovi is the Co-Founder and CTO at Capsule8. Dino is also a regular speaker at information security conferences having presented his independent research at conferences around the world including DEF CON, Black Hat, and CanSecWest. He is a co-author of the books "The iOS Hacker's Handbook" (Wiley, 2012), "The Mac Hacker's Handbook" (Wiley, 2009) and "The Art of Software Security Testing" (Addison-Wesley, 2006). He is best known in the information security community for winning the first PWN2OWN contest at CanSecWest 2007.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Providing Containerized Cinder Services to Baremetal Kubernetes Clusters [I] - John Griffith, NetApp & Huamin Chen, Red Hat

Kubernetes deployments running on OpenStack clusters require a full OpenStack: Keystone, Nova, and Cinder services.

This talk presents a more pervasive and simplified deployment architecture by integrating Containerized standalone Cinder services with baremetal Kubernetes. Cinder services offer many storage features that are still missing in Kubernetes. Cinder is supported by many storage vendors, with over 70 storage drivers in its repository. A Containerized standalone Cinder service makes these features and extensive storage products available to Kubernetes cluster.

Key to this architecture is a Kubernetes volume provisioner that provisions Cinder volumes and transparently converts Cinder volumes to Kubernetes supported storage types, such as iSCSI, Fibre Channel, NFS, or Ceph RBD.

Based on the these technologies, the new architecture enables enterprise customers to deploy Container services in a dedicated cluster and consume advanced storage features.

About Huamin Chen
A passionate system software developer, Huamin Chen contributes to open source projects spanning from A to Z: Apache BigTop, Ceph, fio, Gluster, Kubernetes, Tachyon, and ZFS. Huamin Chen is currently employed by Red Hat. Follow him at http://github.com/rootfs

About John Griffith
John Griffith, Principal Software Engineer at SolidFire now a part of NetApp, helped to create the Cinder project in OpenStack. Primary responsibilities are upstream contributions to cloud related open source technologies. Currently active in Kubernetes Storage SIG, CNCF CSI project and various other communities.

John has over fifteen years of engineering experience in both hardware and software engineering. He’s been an active user and contributor to open source for over a decade. In addition to his technical contributions, John also spends a lot of his time talking to people who are interested in learning about various Cloud technologies as well as gathering feedback from current users.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Queueing Theory, In Practice: Performance Modelling in Cloud-Native Territory [I] - Eben Freeman, Honeycomb.io

Kubernetes and similar cloud-native infrastructure make it easier than ever to adjust a service's capacity based on variable demand. In practice, it's still hard to take observed metrics, and translate them into quantitative predictions about what will happen to service performance as load changes. Resource limits are often chosen by guesstimation, and teams are likely to find themselves reacting to slowdowns and bottlenecks, rather than anticipating them.

Queueing theory can help, by treating large-scale software systems as mathematical models. But it's not easy to translate between real-world systems and textbook models. This talk will cover practical techniques for turning operational data into actionable predictions. We'll show how to use results from queueing theory to develop a model of system performance. We'll discuss what data to gather in production to better inform its predictions -- for example, why it's important to capture the shape of a latency distribution, and not just a few percentiles. We'll also talk about some of the limitations and pitfalls of performance modelling.

About Eben Freeman
Now largely reformed after stints studying theoretical math and living as an itinerant rock climber, Eben is fascinated by tools that help humans better understand the systems they create. He works as an engineer at Honeycomb.io.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Real Security for Services on Kubernetes [I] - Eric Wang & Yun Zhang, Databricks

We all love the ease-of-use Kubernetes provides to engineers to deploy and manage their services. But before you can start running production code and dealing with customer data, you need to ensure that everyone's favorite features are in place: audit logs and access control. (And the crowd goes wild!)

At Databricks, we know that the best way to do security is to make sure the simplest way to do something is the secure one. In this talk, we introduce a system called Genie which uses time-boxed TLS certificates to authorize engineers to talk to certain namespaces within Kubernetes. Additionally, we will discuss how we extended this framework to allow for continuous deployment/continuous integration without weakening our security story!

About Eric Wang
Eric is a software engineer on the Cloud team at Databricks. Before that, he worked at Cisco Meraki, developing core features for the time-series database Little Table. At Databricks, Eric and his colleagues on the Cloud team work on infrastructure to enable engineers to rapidly deliver reliable, scalable, and secure services in a variety of cloud environments.

About Yun Zhang
Yun is a software engineer of the Cloud team at Databricks. He is experienced in building highly-available cloud infrastructure for data processing engines like Apache Spark and Amazon Redshift.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Reliable Application Roll Out and Operations with Istio [B] - Lin Sun, IBM & Mandar Jog, Google

Do you wish for a premium user experience as your team delivers new code to production with speed and agility? Have your users been caught off guard with new feature and enhancement continuously delivered to the cloud? Do you have services go dark while other service can’t handle graceful degradation? Do some of your services get overloaded with too many requests occasionally? If you have experienced some or all of these concerns, we have the answer and it’s service mesh with Istio!

Join us to hear how you can leverage Istio’s intelligent routing feature to roll out newer version of services, apply rate limiting to your services to shed load and gracefully degrade as services fail, and visualize the dependencies and flow of traffic between services to provide optimized user experience to your users as you continuously deliver new updates to your microservice based application.

About Mandar Jog
Mandar Jog is a senior software engineer at Google working on Istio.
Mandar is specifically focussed on Istio configuration and Mixer.

Prior to Google, Mandar has led an engineering team at a startup and worked at Pivotal helping customers deploy Cloud Foundry. Mandar has been a user or a creator of application rollout technologies for years, and believes in user focussed design.

About Lin Sun
Lin is a core contributor and maintainer on Istio. She is passionate about new technologies and love to play with them. She is a master inventor, currently, holds 100+ patents filed or pending with USPTO along with hundreds of articles published at IP.com.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Running Mesos Frameworks on Kubernetes with the Open-Source Universal Resource Broker - Fritz Ferstl, UNIVA

While Kubernetes continues to gain in popularity for cloud applications, many organizations run popular frameworks deployed on Mesos. The need to support multiple orchestration frameworks can result in added cost and complexity as organizations struggle to manage separate, siloed environments. Based on earlier work done for HPC users, Univa has contributed their Universal Resource Broker (URB) Technology to the Kubernetes community as an open-source project. The freely available software allows any Mesos compatible framework including (including Spark, Hadoop, Storm, Jenkins, Marathon and Chronos) to run along-side native Kubernetes services on a shared Kubernetes cluster providing the opportunity simplify environments and consolidate infrastructure.

In his talk Mr. Ferstl will discuss the challenge of running mixed workloads on Kubernetes, provide an architectural overview of the URB and provide a demonstration of the technology. He will also explain how Mesos users or application developers can get started quickly with the technology, and consider it for use in their own environments and applications.

About Fritz Ferstl
Fritz is the Chief Technology Officer at Univa where he helps set technical direction for the company while also spearheading strategic alliances in EMEA. Fritz is widely regarded as the father of Grid Engine software and its forerunners Codine and GRD. He ran the Grid Engine software business at Sun Microsystems and Oracle taking it from an upstart technology to one of the world’s most widely deployed workload management solutions. Under Fritz's leadership Grid Engine software was open sourced, and grew into a vibrant community. Fritz holds a Masters in Applied Mathematics from the East Bavarian Technical University of Regensburg in Germany.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Running Mixed Workloads on Kubernetes at the Institute for Health Metrics and Evaluation - Dr. Tyrone Grandison, Institute for Health Metrics and Evaluation (IHME), University of Washington

The mission of the IHME is to apply rigorous measurement and analysis to help policy makers make better decisions on a range of health policy issues. Like other organizations, the IHME have embraced containers and micro-services aggressively to better support hundreds of collaborating researchers.

In addition to containerized workloads, the IHME run a wide-variety of traditional analytic, simulation and high-performance computing workloads on an HPC cluster with 15,000 cores and 13PB of storage. Researchers increasingly need to combine both containerized and non-containerized elements into workflow pipelines, and a key challenge has been ensuring SLAs for various departments and avoiding duplicate infrastructure and unnecessary data movement and duplication. In collaboration with industry partners, IHME have deployed a unique solution based on Univa’s Navops technology that allows them to combine containerized and traditional analytic and high-performance application workloads on a single shared Kubernetes cluster, ensuring departmental SLAs and helping contain infrastructure costs.

In this talk Dr. Grandison will discuss IHME, their experience deploying containerized applications and how they went about using Kubernetes to support a variety of new containerized applications as well as a variety of traditional analytic applications.

About Dr Tyrone Grandison
Tyrone is the Chief Information Officer leading the IT team at the IHME, independent global health research center at the University of Washington. The IHME provides rigorous and comparable measurement of the world’s most important health problems and evaluates the strategies used to address them. Prior to his involvement at the IHME Tyrone was Deputy Chief Data Officer at the U.S. Department of Commerce in Washington D.C. and a Presidential Innovation Fellow assisting with the CENSUS’ CitySDK projects and project at the US Department of Labor. Prior to this, Tyrone held various positions at IBM’s Almaden Research where he achieved recognition as a Master Inventor. Tyrone holds a PhD in Computer Science from the Imperial College of London, a MSc in Software Engineering from University of the West Indies and is a graduate of the IBM T J Warson Research Center micro MBA program in business.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Running MySQL on Kubernetes [I] - Patrick Galbraith, Consultant

MySQL is the world's most popular open source database and there are a number of ways to run it on Kubernetes. This talk will cover each type of MySQL deployment strategy starting from a simple MySQL pod, to a asynchronous replicated master-slave, synchronous Galera cluster, and on to a Vitess clustering system which allows for horizontal scaling of MySQL and innately has built-in sharding, explaining how each is deployed, what features are available, and what type of application they lend themselves to.

About Patrick Galbraith
Patrick Galbraith has been involved in MySQL, Linux, and other Open Source (OSS) projects back to the early days of Slackware. He has worked broad spectrum of companies throughout his career, including Slashdot, MySQL, Blue Gecko, Hewlett-Packard, and landing recently at Dyn, an Oracle business. During his tenure in Hewlett-Packard's Advanced Technology Group (ATG) for Cloud and Open Source, Patrick had a focus on containerization with emphasis on Kubernetes; this focus, like all ATG endeavors, included participation in the associated OSS communities. Patrick has a keen, and long-standing interest in the effective marriage databases and Kubernetes with a bent toward MySQL. To this end, Patrick's "Galera Cluster for MySQL on Kubernetes" demonstration is a deep-rooted passion of his.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Scaling to 5000+ Unique K8s Deployments, How We Did It [I] - Nicole Hubbard, WP Engine

Most organizations only need to run a couple deployments of their application in Kubernetes. In these situations, deploying onto Kubernetes clusters is relatively straightforward. What happens when you need to simultaneously deploy 5,000 unique instance of your application to different Kubernetes clusters at different providers worldwide?

Over the last year, we have worked to move over 60,000 of our customers' unique workloads from virtual machines onto Kubernetes. I will share our experiences on how to automate and simplify managing unique Kubernetes workloads at scale.

About Nicole Hubbard
Nicole Hubbard is an Architect at WP Engine where she focuses on building container based infrastructure, automation and helping teams deploy their applications.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Securing Cluster Networking with Network Policies - Ahmet Balkan, Google

In a secure microservices cluster, you should only have the pods that need to communicate with each other to be able to establish network connections, and block all others. But how? Until recently, Kubernetes users could not enforce policies for container networking.

First introduced in Kubernetes 1.3, Network Policies are now a stable feature in Kubernetes 1.7. In this talk, we will discuss use cases for network policies, the Network Policy API, how to configure network policies, and how the configured policies are enforced. We will also present some network policies that address some common use cases and are relevant to securing your Kubernetes clusters.

Also, we will discuss the roadmap for Network Policies feature, other methods you can use to secure applications at network and application layers, and how Network Policies relate to service mesh projects such as Istio that offer similar functionality.

About Ahmet Alp Balkan
Ahmet is a software engineer at Google Kubernetes Engine, working on optimizing the developer experiences. He creates developer tools and tells stories about complicated features.

Previously, he has worked on Microsoft Azure on projects like porting Docker to Windows and Azure Container Registry.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Securing Shopify's PaaS on GKE [I] - Jonathan Pulsifer, Shopify

Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company's internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team.

Unfortunately for us, a hosted solution does not offer all the features we've come to love in Kubernetes including NetworkPolicies, PodSecurityPolicies, and admission controllers among others. Given this, the security team has created a number of Kubernetes controllers and other cloud platform solutions to maintain an effective security posture on our new platform.

In this talk we'll introduce our cloud platform, explore the tools we've created to bridge the security gaps, detail the struggles we've encountered using Google Cloud Platform and GKE, and discuss our growing pains with Kubernetes multi-tenancy. Attendees will gain an understanding of the current state of Kubernetes security controls on GKE, a familiarity with some of the products available on Google Cloud Platform, and insight on how to integrate security controls into their development pipelines.

About Jonathan Pulsifer
Jonathan is a Senior Security Engineer at Shopify working on securing their new platform using Kubernetes on GKE. Previously, he was a SANS mentor, network defense instructor, and a team lead at the Canadian Forces Network Operations Centre in Ottawa. Find Jonathan on Twitter @JonPulsifer
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Self-Hosted Kubernetes: How and Why [I] - Diego Pontoriero, CoreOS

How Kubernetes is deployed and managed has changed since the first release of the project. From configuration management systems and unit files to deploying Kubernetes using Kubernetes, a lot has changed. Self-hosted Kubernetes has many benefits as a deployment option, and this talk will highlight those benefits, as well as explain the history and nuances of making self-hosted Kubernetes possible.

In this talk I will describe what self-hosted Kubernetes means, why it exists, how it came into existence, and what you need to know if you're running a self-hosted cluster. Many tools now deploy self-hosted clusters including bootkube and kubeadm, so knowledge of how this works can be very important for anybody running a Kubernetes cluster.

What are the benefits of self-hosting? How does it work? What do I need to know if I'm administering a self-hosted cluster?

All those questions and more will be discussed in detail in this talk. In addition, I will discuss how various projects and products take advantage of the many benefits of self-hosting, such as Tectonic.

About Diego Pontoriero
Diego Pontoriero is a Software Engineer on the Tectonic team at CoreOS, where he works on software that deploys, manages, and upgrades self-hosted Kubernetes clusters. Prior to CoreOS Diego worked at Google building a video-based learning platform, a mobile phone carrier, and a petabyte-scale data warehouse.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Setting Sail with Istio [B] - Lachlan Evenson, Microsoft

Even with Kubernetes, doing microservices is hard. In this session we will dive into Istio, A platform that builds on Kubernetes primitives and simplifies building and securing microservices. This session is a soup to nuts walkthrough of the Istio architecture along with diving into deploying a microservice onto Istio from a user perspective. For those interested in learning more about Istio, this session is a great introduction and will be very hands on.

About Lachlan Evenson
Lachlan Evenson is a cloud native evangelist and mercenary. Lachlan has spent the last two and a half years working with Kubernetes and enabling cloud native journeys. He is a believer in open source and is an active community member. Lachlan spends his days helping make cloud native projects run great on Azure.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A] - Greg Castle & CJ Cullen, Google

Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. In this talk we’ll take a vulnerable application, exploit it, install tools, escalate privileges, propagate between containers and gain control of the cluster. At each stage of the attack we’ll demonstrate how proactive steps could have prevented these actions (or at least made them more difficult), from the container build process to writing RBAC/PodSecurity/AppArmor/Network policies, and more. Since configuration of each defence could be the subject of it’s own deep-dive talk, we’ll mainly focus on the big picture of “what” technologies you’d use to configure your cluster securely and “why”.

About Greg Castle
Greg is the tech lead for the Kubernetes and Google Container Engine (GKE) security team at Google. Prior to GKE, Greg worked on the Google incident response team developing open-source investigation tools, and on OS X platform hardening. His pre-Google job roles have included pentester tech lead, incident responder, and forensic analyst.

About CJ Cullen
CJ works on the Google Container Engine (GKE) Security team. CJ has helped develop the Kubernetes authentication and authorization system, as well as building the cluster deployment and management infrastructure of Google Container Engine.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Squash: A Debugger for Kubernetes Apps - Idit Levine, solo.io

Squash is a tool for debugging distributed applications.

Most cloud native applications written today follow the microservice architecture. These applications are distributed by nature, and therefore hard to debug.

Microservice engineers debug their applications by printing values of select variables into log files. This leaves them with the daunting task of sorting through reams of log data, which at best provide a partial view of the state of application. This approach is cumbersome, time consuming and works better with "easy" bugs.

Many advanced tools to debug monolitic applications exist in the market, and provide users with powerful ways to dissect their programs and to interact with them on the fly. However, these tools cannot be used directly for debugging applications that follow the microservice architecture pattern.

Squash is designed to bring the strength of modern debuggers and the convenience of their IDEs to microservices developers. Squash uses popular, powerful and mature debuggers (gdb, dlv, java debugging) and integrates them seamlessly with Kubernetes. This allows devs to use the debugger of their choice, and the IDEs that support it, to develop microservices on any platform.

About Idit Levine
Founder, solo.io
Idit Levine is a leader and innovator in the Cloud open source community, and the founder of solo.io. Until recently, Idit was CTO for cloud management division at EMC and a member of its global CTO office, where she had focused on Management and Orchestration (M&O) over the entire stack and on microservices, cloud native apps, cluster management and Platform as a Service.

Idit’s fascination with the cloud sprouted when she joined DynamicOps (vRealize, now part of VMware) as one of its first employees. She subsequently took part in developing the new-generation public cloud of Verizon Terremark, and served as an acting CTO at Intigua, a startup company that focuses on container and management technology.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

State of Serverless [B] - Mark Peek, VMware & Doug Davis, IBM

Serverless and FaaS computing is gaining in popularity to easily create microservice applications. In this talk we will discuss what are the characteristics of serverless, the status of the serverless working group within the CNCF, and the open source options available for running serverless and associated services with a focus on kubernetes.

About Doug Davis
Doug works in IBM's Open Source and Standards division. He's been working on Cloud related technologies for many years and has worked on many of the most popular OSS projects, including OpenStack, CloudFoundry, Docker and Kubernetes.

About Mark Peek
Mark is a Principal Engineer at VMware working across areas of interest such as cloud management, cloud native applications, and open source. Currently he is leading the work on serverless within VMware. Mark contributes to a wide range of open source projects and is the VMware representative for the Cloud Foundry TAB, CNCF and OCI.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Architecture of a Multi-Cloud Environment with Kubernetes [I] - Brian Redbeard, CoreOS

Kubernetes is an orchestration platform that enables running distributed systems, which are designed with the philosophy of spreading wide to best prepare for outages. This is achieved by deploying your cloud applications at least across multiple hosts, and at best across multiple cloud vendors. Getting Kubernetes configured to run across multiple cloud environments, including on-premises, hybrid deployments, is a tricky undertaking. Hybrid deployments are a feature many organizations want to implement for a variety of reasons, including security over their data, reliability, and more.

Brian Redbeard, chief architect at CoreOS, will discuss the importance of using open source tools to prevent cloud vendors from locking their users into their walled gardens, and will explore the challenges of making Tectonic, CoreOS’s Kubernetes implementation, able to run on multiple cloud platforms.

About Brian Redbeard
Brian Harrington, also known as Redbeard, is chief architect at CoreOS. He is a developer, hacker, and technical writer in the areas of open-source development and systems administration. His time spent in both defensive and offensive computing have combined with his readings of classical anarchism to present new ideas in organizational hierarchies for software development. He has been featured on Al Jazeera as an expert in the field of computer security, and has been seen and heard on Bloomberg Television and National Public Radio. He currently resides in Oakland, CA and was grudgingly elected president of the hackerspace HacDC.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Art of Documentation and Readme.md for Open Source Projects - Ben Hall, Katacoda

The Readme is becoming essential to successful Open Source projects. The Readme is a gateway to welcoming new users and potential contributors. It defines the tone of the project, how to get started and most importantly, the aim.

While many Open Source projects have amazing code-bases, the Readme and documentation are letting them down and as a result they are losing influence and opportunities for adoption and feedback.

In this talk, Ben uses his expertise of building an Interactive Learning Platform to highlight The Art of Documentation and the Readme file. The aim of the talk is to help open source contributors understand how small changes to their documentation approach can have an enormous impact on how users get started.

Ben will discuss:
- How to create engaging documentation
- Defining technical details in an accessible way
- Building documentation that encourages users to get started
- How to manage documentation and keeping it up-to-date and relevant

In the end, attendees will have an understanding of how to build beautiful, useful documentation. This will be backed by examples from some of the best open source projects.

About Ben Hall
Ocelot Uproar is the creator behind Katacoda (Katacoda.com), an interactive learning platform for software engineers. Ben tweets at @Ben_Hall while blogging at blog.benhall.me.uk.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking [B] - Gerard Hickey, Smartsheet

Implementing Kubernetes is not technically difficult, but the networking layer continues to confuse and cause implementation problems for those new to Kubernetes. Not everyone is capable of using GKE and may need to implement Kubernetes in an on-prem facility. Certainly there is a wealth of online documentation to assist new users but some of this documentation is contradictory due when the documentation was written and the multitude of network stacks available.

This presentation attempts to provide clarity for new implementers and those wishing to understand Kubernetes networking better. The content covers how networking is accomplished in the Kubernetes environment and the reasons why it is implemented differently than traditional network environments. In addition, several of the popular network stacks will be reviewed to provide attendees with knowledge to make a better informed decision when choosing between network stacks.

About Gerard Hickey
Gerard Hickey is a Principal Systems Engineer at Smartsheet where he is building the next generation data center for the world's leading collaboration solution. He has spent the past decade working with and implementing the latest technologies in an effort to provide better automation. In addition, he is active with the open source community providing bug fixes and patches to several projects and in his spare time he works on a number of Raspberry Pi and ESP8266 home automation projects.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Elements of Kubernetes - Foundational Concepts for Apps Running on Kubernetes [I] - Aaron Schlesinger, Microsoft Azure

“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.

In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...

One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.

I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.

We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.

In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.

About Aaron Schlesinger
Sr. Software Engineer on the Microsoft Azure Containers team where he works on Kubernetes and related projects. He’s involved with the Kubernetes project on multiple levels, most prominently as a co-lead in the Kubernetes Service-Catalog SIG. Outside of Kubernetes proper, he’s deeply involved with connecting external services to Kubernetes clusters in a manageable way.

He’s been a software developer for 10+ years, and most of that time has focused on distributed systems from large scale data warehousing to real time servers. Being a Go developer for the past 4+ years, he has distilled his knowledge of the language into the Go In 5 Minutes screencast. He’s also spoken at many conferences and events about Go and Kubernetes, as well as other technologies in the past.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications to Kubernetes [B] - Josef Adersberger, QAware

Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!

We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.

The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?

About Josef Adersberger
Josef Adersberger is #cloudnativenerd, CNCF member, and co-founder & CTO of QAware, an independent cloud native software manufacturer that has been repeatedly awarded Best IT Workplace in Germany. He studied computer science in Rosenheim and Munich and holds a doctoral degree in software engineering. He is a lecturer for cloud computing at several German universities.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Makers of Marvels: How Developers Are Rebuilding the Enterprise, One Brick at a Time [B] - Abby Kearns, Cloud Foundry Foundation

History teaches us that astonishing feats occur not when a singular leader envisions them, but when a mass of skilled workers collaborates to transform that vision into something material. The Pyramids of Giza, for example, were not built overnight by a Pharaoh, but constructed by tens of thousands of workers over a period of years. Today’s “pyramid” is quite a bit smaller, but a wonder of the world in its own right: The iPhone has transformed the world as we know it -- but most of its power comes from the app store, which offers thousands of apps created from the imaginations of thousands of developers. These developers are the makers of marvels in our time. They instantiate the very concept of digital transformation -- that notion of infrastructure disruption and re-assembly on the mind of every CIO. Business development is driven by software development, and software development is shaped by developers in the open source community.

In her talk, Abby Kearns empowers developers to think of themselves as the doers and makers who hold the key to unlocking digital transformation. She will cover the importance of diversity among developers for the technology industry to evolve and to reflect its user base, and will highlight the key open source concepts and technologies powering this trans-industrial transformation.

About Abby Kearns
With nearly twenty years in the tech world, Abby Kearns is a true veteran of the industry. Her lengthy career has spanned product marketing, product management and consulting across Fortune 500 companies and startups alike. As Executive Director of Cloud Foundry Foundation, Abby helms the ecosystem of developers, users and applications running on Cloud Foundry, and works closely with the Board to drive the Foundation’s vision and grow the open source project. Prior to Cloud Foundry Foundation, Abby focused on Pivotal Cloud Foundry as part of the Product Management team at Pivotal. She spent eight years at Verizon where she led Product Management and Product Marketing teams dedicated to the early days of cloud services. In her free time, Abby enjoys indulging in food and wine, and spending time with her husband and son.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Mechanics of Deploying Envoy at Lyft - Matt Klein, Lyft

The idea of the "service mesh" is becoming very popular in microservice design circles. However, the mechanics of deploying one into an existing infrastructure are far from simple. In this talk we will cover the logistical details of how Envoy was developed and deployed incrementally at Lyft, focusing primarily on the evolution of service mesh configuration management. We will also discuss why high level systems such as Istio are likely to be the main mechanism by which most customers ultimately get access to the technology.

About Matt Klein
Matt Klein is a software engineer at Lyft and the architect of Envoy. Matt has been working on operating systems, virtualization, distributed systems, networking, and making systems easy to operate for 15 years across a variety of companies. Some highlights include leading the development of Twitter’s C++ L7 edge proxy and working on high-performance computing and networking in Amazon’s EC2.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Oregon Trail to Kubernetes [I] - Joshua Roppo, Lytics

Can a small team operating 2000 CPUs, escape the glorified bash infighting of Configuration Management to homestead the scalable compute plains of Kubernetes? A journey of transitioning from Google’s Compute Engine to the blessed Container Engine.

The route we chose diverged from the never ending landscape of single purpose YAML tutorials and retreading Configuration Management tools with templating. Instead, we chose a mountain pass of defining Kubernetes Resources as Go code for compiled type checking, composability, validation, and potential for extension. The case study of a small team breaking trail through ecosystems of application design, schedule paradigms, deprecation dysentery, and holding legacy together with bailing wire. A retrospective of value added versus time wasted on the path to great opportunities on Kubernetes.

Talk Overview: Lytics Stack and overview(whoami) Loading the Wagon: Design and decision considerations(Read the Borg Paper) Deprecation Dysentery: Wait wait don’t use that. Mirages of disappointment: Systems which couldn’t make it to Kubernetes. Compute Resource Hunting Massacre: Avoiding compute underuse; taking advantage of scheduler. Handyman’s Corner: The bailing wire and zip-tie Kubernetes tools and services built to keep the broken axle(legacy systems) intact through the journey. Blizzards of the Kubernetes: from a user’s perspective who can’t follow every SIG; surviving the avalanche of ecosystem changes. Cascadia found: the wins, plans to rebuild what was abandoned, and breathing the free air. Next: Sim City

About Joshua Roppo
Platform Operations Engineer with a preference to write code over Bash. Managing operational decisions and transitions at Lytics for three years where we turn raw user and event data into actionable personalization APIs for marketing. Pedantic gopher who enjoys the challenges of Operations.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Power of Application Intent Analysis for Container Security [I] - John Morello, Twistlock

As containers gain mainstream momentum and cloud-native applications surge, practices such as DevOps culture, continuous delivery, cloud development and containerization require a reinvention of security. The threats targeting organizations only continue to increase in severity and frequency, and even simple attacks can cause considerable damage. Cloud-native development is a vital evolution for security in the enterprise, as it equips organizations with the same tools and processes that modern fast-moving organizations rely on.

Cloud-native needs to be considered a new culture, not just a technological shift, when it comes to IT. This is because cloud-native changes the processes of DevOps, which requires automated security processes and application awareness. With cloud-native culture, security needs to be truly application aware and based upon developer intent. Using application intent analysis, developers have a new way of looking at applications, specifically containerized apps. They can produce produce a more predictable and secure container environment that can be effectively enforced.

The unique nature of container technology allows the developer intent-based security model to capitalize on the following pillars:

1. Containers are declarative. When a developer writes the code, he/she does not just write the code, he/she writes a manifest that describes how this code should work and how it should interact with its environment. While the developer does not provide you with a real security manifest, you can translate the extra information that you have and try to create a security profile. With containers, you have a Docker file, you might have a pod, and you might have an application group if you’re running on top of mesosphere. There is a lot of information in the system that you could use in order to understand what is supposed to happen.

2. Containers are predictable. When you look at containers, they contain less specific logic and more common building blocks because containers are typically made out of downloadable layers that someone else created.

3. Containers are immutable. In the past, it was hard to understand if something happening with the application was really an attack or not. But in the case of containers, whenever you patch a container or change its real intent, it should not happen in real time. What happens is the developer changes things and then he/she pushes in a new version. He patches the OS or adds new functionality and then pushes in a new container and scratches the old one. This gives you a lot of power from a security standpoint because, for the first time ever, if you see a polymorphic change in the behavior of the application (if it starts behaving differently) that means it’s either a configuration drift or a real attack.

By leveraging these three pillars -- declarative nature, predictability and immutability -- there’s a powerful opportunity to use whitelisting, for example, to approve known good processes. In combination with application intent analysis, enforcement measures help support the intent-based security model and preserve the original intent of the application.

About John Morello
John Morello is the Chief Technology Officer at Twistlock. As CTO, John leads the work with strategic customers and partners and drives the product roadmap. Prior to Twistlock, John was the CISO of Albemarle, a Fortune 500 global chemical company. Before that, John spent 14 years at Microsoft, in both Microsoft Consulting Services and product teams. He ran feature teams that shipped security technologies in Windows, Azure, and Office 365 and served as the Lead Architect of the hybrid cloud consulting team for the Americas.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The RED Method: How To Instrument Your Services [B] - Tom Wilkie, Kausal

The RED Method defines three key metrics you should measure for every microservice in your architecture; inspired by the USE Method from Brendan Gregg, it gives developers a template for instrumenting their services and building dashboards in a consistent, repeatable fashion.

In this talk we will discuss patterns of application instrumentation, where and when they are applicable, and how they can be implemented with Prometheus. We’ll cover Google’s Four Golden Signals, the RED Method, the USE Method, and Dye Testing. We’ll also discuss why consistency is an important approach for reducing cognitive load. Finally we’ll talk about the limitations of these approaches and what can be done to overcome them.

About Tom Wilkie
Tom is the founder of Kausal, a new company working on Prometheus & Cortex. Previously he worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build home automation systems.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Road to More Usable Kubernetes - Joe Beda, Heptio

At KubeCon EU, in Berlin, I got up on stage and stated that "Kubernetes Sucks (but all software sucks)". While we still have work to do, in the past several months the community has done great work to solve a whole host of issues to make Kubernetes “suck less.” In this talk I will outline the ways that the community has made this happen both in the core project and in the wider ecosystem.

Things are still developing, but here are the areas that I want to highlight. Hopefully we'll have talks on many of these so that I can highlight where and when folks can find out more. I won't be able to cover everything happening in the ecosystem but I can hint at the diversity and commitment to solving these issues.

* *Simpler application description.* As a community we are continuing to build more tcapable and simpler tools for describing applications through projects like ksonnet, OpenCompose, Kompose, and Helm.
* *Serverless platforms.* Through “function as a service” like systems we can abstract much of the nitty gritty around getting code packaged and running. In addition, scaling can be easy and automatic as code is run only when needed.
* *Simpler cluster install and admin.* kubeadm and how it is becoming a common toolkit. Similar work is ongoing to explore the idea of standardizing the description of a cluster at the infrastructure level through projects like Kubicorn. In addition, new APIs, such as the certificates API, are key building blocks for getting secure clusters up and running.
* *Curated development experiences.* Systems like Draft help to automate the build/launch/update cycle for development workflows. Others are also exploring ways to connect developers to clusters.
* *Making Kubernetes boring.* Kubernetes is maturing as a platform. As that happens, things in the "nucleus" are slowing down. In the past 6 months we've seen a concerted effort to encourage new features to be built with extensibility mechanisms as much as possible. This allows those projects to move fast while enabling exploration of the problem space.
* *Conformance.* Another key enabler for widespread Kubernetes adoption is conformance. There has been a wide set of folks involved in describing what should get to be called "Kubernetes". Tools like Sonobuoy point the direction to making this be an automated process that anyone can run against any cluster.
* *Observability.* Prometheus continues to be the go-to OSS solution for monitoring in the Kubernetes world. In additions, systems like linkerd and Istio/envoy enable introspection at the microservice mesh level.

We still have many challenges. Many of these are going to take long concerted efforts to fix. We are trapped, in some ways, by our promise of backward compatibility. It is often better to live with something annoying than to force breaking changes on our user base.

*Call to action:* Great job community! But the job isn't done. Let's keep working hard to bring Kubernetes to a larger and larger set of users and environments.

About Joe Beda
Joe Beda is CTO of Heptio, a startup focused on unleashing the technology driven enterprise. We aim to realize the full potential of Kubernetes and transform IT into a business accelerator. Prior to Heptio, Joe was at Google for over 10 years. While there, Joe started Google Compute Engine and co-founded the Kubernetes project. In a previous life, Joe started his career at Microsoft working on Internet Explorer. Joe is slowly becoming a Seattle native with his wife, a physician, and two kids.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The Service Mesh: Past, Present, and Future [B] - William Morgan, Buoyant

In this talk, we describe the service mesh, a runtime infrastructure layer that’s rapidly rising to prominence with the advent of open source projects like Istio, Envoy, and Linkerd. We trace the evolution of the service mesh model through three-tiered apps and “fat clients” to the modern, sidecar-based implementations, compare and contrast with ESBs and API gateways, and show that, as with most “new” technology, the ideas and principles behind the service mesh have been around for a long time.

About William Morgan
William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant microservice architecture. He was a software engineer at Powerset, Microsoft, and Adap.tv, a research scientist at MITRE, and holds an MS in computer science from Stanford University.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

The True Costs of Running Cloud Native Infrastructure [B] - Dmytro Dyachuk, Pax Automa

Never before have organizations wrestled with as much choice in how they compute and where they compute. The public cloud offers freedom from lead times and elasticity to manage changing workloads, but once a workload reaches a certain size or can be forecasted over a longer period of time it may be much more expensive than building and operating the compute infrastructure in-house. In the following talk we estimate when this threshold is crossed. We then explore what a modern datacentre should look like, why running an efficient compute infrastructure requires a spirit of radical simplification, and finally how focusing on important abstractions enables workload portability in an era with an abundance of choice.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Unified Monitoring of Containers and Microservices [I] - Nishant Sahay, Wipro Limited

Microservices are become critical for enterprise strategy towards simplifying their IT landscape. For a successful journey of microservice adoption, Container management, DevOps and Monitoring play an important role. Managing microservices in large-scale deployments are fraught with many unique challenges for enterprise IT.

Following are some of the key metrics of microservice monitoring which will enable the enterprises to manage their container platforms better:

1. Collecting logs, metrics from containers
2. Monitoring application running inside the container
3. Distributed tracing and the time taken by each service call.
4. Storage, analysis of collected metrics, logs
5. Performing RCA and anomaly detection on the collected logs and metrics

This session would explain how to harness the power of Zipkin with the intelligence of Spark ecosystem and the flexibility of ELK+ Beats to create a unified monitoring solution. Key features of this solution are – utilization of distributed tracing, infrastructure metrics to manage containers. All this is done through visualization, correlation and predictive monitoring

About Nishant Sahay
Nishant is a senior architect at Wipro Technologies with extensive experience in data architecture, design and visualization. Nishant is a Sun Certified Developer and IBM Certified IT Specialist with work experience spanning roles that include Software development, design and architecture. Nishant works at the Open Source COE lab at Wipro, where he is responsible for research and solution development in the area of big data and middleware. Nishant's current focus is on service monitoring and log analysis using machine learning and data science.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Using Containers for Continuous Integration and Continuous Delivery [I] - Carlos Sanchez, CloudBees

Building and testing is a great use case for containers, both due to the dynamic and isolation aspects, but it increases complexity when scaling to multiple nodes and clusters.

Jenkins is an example of an application that can take advantage of Kubernetes technology to run Continuous Integration and Continuous Delivery workloads. Jenkins and Kubernetes can be integrated to transparently use on demand containers to run build agents and jobs, and isolate job execution. It also supports CI/CD-as-code using Jenkins Pipelines and automated deployments to Kubernetes clusters. The presentation will allow a better understanding of how to use Jenkins on Kubernetes for container based, totally dynamic, large scale CI and CD.

About Carlos Sanchez
Carlos Sanchez specializes in software automation, from build tools to Continuous Delivery. He has spoken at several conferences around the world, including ApacheCON, JavaOne, Fosdem,... Involved in Open Source for more than ten years, he is the author of the Jenkins Kubernetes plugin and a member of the Apache Software Foundation amongst other open source groups, contributing to several projects, such as Jenkins, Apache Maven, or Puppet. He works at CloudBees scaling the Jenkins platform.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Using Custom Resources to Provide Cloud Native API Management - Frank B Greco Jr, Northwestern Mutual

API management is an essential component for all production services. Northwestern Mutual uses it to secure 100s of microservices deployed to our Kubernetes clusters every day! Learning from our API management journey over the past few years, we found many ways to innovate in this space. Using Custom Resource Definitions as a catalyst, we created an open source project called Kanali, a Kubernetes native API management solution. In this talk, we will take you through our API management journey that led up to Kanali and then discuss how to use Kanali to secure your Kubernetes workloads. We will also look at how Kanali integrates with open source developer tooling such as Opentracing, Jaeger, and Grafana.

About Frank Basil Greco
Hi I’m Frank! I’m an extremely passionate tech engineer, developer, and architect from Milwaukee. My current passions lie in highly available and scalable infrastructure, containerization, serverless architecture, automation, artificial intelligence, web development, API management and algorithm theory. I am also very passionate about open source software and contribute regularly. I love working in a fun, collaborative and startup-like atmosphere with passionate individuals. For fun you’ll usually find me developing new custom skills for Alexa or integrating the latest IoT with my home.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Using Kubernetes API from Go [B] - Alena Prokharchyk, Rancher Labs

As Kubernetes becomes increasingly popular, the number of integration and monitoring services around it are also growing. The key component of any such service written in Golan is kubernetes/client-go – a package that is used to talk to Kubernetes cluster APIs. During this talk, we will discuss the basics of client-go usage and how they can save the developer time needed for writing an actual app logic.
We will also demonstrate the best practices for using the package and lessons learned from the perspective of a developer who does integration work with Kubernetes on a daily basis. Following items will be covered:

* Client authentication in cluster vs outside of cluster
* Basic list, create and delete operations for Kubernetes objects with client-go
* How to watch and react on Kubernetes events using ListWatch and Informers
* Package dependencies (vendor) management

About Alena Prokharchyk
Alena Prokharchyk is a Software Engineer at Rancher Labs. Before Rancher Labs, Alena joined Citrix through the Cloud.com acquisition, where she worked on CloudStack - Infrastructure as a Service (IaaS) cloud computing platform. For the past three years with Rancher Labs, Alena worked on developing infrastructure services for Docker containers, and Rancher-Kubernetes integration.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Using Kubernetes to Change Legacy Systems and Processes in the Public Sector [B] - Audun Fauchald Strand, Norwegian Welfare Administration

Kubernetes is the implementation of the modern software development process. Continuous Release and “you built it, you run it”. For the last few years I have been working on introducing kubernetes into an organization with continuous release, microservices and “you build it, you run it”, as presented at Kubecon in Berlin 2017.

Now I work for the public sector in Norway, where the systems are old, and the processes are older. I will present the experiences from working on changing these legacy organisations, using containers and kubernetes as the main tool. I will cover:

- migrating old legacy apps to kubernetes, is it possible
- manual testing done easy with containers
- monitoring for everyone
- making a PAAS that everyone can use
- stable and robust deployment, but not just 4 times a year
- how to leverage all the hardware that is owned by the public sector

About Audun Fauchald Strand
Team Lead - Platform and automation, NAV - Norwegian Welfare Administration: k8s, ddd, jvm, Kafka, distributed systems, testing, Tottenham. Almost called "Large viking shaped Norwegian" in LWN
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Using Kubo to Manage your Kubernetes Clusters [I] - Oleksandr Slynko & Brendan Nolan, Pivotal

Kubo is an OSS project developed jointly by Pivotal and Google. It provides an uniform way to instantiate, deploy, and manage highly available vanilla Kubernetes clusters using BOSH - on GCE, vSphere, AWS, Openstack and Azure.

Using BOSH and Kubo to manage Kubernetes gives self healing, easily upgradeable clusters with managed secrets rotation. Cluster creation is simplified to the point where clusters can be created and destroyed for use in development or sandbox environments.

In this presentation, Brendan and Oleksandr will demonstrate deployment across multiple IAASes, cluster healing, cluster upgrade and cluster creation.

About Brendan Nolan
Principal Software Engineer, Pivotal.io

About Oleksandr Slynko
Staff Software Engineer, Pivotal
Oleksandr has been working as Software engineer for 11 years. He has worked in Pivotal on Kubo since the project inception. He has background in automation and working on high available cloud solutions.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Vault and Secret Management in Kubernetes [I] - Armon Dadgar, HashiCorp

Secret data is everywhere, from database credentials, TLS certificates, API tokens, to encryption keys. Manageing secrets is a difficult challenge, but HashiCorp Vault provides an answer. In this talk, we discuss the challenges in secret management, provide an overview of Vault, and discuss how Vault and Kubernetes can be integrated. Integrating Vault solves the basic secret management challenge of securely distributing credentials, but also gives applications running Kubernetes access to features like dynamic secrets which are generated on demand and cryptographic offload to securely manage data in transit and at rest.

About Armon Dadgar
Twitter Tweet LinkedIn Connect Websitehttps://hashicorp.com
Armon (@armon) has a passion for distributed systems and their application to real-world problems. He is a founder and CTO of HashiCorp, where he brings distributed systems into the world of DevOps tooling. He has worked on Nomad, Vault, Terraform, Consul, and Serf at HashiCorp, and maintains the Statsite and Bloomd OSS projects as well.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Webhooks for Automated Updates [B] - Rajashree Mandaogane, Rancher Labs

In most software projects, there is a tremendous focus on increasing efficiency and reliability. Rolling updates in Kubernetes is a really good example of how real-time updates to applications can be made reliable, without any downtime. Once you have a reliable system, you then need to make your software development process even more efficient. A key component in efficiency is automation. Automated builds on Docker cloud are a great way to efficiently build images when new code is pushed. In this talk we will discuss how we can take automation one step further. We will make use of the Kuberbnetes API calls, along with Docker Hub's webhooks feature, to automatically start rolling updates of deployments when a new image/tag is pushed to Docker Hub. We will demonstrate how you can write a micro-service that will make these calls after consuming the data pushed by Docker Hub's webhook.

About Rajashree Mandaogane
Rajashree, an NC State graduate is a Software Engineer at Rancher Labs. She loves programming in Golang and working on container orchestration. She lives by the motto, “You’ll never know what you can do, until you try”. This has led her not only to being a developer, but also an amateur writer on Medium, and a recent half marathon runner! Her idea of a good weekend encompasses one where she spends time trying tutorials for any new orchestration tools, and also just binge watching any Netflix shows.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Welcome to Kubernetes - Introduction and Toolkit for Getting Started with Kubernetes [B] - Guinevere Saenger, Samsung SDS

This talk will focus on the beginning Kubernetes user by providing a basic introduction with explanations and example use cases. The presenter is herself a newcomer to Kubernetes and is thus uniquely placed to present information from a beginner’s perspective and share her personal strategies for success. Specific examples include: how to find mentors; how to find answers when the docs are confusing; how to get involved with local Kubernetes groups; and finding the best online learning tools. Attendees who are fairly new to tech itself or entered tech through non-traditional ways are especially encouraged to attend in order to add to their toolbox of resources.

About Guinevere Saenger
In 2016, Guinevere Saenger transitioned from being a full-time professional pianist to a career in tech. To do so, she obtained a spot at the highly competitive Ada Developers Academy in Seattle, a year-long, tuition-free, bootcamp-style software development training program for women and nonbinary people making a mid-life career switch into tech. As part of her training, Guinevere interned at Samsung SDS on the Cloud Native Computing Team, where, after graduating in July 2017, she accepted a full-time software engineer position working on Kubernetes deployment tools such as Kraken. Making her home in the beautiful Pacific Northwest, Guinevere enjoys music, food, and the outdoors.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

What Happens When Something Goes Wrong? On Kubernetes Reliability [I] - Marek Grabowski & Tina Zhang, Google

One of the best features of the Kubernetes is that it can automatically recover from various failures and keep your application working despite unfavorable circumstances. There are moments when this works like magic and operators won't even notice something was going on. Sadly, sometimes automation fails.

In this talk we're going to describe various policies and mechanisms that are implemented in the system designed to keep user applications and cluster in general running. We'll talk both about things that will happen automatically and those that users need to configure.

About Marek Grabowski
Marek is a Software Engineer turned Site Reliability Engineer late 2017. Currently he focuses on reliability of Kubernetes clusters. Since 2013 he has been working on Google’s Technical Infrastructure, where early 2015 he joined Kubernetes engineering team. In Kubernetes his main focus was scalability and machine management. Before Kubernetes he was working on Google internal orchestrator in Omega project.

About Tina Zhang
Tina joined the Google as a Site Reliability Engineer for GKE in March 2017 and has primarily been working on delivering High Availability Masters in GKE, bringing GKE to more cloud regions and improving monitoring and alerting for the system. Prior to this, she had a previous life as an investment banker at J.P. Morgan.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

When the Going Gets Tough, Get TUF Going! [I] - David Lawrence & Ashwini Oruganti, Docker

Software distribution and packaging systems are rapidly becoming the weak link in the software lifecycle. In this talk we will look at the security landscape of existing software update systems and signing strategies. We will then introduce The Update Framework (TUF), a new signing framework that looks to address many of the challenges found in existing systems and more.

TUF provides protections against data tampering, rollbacks, key compromise, and other more esoteric attacks. We will investigate how it achieves these protections and show you how to start using it today.

While TUF is a general signing framework, we will also address use cases specific to the Cloud Native Ecosystem. These include how to use TUF signing to de-privilege cluster managers and attach metadata to images and containers in a decentralized manner which can be leveraged for policy management.

About David Lawrence
Lay security developer that has learned a lot of mistakes the hard way. David started off building authentication systems, moved on to encrypted cloud storage for a few years, and is now working on the Security Team at Docker, presently focused on securing software distribution

About Ashwini Oruganti
Ashwini is a Security Engineer at Docker and an open source developer. She is the author of pyca/tls, a pure-python TLS 1.2 implementation with opinionated and secure APIs. In the past, she has worked on Twisted - an asynchronous event-driven networking framework, and Hippy - a PHP implementation in RPython.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Would You Like Some Tracing With Your Monitoring? - Yuri Shkuro, Uber Technologies

Understanding how your microservices based application is executing in a highly distributed and elastic cloud environment can be complicated. Distributed tracing has emerged as an invaluable technique that succeeds where traditional monitoring tools falter. Yet deploying it can be quite challenging, especially in the large scale, polyglot environments of modern companies that mix together many different technologies. In this talk we share what we have learned while building and rolling out Jaeger, our open source, OpenTracing-native distributed tracing system, to hundreds of microservices at Uber. We showcase new and exciting features that make it even more valuable to engineers.

About Yuri Shkuro
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

You Have Stateful Apps - What if Kubernetes Would Also Run Your Storage? - Annette Clewett & Sudhir Prasad, Red Hat

Kubernetes supports Stateful Applications by connecting to your existing storage. But what if you don’t have any? Or the storage capabilities differs between your environments? Wouldn’t it be nice if Kubernetes itself would be able provide storage services without any external dependency from Day1?

gluster-kubernetes is an umbrella project, currently being submitted for inclusion in CNCF, tying together various open source technologies to do just this. It takes the concept of “container-native storage” literally and orchestrates containerized GlusterFS, a scalable, software-defined storage solution to provide object storage, file storage and block storage for your applications. In this session you will learn about the components in play and how they make Kubernetes provide Persistent Storage and S3 Object Storage that scales with the cluster and runs everywhere.

About Annette Clewett
Red Hat Storage Architect with broad knowledge across a spectrum of technologies – network, storage, virtual, and platform. Have successfully delivered countless studies that improved end-user experience and created more efficient and available infrastructures. Current projects include creating and documenting reference architectures for container-native storage in the cloud, on virtual, or bare metal.

About Sudhir Prasad
Sudhir drives Container Native Storage and Container Ready Storage Red Hat portfolio for Kubernetes. Before joining Red Hat, Sudhir led Product Management and Strategy at Violin Memory and led Manageability product portfolio for automation & orchestration at NetApp. Before moving to product management, Sudhir was Principal Engineer & Software Architect at NetApp and HP. As engineering lead his focus was on system architecture & design, high availability, manageability, simplicity, and workflow automation
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Zero Configuration Pattern of Kubernetes on Bare Metal [A] - Rob Hirschfeld, RackN

In recent releases, we've enabled node admission and configuration APIs that eliminate configuration requirements for Kubernetes workers. This allows cluster operators to add and remove nodes from clusters without a configuration management tool driving the process. This fully automate node management behavior allows physical data centers to be much more cloud-like and lights-out.

In this session, we'll run this process as a demo and decompose the various parts that must work together for success. We'll discuss the specific APIs and how to implement them in a coordinated way that ensures node security and minimizes workload disruption. We'll also discuss how to improve node security by using trusted platform modules (TPM). By the end of the session, operators will be able to duplicate the steps on their own to learn the process.

While we have a focus on bare metal infrastructure for this session, the lessons learned are equally usable on cloud infrastructure.

About Rob Hirschfeld
Rob Hirschfeld is CEO and co-founder of RackN. He co-chairs the ClusterOps SIG and served four years on the OpenStack Board. With over 15+ years of cloud and physical infrastructure automation experience, he brings a unique technology and process perspective to DevOps and SRE fields. He is also the co-founder of the open Digital Rebar project which focuses on underlay automation for physical infrastructure.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

client-go: The Good, The Bad and The Ugly - Lili Cosic, Kinvolk

This talk will focus on client-go, a go client for talking to Kubernetes clusters. At Kinvolk we have used client-go in various Kubernetes projects. Lili will share the general use-case of client-go and explain how powerful it is to customize, optimize, and automate tasks with it. Furthermore she will explore the parts that client-go is great at, as well as the parts that can still be improved. Lili will end with a demo showing how easy it is to harvest the power of client-go, and showcase how it can be used to customize your Kubernetes experience and solve real problems.

About Lili Cosic
Lili is a Software Developer at Kinvolk, a Berlin-based Linux development consultancy, where she works on a variety of projects surrounding Linux. Currently she is working on a Habitat Operator, a controller to easily create and manage Habitat Services on Kubernetes. In her free time she enjoys experimenting with Kubernetes. Previously she worked at Wimdu, as a Ruby developer, helping build tools to process large amounts of data.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

eBay Geo-Distributed Database on Kubernetes [A] - Chengyuan Li & Xinglang Wang, eBay

Database as a Service is one of the most interesting and challenging domains on the cloud industry. In eBay, we implemented a cloud-native geo-distributed document service based on the kubernetes. eBay extended the kubernetes to support local disk volume on bare metal machine, which enables the high performance DB can be deployed on the kubernetes as a Pod. On top of the kubernetes platform, we develop a control layer to orchestrate the databased pods and enable it can be distributed on multiple cluster, and expand the WISB model to use a workflow to auto manage the database cluster.

About Chengyuan Li
Chengyuan Li is a member in eBay Kubernetes team, his focus area is host-runtime and storage in Kubernetes. Before joining Kubernetes project, he worked in computer and network area for eBay cloud.

About Xinglang Wang
Xinglang Wang is a architect in eBay Data platform, he is working on ebay next generation geo-distribute database, and his main focus is the distribution and control layer of the database. Before he is the architect of ebay real-time behaviour data pipeline, focus on real-time stream processing.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

kubeadm Cluster Creation Internals: From Self-Hosting to Upgradability and HA [A] - Lucas Käldström, Student

kubeadm is the Kubernetes tool that helps you set up a Kubernetes cluster quickly and easily. kubeadm is different from other Kubernetes setup tools in that it doesn’t assume or depend on any special infrastructure. It assumes that you have one or more machine available and those machines can connect to each other via the network.

The master plan is to make kubeadm work both as the “fast path” to getting a best-practice Kubernetes cluster with a couple of easy-to-remember commands and as a toolbox for higher-level solutions like GKE, kops and Tectonic.

But how does kubeadm actually set up a cluster? How is it so easy to add a node with the Bootstrap Token? How does it self-host the control plane? How does it upgrade clusters smoothly with only one command? What is the plan for achieving HA without relying on any external infrastructure?

After this talk, you will be able to describe how:
kubeadm runs the different tasks in different stages
the network traffic between the cluster components flow
self-hosting of the control plane works
the Bootstrap Token works
the `kubeadm upgrade` command works
kubeadm will support multiple masters that are dynamically rotated
you can extend kubeadm to build your higher-level Kubernetes deployment tool

About Lucas Käldström
Lucas is a passionate Kubernetes Maintainer and CNCF Ambassador that is excited about all things cloud native. Lucas has been engaged in Kubernetes work for about two years now and been involved in work like porting Kubernetes to multiple platforms, getting Minikube off the ground, being a core contributor in SIG Cluster Lifecycle and maintaining kubeadm. Besides Upper Secondary School Lucas runs a consulting company for Cloud Native tech programming tasks.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

kubectl apply, and The Dark Art of Declarative Object Management [I] - Aaron Levy, CoreOS

kubectl apply is a powerful and commonly used command meant for declaratively managing your applications. However, even if you are using this command today, you may still be surprised by how it functions. In this talk we will go over the inner-workings of the kubectl apply command, and discuss patterns for successfully managing your applications using declarative object management techniques.

We will cover areas such as the interplay between imperative commands (set, scale, edit, etc.) and declarative object management. The different types of patch strategies, and how object merges are calculated. As well as pros/cons of the various approaches, and some subtle gotchas you might run into.

When you leave this talk it will make sense when you describe that your application is managed as a declarative base, with replicas driven imperatively, by an autoscaler that is declaratively configured. In other words, Kubernetes magic.

About Aaron Levy
Aaron Levy is a software engineer at CoreOS, working on all things Kubernetes. He is also the lead maintainer of Bootkube, a kubernetes-incubator project that enables launching self-hosted kubernetes clusters.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

“If you Don’t Monitor your Infrastructure, you Don’t Own it!” Regain Control Thanks to Prometheus [I] - Etienne Coutaud & Guillaume Lefevre, OCTO Technology

In the French FedEx company we used Prometheus to monitor the infrastructure. It hosts a CQRS Architecture composed with Kafka, Spark, Cassandra, ElasticSearch, and microservices APIs in scala.

This presentation is about using Prometheus in production, you will see why we choosed Prometheus, how we integrated it, configured it and what kind of insights we extracted from the whole infrastructure.

In addition, you will see how Prometheus changed our way of working, how we implemented self-healing based on Prometheus, how we configured systemd to trigger AlertManager API, integration with slack and other cool stuffs.

Some demonstrations will be performed in addition of the presentation.

About Etienne Coutaud
Etienne Coutaud is a French DevOps Engineer working in OCTO Technology for 2 years in Paris. Etienne worked of the implementation on Openshift in production for the health insurance agency. Currently working for the French Fedex he participated on the cloud infrastructure automation, continuous integration and monitoring system. Etienne is enthusiast about all cloud technology which change our way of working.

About Guillaume Lefevre
Guillaume Lefevre is a French DevOps Engineer at OCTO Technology for a year now. He worked in the networking field for various company before moving to DevOps. Currently working for the French Fedex he participated on the cloud infrastructure automation, continuous integration and monitoring system. Guillaume love to automate everything that can simplify workflow and empower people.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.

Linkerd Salon - hosted by William Morgan, Buoyant

About William Morgan
William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant microservice architecture. He was a software engineer at Powerset, Microsoft, and Adap.tv, a research scientist at MITRE, and holds an MS in computer science from Stanford University.
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.