15 Dec 2021
EmpowerUs, sponsored by Chronosphere - Moderator: Heather Joslyn; Speakers: Aparna Dhinakaran, Elenore Bastian, Sophia Vargas, Colleen Coll
Attendees who identify as women, non-binary individuals and allies are invited to join this special event and program, sponsored by Chronosphere. With women and non-binary individuals being minorities in tech, it’s especially important for these groups to know how to drive influence and gain respect and notoriety amongst their male peers. We will ask questions to our panelists (all women or non-binary) about how they have overcome the challenges of being a minority within their space, and how they have been able to avoid imposter syndrome.
Attendees who identify as women, non-binary individuals and allies are invited to join this special event and program, sponsored by Chronosphere. With women and non-binary individuals being minorities in tech, it’s especially important for these groups to know how to drive influence and gain respect and notoriety amongst their male peers. We will ask questions to our panelists (all women or non-binary) about how they have overcome the challenges of being a minority within their space, and how they have been able to avoid imposter syndrome.
- 8 participants
- 1:03 hours
4 Nov 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Beyond Kubernetes Security - Ellen Körbes, Tilt & Tabitha Sable, Datadog
Kubernetes is "the universal control plane," a "platform to build platforms," and its utility is more than just improved deployment and scaling. Your Kubernetes environment can support you as you level-up your security practices. In this blockbuster action thriller, Tabitha and Ellen will hack and defend Kubernetes for your education and amusement, including both commonplace and advanced attacks. They'll show ways Kubernetes can help you level-up your response to today’s challenges, including software supply chain issues. You'll leave inspired and ready to think beyond Kubernetes security.
Beyond Kubernetes Security - Ellen Körbes, Tilt & Tabitha Sable, Datadog
Kubernetes is "the universal control plane," a "platform to build platforms," and its utility is more than just improved deployment and scaling. Your Kubernetes environment can support you as you level-up your security practices. In this blockbuster action thriller, Tabitha and Ellen will hack and defend Kubernetes for your education and amusement, including both commonplace and advanced attacks. They'll show ways Kubernetes can help you level-up your response to today’s challenges, including software supply chain issues. You'll leave inspired and ready to think beyond Kubernetes security.
- 8 participants
- 42 minutes
31 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Instrumentation Introduction and Deep Dive - Han Kang & David Ashpole, Google; Elana Hashman, Red Hat; Frederic Branczyk, Polar Signals
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go in detail currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!
SIG Instrumentation Introduction and Deep Dive - Han Kang & David Ashpole, Google; Elana Hashman, Red Hat; Frederic Branczyk, Polar Signals
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go in detail currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!
- 4 participants
- 24 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Deep Dive Into 5 years of Minikube - Medya Ghazizadeh, Google
A deep dive into minikube project on architecture, project maintenance and the future, 5 years of minikube, learn about the architecture, challenges and the future of the project. including topics on the future of the VM drivers vs Container drivers. future of different runtimes. and how minikube got improved the benchmarking metrics on minikube’s performance on starting a cluster, cpu usage and image build. also learn about the process of maintaining a project that has been around for more than 5 years. and then end share top tips and ticks on minkube that you might not know about.
A Deep Dive Into 5 years of Minikube - Medya Ghazizadeh, Google
A deep dive into minikube project on architecture, project maintenance and the future, 5 years of minikube, learn about the architecture, challenges and the future of the project. including topics on the future of the VM drivers vs Container drivers. future of different runtimes. and how minikube got improved the benchmarking metrics on minikube’s performance on starting a cluster, cpu usage and image build. also learn about the process of maintaining a project that has been around for more than 5 years. and then end share top tips and ticks on minkube that you might not know about.
- 1 participant
- 48 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Argo and Tekton: Pushing the Boundaries of the Possible on Kubernetes - Alex Collins, Intuit & Jason Hall, Red Hat
Kubernetes isn’t just a platform for running apps anymore. Increasingly, it’s also becoming a platform for platforms, some of which challenge the idea of what Kubernetes can and should be used for. Tekton and Argo are two such projects, there are more, and there will be many more to come. These projects run unconventional workloads which often have quite different needs to running vanilla deployments. They often need to manage large amounts of data, manage massive parallelism, and special lifecycle requirements, none of which Kubernetes provides by default. In this talk, you’ll hear from the technical leads on the Tekton and Argo projects about how they’ve pushed the boundaries of Kubernetes to provide this new functionality. You’ll hear how users have benefitted from this work, how you can apply these same techniques, and how we can further improve Kubernetes as a platform for this kind of workload.
Argo and Tekton: Pushing the Boundaries of the Possible on Kubernetes - Alex Collins, Intuit & Jason Hall, Red Hat
Kubernetes isn’t just a platform for running apps anymore. Increasingly, it’s also becoming a platform for platforms, some of which challenge the idea of what Kubernetes can and should be used for. Tekton and Argo are two such projects, there are more, and there will be many more to come. These projects run unconventional workloads which often have quite different needs to running vanilla deployments. They often need to manage large amounts of data, manage massive parallelism, and special lifecycle requirements, none of which Kubernetes provides by default. In this talk, you’ll hear from the technical leads on the Tekton and Argo projects about how they’ve pushed the boundaries of Kubernetes to provide this new functionality. You’ll hear how users have benefitted from this work, how you can apply these same techniques, and how we can further improve Kubernetes as a platform for this kind of workload.
- 2 participants
- 38 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
AuthN and AuthZ at Cruise: Crawl, Walk, Run - James Barclay & Roman Porter, Cruise
Authentication and authorization are crucial to achieving a zero trust security model. But how do you apply them to your organization in a simple and digestible way? Do you prescribe each engineering team what to do and give them the tools to do it? Do you enforce it globally? Our approach to handling authentication and authorization within our Kubernetes clusters at Cruise has matured over the years, and we’d like to take you through the history, challenges, and (what we think are) unique solutions to these problems at our scale.
AuthN and AuthZ at Cruise: Crawl, Walk, Run - James Barclay & Roman Porter, Cruise
Authentication and authorization are crucial to achieving a zero trust security model. But how do you apply them to your organization in a simple and digestible way? Do you prescribe each engineering team what to do and give them the tools to do it? Do you enforce it globally? Our approach to handling authentication and authorization within our Kubernetes clusters at Cruise has matured over the years, and we’d like to take you through the history, challenges, and (what we think are) unique solutions to these problems at our scale.
- 3 participants
- 39 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Beyond printf and tcpdump: Debugging Kubernetes Networking with eBPF - Martynas Pumputis & Aditi Ghag, Isovalent
Debugging Kubernetes networking issues can easily turn into a nightmare. Packets from one pod to another can traverse a couple of dozen Linux kernel functions. Each function execution outcome might depend on an OS state which is not exposed to a user and is not visible with traditional Linux networking tooling. And those tools can’t tell you how network packets relate to K8s pods and services. Luckily, with the help of eBPF we no longer need to treat Linux kernel networking in the context of K8s as a big blackbox. In this talk DevOps who operate K8s clusters will learn: - Packet inspection across layer 2, layer 3 and policy routing, socket, and so on, regardless of the CNI. - How eBPF can be used to efficiently troubleshoot K8s networking issues. - Real-life examples of K8s networking problems and how they were debugged with eBPF. No previous knowledge of kernel internals or deep understanding of networking is required to attend the talk.
Beyond printf and tcpdump: Debugging Kubernetes Networking with eBPF - Martynas Pumputis & Aditi Ghag, Isovalent
Debugging Kubernetes networking issues can easily turn into a nightmare. Packets from one pod to another can traverse a couple of dozen Linux kernel functions. Each function execution outcome might depend on an OS state which is not exposed to a user and is not visible with traditional Linux networking tooling. And those tools can’t tell you how network packets relate to K8s pods and services. Luckily, with the help of eBPF we no longer need to treat Linux kernel networking in the context of K8s as a big blackbox. In this talk DevOps who operate K8s clusters will learn: - Packet inspection across layer 2, layer 3 and policy routing, socket, and so on, regardless of the CNI. - How eBPF can be used to efficiently troubleshoot K8s networking issues. - Real-life examples of K8s networking problems and how they were debugged with eBPF. No previous knowledge of kernel internals or deep understanding of networking is required to attend the talk.
- 1 participant
- 27 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Bridging the Great Divide: SPIFFE/SPIRE for Cross-Cluster Authentication - Andrew Harding, VMware
Cross-cluster authentication got you down? Losing your hair trying to get mutually authenticated TLS inside, outside, and everywhere in-between? Fret no more! In this talk, Andrew Harding, a maintainer on the SPIFFE and SPIRE projects, will dig deep into a turnkey SPIRE deployment within Kubernetes that provides workloads and proxies with X.509 certificate-based SPIFFE identities. Andrew will demonstrate how to use these identities for cross-cluster authentication by declaring federation relationships between clusters using familiar Kubernetes primitives. On top of that, a live coding and demo session will show just how easy it is to leverage SPIFFE from within Kubernetes workloads with just a few lines of code.
Bridging the Great Divide: SPIFFE/SPIRE for Cross-Cluster Authentication - Andrew Harding, VMware
Cross-cluster authentication got you down? Losing your hair trying to get mutually authenticated TLS inside, outside, and everywhere in-between? Fret no more! In this talk, Andrew Harding, a maintainer on the SPIFFE and SPIRE projects, will dig deep into a turnkey SPIRE deployment within Kubernetes that provides workloads and proxies with X.509 certificate-based SPIFFE identities. Andrew will demonstrate how to use these identities for cross-cluster authentication by declaring federation relationships between clusters using familiar Kubernetes primitives. On top of that, a live coding and demo session will show just how easy it is to leverage SPIFFE from within Kubernetes workloads with just a few lines of code.
- 2 participants
- 29 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF TAG-Runtime: What's Next in Cloud Native Workloads? - Ricardo Aravena, Rakuten
What is the CNCF TAG-Runtime? How do we identify projects for CNCF admission? Where do we see the future of runtimes in the cloud native ecosystem? The session will cover: 1) Overview of the TAG-Runtime, how to join, and how to get involved. 2) Update of the related projects that have presented in our meetings. 3) Existing and potential working groups in the TAG and how to get involved. 4) How the TAG provides advise to the CNCF TOC. 5) Future trends for cloud native technologies in the TAG scope such as containers, VMs, WebAssembly and MLOPs.
CNCF TAG-Runtime: What's Next in Cloud Native Workloads? - Ricardo Aravena, Rakuten
What is the CNCF TAG-Runtime? How do we identify projects for CNCF admission? Where do we see the future of runtimes in the cloud native ecosystem? The session will cover: 1) Overview of the TAG-Runtime, how to join, and how to get involved. 2) Update of the related projects that have presented in our meetings. 3) Existing and potential working groups in the TAG and how to get involved. 4) How the TAG provides advise to the CNCF TOC. 5) Future trends for cloud native technologies in the TAG scope such as containers, VMs, WebAssembly and MLOPs.
- 1 participant
- 28 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CloudEvents: Intro, Status and the Future... - Scott Nichols, Chainguard
The CloudEvents specification is one of those unsung hero projects that doesn't get a lot of attention, but is slowly making its way into some of the most popular OSS projects out there today. Why? Come join this session to see why and to learn more about how it can help make your eventing infrastructure more robust. After a quick introduction to CloudEvents we'll then look at what's been going on since we shipped v1.0 - including the new specifications that are under development all aimed at making it easier to produce and consumer events.
CloudEvents: Intro, Status and the Future... - Scott Nichols, Chainguard
The CloudEvents specification is one of those unsung hero projects that doesn't get a lot of attention, but is slowly making its way into some of the most popular OSS projects out there today. Why? Come join this session to see why and to learn more about how it can help make your eventing infrastructure more robust. After a quick introduction to CloudEvents we'll then look at what's been going on since we shipped v1.0 - including the new specifications that are under development all aimed at making it easier to produce and consumer events.
- 1 participant
- 23 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Context Aware Traffic Routing for Stateful Services using Envoy - Renana Yacobi & Piaw Na, Niantic
Service infrastructure should be invisible to application APIs but frequently the implementation leaks into the APIs, injected in the form of URL prefixes or message headers custom fields. In some cases this is undesirable due to the sensitivity of the information. Examples of such cases include PII and company IP. In these scenarios a message is sent to the server, which makes a routing decision based on the information inside the message. At that point a reroute request is send to the client that redirect its calls to the assigned backend, In this presentation, Renana Yacobi, Server Core Infrastructure Lead @ Niantic, presents a context aware routing, using the power of Envoy custom filters and partial message parsing to use information extracted from the message payload to route the traffic while supporting legacy APIs.
Context Aware Traffic Routing for Stateful Services using Envoy - Renana Yacobi & Piaw Na, Niantic
Service infrastructure should be invisible to application APIs but frequently the implementation leaks into the APIs, injected in the form of URL prefixes or message headers custom fields. In some cases this is undesirable due to the sensitivity of the information. Examples of such cases include PII and company IP. In these scenarios a message is sent to the server, which makes a routing decision based on the information inside the message. At that point a reroute request is send to the client that redirect its calls to the assigned backend, In this presentation, Renana Yacobi, Server Core Infrastructure Lead @ Niantic, presents a context aware routing, using the power of Envoy custom filters and partial message parsing to use information extracted from the message payload to route the traffic while supporting legacy APIs.
- 2 participants
- 17 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Correlating Signals in Opentelemetry: Benefits, Stories, and the Road Ahead - Morgan McLean, Splunk & Jaana Dogan, Amazon
OpenTelemetry is used across the industry to capture distributed traces, however this is just a sliver of the value that the project provides. OpenTelemetry also gathers metrics (launched earlier this year) and logs (beta) from your applications and infrastructure, allowing you to capture all telemetry through a single pipeline and powerful analysis in whatever tools you choose! In this session we will discuss: - How OpenTelemetry correlates these signals, which allows your investigations to jump flow seamlessly between all of your services and underlying infrastructure - The deep functionality that OpenTelemetry provides for metrics and logs, including metric formats and aggregations, tailing logs from flat files, and the a high-performance strongly-typed logging pipeline for new applications - Real stories about how large well-known organizations use OpenTelemetry and the improvements that they’ve gained - What’s next for OpenTelemetry: new data sources, signals, and more
Correlating Signals in Opentelemetry: Benefits, Stories, and the Road Ahead - Morgan McLean, Splunk & Jaana Dogan, Amazon
OpenTelemetry is used across the industry to capture distributed traces, however this is just a sliver of the value that the project provides. OpenTelemetry also gathers metrics (launched earlier this year) and logs (beta) from your applications and infrastructure, allowing you to capture all telemetry through a single pipeline and powerful analysis in whatever tools you choose! In this session we will discuss: - How OpenTelemetry correlates these signals, which allows your investigations to jump flow seamlessly between all of your services and underlying infrastructure - The deep functionality that OpenTelemetry provides for metrics and logs, including metric formats and aggregations, tailing logs from flat files, and the a high-performance strongly-typed logging pipeline for new applications - Real stories about how large well-known organizations use OpenTelemetry and the improvements that they’ve gained - What’s next for OpenTelemetry: new data sources, signals, and more
- 2 participants
- 28 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Data Science for Infrastructure: Observe, Understand, Automate - Zain Asgar & Natalie Serrino, New Relic
Cloud-native applications today are increasingly complex and therefore increasingly hard to understand. It’s critical to connect decisions around resource allocation and architecture to business metrics such as end-user latency, but very difficult to do in practice. Ultimately, understanding how your systems behave and why is a data analytics problem. Like most data analytics problems, the trick is in collecting and wrangling the right data sources.
In this talk, you will learn how Pixie, an open-source observability platform for Kubernetes, can be used to painlessly turn low-level telemetry data into high-level signals about system health. The talk will also show these high-level signals can be used as input to a variety of use cases, such as detecting SQL injections and K8s deployment autoscaling.
Data Science for Infrastructure: Observe, Understand, Automate - Zain Asgar & Natalie Serrino, New Relic
Cloud-native applications today are increasingly complex and therefore increasingly hard to understand. It’s critical to connect decisions around resource allocation and architecture to business metrics such as end-user latency, but very difficult to do in practice. Ultimately, understanding how your systems behave and why is a data analytics problem. Like most data analytics problems, the trick is in collecting and wrangling the right data sources.
In this talk, you will learn how Pixie, an open-source observability platform for Kubernetes, can be used to painlessly turn low-level telemetry data into high-level signals about system health. The talk will also show these high-level signals can be used as input to a variety of use cases, such as detecting SQL injections and K8s deployment autoscaling.
- 2 participants
- 30 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Declarative and Imperative Kubernetes Operations with Temporal and M3 - Matt Schallert, Chronosphere & Dominik Tornow, Temporal
Operators allow users to orchestrate complex software, such as databases, running on Kubernetes. However, due to their declarative nature, expressing and coordinating imperative actions (such as “create a backup”) is awkward and cumbersome. In this talk, Matt and Dominik will explore how declarative solutions, such as Operators, along with imperative solutions, such as Temporal, an OSS Workflow Orchestration Platform, can be used to automate the operations of complex software systems on Kubernetes. They will demonstrate how Temporal workflows can leverage the same Go libraries users are familiar with. Finally, using the OSS M3DB Operator as an example, they will demonstrate how Operators and Workflows work in tandem and mitigate each others' limitations. You will walk away with an accurate, actionable, and dependable understanding of Kubernetes Operators and Temporal Workflows and how to craft scalable and reliable operation automation for your Kubernetes applications and clusters.
Declarative and Imperative Kubernetes Operations with Temporal and M3 - Matt Schallert, Chronosphere & Dominik Tornow, Temporal
Operators allow users to orchestrate complex software, such as databases, running on Kubernetes. However, due to their declarative nature, expressing and coordinating imperative actions (such as “create a backup”) is awkward and cumbersome. In this talk, Matt and Dominik will explore how declarative solutions, such as Operators, along with imperative solutions, such as Temporal, an OSS Workflow Orchestration Platform, can be used to automate the operations of complex software systems on Kubernetes. They will demonstrate how Temporal workflows can leverage the same Go libraries users are familiar with. Finally, using the OSS M3DB Operator as an example, they will demonstrate how Operators and Workflows work in tandem and mitigate each others' limitations. You will walk away with an accurate, actionable, and dependable understanding of Kubernetes Operators and Temporal Workflows and how to craft scalable and reliable operation automation for your Kubernetes applications and clusters.
- 2 participants
- 21 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Easy notifications for Kubernetes - Alexander Matyushentsev, Intuit & Remington Breeze, Akuity
Kubernetes provides powerful features and empowers developers to solve lots of use-cases. Do you want to do GitOps, Progressive Delivery, batch processing? Easy - there is a tool that provides an effective way of solving each problem. The email that notifies the team about successful deployment is the cherry on the cake and should not be hard to do, right? Well, the notifications support is not as straightforward as it sounds. Does your team prefer Slack, Telegram, or all of the above? Do you want to fine-tune notifications criteria and avoid spamming your team about each and every change? Do you need customized notification messages that include details specific to your environment? We have solved this problem for Argo by introducing a generic Notification Engine that powers a notification experience for Argo projects. You will learn how to leverage the engine to configure notifications for Argo projects as well as how to use it for any other Kubernetes-native application.
Easy notifications for Kubernetes - Alexander Matyushentsev, Intuit & Remington Breeze, Akuity
Kubernetes provides powerful features and empowers developers to solve lots of use-cases. Do you want to do GitOps, Progressive Delivery, batch processing? Easy - there is a tool that provides an effective way of solving each problem. The email that notifies the team about successful deployment is the cherry on the cake and should not be hard to do, right? Well, the notifications support is not as straightforward as it sounds. Does your team prefer Slack, Telegram, or all of the above? Do you want to fine-tune notifications criteria and avoid spamming your team about each and every change? Do you need customized notification messages that include details specific to your environment? We have solved this problem for Argo by introducing a generic Notification Engine that powers a notification experience for Argo projects. You will learn how to leverage the engine to configure notifications for Argo projects as well as how to use it for any other Kubernetes-native application.
- 2 participants
- 25 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Edge Computing using K3s on Raspberry Pi - Jeff Spahr, Lenovo
K3s is a lightweight single binary Kubernetes distribution that is simple to install, and it's a perfect match for the latest Raspberry Pi 4. Join the speaker as he walks through the design, implementation, and trade offs you'll have to consider for this edge architecture. In this talk I'll cover the following:
The why and how of deploying a production grade highly available 3 node K3s cluster.
How to capture all the configuration as code and drive changes through GitOps.
How to manage automatic updates for the cluster and operating system through the Kubernetes API.
The speaker will be building on https://github.com/jeffspahr/k3s-on-pi for this presentation.
Edge Computing using K3s on Raspberry Pi - Jeff Spahr, Lenovo
K3s is a lightweight single binary Kubernetes distribution that is simple to install, and it's a perfect match for the latest Raspberry Pi 4. Join the speaker as he walks through the design, implementation, and trade offs you'll have to consider for this edge architecture. In this talk I'll cover the following:
The why and how of deploying a production grade highly available 3 node K3s cluster.
How to capture all the configuration as code and drive changes through GitOps.
How to manage automatic updates for the cluster and operating system through the Kubernetes API.
The speaker will be building on https://github.com/jeffspahr/k3s-on-pi for this presentation.
- 1 participant
- 22 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Everything Wrong with K8s Authentication and How We Worked Around It - Mo Khan & Margo Crawford, VMware
Kubernetes provides many flexible authentication options, but they are inaccessible to a large portion of Kubernetes users in practice. When enterprise cluster administrators have clusters across many providers or distributions of Kubernetes, they struggle to unify them under a single identity platform. Kubernetes authentication options are often not available on managed cloud provider platforms, and even on self-hosted clusters it is non-trivial to integrate with common identity technologies such as OIDC or LDAP. This session will describe common pitfalls and limitations of Kubernetes authentication and show how to work around them. We will describe how to integrate identities from OIDC/LDAP into any Kubernetes cluster, provide nice login flows for cluster users, and enable federated logins across multiple clusters. Attend this session to learn about the latest Kubernetes auth integration techniques and see what’s coming in future Kubernetes versions.
Everything Wrong with K8s Authentication and How We Worked Around It - Mo Khan & Margo Crawford, VMware
Kubernetes provides many flexible authentication options, but they are inaccessible to a large portion of Kubernetes users in practice. When enterprise cluster administrators have clusters across many providers or distributions of Kubernetes, they struggle to unify them under a single identity platform. Kubernetes authentication options are often not available on managed cloud provider platforms, and even on self-hosted clusters it is non-trivial to integrate with common identity technologies such as OIDC or LDAP. This session will describe common pitfalls and limitations of Kubernetes authentication and show how to work around them. We will describe how to integrate identities from OIDC/LDAP into any Kubernetes cluster, provide nice login flows for cluster users, and enable federated logins across multiple clusters. Attend this session to learn about the latest Kubernetes auth integration techniques and see what’s coming in future Kubernetes versions.
- 2 participants
- 29 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fluentd and Fluent Bit - Eduardo Silva, Calyptia
Observability pipelines are a critical component on every production environment. Fluentd and Fluent Bit are well known and used for Log collection and processing. But for years our community of users have asked for a unified experience with Metrics collection. In this presentation, you will learn about our new Metrics collection and processing with Fluentd and Fluent Bit. You will learn the best practices for monitoring and how to leverage your current Prometheus services and infrastructure by using all the component together without any observability disruption.
Fluentd and Fluent Bit - Eduardo Silva, Calyptia
Observability pipelines are a critical component on every production environment. Fluentd and Fluent Bit are well known and used for Log collection and processing. But for years our community of users have asked for a unified experience with Metrics collection. In this presentation, you will learn about our new Metrics collection and processing with Fluentd and Fluent Bit. You will learn the best practices for monitoring and how to leverage your current Prometheus services and infrastructure by using all the component together without any observability disruption.
- 5 participants
- 34 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Network Engineer to K8s Developer: Lessons Learned via Telepresence - Peter ONeill, Ambassador Labs
Kubernetes is every bit as complex as a globally distributed network, but all wrapped up in one cluster. From Ingresses, to load-balancers, to headless services, Kubernetes has more possible points of failure than an IP packet jetting around the world. Join in to hear a network engineer's journey into Kubernetes. As any network engineer would do, we will follow the networking path. We will start at the Kubernetes API, work our way through the services and connections, and eventually make our way into the pods and containers. Understanding how complex it is to reach backend services hosted in Kubernetes, it's surprising a tool like Telepresence hasn't come around sooner. Once you've experienced it, bridging your laptop's local network to a Kubernetes cluster makes sense. No spotty VPN tunnels or long-lived port-forwarding sessions. Just "telepresence connect" and start developing and debugging as if your laptop was in your cluster.
From Network Engineer to K8s Developer: Lessons Learned via Telepresence - Peter ONeill, Ambassador Labs
Kubernetes is every bit as complex as a globally distributed network, but all wrapped up in one cluster. From Ingresses, to load-balancers, to headless services, Kubernetes has more possible points of failure than an IP packet jetting around the world. Join in to hear a network engineer's journey into Kubernetes. As any network engineer would do, we will follow the networking path. We will start at the Kubernetes API, work our way through the services and connections, and eventually make our way into the pods and containers. Understanding how complex it is to reach backend services hosted in Kubernetes, it's surprising a tool like Telepresence hasn't come around sooner. Once you've experienced it, bridging your laptop's local network to a Kubernetes cluster makes sense. No spotty VPN tunnels or long-lived port-forwarding sessions. Just "telepresence connect" and start developing and debugging as if your laptop was in your cluster.
- 1 participant
- 28 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Harbor - Enterprise Cloud Native Artifact Registry - Alex Xu, Wang Yan, Steven Zou, Deng Qian & Ziming Zhang, VMware
Harbor is a CNCF graduated project, which help enterprises distribute and manage cloud native artifacts. We’ll use this session to give the audience an overview of the Harbor project and the community we built around it. We’ll talk about Harbor’s key features and use cases, and updates introduced in the most recent release. In addition to that, we’ll give a sneak peek into the development that is in progress. We’ll also use this session to discuss with the users regarding the challenges the project is facing and share our thoughts on how to tackle them.
Harbor - Enterprise Cloud Native Artifact Registry - Alex Xu, Wang Yan, Steven Zou, Deng Qian & Ziming Zhang, VMware
Harbor is a CNCF graduated project, which help enterprises distribute and manage cloud native artifacts. We’ll use this session to give the audience an overview of the Harbor project and the community we built around it. We’ll talk about Harbor’s key features and use cases, and updates introduced in the most recent release. In addition to that, we’ll give a sneak peek into the development that is in progress. We’ll also use this session to discuss with the users regarding the challenges the project is facing and share our thoughts on how to tackle them.
- 6 participants
- 33 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How NOT to Start with Kubernetes - Christian Heckelmann, Dynatrace
To k8s or not? THAT should be the first question you answer before considering moving your workloads to k8s. Granted – in many cases - Kubernetes is going to be the right choice but don’t just default to k8s because its hip or cool. When starting with Kubernetes you will run into many challenging situations or must make important decisions that will impact the way you will benefit or not benefit from k8s, that will decide whether you have sleepless nights or whether you can enjoy your evenings and weekends with friends and family! I, Christian Heckelmann, would have loved to know a lot more about Kubernetes networking, resource limits, the importance of training people upfront, providing templates, security, the CNCF landscape and more. 2 years ago, I started my journey as DevOps engineer setting up k8s 1.9 on bare metal. In this talk I recap my lessons learned in the hope that everyone that starts with k8s doesn’t start off in the wrong direction.
How NOT to Start with Kubernetes - Christian Heckelmann, Dynatrace
To k8s or not? THAT should be the first question you answer before considering moving your workloads to k8s. Granted – in many cases - Kubernetes is going to be the right choice but don’t just default to k8s because its hip or cool. When starting with Kubernetes you will run into many challenging situations or must make important decisions that will impact the way you will benefit or not benefit from k8s, that will decide whether you have sleepless nights or whether you can enjoy your evenings and weekends with friends and family! I, Christian Heckelmann, would have loved to know a lot more about Kubernetes networking, resource limits, the importance of training people upfront, providing templates, security, the CNCF landscape and more. 2 years ago, I started my journey as DevOps engineer setting up k8s 1.9 on bare metal. In this talk I recap my lessons learned in the hope that everyone that starts with k8s doesn’t start off in the wrong direction.
- 1 participant
- 31 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Spotify Leverages Flyte To Coordinate Financial Analytics Company-Wide - Haytham Abuelfutuh, Union.ai & Dylan Wilder Patterson, Spotify
Kubernetes’ popularity stems from its declarative yaml based API and focus on versioning and other best practices of developing micro-services. Therein also lies its weakness, where users that are not conversant with infrastructure are inadvertently discouraged from leveraging the power of Kubernetes. Using an example application at Spotify that powers their financial platform, the talk examines:
* The specific operational needs of ML and Data Engineering (MLOps/DataOps) in contrast to DevOps.
* Best practices for developing maintainable ML and Data applications.
* How Flyte can be used to bridge these gaps for users with varying technical proficiency.
How Spotify Leverages Flyte To Coordinate Financial Analytics Company-Wide - Haytham Abuelfutuh, Union.ai & Dylan Wilder Patterson, Spotify
Kubernetes’ popularity stems from its declarative yaml based API and focus on versioning and other best practices of developing micro-services. Therein also lies its weakness, where users that are not conversant with infrastructure are inadvertently discouraged from leveraging the power of Kubernetes. Using an example application at Spotify that powers their financial platform, the talk examines:
* The specific operational needs of ML and Data Engineering (MLOps/DataOps) in contrast to DevOps.
* Best practices for developing maintainable ML and Data applications.
* How Flyte can be used to bridge these gaps for users with varying technical proficiency.
- 3 participants
- 41 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Inclusive Language Initiative Working Group - Celeste Hogan, Cloud Native Computing Foundation
Inclusive Language Initiative Working Group - Celeste Hogan, Cloud Native Computing Foundation
- 2 participants
- 17 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Jaeger: Intro and Deep Dive - Jonah Kowall, Logz.io
In this session we will cover both introductory and deep dive material for the Jaeger distributed tracing backend. For intro we will review methods of getting started installing Jaeger and the basics of distributed tracing. For the deep dive we will be discuss the future of Jaeger built on top of the OpenTelemetry collector and what that means for Jaeger architecture, future development and features. Jaeger is the most popular open source distributed tracing backend. Whether your goal is to get acquainted with Jaeger and distributed tracing or to keep abreast with the latest and greatest, please join us!
Jaeger: Intro and Deep Dive - Jonah Kowall, Logz.io
In this session we will cover both introductory and deep dive material for the Jaeger distributed tracing backend. For intro we will review methods of getting started installing Jaeger and the basics of distributed tracing. For the deep dive we will be discuss the future of Jaeger built on top of the OpenTelemetry collector and what that means for Jaeger architecture, future development and features. Jaeger is the most popular open source distributed tracing backend. Whether your goal is to get acquainted with Jaeger and distributed tracing or to keep abreast with the latest and greatest, please join us!
- 4 participants
- 41 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Migrating GitLab.com to Kubernetes: How Multiple Clusters Saved Cost - John Skarbek, Gitlab
As we grew past 10 million projects hosted on GitLab.com, it was clear that we needed to move from our fleet of chef-managed virtual machines to Kubernetes. Using GKE, migration started with stateless services like the GitLab Container Registry, Background processing, and Git requests. With over 100 Terabyte of daily Git data, regional GKE clusters provide the convenience of spanning multiple availability zones for redundancy, but cross availability zone egress was a concern. Splitting the regional GKE cluster into multiple zonal clusters for services that use a lot of bandwidth gave much more control over cross availability zone network traffic. In this talk, you will learn more about our journey and efforts with how we are shifting traffic to the new clusters.
Migrating GitLab.com to Kubernetes: How Multiple Clusters Saved Cost - John Skarbek, Gitlab
As we grew past 10 million projects hosted on GitLab.com, it was clear that we needed to move from our fleet of chef-managed virtual machines to Kubernetes. Using GKE, migration started with stateless services like the GitLab Container Registry, Background processing, and Git requests. With over 100 Terabyte of daily Git data, regional GKE clusters provide the convenience of spanning multiple availability zones for redundancy, but cross availability zone egress was a concern. Splitting the regional GKE cluster into multiple zonal clusters for services that use a lot of bandwidth gave much more control over cross availability zone network traffic. In this talk, you will learn more about our journey and efforts with how we are shifting traffic to the new clusters.
- 1 participant
- 19 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Native Instrumentation for Open Source Software with OpenTelemetry - Ted Young, Lightstep & Ludmila Molkova, Microsoft
If you write OSS software, you may have noticed that it can be surprisingly difficult to provide logs and metrics to the users who run your libraries. OpenTelemetry is designed to solve this problem. OpenTelemetry allows OSS projects – web frameworks, databases, message queues – to move beyond testing and begin to participate in runtime observability, while still giving their end users control over where and how the data is processed. In this session, we will cover: The benefits of OpenTelemetry instrumentation. Guidelines for natively instrumenting your OSS library. Tricky parts, gotchas, and how to minimize them. We will also briefly cover the current state of OpenTelemetry project: Which APIs are currently stable, and what long term support means. Methods for combining tracing and metrics to simplify instrumentation. How to get involved with the native instrumentation effort in OpenTelemetry.
Native Instrumentation for Open Source Software with OpenTelemetry - Ted Young, Lightstep & Ludmila Molkova, Microsoft
If you write OSS software, you may have noticed that it can be surprisingly difficult to provide logs and metrics to the users who run your libraries. OpenTelemetry is designed to solve this problem. OpenTelemetry allows OSS projects – web frameworks, databases, message queues – to move beyond testing and begin to participate in runtime observability, while still giving their end users control over where and how the data is processed. In this session, we will cover: The benefits of OpenTelemetry instrumentation. Guidelines for natively instrumenting your OSS library. Tricky parts, gotchas, and how to minimize them. We will also briefly cover the current state of OpenTelemetry project: Which APIs are currently stable, and what long term support means. Methods for combining tracing and metrics to simplify instrumentation. How to get involved with the native instrumentation effort in OpenTelemetry.
- 2 participants
- 21 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
PSP is Dead, Long Live PodSecurity - Monis Khan, VMware; Mike Danese, Google
After a quick intro, this presentation will touch upon two auth features that recently went GA: bound service account tokens [1] and kubectl credential plugins [2]. The bulk of the talk will focus on the replacement for pod security policy: pod security admission control [3]. We will cover the reasons behind the replacement of PSP along with the specific technical details of PSA. [1] https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume [2] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins [3] https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement
PSP is Dead, Long Live PodSecurity - Monis Khan, VMware; Mike Danese, Google
After a quick intro, this presentation will touch upon two auth features that recently went GA: bound service account tokens [1] and kubectl credential plugins [2]. The bulk of the talk will focus on the replacement for pod security policy: pod security admission control [3]. We will cover the reasons behind the replacement of PSP along with the specific technical details of PSA. [1] https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume [2] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins [3] https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement
- 5 participants
- 35 minutes
30 Oct 2021
Panel Discussion: Cloud Native Computing Foundation Mentees - Kunal Kushwaha, Civo; Ihor Dvoretskyi, Cloud Native Computing Foundation; Divya Mohan, HSBC; Uchechukwu Obasi, Grafana Labs
The CNCF community has proven that open source is for everyone and every contribution counts. To support this statement, there have been numerous opportunities provided by the CNCF community to get more young people and new contributors get involved in the project. Namely, GSoC, GSoD, LFX Mentorship programs, CROSS, Outreachy. Although, the problem of lack of awareness about these opportunities still exists. As well all saw, over 69% of the attendees were first-timers, and many students joined as well. This panel consists of ex-CNCF mentees & CNCF program managers. They are going to share their experiences & tips, regarding how they got started with CNCF, their journey with the internship opportunities & mentorship programs. In addition to that, viewers would also learn how to get started with CNC projects, right from picking an organisation, to making their first contributions. In the end, the panel will share some community best practices and resources.
The CNCF community has proven that open source is for everyone and every contribution counts. To support this statement, there have been numerous opportunities provided by the CNCF community to get more young people and new contributors get involved in the project. Namely, GSoC, GSoD, LFX Mentorship programs, CROSS, Outreachy. Although, the problem of lack of awareness about these opportunities still exists. As well all saw, over 69% of the attendees were first-timers, and many students joined as well. This panel consists of ex-CNCF mentees & CNCF program managers. They are going to share their experiences & tips, regarding how they got started with CNCF, their journey with the internship opportunities & mentorship programs. In addition to that, viewers would also learn how to get started with CNC projects, right from picking an organisation, to making their first contributions. In the end, the panel will share some community best practices and resources.
- 4 participants
- 35 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
PodSecurityPolicy Replacement: Past, Present, and Future - Tabitha Sable, Datadog & Tim Allclair, Apple
Join two of the maintainers leading the PSP replacement effort for a welcoming, accessible discussion of PodSecurityPolicy and its built-in replacement, Pod Security Admission Control. They’ll cover how to tell whether PSP deprecation affects you, the meaning of deprecation in Kubernetes, and steps you can take today to ease your eventual transition off of PSP. You’ll hear guidelines for considering the new Pod Security Admission Control, learn how to try it out yourself, and even enjoy a little bit of Kubernetes storytelling.
PodSecurityPolicy Replacement: Past, Present, and Future - Tabitha Sable, Datadog & Tim Allclair, Apple
Join two of the maintainers leading the PSP replacement effort for a welcoming, accessible discussion of PodSecurityPolicy and its built-in replacement, Pod Security Admission Control. They’ll cover how to tell whether PSP deprecation affects you, the meaning of deprecation in Kubernetes, and steps you can take today to ease your eventual transition off of PSP. You’ll hear guidelines for considering the new Pod Security Admission Control, learn how to try it out yourself, and even enjoy a little bit of Kubernetes storytelling.
- 3 participants
- 35 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Contributor Experience Deep Dive - Alison Dowdney, Weaveworks & Christoph Blecker, Red Hat
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. Things like feature velocity, community scaling, mentoring, pull request latency, and more all fall within scope of the SIG In this talk, we will provide an introduction to SIG Contributor Experience, its role within the project, and dive into the various subprojects that support its mission. Additionally, we will provide a general community update and go over how you can get involved.
SIG Contributor Experience Deep Dive - Alison Dowdney, Weaveworks & Christoph Blecker, Red Hat
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. Things like feature velocity, community scaling, mentoring, pull request latency, and more all fall within scope of the SIG In this talk, we will provide an introduction to SIG Contributor Experience, its role within the project, and dive into the various subprojects that support its mission. Additionally, we will provide a general community update and go over how you can get involved.
- 3 participants
- 34 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-Autoscaling: Introduction + HPA/VPA Updates - Joe Burnett & Marcin Wielgus, Google
During this talk we will give a detailed overview of autoscaling features in Kubernetes, covering both horizontal, vertical as well as cluster autoscalers. You will learn how to automatically adjust your Kubernetes cluster and pods to match your current capacity needs, which components should be used when and how to configure them properly to get best efficiency and cost savings. We will also discuss upcoming features like the new HPA v2 stable API and support for alternative recommenders in VPA.
SIG-Autoscaling: Introduction + HPA/VPA Updates - Joe Burnett & Marcin Wielgus, Google
During this talk we will give a detailed overview of autoscaling features in Kubernetes, covering both horizontal, vertical as well as cluster autoscalers. You will learn how to automatically adjust your Kubernetes cluster and pods to match your current capacity needs, which components should be used when and how to configure them properly to get best efficiency and cost savings. We will also discuss upcoming features like the new HPA v2 stable API and support for alternative recommenders in VPA.
- 1 participant
- 24 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SPIFFE: In Theory and in Practice - Evan Gilman & Andrew Harding, VMware
Please join us on the maintainer track to learn more about the SPIFFE vision, it's components, and how it fits into the cloud native landscape. In this session, we will do a short intro and deep dive on SPIFFE, followed by a Q&A. This will be an informal session - please bring your questions and use cases! We'll discuss recently completed works, where the project is headed, and how SPIFFE compares/contrasts to other seemingly similar options. Finally, stick around after the session for an extended meetup with the maintainers and other SPIFFE users.
SPIFFE: In Theory and in Practice - Evan Gilman & Andrew Harding, VMware
Please join us on the maintainer track to learn more about the SPIFFE vision, it's components, and how it fits into the cloud native landscape. In this session, we will do a short intro and deep dive on SPIFFE, followed by a Q&A. This will be an informal session - please bring your questions and use cases! We'll discuss recently completed works, where the project is headed, and how SPIFFE compares/contrasts to other seemingly similar options. Finally, stick around after the session for an extended meetup with the maintainers and other SPIFFE users.
- 3 participants
- 36 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling Machine Learning Workflows to Big Data with Fugue - Kevin Kho, Prefect & Han Wang, Lyft
Data scientists often use Pandas for data that fits on a single machine, and Spark or Dask for larger datasets that need distributed computing power. What happens though, when the data starts small and then grows too much for Pandas to handle? Data scientists often find themselves reimplementing the same code to transition to Spark. Even code with the same business logic needs two separate implementations. Fugue is an open-source abstraction layer that solves this. In this talk, he'll show how Fugue lets users port native Python code to Spark or Dask with minimal code changes. By using Fugue, data science code will be written in a framework-agnostic and scale-agnostic manner that allows it to be ported to different execution environments. This will be demonstrated by showing how to scale data compute from a single machine to a Spark cluster set-up on Kubernetes.
Scaling Machine Learning Workflows to Big Data with Fugue - Kevin Kho, Prefect & Han Wang, Lyft
Data scientists often use Pandas for data that fits on a single machine, and Spark or Dask for larger datasets that need distributed computing power. What happens though, when the data starts small and then grows too much for Pandas to handle? Data scientists often find themselves reimplementing the same code to transition to Spark. Even code with the same business logic needs two separate implementations. Fugue is an open-source abstraction layer that solves this. In this talk, he'll show how Fugue lets users port native Python code to Spark or Dask with minimal code changes. By using Fugue, data science code will be written in a framework-agnostic and scale-agnostic manner that allows it to be ported to different execution environments. This will be demonstrated by showing how to scale data compute from a single machine to a Spark cluster set-up on Kubernetes.
- 2 participants
- 29 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Stream vs. Batch: Leveraging M3 and Thanos for Real-Time Aggregation - Gibbs Cullen, Chronosphere
The debate over stream vs. batch processing has been ongoing for years. While batch processing is optimized for large volumes of data, stream processing allows for real-time analysis. With monitoring workflows aimed at minimizing time to detect incidents, having real-time insights is critical for maintaining reliable cloud-native applications. Monitoring business-critical applications can become difficult at scale. How do you continue processing large volumes of real time data while maintaining valuable insights? There are OSS metrics solutions designed to ingest high volumes of data, but they also need to efficiently aggregate metrics for viewing and analyzing these volumes in real time. This talk will explore how two popular OSS projects, M3 and Thanos, have approached the problem of real time aggregation. The audience will learn how stream and batch processing methodologies have been leveraged by the community to aggregate data in real time, and the tradeoffs of each approach.
Stream vs. Batch: Leveraging M3 and Thanos for Real-Time Aggregation - Gibbs Cullen, Chronosphere
The debate over stream vs. batch processing has been ongoing for years. While batch processing is optimized for large volumes of data, stream processing allows for real-time analysis. With monitoring workflows aimed at minimizing time to detect incidents, having real-time insights is critical for maintaining reliable cloud-native applications. Monitoring business-critical applications can become difficult at scale. How do you continue processing large volumes of real time data while maintaining valuable insights? There are OSS metrics solutions designed to ingest high volumes of data, but they also need to efficiently aggregate metrics for viewing and analyzing these volumes in real time. This talk will explore how two popular OSS projects, M3 and Thanos, have approached the problem of real time aggregation. The audience will learn how stream and batch processing methodologies have been leveraged by the community to aggregate data in real time, and the tradeoffs of each approach.
- 1 participant
- 19 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Argo Ecosystem: Tailoring Your Installation Through Community Add-ons - Jesse Suen, Akuity & Alexander Matyushentsev, Intuit
You are probably already familiar with the core set of Argo projects such as Workflows, CD, Rollouts, and Events. But did you know there is also an entire suite of ecosystem projects which complement these core offerings? These operators unlock support for additional features including notifications, docker registry integration, git writeback, cluster bootstrapping/add-on management, all in a composable way. In this talk, we showcase many of the Argo community projects which will supercharge your Argo installation by providing features outside of the base functionality. Discover ways to custom tailor your setup according to your organization’s needs. Learn about new and upcoming enhancements to make Argo CD even more extensible, including a redesigned config management plugin system, UI component library, and UI/API extensions. Finally, learn how you can even leverage Argo engines and building blocks in your own operators to gain new capabilities, completely independent of Argo!
The Argo Ecosystem: Tailoring Your Installation Through Community Add-ons - Jesse Suen, Akuity & Alexander Matyushentsev, Intuit
You are probably already familiar with the core set of Argo projects such as Workflows, CD, Rollouts, and Events. But did you know there is also an entire suite of ecosystem projects which complement these core offerings? These operators unlock support for additional features including notifications, docker registry integration, git writeback, cluster bootstrapping/add-on management, all in a composable way. In this talk, we showcase many of the Argo community projects which will supercharge your Argo installation by providing features outside of the base functionality. Discover ways to custom tailor your setup according to your organization’s needs. Learn about new and upcoming enhancements to make Argo CD even more extensible, including a redesigned config management plugin system, UI component library, and UI/API extensions. Finally, learn how you can even leverage Argo engines and building blocks in your own operators to gain new capabilities, completely independent of Argo!
- 6 participants
- 35 minutes
30 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
We Built the Kubernetes SBOM and Now You Can Write Your Own! - Adolfo García Veytia, uServers
At the end of 2020, SIG Release set a goal to produce a Software Bill of Materials for Kubernetes to provide the community and downstream consumers with a verifiable manifest to attest the completeness and consistency of the artifacts built and published with each release. Adolfo will tell how the Release Engineering team built the Kubernetes SBOM and how this effort resulted in a set of libraries and tools which can be leveraged by software developers and other projects to create their own SPDX-compliant Bill of Materials out of files and container images with automatic license detection. He will address the role an SBOM plays in the software supply chain puzzle, enumerating its benefits for developers and operators. He will do a review of the SPDX standard (Software Package Data Exchange) and the rich relationships between software components it can express. The session will feature a live demo of building an SPDX SBOM using said tools which are already available to download.
We Built the Kubernetes SBOM and Now You Can Write Your Own! - Adolfo García Veytia, uServers
At the end of 2020, SIG Release set a goal to produce a Software Bill of Materials for Kubernetes to provide the community and downstream consumers with a verifiable manifest to attest the completeness and consistency of the artifacts built and published with each release. Adolfo will tell how the Release Engineering team built the Kubernetes SBOM and how this effort resulted in a set of libraries and tools which can be leveraged by software developers and other projects to create their own SPDX-compliant Bill of Materials out of files and container images with automatic license detection. He will address the role an SBOM plays in the software supply chain puzzle, enumerating its benefits for developers and operators. He will do a review of the SPDX standard (Software Package Data Exchange) and the rich relationships between software components it can express. The session will feature a live demo of building an SPDX SBOM using said tools which are already available to download.
- 1 participant
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A New Generation of NATS - Matthias Hanel & Jean-Noël Moyne, Synadia
NATS is a high performance cloud native distributed communications utility that allows you to build globally available and secure applications based on streams and services that are both fast and simple to operate. In this talk you will learn about all the numerous new features that have been introduced NATS version 2 and more specifically in the last few months and with the introduction of JetStream a new distributed persistence layer that enables NATS to offer new higher qualities of services and functionalities such as streaming. You will also see a demo showcasing the flexibility of the NATS Adaptive Edge Architecture including how it can be combined with the new functionalities enabled by JetStream to offer continuous and guaranteed publication of data on streams even during network failures.
A New Generation of NATS - Matthias Hanel & Jean-Noël Moyne, Synadia
NATS is a high performance cloud native distributed communications utility that allows you to build globally available and secure applications based on streams and services that are both fast and simple to operate. In this talk you will learn about all the numerous new features that have been introduced NATS version 2 and more specifically in the last few months and with the introduction of JetStream a new distributed persistence layer that enables NATS to offer new higher qualities of services and functionalities such as streaming. You will also see a demo showcasing the flexibility of the NATS Adaptive Edge Architecture including how it can be combined with the new functionalities enabled by JetStream to offer continuous and guaranteed publication of data on streams even during network failures.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Safari of Kubernetes and its Natural Habitat - Noah Abrahams, StormForge
Have you ever wondered what life in the data center really looks like, after the sun goes down and the people leave? Come along on a journey as we visit some of the inhabitants of the Cloud Native savanna on this trip through the ecosystems of Kubernetes and its natural predators. Attendees will learn the warning cries of an ever alert Prometheus and watch as the cluster is hunted by a gaggle of red teamers, while they all try to drink from the same data lake. This talk will be a whimsical introduction into the daily life of kubernetes and common production deployments while you listen to some very mediocre impressions of famous naturalists.
A Safari of Kubernetes and its Natural Habitat - Noah Abrahams, StormForge
Have you ever wondered what life in the data center really looks like, after the sun goes down and the people leave? Come along on a journey as we visit some of the inhabitants of the Cloud Native savanna on this trip through the ecosystems of Kubernetes and its natural predators. Attendees will learn the warning cries of an ever alert Prometheus and watch as the cluster is hunted by a gaggle of red teamers, while they all try to drink from the same data lake. This talk will be a whimsical introduction into the daily life of kubernetes and common production deployments while you listen to some very mediocre impressions of famous naturalists.
- 2 participants
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Safer Curl | Bash for the Cloud - Carolyn Van Slyck, Microsoft
Most of us have used curl to download a script and run it immediately. Using curl | bash provides instant gratification. We can quickly get up and running with an application without requiring a steep learning curve or a strong attention span. Unfortunately, the common advice is that this is not safe! But what if it was?
Let's walk through how we can work with people's natural tendencies, keep the one-liner and make it more secure. We will use Porter and Notary to transform an example cloud-native application deployment from a dicey bash script, executed with bash and hope, into a safer one-liner installation that was designed to be used in production.
You will learn:
Why curling a script to bash is insecure, and why bundles mitigate those risks.
How to reuse existing tools and scripts in a bundle, without starting over from scratch.
What a safer one-line user experience could look like.
A Safer Curl | Bash for the Cloud - Carolyn Van Slyck, Microsoft
Most of us have used curl to download a script and run it immediately. Using curl | bash provides instant gratification. We can quickly get up and running with an application without requiring a steep learning curve or a strong attention span. Unfortunately, the common advice is that this is not safe! But what if it was?
Let's walk through how we can work with people's natural tendencies, keep the one-liner and make it more secure. We will use Porter and Notary to transform an example cloud-native application deployment from a dicey bash script, executed with bash and hope, into a safer one-liner installation that was designed to be used in production.
You will learn:
Why curling a script to bash is insecure, and why bundles mitigate those risks.
How to reuse existing tools and scripts in a bundle, without starting over from scratch.
What a safer one-line user experience could look like.
- 1 participant
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Tall Tale of GitOps - Prasanjit Singh, Starzplay
In 1962, in his book “Profiles of the Future: An Inquiry into the Limits of the Possible”, science fiction writer Arthur C. Clarke formulated his famous Three Laws, of which the third law is the best-known and most widely cited: “Any sufficiently advanced technology is indistinguishable from magic”. This quote is the seed of the session "A Tall Tale of GitOps!" It is a 'Tall Tale' because it is nothing short of that! What GitOps can do is larger-than-life and the session will see it unfold.
We will also share a repository of "Awesome GitOps" resources that you can use for hands-on demonstration about how one can write code, build it, create infrastructure, deploy the application and monitor the application all from a git version control push! The talk is focussed at beginners and will introduce the concept of GitOps and explain the building blocks of the architecture with a fictional story analogy.
A Tall Tale of GitOps - Prasanjit Singh, Starzplay
In 1962, in his book “Profiles of the Future: An Inquiry into the Limits of the Possible”, science fiction writer Arthur C. Clarke formulated his famous Three Laws, of which the third law is the best-known and most widely cited: “Any sufficiently advanced technology is indistinguishable from magic”. This quote is the seed of the session "A Tall Tale of GitOps!" It is a 'Tall Tale' because it is nothing short of that! What GitOps can do is larger-than-life and the session will see it unfold.
We will also share a repository of "Awesome GitOps" resources that you can use for hands-on demonstration about how one can write code, build it, create infrastructure, deploy the application and monitor the application all from a git version control push! The talk is focussed at beginners and will introduce the concept of GitOps and explain the building blocks of the architecture with a fictional story analogy.
- 1 participant
- 23 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Vulnerable Tale About Burnout - Julia Simon, CloudOps
This vulnerable tale is a personal journey through the unpredictable world of depression and burnout. It could have been easily predicted because Julia was "doing it all". Yet it was totally unexpected because she assumed her mental health was strong and stable; she could handle anything. Until she couldn’t and everything became unbearable. She made the impossible and necessary decision to stop working in order to recover, setting out on what became four months of self-discovery. Julia will talk about what what led her to this state, what it looked like, and how she was able to get the necessary help to feel strong enough to not only go back to work, but to shift career paths all together as a hopeful and positive outcome that arose out of dark times. Julia will talk about key takeaways that allow her to maintain a healthier balance at work and in life.
A Vulnerable Tale About Burnout - Julia Simon, CloudOps
This vulnerable tale is a personal journey through the unpredictable world of depression and burnout. It could have been easily predicted because Julia was "doing it all". Yet it was totally unexpected because she assumed her mental health was strong and stable; she could handle anything. Until she couldn’t and everything became unbearable. She made the impossible and necessary decision to stop working in order to recover, setting out on what became four months of self-discovery. Julia will talk about what what led her to this state, what it looked like, and how she was able to get the necessary help to feel strong enough to not only go back to work, but to shift career paths all together as a hopeful and positive outcome that arose out of dark times. Julia will talk about key takeaways that allow her to maintain a healthier balance at work and in life.
- 2 participants
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
AIoT Ops - Using Kubernetes and ML Ops to Build Edge ML Applications - Asheesh Goja, Cisco
Whether you are developing an IIoT application or an IoMT solution that requires closed-loop decisions, bringing machine intelligence closer to the edge offers significant advantages. Energy-efficient ML hardware for tensor operations is driving the move towards Edge ML and the emergence of a new domain of edge computing called AIoT or Artificial Intelligence of Things. This talk will propose a novel approach to build AIoT applications using Kubernetes. Using an illustrative reference architecture, the talk will explain emergent AIoT behaviors and architecture patterns. Such patterns can help in deciding what open source projects to choose for AIoT solutions. You will also see a demo simulating an industrial IoT setting where sensors measure conditions in real-time and feed them to an edge device. The device uses a TPU accelerator to apply logistic regression to predict future equipment breakdown. You will see how ML pipelines measure drift and re-train and re-deploy the model.
AIoT Ops - Using Kubernetes and ML Ops to Build Edge ML Applications - Asheesh Goja, Cisco
Whether you are developing an IIoT application or an IoMT solution that requires closed-loop decisions, bringing machine intelligence closer to the edge offers significant advantages. Energy-efficient ML hardware for tensor operations is driving the move towards Edge ML and the emergence of a new domain of edge computing called AIoT or Artificial Intelligence of Things. This talk will propose a novel approach to build AIoT applications using Kubernetes. Using an illustrative reference architecture, the talk will explain emergent AIoT behaviors and architecture patterns. Such patterns can help in deciding what open source projects to choose for AIoT solutions. You will also see a demo simulating an industrial IoT setting where sensors measure conditions in real-time and feed them to an edge device. The device uses a TPU accelerator to apply logistic regression to predict future equipment breakdown. You will see how ML pipelines measure drift and re-train and re-deploy the model.
- 4 participants
- 45 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Admiral Bash's Island Adventure with Phippy + Friends | A Book Reading
Admiral Bash's ship has been sunk by pirates and his mainframe is at the bottom of the sea! Washed up on a deserted island, join Admiral Bash as he navigates his cloud native transformation, helped by Phippy, Zee, Captain Kube, Goldie and some very special new friends. Will the team ever get to enjoy cocktails on the beach, or will this cloud native transformation prove too much? Authors Simon Forster, Danielle Cook, John Forman, and Robert Glenn, from the Cartografos working group, present a first-look at this brand new book!
Admiral Bash's Island Adventure with Phippy + Friends | A Book Reading
Admiral Bash's ship has been sunk by pirates and his mainframe is at the bottom of the sea! Washed up on a deserted island, join Admiral Bash as he navigates his cloud native transformation, helped by Phippy, Zee, Captain Kube, Goldie and some very special new friends. Will the team ever get to enjoy cocktails on the beach, or will this cloud native transformation prove too much? Authors Simon Forster, Danielle Cook, John Forman, and Robert Glenn, from the Cartografos working group, present a first-look at this brand new book!
- 4 participants
- 40 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Automated, Distributed Systems Testing for Kubernetes Controllers - Lalith Suresh, VMware & Xudong Sun, University of Illinois at Urbana-Champaign
The Kubernetes ecosystem has thousands of controller implementations for different applications and platform capabilities. A controller’s correctness is therefore critical, and yet, can be compromised by myriad factors, such as asynchrony in the overall distributed system, unexpected failures, networking issues, and controller restarts. This in turn can lead to severe safety violations, such as incorrectly deleting StatefulSets and PVCs. Controller-developers unfortunately lack automated testing tools to harden their code against these conditions. In this talk, Xudong Sun and Lalith Suresh will describe common bug patterns in Kubernetes controllers. They will also present an automated testing tool called Sieve, which systematically tests Kubernetes controllers to harden them against the aforementioned scenarios. Sieve has already discovered (and led to fixes for) several safety-critical bugs in popular Kubernetes controllers for Zookeeper, Cassandra, RabbitMQ, MongoDB, XtraDB, etc.
Automated, Distributed Systems Testing for Kubernetes Controllers - Lalith Suresh, VMware & Xudong Sun, University of Illinois at Urbana-Champaign
The Kubernetes ecosystem has thousands of controller implementations for different applications and platform capabilities. A controller’s correctness is therefore critical, and yet, can be compromised by myriad factors, such as asynchrony in the overall distributed system, unexpected failures, networking issues, and controller restarts. This in turn can lead to severe safety violations, such as incorrectly deleting StatefulSets and PVCs. Controller-developers unfortunately lack automated testing tools to harden their code against these conditions. In this talk, Xudong Sun and Lalith Suresh will describe common bug patterns in Kubernetes controllers. They will also present an automated testing tool called Sieve, which systematically tests Kubernetes controllers to harden them against the aforementioned scenarios. Sieve has already discovered (and led to fixes for) several safety-critical bugs in popular Kubernetes controllers for Zookeeper, Cassandra, RabbitMQ, MongoDB, XtraDB, etc.
- 2 participants
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Back to the Drawing Board: Building Containers with SBoMs - Nisha Kumar, VMware
A Software Bill of Materials or SBoM is a list of software components that comprise a software artifact, be it firmware, OS, a VM, and yes, a container. We can generate an SBoM for container images post build using image scanners like Claire, Trivy, Tern, and Syft. This method is not foolproof, however, as they rely on metadata existing in the container filesystem (such as package manifests) in order to report on them. If a container goes through a multistage build or tools like Docker-slim to reduce the attack surface of the container, all that metadata is gone. How do we get more accurate and consistent SBoMs for containers? We generate them at container build time. This talk demonstrates how we can do that with tools like Tern, Buildah, and the OCI specification. We will get back to the basics of building containers, learn about the OCI specification, and make a container builder which can generate an SBoM at build time.
Back to the Drawing Board: Building Containers with SBoMs - Nisha Kumar, VMware
A Software Bill of Materials or SBoM is a list of software components that comprise a software artifact, be it firmware, OS, a VM, and yes, a container. We can generate an SBoM for container images post build using image scanners like Claire, Trivy, Tern, and Syft. This method is not foolproof, however, as they rely on metadata existing in the container filesystem (such as package manifests) in order to report on them. If a container goes through a multistage build or tools like Docker-slim to reduce the attack surface of the container, all that metadata is gone. How do we get more accurate and consistent SBoMs for containers? We generate them at container build time. This talk demonstrates how we can do that with tools like Tern, Buildah, and the OCI specification. We will get back to the basics of building containers, learn about the OCI specification, and make a container builder which can generate an SBoM at build time.
- 1 participant
- 24 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Beyond Block Diagrams: Different Ways of Understanding K8s Architecture - Kim Schlesinger, DigitalOcean
Most introductory Kubernetes videos and blog posts use static block diagrams to illustrate the core components of Kubernetes and how they interact. These diagrams don’t convey the dynamic communication between the K8s control plane, nodes, and pods, and we owe it to ourselves and people new to the field more accurate and engaging ways of representing Kubernetes architecture. This talk will demonstrate a few different methods to visualize how Kubernetes components work together including a time-sequence diagram that models what happens when a user creates a pod using the Kubernetes command line tool, kubectl, and how to use Jaeger to see an http request move onto different nodes by traveling through a load balancer, to a service, and arriving at a specific pod. This talk is for people who are new to Kubernetes and want to understand how the system is designed, as well as experienced engineers who are curious about alternative ways of visualizing Kubernetes architecture.
Beyond Block Diagrams: Different Ways of Understanding K8s Architecture - Kim Schlesinger, DigitalOcean
Most introductory Kubernetes videos and blog posts use static block diagrams to illustrate the core components of Kubernetes and how they interact. These diagrams don’t convey the dynamic communication between the K8s control plane, nodes, and pods, and we owe it to ourselves and people new to the field more accurate and engaging ways of representing Kubernetes architecture. This talk will demonstrate a few different methods to visualize how Kubernetes components work together including a time-sequence diagram that models what happens when a user creates a pod using the Kubernetes command line tool, kubectl, and how to use Jaeger to see an http request move onto different nodes by traveling through a load balancer, to a service, and arriving at a specific pod. This talk is for people who are new to Kubernetes and want to understand how the system is designed, as well as experienced engineers who are curious about alternative ways of visualizing Kubernetes architecture.
- 1 participant
- 23 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Beyond Namespaces: Virtual Clusters are the Future of Multi-Tenancy - Lukas Gentele, Loft Labs
Multi-tenancy is a hot topic in the Kubernetes community. A lot of operators have started to think about lowering cost and consolidating workloads in large, multi-tenant clusters rather than creating 1000s of micro-managed, small clusters. Namespaces are a great way to separate tenants in shared clusters. But what if tenants need to install their own CRDs, run workloads across multiple namespaces or even require different versions of the Kubernetes API server? Virtual clusters are an exciting new approach that extends namespace-based multi-tenancy to address such advanced use cases. At its core, virtual clusters let you run Kubernetes clusters on top of other Kubernetes clusters by provisioning isolated Kubernetes control planes for each tenant (i.e. separate Kube API server, data store (etcd), controller manager etc). This talk will explain how virtual clusters work, show what implementations are available today, and demonstrate fascinating, real-world use cases for virtual clusters.
Beyond Namespaces: Virtual Clusters are the Future of Multi-Tenancy - Lukas Gentele, Loft Labs
Multi-tenancy is a hot topic in the Kubernetes community. A lot of operators have started to think about lowering cost and consolidating workloads in large, multi-tenant clusters rather than creating 1000s of micro-managed, small clusters. Namespaces are a great way to separate tenants in shared clusters. But what if tenants need to install their own CRDs, run workloads across multiple namespaces or even require different versions of the Kubernetes API server? Virtual clusters are an exciting new approach that extends namespace-based multi-tenancy to address such advanced use cases. At its core, virtual clusters let you run Kubernetes clusters on top of other Kubernetes clusters by provisioning isolated Kubernetes control planes for each tenant (i.e. separate Kube API server, data store (etcd), controller manager etc). This talk will explain how virtual clusters work, show what implementations are available today, and demonstrate fascinating, real-world use cases for virtual clusters.
- 1 participant
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Beyond the Hype: Cloud Native eBPF - Frederic Branczyk, Polar Signals
eBPF being a promising technology is no news, but for a long time eBPF has struggled with portability, it needed to be compiled for each kernel, or a compiler and kernel headers needed to be shipped executing effectively arbitrary code. The eBPF community acknowledged this and started the CO:RE (compile once-run everywhere) initiative, which is young but quickly maturing in the form of libbpf. Parallel to it, we are discovering more and more use cases where eBPF can be useful, especially when combined with Go and Kubernetes, from security, over observability to performance tuning. In this talk, Frederic will explain what libbpf does in order to achieve compile once-run everywhere, how it can be used in Go, and lastly how to bridge the low-level Kernel features to higher-level Kubernetes concepts like Pods, and demonstrate all of it with real-life examples to help measure and improve performance systematically.
Beyond the Hype: Cloud Native eBPF - Frederic Branczyk, Polar Signals
eBPF being a promising technology is no news, but for a long time eBPF has struggled with portability, it needed to be compiled for each kernel, or a compiler and kernel headers needed to be shipped executing effectively arbitrary code. The eBPF community acknowledged this and started the CO:RE (compile once-run everywhere) initiative, which is young but quickly maturing in the form of libbpf. Parallel to it, we are discovering more and more use cases where eBPF can be useful, especially when combined with Go and Kubernetes, from security, over observability to performance tuning. In this talk, Frederic will explain what libbpf does in order to achieve compile once-run everywhere, how it can be used in Go, and lastly how to bridge the low-level Kernel features to higher-level Kubernetes concepts like Pods, and demonstrate all of it with real-life examples to help measure and improve performance systematically.
- 1 participant
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Catalogs of Operators for OLM the Declarative Way - Joe Lanford & Anik Bhattacharjee, Red Hat
This presentation will cover an update from the Operator-lifecycle-Manager project - a suite of production-ready operators and tools that help manage the complexity of installing and upgrading operators on a Kubernetes cluster. This talk will focus on architectural updates to the set of tools that are used to build and maintain Catalogs of Operators, the goals and motivation behind the changes, the lessons learned using the old tools in production, and the future of OLM. Interested in joining the OLM community? We have weekly meetings every Thursday — check out https://github.com/operator-framework/community/blob/master/wg-olm/README.md to get started!
Building Catalogs of Operators for OLM the Declarative Way - Joe Lanford & Anik Bhattacharjee, Red Hat
This presentation will cover an update from the Operator-lifecycle-Manager project - a suite of production-ready operators and tools that help manage the complexity of installing and upgrading operators on a Kubernetes cluster. This talk will focus on architectural updates to the set of tools that are used to build and maintain Catalogs of Operators, the goals and motivation behind the changes, the lessons learned using the old tools in production, and the future of OLM. Interested in joining the OLM community? We have weekly meetings every Thursday — check out https://github.com/operator-framework/community/blob/master/wg-olm/README.md to get started!
- 2 participants
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Prometheus Metrics Support in OpenTelemetry - Alolita Sharma, Amazon
Speakers: Alolita Sharma
OpenTelemetry is a popular open source, cloud-native observability framework with more than 900 active contributors from over 200 organizations. OpenTelemetry components and libraries can be used to instrument, generate, collect, and export telemetry data to monitor and understand application and infrastructure behavior. OpenTelemetry contributors are building a stable metrics pipeline currently. This means the OpenTelemetry data model and components including the Collector and language libraries are being enhanced to provide full interoperability with Prometheus and features to support both delta and cumulative metrics. Join in for this talk to learn about design and implementation to ensure a complete metrics pipeline with full Prometheus interoperability. This talk will discuss the Prometheus remote-write push pipeline and enhancements in the Prometheus receiver, remote-write exporter, core Collector and OpenTelemetry Protocol (OTLP) to ensure full Prometheus metrics compatibility.
Building Prometheus Metrics Support in OpenTelemetry - Alolita Sharma, Amazon
Speakers: Alolita Sharma
OpenTelemetry is a popular open source, cloud-native observability framework with more than 900 active contributors from over 200 organizations. OpenTelemetry components and libraries can be used to instrument, generate, collect, and export telemetry data to monitor and understand application and infrastructure behavior. OpenTelemetry contributors are building a stable metrics pipeline currently. This means the OpenTelemetry data model and components including the Collector and language libraries are being enhanced to provide full interoperability with Prometheus and features to support both delta and cumulative metrics. Join in for this talk to learn about design and implementation to ensure a complete metrics pipeline with full Prometheus interoperability. This talk will discuss the Prometheus remote-write push pipeline and enhancements in the Prometheus receiver, remote-write exporter, core Collector and OpenTelemetry Protocol (OTLP) to ensure full Prometheus metrics compatibility.
- 1 participant
- 22 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building a Multi Cluster/Env Service Mesh at Airbnb - Weibo He & Stephen Chan, Airbnb
Tutorials and demos are great, but how do real organizations implement service meshes at scale? In this talk, we will discuss some of the problems Airbnb is solving with their service mesh based on Istio. Make sure you attend if you’re interested in building out a service mesh at your own company and interested in ways to adapt to your own requirements. We will walk through: - Partitioning workloads across multiple clusters and how to manage the mesh. - Testing mesh upgrades reliably with multiple environments. - Expanding the mesh to legacy, non-container workloads. - Routing traffic between regions, not just clusters, securely.
Building a Multi Cluster/Env Service Mesh at Airbnb - Weibo He & Stephen Chan, Airbnb
Tutorials and demos are great, but how do real organizations implement service meshes at scale? In this talk, we will discuss some of the problems Airbnb is solving with their service mesh based on Istio. Make sure you attend if you’re interested in building out a service mesh at your own company and interested in ways to adapt to your own requirements. We will walk through: - Partitioning workloads across multiple clusters and how to manage the mesh. - Testing mesh upgrades reliably with multiple environments. - Expanding the mesh to legacy, non-container workloads. - Routing traffic between regions, not just clusters, securely.
- 8 participants
- 36 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building a Successful Open Source Community as an End-user Company - Henrik Blixt & Kareena Hirani, Intuit
Have you ever thought about open sourcing a project but don't know where, or how, to start? Maybe you have already dipped your toes, but want to know more about what the process entails?
Many open source projects are vendor backed with plenty of funding and backed by an army of marketing, program managers, solution architects and support, but if you’re not a vendor and lack all these resources, how do you grow your community and project?
The Argo project was initiated by Applatix, after acquiring the company Intuit has carried the torch and Argo is now deployed at hundreds of companies and has a large and diverse community. However, the path wasn’t always easy and a lot of efforts went into making Argo what it is today.
Come and listen to Kareena and Henrik as they tell the Argo journey story; the struggles, the learnings and the successes.
The stories told will be applicable to any other open source projects and whether you work for an end-user of vendor company.
Building a Successful Open Source Community as an End-user Company - Henrik Blixt & Kareena Hirani, Intuit
Have you ever thought about open sourcing a project but don't know where, or how, to start? Maybe you have already dipped your toes, but want to know more about what the process entails?
Many open source projects are vendor backed with plenty of funding and backed by an army of marketing, program managers, solution architects and support, but if you’re not a vendor and lack all these resources, how do you grow your community and project?
The Argo project was initiated by Applatix, after acquiring the company Intuit has carried the torch and Argo is now deployed at hundreds of companies and has a large and diverse community. However, the path wasn’t always easy and a lot of efforts went into making Argo what it is today.
Come and listen to Kareena and Henrik as they tell the Argo journey story; the struggles, the learnings and the successes.
The stories told will be applicable to any other open source projects and whether you work for an end-user of vendor company.
- 2 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CNCF Governing Board Session - Arun Gupta, Head of the Open Source Program Office, Apple; Aparna Sinha, Group Product Manager for Kubernetes, Google; & Priyanka Sharma, Executive Director, CNCF
Join a conversation with the CNCF governing board leadership about how the foundation runs itself.
CNCF Governing Board Session - Arun Gupta, Head of the Open Source Program Office, Apple; Aparna Sinha, Group Product Manager for Kubernetes, Google; & Priyanka Sharma, Executive Director, CNCF
Join a conversation with the CNCF governing board leadership about how the foundation runs itself.
- 5 participants
- 36 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Calico/VPP: Using Calico’s Pluggable Dataplanes for Fun and Fast Networking - Aloys Augustin, Cisco & Chris Tomkins, Tigera
The Calico VPP dataplane, introduced during last year’s KubeCon, adds a new networking option for Calico on Linux alongside iptables and eBPF. This takes advantage of Calico’s pluggable dataplane support, which offers futureproofing and agility for the user in dataplane choices. As it turns out, having VPP’s flexible and modular userspace networking stack in a Kubernetes environment enables all sorts of interesting things -- such as allowing network-intensive pods to send and receive data at ludicrous speeds while conserving the CNI features we love, thanks to kernel bypass. This is useful for any workload that spends most of its time doing network I/O. Think proxy, content delivery server, or network functions such as VPN endpoints. In this talk, we will show you how we achieve that, the level of performance that we can reach, and how it compares to other approaches.
Calico/VPP: Using Calico’s Pluggable Dataplanes for Fun and Fast Networking - Aloys Augustin, Cisco & Chris Tomkins, Tigera
The Calico VPP dataplane, introduced during last year’s KubeCon, adds a new networking option for Calico on Linux alongside iptables and eBPF. This takes advantage of Calico’s pluggable dataplane support, which offers futureproofing and agility for the user in dataplane choices. As it turns out, having VPP’s flexible and modular userspace networking stack in a Kubernetes environment enables all sorts of interesting things -- such as allowing network-intensive pods to send and receive data at ludicrous speeds while conserving the CNI features we love, thanks to kernel bypass. This is useful for any workload that spends most of its time doing network I/O. Think proxy, content delivery server, or network functions such as VPN endpoints. In this talk, we will show you how we achieve that, the level of performance that we can reach, and how it compares to other approaches.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Capacity Scheduling for Elastic Resource Sharing in Kubernetes - Qingcan Wang, Alibaba & Yuan Chen, Apple
Kubernetes manages resources capacity across multi-tenants/users/namespaces by allocating a fixed amount of resource quotas to each namespace. It lacks sufficient support of dynamic resource sharing within and across teams and organizations and can result in low cluster utilization. It has become a roadblock to migrating applications from other cluster management platforms (e.g., YARN) to Kubernetes. Qingcan Wang from Alibaba and Yuan Chen from Apple will present their collaborative work on a Kubernetes enhancement to address the issue. Capacity scheduling offers a similar feature to YARN’s capacity scheduler and enables elastic resource sharing to improve cluster utilization in Kubernetes. It supports hierarchical resource groups with guaranteed and maximum resources for dynamic sharing of resources, from CPU, memory, disk to extended resources like GPU. It is seamlessly integrated into Kubernetes as plugins and has been used in large scale production clusters such as Alibaba Cloud.
Capacity Scheduling for Elastic Resource Sharing in Kubernetes - Qingcan Wang, Alibaba & Yuan Chen, Apple
Kubernetes manages resources capacity across multi-tenants/users/namespaces by allocating a fixed amount of resource quotas to each namespace. It lacks sufficient support of dynamic resource sharing within and across teams and organizations and can result in low cluster utilization. It has become a roadblock to migrating applications from other cluster management platforms (e.g., YARN) to Kubernetes. Qingcan Wang from Alibaba and Yuan Chen from Apple will present their collaborative work on a Kubernetes enhancement to address the issue. Capacity scheduling offers a similar feature to YARN’s capacity scheduler and enables elastic resource sharing to improve cluster utilization in Kubernetes. It supports hierarchical resource groups with guaranteed and maximum resources for dynamic sharing of resources, from CPU, memory, disk to extended resources like GPU. It is seamlessly integrated into Kubernetes as plugins and has been used in large scale production clusters such as Alibaba Cloud.
- 5 participants
- 36 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Case Study : Improving Resilience of Applications in Telco Environments - Uma Mukkara, ChaosNative & Samar Sidharth, Orange
Though Kubernetes acts as a common abstraction and as a platform to build other platforms or applications, challenges are unique to each environment or area of operations. Telcos operate at a larger scale compared to the other environments. In these environments, the challenges of moving the applications to cloud native include a plan on the reliability of the whole service right from the beginning to the state of operations. In this session, we discuss a case study from Orange, the telecommunications operator, where they have been using Litmus, Kubernetes and other CNCF technologies to build and scale their application development process all the way till shipping them. We discuss their resilience goals of the cloud native application, scale factor, original challenges, impediments, the approach and the actual design along with the learnings in this case study. The session will wrap up with the key takeaways around resilience building technicals for large scale applications.
Case Study : Improving Resilience of Applications in Telco Environments - Uma Mukkara, ChaosNative & Samar Sidharth, Orange
Though Kubernetes acts as a common abstraction and as a platform to build other platforms or applications, challenges are unique to each environment or area of operations. Telcos operate at a larger scale compared to the other environments. In these environments, the challenges of moving the applications to cloud native include a plan on the reliability of the whole service right from the beginning to the state of operations. In this session, we discuss a case study from Orange, the telecommunications operator, where they have been using Litmus, Kubernetes and other CNCF technologies to build and scale their application development process all the way till shipping them. We discuss their resilience goals of the cloud native application, scale factor, original challenges, impediments, the approach and the actual design along with the learnings in this case study. The session will wrap up with the key takeaways around resilience building technicals for large scale applications.
- 2 participants
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Apps with Server-Side WebAssembly - Liam Randall, Cosmonic
Server-side WebAssembly has the potential to increase security, extend application portability, and simplify cloud-native applications when operated in the Kubernetes ecosystem. This talk explores the pros and cons of different deployment models - embedded in a container, native execution, or embedded into other components. We will demonstrate the power that WebAssembly brings to even those projects hosted in traditional containers. This talk features a live build, compilation, deployment, and operation of reference applications. Featuring wasmCloud, Krustlet, and Envoy.
Cloud Native Apps with Server-Side WebAssembly - Liam Randall, Cosmonic
Server-side WebAssembly has the potential to increase security, extend application portability, and simplify cloud-native applications when operated in the Kubernetes ecosystem. This talk explores the pros and cons of different deployment models - embedded in a container, native execution, or embedded into other components. We will demonstrate the power that WebAssembly brings to even those projects hosted in traditional containers. This talk features a live build, compilation, deployment, and operation of reference applications. Featuring wasmCloud, Krustlet, and Envoy.
- 1 participant
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Enables the Park of Pompeii to Reopen During the Pandemic - Akshai Parthasarathy & Faye Hutsell, Oracle
Pompeii is a UNESCO World Heritage Site, hosting over 2.5 million visitors annually. Like other tourist attractions in Italy, the park was forced to close its doors for safety during the COVID-19 pandemic. When the possibility of reopening to visitors was on the horizon in mid 2020, managers of the park had to find a way to keep visitors safe by ensuring social distancing and avoiding any COVID outbreaks. To achieve its goals, the park implemented a cloud native, mobile application called MyPompeii on Apple App Store and Google Play. Join us to learn how Kubernetes, container registry, API gateway, serverless functions and other cloud technologies enabled Park of Pompeii to achieve its ambitious operational goals!
Cloud Native Enables the Park of Pompeii to Reopen During the Pandemic - Akshai Parthasarathy & Faye Hutsell, Oracle
Pompeii is a UNESCO World Heritage Site, hosting over 2.5 million visitors annually. Like other tourist attractions in Italy, the park was forced to close its doors for safety during the COVID-19 pandemic. When the possibility of reopening to visitors was on the horizon in mid 2020, managers of the park had to find a way to keep visitors safe by ensuring social distancing and avoiding any COVID outbreaks. To achieve its goals, the park implemented a cloud native, mobile application called MyPompeii on Apple App Store and Google Play. Join us to learn how Kubernetes, container registry, API gateway, serverless functions and other cloud technologies enabled Park of Pompeii to achieve its ambitious operational goals!
- 2 participants
- 11 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Global Load Balancer for Kubernetes - Yury Tsarev & Zak Anderson, Absa Group
Global load balancing, commonly referred to as GSLB (Global Server Load Balancing) solutions, has typically been the domain of proprietary network software and hardware vendors and installed and managed by siloed network teams. k8gb is a completely open-source, cloud-native, global load balancing solution for Kubernetes. k8gb focuses on load balancing traffic across geographically dispersed Kubernetes clusters using multiple load balancing strategies to meet requirements such as region failover for high availability. Global load balancing for any Kubernetes Service can now be enabled and managed by any operations or development teams in the same Kubernetes native way as any other custom resource. k8gb is a CNCF Sandbox project.
Cloud Native Global Load Balancer for Kubernetes - Yury Tsarev & Zak Anderson, Absa Group
Global load balancing, commonly referred to as GSLB (Global Server Load Balancing) solutions, has typically been the domain of proprietary network software and hardware vendors and installed and managed by siloed network teams. k8gb is a completely open-source, cloud-native, global load balancing solution for Kubernetes. k8gb focuses on load balancing traffic across geographically dispersed Kubernetes clusters using multiple load balancing strategies to meet requirements such as region failover for high availability. Global load balancing for any Kubernetes Service can now be enabled and managed by any operations or development teams in the same Kubernetes native way as any other custom resource. k8gb is a CNCF Sandbox project.
- 2 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Storage: Storage TAG Intro, Projects, Landscape & Technology - Alex Chircop, StorageOS & Raffaele Spazzoli, RedHat
This talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with Storage CNCF projects as well as the projects to build guidance and write whitepapers for the ecosystem. During this session we will cover: - Overview of the TAG, how to join and how to help - Overview of storage projects in the CNCF - Projects that are currently being being reviewed We will also share updates of our latest work including: - the CNCF Storage Landscape whitepaper - the Performance and Benchmarking whitepaper - the Cloud Native Disaster Recovery whitepaper
Cloud Native Storage: Storage TAG Intro, Projects, Landscape & Technology - Alex Chircop, StorageOS & Raffaele Spazzoli, RedHat
This talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with Storage CNCF projects as well as the projects to build guidance and write whitepapers for the ecosystem. During this session we will cover: - Overview of the TAG, how to join and how to help - Overview of storage projects in the CNCF - Projects that are currently being being reviewed We will also share updates of our latest work including: - the CNCF Storage Landscape whitepaper - the Performance and Benchmarking whitepaper - the Cloud Native Disaster Recovery whitepaper
- 3 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native Superpowers with eBPF - Liz Rice, Isovalent
Netflix’s Brendan Gregg coined the term “Superpowers for Linux” to describe eBPF back in 2016. Today there are a whole crop of eBPF-based tools for cloud native observability, networking and security, such as Falco, Pixie and Cilium. What makes eBPF such a powerful platform for building this new generation of tools? This talk uses live-coding & demos from across the cloud native ecosystem to illustrate how eBPF programs can - Collect performance & behavioral insights from across an entire system - Relate observed data to Kubernetes objects - Reliably instrument workloads without making any changes to apps or configurations But eBPF isn't a magic wand. We’ll look at its limitations and potential misconceptions that are emerging from the use of this powerful new technology. Even if you’re not a Linux kernel aficionado you’ll leave this talk with an understanding of how eBPF enables high-performance tools that help you manage, debug and secure applications in the cloud.
Cloud Native Superpowers with eBPF - Liz Rice, Isovalent
Netflix’s Brendan Gregg coined the term “Superpowers for Linux” to describe eBPF back in 2016. Today there are a whole crop of eBPF-based tools for cloud native observability, networking and security, such as Falco, Pixie and Cilium. What makes eBPF such a powerful platform for building this new generation of tools? This talk uses live-coding & demos from across the cloud native ecosystem to illustrate how eBPF programs can - Collect performance & behavioral insights from across an entire system - Relate observed data to Kubernetes objects - Reliably instrument workloads without making any changes to apps or configurations But eBPF isn't a magic wand. We’ll look at its limitations and potential misconceptions that are emerging from the use of this powerful new technology. Even if you’re not a Linux kernel aficionado you’ll leave this talk with an understanding of how eBPF enables high-performance tools that help you manage, debug and secure applications in the cloud.
- 1 participant
- 24 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Native and Kubernetes Observability Panel: The State of Union - Bartek Plotka, Red Hat; Liz Fong-Jones, Honeycomb; Josh Suereth, Google; Frederic Branczyk, Polar Signals; Rags Srinivas, InfoQ
With microservices and Cloud-Native solutions adoption increasing, Observability is receiving heightened interest in Site Reliability Engineering (SRE) since it enables to chase down the “unknown unknowns,” do Root Cause Analysis and fix issues. InfoQ recently did a virtual panel with experts (URL: https://www.infoq.com/articles/cloud-native-observability/ ) to address fundamental concepts of Observability, including Cloud-Native Observability, some of the misconceptions, technical challenges and industry standards like OpenTelemetry that make it possible to incorporate vendor neutral solutions. Attend this panel to learn about Observability and how to incorporate the different signals from the ground up in a coordinated manner. After attending this panel, attendees will gain a holistic picture of Observability, understand the cultural and technical challenges and how to overcome them.
Cloud Native and Kubernetes Observability Panel: The State of Union - Bartek Plotka, Red Hat; Liz Fong-Jones, Honeycomb; Josh Suereth, Google; Frederic Branczyk, Polar Signals; Rags Srinivas, InfoQ
With microservices and Cloud-Native solutions adoption increasing, Observability is receiving heightened interest in Site Reliability Engineering (SRE) since it enables to chase down the “unknown unknowns,” do Root Cause Analysis and fix issues. InfoQ recently did a virtual panel with experts (URL: https://www.infoq.com/articles/cloud-native-observability/ ) to address fundamental concepts of Observability, including Cloud-Native Observability, some of the misconceptions, technical challenges and industry standards like OpenTelemetry that make it possible to incorporate vendor neutral solutions. Attend this panel to learn about Observability and how to incorporate the different signals from the ground up in a coordinated manner. After attending this panel, attendees will gain a holistic picture of Observability, understand the cultural and technical challenges and how to overcome them.
- 5 participants
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Provider Extraction: What We’ve Done, Where We Are and What's Left! - Walter Fender, Google; Steven Wong, VMware; Nick Turner, Amazon
Cloud Provider code allows Kubernetes to run on top of different platforms. Originally, support for all variations was built directly into a K8s release. This brought bloat - a running cluster used only a subset of the code within the release. Also, any cloud specific bug fix or enhancement demanded a new full K8s release as a carrier. This will be a status report on removing the cloud provider code from the main Kubernetes repository. Significant early milestones were recently achieved: the API Server no longer needs the cloud provider library; SSHTunnels have been deleted. For each in-tree cloud provider, we will report on efforts, accomplishments, and roadmap for getting "out-of-tree". We’ll also discuss the plans to handle the speed bumps that are left - including interesting topics like multi-repo e2e testing and removing the cluster directory.
Cloud Provider Extraction: What We’ve Done, Where We Are and What's Left! - Walter Fender, Google; Steven Wong, VMware; Nick Turner, Amazon
Cloud Provider code allows Kubernetes to run on top of different platforms. Originally, support for all variations was built directly into a K8s release. This brought bloat - a running cluster used only a subset of the code within the release. Also, any cloud specific bug fix or enhancement demanded a new full K8s release as a carrier. This will be a status report on removing the cloud provider code from the main Kubernetes repository. Significant early milestones were recently achieved: the API Server no longer needs the cloud provider library; SSHTunnels have been deleted. For each in-tree cloud provider, we will report on efforts, accomplishments, and roadmap for getting "out-of-tree". We’ll also discuss the plans to handle the speed bumps that are left - including interesting topics like multi-repo e2e testing and removing the cluster directory.
- 6 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Provider OpenStack Intro & Update - Anusha Ramineni, NEC Corporation India Private Ltd & Lingxian Kong, Catalyst Cloud
In this session we will give overview of provider-openstack subproject. cloud-provider-openstack repository hosts various plugins relevant to OpenStack and Kubernetes Integration which includes OpenStack Cloud Controller Manager, Octavia Ingress Controller, Cinder CSI Plugin, Keystone Webhook Auth, Manila CSI Plugin, Barbican KMS Plugin and Magnum Auto Healer. This session covers the overview of all hosted plugins as well as recent work/enhancements that are being done and future roadmap of the project.
Cloud Provider OpenStack Intro & Update - Anusha Ramineni, NEC Corporation India Private Ltd & Lingxian Kong, Catalyst Cloud
In this session we will give overview of provider-openstack subproject. cloud-provider-openstack repository hosts various plugins relevant to OpenStack and Kubernetes Integration which includes OpenStack Cloud Controller Manager, Octavia Ingress Controller, Cinder CSI Plugin, Keystone Webhook Auth, Manila CSI Plugin, Barbican KMS Plugin and Magnum Auto Healer. This session covers the overview of all hosted plugins as well as recent work/enhancements that are being done and future roadmap of the project.
- 2 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud-Agnostic Design for Fun and Profit - Alex Meijer & Anusha Iyer, Corsha, Inc.
There is now sufficient competition in the cloud computing space that all the major cloud providers are competing directly on pricing. Like any other market, there are significant opportunities for savings if an organization is willing to periodically switch to more competitive service providers. However, the engineering cost of a cloud provider migration typically negates those savings – but that doesn't have to be the case. This talk will cover a two-year journey spanning several cloud providers, and how to avoid vendor lock-in by making cloud agnostic design a first-class consideration. A case study will be provided on how embracing open source projects like Kubernetes, Terraform, and Helm permitted lightning-fast migration to and from cloud providers driven by economic incentives. The high level details of Corsha's Infrastructure-as-code strategy will be discussed, and how an early commitment to this approach has resulted in flexible and efficient cloud native app deployments.
Cloud-Agnostic Design for Fun and Profit - Alex Meijer & Anusha Iyer, Corsha, Inc.
There is now sufficient competition in the cloud computing space that all the major cloud providers are competing directly on pricing. Like any other market, there are significant opportunities for savings if an organization is willing to periodically switch to more competitive service providers. However, the engineering cost of a cloud provider migration typically negates those savings – but that doesn't have to be the case. This talk will cover a two-year journey spanning several cloud providers, and how to avoid vendor lock-in by making cloud agnostic design a first-class consideration. A case study will be provided on how embracing open source projects like Kubernetes, Terraform, and Helm permitted lightning-fast migration to and from cloud providers driven by economic incentives. The high level details of Corsha's Infrastructure-as-code strategy will be discussed, and how an early commitment to this approach has resulted in flexible and efficient cloud native app deployments.
- 4 participants
- 36 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Clusterless - Utilizing a Cluster of Clusters Seamlessly - Fei Guo, Alibaba & Chris Hein, Apple
Multi-cluster support in Kubernetes becomes more and more important for application efficiency, better resource utilization and breaking the geographic boundary. While existing open source projects like Karmada, Tensile-Kube, Liqo, Admiralty, and more have addressed challenges in multi-cluster management such as configuration, lifecycle management, they either introduce new APIs/management workflows or have scalability limitations in terms of scheduling throughput. In this talk, a new Clusterless design is introduced to reduce the management burden of multi-cluster users. Basically, multiple clusters are abstracted as Pod resource providers, connecting to a management cluster which is exposed to the users. There are no new APIs introduced hence the consistent user experiences are preserved. The Pod dispatching is done by a highly efficient two-level scheduling algorithm which can achieve O(n) scheduling throughput, where n is the number of managed clusters.
Clusterless - Utilizing a Cluster of Clusters Seamlessly - Fei Guo, Alibaba & Chris Hein, Apple
Multi-cluster support in Kubernetes becomes more and more important for application efficiency, better resource utilization and breaking the geographic boundary. While existing open source projects like Karmada, Tensile-Kube, Liqo, Admiralty, and more have addressed challenges in multi-cluster management such as configuration, lifecycle management, they either introduce new APIs/management workflows or have scalability limitations in terms of scheduling throughput. In this talk, a new Clusterless design is introduced to reduce the management burden of multi-cluster users. Basically, multiple clusters are abstracted as Pod resource providers, connecting to a management cluster which is exposed to the users. There are no new APIs introduced hence the consistent user experiences are preserved. The Pod dispatching is done by a highly efficient two-level scheduling algorithm which can achieve O(n) scheduling throughput, where n is the number of managed clusters.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Conformance Testing the Kubernetes API: Tooling that Makes the Difference - Stephen Heywood & Caleb Woodbine, ii.nz
The Certified Kubernetes Conformance Program enables organizations to have confidence that their workloads will interoperate from one installation of Kubernetes to the next. In 2018, to ensure that organization can have the assurance that their workloads can move between vendors the CNCF turned the spotlight on improving the conformance test coverage of the Kubernetes API. This effort has brought us from ~20% of endpoints conformance tested in 1.15 to over 75% by 1.22. Most of the success can be attributed to the tooling developed to streamline the process of locating new endpoints to test before creating a PR to the Kubernetes repo. The tooling helps with identifying the current gaps in conformance, exploring endpoints, writing tests and verifying the test results. In this presentation Stephen will walk us through the tooling that will help us test the remaining 25% of the Kubernetes API.
Conformance Testing the Kubernetes API: Tooling that Makes the Difference - Stephen Heywood & Caleb Woodbine, ii.nz
The Certified Kubernetes Conformance Program enables organizations to have confidence that their workloads will interoperate from one installation of Kubernetes to the next. In 2018, to ensure that organization can have the assurance that their workloads can move between vendors the CNCF turned the spotlight on improving the conformance test coverage of the Kubernetes API. This effort has brought us from ~20% of endpoints conformance tested in 1.15 to over 75% by 1.22. Most of the success can be attributed to the tooling developed to streamline the process of locating new endpoints to test before creating a PR to the Kubernetes repo. The tooling helps with identifying the current gaps in conformance, exploring endpoints, writing tests and verifying the test results. In this presentation Stephen will walk us through the tooling that will help us test the remaining 25% of the Kubernetes API.
- 2 participants
- 20 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Conprof - Profiling in the cloud-native era - Matthias Loibl, Polar Signals & Kemal Akkoyun, Red Hat
For years Google has consistently been able to cut down multiple percentage points in their fleet-wide resource usage every quarter, using techniques described in their “Google-Wide Profiling” paper. Ad-hoc profiling has long been part of the developer’s toolbox to analyze CPU and memory usage of a running process, however, through continuous profiling, the systematic collection of profiles, entirely new workflows suddenly become possible. Matthias and Kemal will start this talk with an introduction to profiling with Go and demonstrate via Conprof - an open-source continuous profiling project - how continuous profiling allows for an unprecedented fleet-wide understanding of code at runtime. Attendees will learn how to continuously profile Go code to help guide building robust, reliable, and performant software and reduce cloud spend systematically.
https://www.parca.dev/
Conprof - Profiling in the cloud-native era - Matthias Loibl, Polar Signals & Kemal Akkoyun, Red Hat
For years Google has consistently been able to cut down multiple percentage points in their fleet-wide resource usage every quarter, using techniques described in their “Google-Wide Profiling” paper. Ad-hoc profiling has long been part of the developer’s toolbox to analyze CPU and memory usage of a running process, however, through continuous profiling, the systematic collection of profiles, entirely new workflows suddenly become possible. Matthias and Kemal will start this talk with an introduction to profiling with Go and demonstrate via Conprof - an open-source continuous profiling project - how continuous profiling allows for an unprecedented fleet-wide understanding of code at runtime. Attendees will learn how to continuously profile Go code to help guide building robust, reliable, and performant software and reduce cloud spend systematically.
https://www.parca.dev/
- 2 participants
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Container Checkpoint/Restore at Scale for Fast Pod Startup Time - Ritesh Naik, MathWorks
Are you interested in a faster startup time for your container-based application? Are you also interested in pre-warming your container-based application for faster cold start performance? You can have your cake and eat it too! In this talk, Ritesh Naik will talk about how MathWorks cloud infrastructure was able to achieve *both* of these seemingly contradictory goals, fast startup time and pre-warming, using Container Checkpoint/Restore. With several years of experiencing using this technique in production, Ritesh will share design considerations, lessons learned and best practices for supporting container checkpoint/restore non natively in Kubernetes. He will also share a vision for what native support for CRIU in Kubernetes can look like. If you are interested in improving system scalability and utilization, this session is for you!
Container Checkpoint/Restore at Scale for Fast Pod Startup Time - Ritesh Naik, MathWorks
Are you interested in a faster startup time for your container-based application? Are you also interested in pre-warming your container-based application for faster cold start performance? You can have your cake and eat it too! In this talk, Ritesh Naik will talk about how MathWorks cloud infrastructure was able to achieve *both* of these seemingly contradictory goals, fast startup time and pre-warming, using Container Checkpoint/Restore. With several years of experiencing using this technique in production, Ritesh will share design considerations, lessons learned and best practices for supporting container checkpoint/restore non natively in Kubernetes. He will also share a vision for what native support for CRIU in Kubernetes can look like. If you are interested in improving system scalability and utilization, this session is for you!
- 1 participant
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Contour, a High Performance Multitenant Ingress Controller for Kubernetes - Steve Sloka & Alex Xu, VMware
Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providing a control plane for the Envoy edge and service proxy. This session will show you how to leverage Contour and Envoy for Kubernetes workloads in a multi-tenant environment as well as include a demo of recent Contour features. We will also focus on the project roadmap including enhanced support for Gateway API, the Contour Operator for enhanced lifecycle management, additonal configuration knobs for Envoy, feature enhancements such as ALS logging and distributed tracing support, and much more.
Contour, a High Performance Multitenant Ingress Controller for Kubernetes - Steve Sloka & Alex Xu, VMware
Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providing a control plane for the Envoy edge and service proxy. This session will show you how to leverage Contour and Envoy for Kubernetes workloads in a multi-tenant environment as well as include a demo of recent Contour features. We will also focus on the project roadmap including enhanced support for Gateway API, the Contour Operator for enhanced lifecycle management, additonal configuration knobs for Envoy, feature enhancements such as ALS logging and distributed tracing support, and much more.
- 5 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cortex: Intro and Production Tips - Bryan Boreham, Grafana Labs & Alvin Lin, Amazon Web Services
Cortex is a time-series data store based on Prometheus. Cortex adds: - Scalability: run across dozens of servers to handle millions of samples per second. - Availability: if one server fails then work will be redirected to others. - Multi-tenancy: store data from different groups or customers, segregated so a user from one tenant cannot see data from another. - Durability: use cloud stores (such as S3) to reduce the chance of data loss. This session will provide an overview of Cortex, an update on recent news from the project, and a run-through of top 5 tips for running Cortex in production.
Cortex: Intro and Production Tips - Bryan Boreham, Grafana Labs & Alvin Lin, Amazon Web Services
Cortex is a time-series data store based on Prometheus. Cortex adds: - Scalability: run across dozens of servers to handle millions of samples per second. - Availability: if one server fails then work will be redirected to others. - Multi-tenancy: store data from different groups or customers, segregated so a user from one tenant cannot see data from another. - Durability: use cloud stores (such as S3) to reduce the chance of data loss. This session will provide an overview of Cortex, an update on recent news from the project, and a run-through of top 5 tips for running Cortex in production.
- 2 participants
- 20 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Creating Cloud Native Security - Emily Fox, Apple; Brandon Lum, IBM; Andres Vega, VMware
Cloud native security is not new, but is under constant iteration and creation. As cloud native innovation occurs, the Security TAG is lock-step in considering, analyzing, and guiding the community on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and then deep dives on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Supply Chain Security Paper, CNCF Project Security Reviews, Security Pals, and so much more. This session is for anyone interested in cloud native, cloud native security, or wishes to understand how a community of passionate volunteers can change an entire technology ecosystem.
Creating Cloud Native Security - Emily Fox, Apple; Brandon Lum, IBM; Andres Vega, VMware
Cloud native security is not new, but is under constant iteration and creation. As cloud native innovation occurs, the Security TAG is lock-step in considering, analyzing, and guiding the community on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and then deep dives on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Supply Chain Security Paper, CNCF Project Security Reviews, Security Pals, and so much more. This session is for anyone interested in cloud native, cloud native security, or wishes to understand how a community of passionate volunteers can change an entire technology ecosystem.
- 7 participants
- 40 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Customizing Kustomize with Client-Side Custom Resources - Katrina Verey, Apple & Jeff Regan, Google
Kustomize is a popular tool for declarative, template-free management of Kubernetes configuration. Under the hood, it works by defining a graph of Kubernetes resources and applying a pipeline of declaratively specified transformations to its nodes. A lesser known fact is that users aren't limited to the transformations that Kustomize comes with out of the box: it's extensible! The way Kustomize extensions work has evolved over time towards a model that closely resembles Custom Resources, but on the client side! In this talk, Katrina and Jeff will briefly review the history and future of Kustomize extensions, and then dive into practical applications. The talk will showcase how these CR-style extensions can address common yet idiosyncratic application needs, as well as how platform builders can leverage them to manage declarative configuration at scale. Attendees will leave with practical knowledge of what makes a good extension and how to use Kustomize’s kyaml tools to start building.
Customizing Kustomize with Client-Side Custom Resources - Katrina Verey, Apple & Jeff Regan, Google
Kustomize is a popular tool for declarative, template-free management of Kubernetes configuration. Under the hood, it works by defining a graph of Kubernetes resources and applying a pipeline of declaratively specified transformations to its nodes. A lesser known fact is that users aren't limited to the transformations that Kustomize comes with out of the box: it's extensible! The way Kustomize extensions work has evolved over time towards a model that closely resembles Custom Resources, but on the client side! In this talk, Katrina and Jeff will briefly review the history and future of Kustomize extensions, and then dive into practical applications. The talk will showcase how these CR-style extensions can address common yet idiosyncratic application needs, as well as how platform builders can leverage them to manage declarative configuration at scale. Attendees will leave with practical knowledge of what makes a good extension and how to use Kustomize’s kyaml tools to start building.
- 4 participants
- 37 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deciphering Your Way to the World of Golang - Mritunjay Sharma, JSSATE Noida
A World War-II memo has been found, a mystery is about to unravel and Agent Mritunjay needs your help. The road to lost treasure goes through the mysterious message and Agent Mritunjay is on a mission to decipher it - are you ready to join him in this journey? Pack your bags, put on your spooky hoodie, get that hacker hat on and open that terminal screen to get ready to Go! This is not merely a workshop - this is your journey with Agent Mritunjay to find the lost treasure but wait a minute - how do you plan to decipher the message? Don't you worry - Agent Mritunjay - to your rescue! Join him to learn about the fundamentals of Golang in this special Student's Track workshop where you will learn how Go modules work, what are Go packages, how functions interact to build into an algorithm that will not only help you solve the mystery with your first Golang CLI app but also pave your way to cloud-native projects like Kubernetes, Helm, etcetera. So what are you waiting for? Let's go!
Deciphering Your Way to the World of Golang - Mritunjay Sharma, JSSATE Noida
A World War-II memo has been found, a mystery is about to unravel and Agent Mritunjay needs your help. The road to lost treasure goes through the mysterious message and Agent Mritunjay is on a mission to decipher it - are you ready to join him in this journey? Pack your bags, put on your spooky hoodie, get that hacker hat on and open that terminal screen to get ready to Go! This is not merely a workshop - this is your journey with Agent Mritunjay to find the lost treasure but wait a minute - how do you plan to decipher the message? Don't you worry - Agent Mritunjay - to your rescue! Join him to learn about the fundamentals of Golang in this special Student's Track workshop where you will learn how Go modules work, what are Go packages, how functions interact to build into an algorithm that will not only help you solve the mystery with your first Golang CLI app but also pave your way to cloud-native projects like Kubernetes, Helm, etcetera. So what are you waiting for? Let's go!
- 1 participant
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deep Dive CoreDNS - Yong Tang, Ivanti Inc.; Miek Gieben, Independent; John Belamaric, Google
Best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is a flexible and extensible DNS server with a focus on service discovery. The flexibility and extensibility of CoreDNS comes from its unique plugin-based architecture and its easy-to-use Corefile configurations. In this session, we will take a close look at the CoreDNS extension points for developers. We will learn how to build custom DNS applications based on CoreDNS, including: building a custom CoreDNS binary that includes external plugins; building a specialized binary that uses CoreDNS as a library; building your own CoreDNS plugin. We will also update the current state and the road map of CoreDNS for the near future.
Deep Dive CoreDNS - Yong Tang, Ivanti Inc.; Miek Gieben, Independent; John Belamaric, Google
Best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is a flexible and extensible DNS server with a focus on service discovery. The flexibility and extensibility of CoreDNS comes from its unique plugin-based architecture and its easy-to-use Corefile configurations. In this session, we will take a close look at the CoreDNS extension points for developers. We will learn how to build custom DNS applications based on CoreDNS, including: building a custom CoreDNS binary that includes external plugins; building a specialized binary that uses CoreDNS as a library; building your own CoreDNS plugin. We will also update the current state and the road map of CoreDNS for the near future.
- 2 participants
- 18 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Deploying Unikernels in Production with Kubernetes - Alexander Jung, Lancaster University
In data center and cloud deployments, the virtual machine is the basic unit of isolation and Kubernetes has emerged as the de-facto standard for orchestration. This points to the container-in-a-vm model: the VM for isolation, and the container to seamlessly integrate with the orchestrator. But is this optimal for deployments where containers are not a requirements? Is it possible to use VMs for isolation, use Kubernetes and all of its wide array of features for orchestration, but without having to rely on containers? In this talk we will present KubeKraft, a novel runtime along with modifications to containerd that allow for running VMs with Kubernetes *natively*, without any container overhead. We will present KubeKraft's architecture, its integration with Kubernetes and will show performance results; for instance, when using a Unikraft NGINX unikernel (less than 2MBs in size) KubeKraft results in 2x the throughput of an official Docker NGINX image (42M image size).
Deploying Unikernels in Production with Kubernetes - Alexander Jung, Lancaster University
In data center and cloud deployments, the virtual machine is the basic unit of isolation and Kubernetes has emerged as the de-facto standard for orchestration. This points to the container-in-a-vm model: the VM for isolation, and the container to seamlessly integrate with the orchestrator. But is this optimal for deployments where containers are not a requirements? Is it possible to use VMs for isolation, use Kubernetes and all of its wide array of features for orchestration, but without having to rely on containers? In this talk we will present KubeKraft, a novel runtime along with modifications to containerd that allow for running VMs with Kubernetes *natively*, without any container overhead. We will present KubeKraft's architecture, its integration with Kubernetes and will show performance results; for instance, when using a Unikraft NGINX unikernel (less than 2MBs in size) KubeKraft results in 2x the throughput of an official Docker NGINX image (42M image size).
- 1 participant
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Design Up Front: Socializing Ideas with Enhancement Proposals - Kirsten Garrison & Adam Kaplan, Red Hat; Christie Wilson, Google
Speakers: Christie Wilson, Kirsten Garrison, Adam Kaplan
KEPs, TEPs, SHIPs - why are contributors asked to fill these out? Many open source projects adopt enhancement proposal (EP) processes to guide new feature development. These documents can be lengthy, and contributors can be reluctant to write designs up front before their code is accepted. There is great value in writing these documents and sharing them with fellow developers. How can a project adopt an EP process without intimidating new contributors? Can these principles be used with proprietary code, or small projects?
In this panel discussion, maintainers from Kubernetes, Tekton, and Shipwright will discuss the ins and outs of their enhancement processes, and how up front design discussions have improved the quality of their code. The panel will explore the history behind their processes, how they work, and how they have evolved over time. Panelists will also share how they make their EP processes effective and engaging. After the discussion you may add EPs to your own projects!
Design Up Front: Socializing Ideas with Enhancement Proposals - Kirsten Garrison & Adam Kaplan, Red Hat; Christie Wilson, Google
Speakers: Christie Wilson, Kirsten Garrison, Adam Kaplan
KEPs, TEPs, SHIPs - why are contributors asked to fill these out? Many open source projects adopt enhancement proposal (EP) processes to guide new feature development. These documents can be lengthy, and contributors can be reluctant to write designs up front before their code is accepted. There is great value in writing these documents and sharing them with fellow developers. How can a project adopt an EP process without intimidating new contributors? Can these principles be used with proprietary code, or small projects?
In this panel discussion, maintainers from Kubernetes, Tekton, and Shipwright will discuss the ins and outs of their enhancement processes, and how up front design discussions have improved the quality of their code. The panel will explore the history behind their processes, how they work, and how they have evolved over time. Panelists will also share how they make their EP processes effective and engaging. After the discussion you may add EPs to your own projects!
- 3 participants
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Disaster Recovery of Stateful Applications in a Multi-Cluster Environment - Orit Wasserman & Shyamsundar Ranganathan, Red Hat
Have you ever wondered how to provide for disaster recovery of the state stored in your persistent volumes? What needs to happen to recover the workload on an alternate kubernetes cluster? How can the state be replicated and workloads recreated to use their replicated volumes? Our talk aims to elaborate on the various issues around recovering a workload and its state, in a multi-cluster and a multi region environment. We will demonstrate how replication capable storage systems, such as Ceph/Rook, instead of higher level tools, can be leveraged to provide disaster recovery of workloads across clusters. In addition this session will tease out features required in a multi-cluster control plane, to enable one-click disaster recovery solution for stateful workloads. Attendees will learn how to approach building disaster recovery solutions for their own clouds.
Disaster Recovery of Stateful Applications in a Multi-Cluster Environment - Orit Wasserman & Shyamsundar Ranganathan, Red Hat
Have you ever wondered how to provide for disaster recovery of the state stored in your persistent volumes? What needs to happen to recover the workload on an alternate kubernetes cluster? How can the state be replicated and workloads recreated to use their replicated volumes? Our talk aims to elaborate on the various issues around recovering a workload and its state, in a multi-cluster and a multi region environment. We will demonstrate how replication capable storage systems, such as Ceph/Rook, instead of higher level tools, can be leveraged to provide disaster recovery of workloads across clusters. In addition this session will tease out features required in a multi-cluster control plane, to enable one-click disaster recovery solution for stateful workloads. Attendees will learn how to approach building disaster recovery solutions for their own clouds.
- 2 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Do Not Disturb Mode: Fine-Tuning Resources for Latency Sensitive Workloads - Antti Kervinen, Intel & Peter Hunt, Red Hat
Do you get your best work done without interruptions? Many people do, and Kubernetes workloads are no different. While there exist ways to run workloads in Kubernetes on dedicated CPUs, they still share resources like CPU cache, memory bandwidth and storage I/O. Recently, CRI-O and containerd have been extended to allow admins to control how these resources are shared. With the correct hardware and node configuration, users can put their applications in different classes that configure the amount of storage and memory bandwidth, and CPU cache that their applications need.
In this talk, Antti Kervinen and Peter Hunt will talk about required hardware, the extensions, and describe ways that admins can configure their workloads to finally get some peace and quiet.
Do Not Disturb Mode: Fine-Tuning Resources for Latency Sensitive Workloads - Antti Kervinen, Intel & Peter Hunt, Red Hat
Do you get your best work done without interruptions? Many people do, and Kubernetes workloads are no different. While there exist ways to run workloads in Kubernetes on dedicated CPUs, they still share resources like CPU cache, memory bandwidth and storage I/O. Recently, CRI-O and containerd have been extended to allow admins to control how these resources are shared. With the correct hardware and node configuration, users can put their applications in different classes that configure the amount of storage and memory bandwidth, and CPU cache that their applications need.
In this talk, Antti Kervinen and Peter Hunt will talk about required hardware, the extensions, and describe ways that admins can configure their workloads to finally get some peace and quiet.
- 2 participants
- 21 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Effortless Profiling on Kubernetes - Eden Federman, Verizon
Finding performance issues in applications is a hard problem. It's even harder when those applications run on Kubernetes. The needed profiling tools are usually not included in the container image and require a new deployment in order to be enabled. This session covers the best practices and the different tools available to profile Java, Go, Python, and Ruby applications.
Effortless Profiling on Kubernetes - Eden Federman, Verizon
Finding performance issues in applications is a hard problem. It's even harder when those applications run on Kubernetes. The needed profiling tools are usually not included in the container image and require a new deployment in order to be enabled. This session covers the best practices and the different tools available to profile Java, Go, Python, and Ruby applications.
- 1 participant
- 20 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Envoy Maintainer Q&A - Lizan Zhou, Tetrate
Q&A with Envoy maintainers. Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions!
Envoy Maintainer Q&A - Lizan Zhou, Tetrate
Q&A with Envoy maintainers. Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions! Come ask questions!
- 4 participants
- 12 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Evolving Prometheus for More Use Cases - Bartek Plotka, Red Hat & Chris Marchbanks, Grafana Labs
Prometheus is a well-known CNCF Graduated project that allows cheap and effective monitoring capabilities using metrics. With a rich ecosystem of exporters and integrations, Prometheus allows you to collect metrics from your applications running in Kubernetes and beyond in no time. There were many opportunities to learn about Prometheus, its data model and capabilities at every past KubeCon around the globe. This talk will be different. As the cloud-native ecosystem evolves and more organizations adopt cloud-native approaches, all projects are innovating and seeking improvements. We mean things like Kubernetes clusters “as cattle”, multi-cluster applications, eBPF, edge services and more. To keep up with demands for different deployments and architectures, Prometheus evolves too. In this talk, you will learn how you can use and extend Prometheus for those different use cases. In addition, we will highlight advanced, experimental, or upcoming functionality to help with your use cases.
Evolving Prometheus for More Use Cases - Bartek Plotka, Red Hat & Chris Marchbanks, Grafana Labs
Prometheus is a well-known CNCF Graduated project that allows cheap and effective monitoring capabilities using metrics. With a rich ecosystem of exporters and integrations, Prometheus allows you to collect metrics from your applications running in Kubernetes and beyond in no time. There were many opportunities to learn about Prometheus, its data model and capabilities at every past KubeCon around the globe. This talk will be different. As the cloud-native ecosystem evolves and more organizations adopt cloud-native approaches, all projects are innovating and seeking improvements. We mean things like Kubernetes clusters “as cattle”, multi-cluster applications, eBPF, edge services and more. To keep up with demands for different deployments and architectures, Prometheus evolves too. In this talk, you will learn how you can use and extend Prometheus for those different use cases. In addition, we will highlight advanced, experimental, or upcoming functionality to help with your use cases.
- 2 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Exploiting a Slightly Peculiar Volume Configuration with SIG-Honk - Ian Coldwater, Twilio; Brad Geesaman & Rory McCune, Aqua Security; Duffie Cooley, Isovalent
When the hacker crew of geese collectively known as “SIG-Honk” read about a new CVE in the Kubernetes ecosystem affecting the runc project (CVE-2021-30465), they flew into action. With just a few details in the initial advisory notes as guidance, they were able to collaborate and generate a proof-of-concept exploit for Kubernetes, iterate and validate it against multiple types of clusters, and kick off a renewed coordinated disclosure process to help keep users safer. Join Ian Coldwater, Brad Geesaman, Rory McCune, and Duffie Cooley as we bring our expertise and experiences to share the details of our methodology, walk through our approach, and demonstrate the exploit and its effectiveness live on stage. Attendees will learn about the process of exploit development and disclosure, find out how to stay informed about vulnerabilities in open source dependencies that may affect the security of their clusters, and walk away with a new perspective on how to honk.
Exploiting a Slightly Peculiar Volume Configuration with SIG-Honk - Ian Coldwater, Twilio; Brad Geesaman & Rory McCune, Aqua Security; Duffie Cooley, Isovalent
When the hacker crew of geese collectively known as “SIG-Honk” read about a new CVE in the Kubernetes ecosystem affecting the runc project (CVE-2021-30465), they flew into action. With just a few details in the initial advisory notes as guidance, they were able to collaborate and generate a proof-of-concept exploit for Kubernetes, iterate and validate it against multiple types of clusters, and kick off a renewed coordinated disclosure process to help keep users safer. Join Ian Coldwater, Brad Geesaman, Rory McCune, and Duffie Cooley as we bring our expertise and experiences to share the details of our methodology, walk through our approach, and demonstrate the exploit and its effectiveness live on stage. Attendees will learn about the process of exploit development and disclosure, find out how to stay informed about vulnerabilities in open source dependencies that may affect the security of their clusters, and walk away with a new perspective on how to honk.
- 4 participants
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling - Kohei Tokunaga, NTT Corporation & Tao Peng, Ant Financial
Pull is known as one of the time-consuming steps in the container lifecycle. One of the root causes is the current OCI Image Specification because it can't run containers before the entire image contents become locally available. In this session, Kohei and Tao introduce state-of-the-art OCI-alternative image formats discussed in the community for speeding up pulling images, especially putting the focus on eStargz and nydus. These formats enable "lazy pulling" that allows container runtime to startup a container without waiting for the entire image. Over the past year, lazy pulling has been available on more and more container-related tools including Kubernetes, containerd, CRI-O, Podman, BuildKit, etc. So they will show how widely these image formats can be used on these tools in daily activity. eStargz has been proposed to OCI Image Specification as an extension and nydus has so to the next version of that spec (a.k.a. OCIv2). The talk will also share the discussion status.
Faster Container Image Distribution on a Variety of Tools with Lazy Pulling - Kohei Tokunaga, NTT Corporation & Tao Peng, Ant Financial
Pull is known as one of the time-consuming steps in the container lifecycle. One of the root causes is the current OCI Image Specification because it can't run containers before the entire image contents become locally available. In this session, Kohei and Tao introduce state-of-the-art OCI-alternative image formats discussed in the community for speeding up pulling images, especially putting the focus on eStargz and nydus. These formats enable "lazy pulling" that allows container runtime to startup a container without waiting for the entire image. Over the past year, lazy pulling has been available on more and more container-related tools including Kubernetes, containerd, CRI-O, Podman, BuildKit, etc. So they will show how widely these image formats can be used on these tools in daily activity. eStargz has been proposed to OCI Image Specification as an extension and nydus has so to the next version of that spec (a.k.a. OCIv2). The talk will also share the discussion status.
- 2 participants
- 30 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fine-Grained User Authorization for Kubernetes with OPA and LDAP - Cagri Cetin & Quentin Long, Yelp Inc.
Speakers: Cagri Cetin, Quentin Long
Yelp recently migrated their container-orchestration system from Mesos to Kubernetes. However, existing Kubernetes authorization mechanisms were insufficient to implement least-privilege access control rules. Yelp needed to authorize its users to hundreds of services owned by hundreds of different teams. By leveraging the Open Policy Agent (OPA), Yelp has implemented an authorization system that allows defining fine-grained authorization rules: These can rely on service ownerships, resources’ or actions’ sensitivity levels. This talk covers Yelp’s journey to a fine-grained Kubernetes authorization using OPA and LDAP. It will discuss: - Shortcomings of existing Kubernetes authorization mechanisms - Design details of the new OPA-based system - Strategies for provisioning authorization rules at scale - Migration to the new system with zero downtime - Issues encountered along the way and lessons learned
Fine-Grained User Authorization for Kubernetes with OPA and LDAP - Cagri Cetin & Quentin Long, Yelp Inc.
Speakers: Cagri Cetin, Quentin Long
Yelp recently migrated their container-orchestration system from Mesos to Kubernetes. However, existing Kubernetes authorization mechanisms were insufficient to implement least-privilege access control rules. Yelp needed to authorize its users to hundreds of services owned by hundreds of different teams. By leveraging the Open Policy Agent (OPA), Yelp has implemented an authorization system that allows defining fine-grained authorization rules: These can rely on service ownerships, resources’ or actions’ sensitivity levels. This talk covers Yelp’s journey to a fine-grained Kubernetes authorization using OPA and LDAP. It will discuss: - Shortcomings of existing Kubernetes authorization mechanisms - Design details of the new OPA-based system - Strategies for provisioning authorization rules at scale - Migration to the new system with zero downtime - Issues encountered along the way and lessons learned
- 2 participants
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fluid - Build Data Orchestration in Kubernetes - Yang Che, Alibaba & Yuandong Xie, Tencent
In the cloud-native field, data-intensive tasks such as big data and AI will face many problems in the context of the separation of storage and computing architecture. For example, network IO bottlenecks lead to reduced computing efficiency, and the underlying storage system is under huge overhead pressure. On the other hand, the management of multi-source data is very complicated, which is a challenge for algorithm scientists. In this talk, we introduce an efficient and convenient data abstraction, which abstracts data from storage, provides data affinity scheduling, distributed cache engine acceleration, and multi-source data integration data lake through Fluid. In Alibaba Cloud and Tencent Cloud, a large number of Big data and AI workloads are accelerated through Fluid’s data scheduling.
Fluid - Build Data Orchestration in Kubernetes - Yang Che, Alibaba & Yuandong Xie, Tencent
In the cloud-native field, data-intensive tasks such as big data and AI will face many problems in the context of the separation of storage and computing architecture. For example, network IO bottlenecks lead to reduced computing efficiency, and the underlying storage system is under huge overhead pressure. On the other hand, the management of multi-source data is very complicated, which is a challenge for algorithm scientists. In this talk, we introduce an efficient and convenient data abstraction, which abstracts data from storage, provides data affinity scheduling, distributed cache engine acceleration, and multi-source data integration data lake through Fluid. In Alibaba Cloud and Tencent Cloud, a large number of Big data and AI workloads are accelerated through Fluid’s data scheduling.
- 3 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Flux's Roadmap to General Availability - Hidde Beydals & Michael Bridgen, Weaveworks
The past year has been an important one for Flux and GitOps. The team has built a new Flux made of multiple controllers that are now seeing production use. The project has matured and is on its way to General Availability. Flux v2's core is a set of precise API’s for controlling and delegating every element of a GitOps platform. A single Flux install can now work with many parts of multiple git repositories, and Flux is more usable and observable than ever. The project has first-class support for popular technologies like Kustomize, Helm, Prometheus, SOPS, GitHub, and GitLab, and it provides extension points in all areas to integrate with other technologies and platforms, much like Kubernetes itself. This session will consist of a cool 15 minute demo of common and novel Flux use-cases that show just much progress the community has made. Join in afterwards for a 20 minute discussion on the remaining roadmap items for the v2.0.0 GA release candidates.
Flux's Roadmap to General Availability - Hidde Beydals & Michael Bridgen, Weaveworks
The past year has been an important one for Flux and GitOps. The team has built a new Flux made of multiple controllers that are now seeing production use. The project has matured and is on its way to General Availability. Flux v2's core is a set of precise API’s for controlling and delegating every element of a GitOps platform. A single Flux install can now work with many parts of multiple git repositories, and Flux is more usable and observable than ever. The project has first-class support for popular technologies like Kustomize, Helm, Prometheus, SOPS, GitHub, and GitLab, and it provides extension points in all areas to integrate with other technologies and platforms, much like Kubernetes itself. This session will consist of a cool 15 minute demo of common and novel Flux use-cases that show just much progress the community has made. Join in afterwards for a 20 minute discussion on the remaining roadmap items for the v2.0.0 GA release candidates.
- 3 participants
- 24 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Storming to Performing: Growing Your Project's Contributor Experience - Matt Butcher & Karen Chu, Microsoft
The early days of a project seem so clear. Write some code, author some documentation, & post it on GitHub. Then wait for those GitHub stars! But OSS is as much about people as code. We’ll take an honest look at the contributor experience for a sustainable open source project. We apply the form/storm/norm/perform model as a way to approach growth. With stories, examples, & our own experiences, we share practical guidance on how you can set your open source contributor community on a course to not just survive, but thrive. Part 1: Form — Tackling first tasks together *Code *Website *Messaging *Docs Part 2: Storm — Gaining trust & sorting things out *Resolving disputes *Code of Conduct *Governance *Coding standards *Contributors are not employees/coworkers Part 3: Norm — Sharing responsibility *Issue management *Delegating work *Standardizing communication channels Part 4: Perform — Optimizing for the long haul *Retaining maintainers *Maintainer turnover & recruiting *Emeritus status
From Storming to Performing: Growing Your Project's Contributor Experience - Matt Butcher & Karen Chu, Microsoft
The early days of a project seem so clear. Write some code, author some documentation, & post it on GitHub. Then wait for those GitHub stars! But OSS is as much about people as code. We’ll take an honest look at the contributor experience for a sustainable open source project. We apply the form/storm/norm/perform model as a way to approach growth. With stories, examples, & our own experiences, we share practical guidance on how you can set your open source contributor community on a course to not just survive, but thrive. Part 1: Form — Tackling first tasks together *Code *Website *Messaging *Docs Part 2: Storm — Gaining trust & sorting things out *Resolving disputes *Code of Conduct *Governance *Coding standards *Contributors are not employees/coworkers Part 3: Norm — Sharing responsibility *Issue management *Delegating work *Standardizing communication channels Part 4: Perform — Optimizing for the long haul *Retaining maintainers *Maintainer turnover & recruiting *Emeritus status
- 6 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Function to Container - Building a FaaS Experience - Evan Anderson, VMware
Function as a Service (FaaS) is a hot topic in serverless and cloud computing at the moment, and there are a variety of open-source and CNCF projects which provide some level of serverless capability. Many of these open-source serverless solutions actually operate at the level of the container abstraction, which makes them a powerful bridge for traditional application models, but sacrifices the simplicity of the "functions" approach. Function buildpacks aim to provide this developer simplicity by injecting both a main method and invocation glue such as an HTTP server into the application code before building a container image. Unlike traditional buildpacks which aim to package a complete application with specific protocol bindings specified by the developer, function buildpacks rely on inversion of control to adapt business logic (in the form of a CloudEvents-processing function) to the protocol needs of the application.
Function to Container - Building a FaaS Experience - Evan Anderson, VMware
Function as a Service (FaaS) is a hot topic in serverless and cloud computing at the moment, and there are a variety of open-source and CNCF projects which provide some level of serverless capability. Many of these open-source serverless solutions actually operate at the level of the container abstraction, which makes them a powerful bridge for traditional application models, but sacrifices the simplicity of the "functions" approach. Function buildpacks aim to provide this developer simplicity by injecting both a main method and invocation glue such as an HTTP server into the application code before building a container image. Unlike traditional buildpacks which aim to package a complete application with specific protocol bindings specified by the developer, function buildpacks rely on inversion of control to adapt business logic (in the form of a CloudEvents-processing function) to the protocol needs of the application.
- 1 participant
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Getting Involved in the K8s Release Shadow Program - Divya Mohan, HSBC
As an aspiring contributor, it can be daunting to get started with the vast ecosystem of the K8s project. The Release Shadow program is the perfect way for all contributors - novice & veteran to be familiarized with different aspects of the release + different SIGs within the ecosystem. Join in to learn more about - What a K8s release looks like - What the Release Shadow program is - how you, as a student, can get involved - some pre-requisites
Getting Involved in the K8s Release Shadow Program - Divya Mohan, HSBC
As an aspiring contributor, it can be daunting to get started with the vast ecosystem of the K8s project. The Release Shadow program is the perfect way for all contributors - novice & veteran to be familiarized with different aspects of the release + different SIGs within the ecosystem. Join in to learn more about - What a K8s release looks like - What the Release Shadow program is - how you, as a student, can get involved - some pre-requisites
- 1 participant
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
GitOps+Jenkins-CI With Declarative Everything - Kingdon Barrett, Weaveworks
Flux is the incubating CNCF tool that ushered GitOps on to the scene, and Jenkins is the OG build machinery name-to-know for large enterprises. Learn to deploy Jenkins declaratively with Flux's Helm Controller, how to build an app repo with Jenkins for deployment with Flux, how to test a Helm chart with Helm Test through Flux's Flagger, and how to deploy new releases automatically with Flux’s Image Automation Controller and Helm controller. Declarative delivery with Helm and Kustomize does not require Jenkins to have direct access to the cluster; Flux runs as an agent inside a cluster and uses a pull-based model for delivery of apps, treating the git repository as a single source of truth. Configuration as code runs under the hood of an all-declarative Jenkins infrastructure from end to end, a declarative Jenkinsfile, pipeline for branches and PRs to build and push images. Flux is first configured to pull new image builds into a cluster, then Porter modernizes our image build process!
GitOps+Jenkins-CI With Declarative Everything - Kingdon Barrett, Weaveworks
Flux is the incubating CNCF tool that ushered GitOps on to the scene, and Jenkins is the OG build machinery name-to-know for large enterprises. Learn to deploy Jenkins declaratively with Flux's Helm Controller, how to build an app repo with Jenkins for deployment with Flux, how to test a Helm chart with Helm Test through Flux's Flagger, and how to deploy new releases automatically with Flux’s Image Automation Controller and Helm controller. Declarative delivery with Helm and Kustomize does not require Jenkins to have direct access to the cluster; Flux runs as an agent inside a cluster and uses a pull-based model for delivery of apps, treating the git repository as a single source of truth. Configuration as code runs under the hood of an all-declarative Jenkins infrastructure from end to end, a declarative Jenkinsfile, pipeline for branches and PRs to build and push images. Flux is first configured to pull new image builds into a cluster, then Porter modernizes our image build process!
- 1 participant
- 37 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Hardening the Kubernetes Software Supply Chain Through Better Transparency - Adolfo García Veytia, uServers; Verónica López González, Digital Ocean; Nabarun Pal, VMware
Software supply chains are gaining increasingly complex nowadays, especially when it is about deploying cloud native environments securely. After refactoring the Kubernetes release process over the past years, SIG Release efforts have shifted towards three main areas of work. In this talk, Verónica, Nabarun, and Adolfo will cover all of them in-depth: * Starting with Kubernetes v1.22, every release includes an SPDX Bill of Materials describing the source code, binaries, and all published images. * Automatic verification of the integrity and consistency of release artifacts as part of the Kubernetes Release process. * Digital signing of released artifacts and signature verification of upstream images. In the final part of the presentation, the speakers will demonstrate some of the tools that SIG Release has created, which can be leveraged today by the community in other projects, too.
Hardening the Kubernetes Software Supply Chain Through Better Transparency - Adolfo García Veytia, uServers; Verónica López González, Digital Ocean; Nabarun Pal, VMware
Software supply chains are gaining increasingly complex nowadays, especially when it is about deploying cloud native environments securely. After refactoring the Kubernetes release process over the past years, SIG Release efforts have shifted towards three main areas of work. In this talk, Verónica, Nabarun, and Adolfo will cover all of them in-depth: * Starting with Kubernetes v1.22, every release includes an SPDX Bill of Materials describing the source code, binaries, and all published images. * Automatic verification of the integrity and consistency of release artifacts as part of the Kubernetes Release process. * Digital signing of released artifacts and signature verification of upstream images. In the final part of the presentation, the speakers will demonstrate some of the tools that SIG Release has created, which can be leveraged today by the community in other projects, too.
- 4 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Helm: The Charts and the Curious - Karena Angell, Paul Czarkowski & Andrew Block, Red Hat; Scott Rigby, Weaveworks
Have you ever wondered, how can I improve the processes and tooling around my Helm Chart development and distribution? Just like with a programming language, there are OSS projects in the Helmiverse, such as linters, testing tools, and automation you can use to help you with charts. In this session, you’ll learn about some of these tools and how you can use them to improve your workflow and CI automation. Along the way you’ll learn about supply chain security, GitHub actions, YAML validation, tools you can use in any CI system, and more. Charts are at the heart of using Helm, in this session you’ll learn how to have a healthier heart.
Helm: The Charts and the Curious - Karena Angell, Paul Czarkowski & Andrew Block, Red Hat; Scott Rigby, Weaveworks
Have you ever wondered, how can I improve the processes and tooling around my Helm Chart development and distribution? Just like with a programming language, there are OSS projects in the Helmiverse, such as linters, testing tools, and automation you can use to help you with charts. In this session, you’ll learn about some of these tools and how you can use them to improve your workflow and CI automation. Along the way you’ll learn about supply chain security, GitHub actions, YAML validation, tools you can use in any CI system, and more. Charts are at the heart of using Helm, in this session you’ll learn how to have a healthier heart.
- 4 participants
- 38 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Here Be Services: Beyond the Cluster Boundary with Multicluster Services - Laura Lorenz, Google & Stephen Kitt, Red Hat
For most of Kubernetes history, the edge of the cluster was always a hard boundary that was difficult to traverse. Single clusters can scale up with huge node pools and extensive geographic coverage; but many users prefer to use multiple Kubernetes clusters. This gives them more control, with isolated workloads, manageable latency, and clear data jurisdictions, reducing the effort to provide reliable platforms. However that isolation requires a lot of work to access services from one cluster in another. By using the Multicluster Services API, an OSS standard sponsored by SIG-Multicluster, users with an application spread across multiple clusters can make services available between them using simple Kubernetes object primitives available as CRDs, without needing to install a full service mesh. In this talk, we will explain the concepts and architecture behind the MCS API and walk through demos on Submariner.io and GKE, the two current implementations of the MCS API.
Here Be Services: Beyond the Cluster Boundary with Multicluster Services - Laura Lorenz, Google & Stephen Kitt, Red Hat
For most of Kubernetes history, the edge of the cluster was always a hard boundary that was difficult to traverse. Single clusters can scale up with huge node pools and extensive geographic coverage; but many users prefer to use multiple Kubernetes clusters. This gives them more control, with isolated workloads, manageable latency, and clear data jurisdictions, reducing the effort to provide reliable platforms. However that isolation requires a lot of work to access services from one cluster in another. By using the Multicluster Services API, an OSS standard sponsored by SIG-Multicluster, users with an application spread across multiple clusters can make services available between them using simple Kubernetes object primitives available as CRDs, without needing to install a full service mesh. In this talk, we will explain the concepts and architecture behind the MCS API and walk through demos on Submariner.io and GKE, the two current implementations of the MCS API.
- 2 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Homebrewing a Kubernetes Bootcamp: From College to K8s Support Engineer - Alice Wasko, Ambassador Labs
Alice Wasko is a Support Engineer at Ambassador Labs who started her career not knowing anything about Kubernetes or the CNCF Landscape. In this talk Alice will share how she has learned about the many different cloud native topics that seemed overwhelming at first glance to someone without experience. Alice will also explain how she has taken part in helping to improve the learning and onboarding process for new hires and community members. Her “homebrewing” of a Kubernetes bootcamp has been both a great teaching tool and also a great learning tool. She aims to share her experience as a developer who recently learned Kubernetes and other technologies in the cloud ecosystem with others who are beginning their learning journey or are interested in educating others.
Homebrewing a Kubernetes Bootcamp: From College to K8s Support Engineer - Alice Wasko, Ambassador Labs
Alice Wasko is a Support Engineer at Ambassador Labs who started her career not knowing anything about Kubernetes or the CNCF Landscape. In this talk Alice will share how she has learned about the many different cloud native topics that seemed overwhelming at first glance to someone without experience. Alice will also explain how she has taken part in helping to improve the learning and onboarding process for new hires and community members. Her “homebrewing” of a Kubernetes bootcamp has been both a great teaching tool and also a great learning tool. She aims to share her experience as a developer who recently learned Kubernetes and other technologies in the cloud ecosystem with others who are beginning their learning journey or are interested in educating others.
- 1 participant
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Event Driven Autoscaling in Kubernetes Can Combat Climate Change - Annie Talvasto, CAST AI & Adi Polak, Microsoft
Climate change is one of the biggest challenges of this century, and at the same time adoption of cloud services increases the world’s CO2 production. We will show a demo showcasing how we can combat climate change with Kubernetes, e.g. by using event driven autoscaling (KEDA), spot instances, aggregated data from multiple sources as well as CNCF projects. We will take you through the creation & ideation of the open source project and prove that by optimising your cloud & Kubernetes, you can also decrease the environmental impact of your compute.
How Event Driven Autoscaling in Kubernetes Can Combat Climate Change - Annie Talvasto, CAST AI & Adi Polak, Microsoft
Climate change is one of the biggest challenges of this century, and at the same time adoption of cloud services increases the world’s CO2 production. We will show a demo showcasing how we can combat climate change with Kubernetes, e.g. by using event driven autoscaling (KEDA), spot instances, aggregated data from multiple sources as well as CNCF projects. We will take you through the creation & ideation of the open source project and prove that by optimising your cloud & Kubernetes, you can also decrease the environmental impact of your compute.
- 2 participants
- 38 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How We Built a Cloud On K3s: The Learnings Of Growing Up Fast - Alex Jones & Anaïs Urlichs, Civo
K3s has radically altered the way we think about interacting with Kubernetes by reducing operational knowledge to an API. This promotes a highly compelling experience through its simplicity and speed. At Civo, we have spent the past two years building an ethical cloud computing company around this technology in collaboration with the open-source community. But the journey has been hard... Running hundreds of micro-clusters has had a steep learning curve. Observability, production support and reliability have been dramatically scaled and tested as services have become popular. We have found nuances in K3s, changes within the hardware requirements and had to rebuild server racks. This talk will illustrate our journey of making clusters resilient within a multi-tenant environment and how company culture had to scale with the tech and community to support it.
How We Built a Cloud On K3s: The Learnings Of Growing Up Fast - Alex Jones & Anaïs Urlichs, Civo
K3s has radically altered the way we think about interacting with Kubernetes by reducing operational knowledge to an API. This promotes a highly compelling experience through its simplicity and speed. At Civo, we have spent the past two years building an ethical cloud computing company around this technology in collaboration with the open-source community. But the journey has been hard... Running hundreds of micro-clusters has had a steep learning curve. Observability, production support and reliability have been dramatically scaled and tested as services have become popular. We have found nuances in K3s, changes within the hardware requirements and had to rebuild server racks. This talk will illustrate our journey of making clusters resilient within a multi-tenant environment and how company culture had to scale with the tech and community to support it.
- 2 participants
- 16 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How We Reduced Write Latency in TiKV? - Liqi Geng, PingCAP
Serving write requests in stable and low average latency is what many distributed databases pursue. So does TiKV, a distributed transactional Key-Value database. After a detailed investigation, Liqi Geng and his team found that TiKV’s write performance might be restricted by many factors. Among all these factors, the raftstore module might be the one that causes delay the worst. In order to optimize write latency, TiKV team plans to lower tail latency, in addition to reducing the average write latency, to make sure the overall latency is consistent and low. In this talk, Liqi Geng will walk you through TiKV’s architecture and share the optimization measures he and his team have used in the raftstore module to reduce the average write latency and tail latency, such as Asynchronous IO and other optimizing trials.
How We Reduced Write Latency in TiKV? - Liqi Geng, PingCAP
Serving write requests in stable and low average latency is what many distributed databases pursue. So does TiKV, a distributed transactional Key-Value database. After a detailed investigation, Liqi Geng and his team found that TiKV’s write performance might be restricted by many factors. Among all these factors, the raftstore module might be the one that causes delay the worst. In order to optimize write latency, TiKV team plans to lower tail latency, in addition to reducing the average write latency, to make sure the overall latency is consistent and low. In this talk, Liqi Geng will walk you through TiKV’s architecture and share the optimization measures he and his team have used in the raftstore module to reduce the average write latency and tail latency, such as Asynchronous IO and other optimizing trials.
- 1 participant
- 18 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How to Improve Your Kubernetes Experience with Service Mesh and MLOps - Maksim Chudnovskii & Igor Gustomyasov, Sber
In this session, speakers will talk about using a machine learning approach to optimize application performance in Kubernetes clusters in a large private cloud (50+ On-Premise Kubernetes Clusters in a Private Cloud, 500+ Compute Nodes, 10+ Istio Meshes. The speech from Sberbank will cover concrete practical cases and tell in detail about the experience of using machine learning models, consider in detail the architecture of the models, as well as the process of preparing training data, which is based on service mesh telemetry.
How to Improve Your Kubernetes Experience with Service Mesh and MLOps - Maksim Chudnovskii & Igor Gustomyasov, Sber
In this session, speakers will talk about using a machine learning approach to optimize application performance in Kubernetes clusters in a large private cloud (50+ On-Premise Kubernetes Clusters in a Private Cloud, 500+ Compute Nodes, 10+ Istio Meshes. The speech from Sberbank will cover concrete practical cases and tell in detail about the experience of using machine learning models, consider in detail the architecture of the models, as well as the process of preparing training data, which is based on service mesh telemetry.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How to put a Database in Kubernetes - Jeffrey Carpenter, DataStax
The idea of running a stateful workload in Kubernetes can be intimidating, especially if you haven’t done it before. How do you deploy a database? Where is the actual storage? How is the storage mapped to the database or application that uses it? In this talk, we’ll demystify the deployment of databases and stateful workloads in K8s by showing that databases are just applications composed of compute, network and storage. We can deploy them like any other Kubernetes application and take advantage of resources that K8s provides including Storage Classes, Persistent Volumes, Persistent Volume Claims, and Stateful Sets. We will demonstrate how to make it all work by deploying a relational database (MySQL) and a NoSQL database (Apache Cassandra).
How to put a Database in Kubernetes - Jeffrey Carpenter, DataStax
The idea of running a stateful workload in Kubernetes can be intimidating, especially if you haven’t done it before. How do you deploy a database? Where is the actual storage? How is the storage mapped to the database or application that uses it? In this talk, we’ll demystify the deployment of databases and stateful workloads in K8s by showing that databases are just applications composed of compute, network and storage. We can deploy them like any other Kubernetes application and take advantage of resources that K8s provides including Storage Classes, Persistent Volumes, Persistent Volume Claims, and Stateful Sets. We will demonstrate how to make it all work by deploying a relational database (MySQL) and a NoSQL database (Apache Cassandra).
- 2 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Implementation Challenges: From HPC to Containers in the Academy - Lukáš Hejtmánek & Viktória Spišaková, Masaryk University
Container computing does not have a lengthy history in the academic environment. Traditionally, HPC holds the first place because of high resource availability, direct multi-tenancy support, and researchers having legacy experience. This session will introduce efforts made at the CERIT-SC/Institute of Computer Science of Masaryk University to implement Kubernetes infrastructure and move scientific computing to containers. We will present challenges of multi-tenancy assurance, deploying applications under users, resource sharing, and building trust towards containerization among the research community. We will discuss several created solutions, present a couple of European open-source projects and demonstrate how containers help in the academic environment. Furthermore, we present other issues we fight and propose ideas on new features.
Implementation Challenges: From HPC to Containers in the Academy - Lukáš Hejtmánek & Viktória Spišaková, Masaryk University
Container computing does not have a lengthy history in the academic environment. Traditionally, HPC holds the first place because of high resource availability, direct multi-tenancy support, and researchers having legacy experience. This session will introduce efforts made at the CERIT-SC/Institute of Computer Science of Masaryk University to implement Kubernetes infrastructure and move scientific computing to containers. We will present challenges of multi-tenancy assurance, deploying applications under users, resource sharing, and building trust towards containerization among the research community. We will discuss several created solutions, present a couple of European open-source projects and demonstrate how containers help in the academic environment. Furthermore, we present other issues we fight and propose ideas on new features.
- 2 participants
- 23 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Improving Dev Experience: How We Built a Cloud Native Dev Stack At Scale - Srinidhi S & Venkatesan Vaidyanathan, Razorpay
The session will shed light work of improving Razorpay's dev experience using a bunch of open source tools that scales to 100's of engineers,in a secure and compliant fashion We talk about extending cloud native development to local desktop,how it integrates with our overall kubernetes driven CI/CD workflows.In a nutshell,the session describes building a dev centric packaged environment for reducing their cognitive load while developing sofware This talk brings clarity to the application cluster development , and shows the work being done on aggregating various open source solutions like helmfile for describing and setting up a micro service fleet , traefik routing,header propagation for ephemeral service access ,helm hooks for auxilary app requirements like queues,databases,vendor cloud components, hot reloading and devspace for integrated dev local development/debugging and autoscaler,janitor,botkube etc for cluster segregation and management In the end ,this talk hopefully aligns the developers,practitioners and operators to the benefit of local development with faster iterations , customizable dev tools in remote kubernetes cluster with an extremely simplified , cost effective ,git ops native and agile solution impacting the entire org's dev productivity
Improving Dev Experience: How We Built a Cloud Native Dev Stack At Scale - Srinidhi S & Venkatesan Vaidyanathan, Razorpay
The session will shed light work of improving Razorpay's dev experience using a bunch of open source tools that scales to 100's of engineers,in a secure and compliant fashion We talk about extending cloud native development to local desktop,how it integrates with our overall kubernetes driven CI/CD workflows.In a nutshell,the session describes building a dev centric packaged environment for reducing their cognitive load while developing sofware This talk brings clarity to the application cluster development , and shows the work being done on aggregating various open source solutions like helmfile for describing and setting up a micro service fleet , traefik routing,header propagation for ephemeral service access ,helm hooks for auxilary app requirements like queues,databases,vendor cloud components, hot reloading and devspace for integrated dev local development/debugging and autoscaler,janitor,botkube etc for cluster segregation and management In the end ,this talk hopefully aligns the developers,practitioners and operators to the benefit of local development with faster iterations , customizable dev tools in remote kubernetes cluster with an extremely simplified , cost effective ,git ops native and agile solution impacting the entire org's dev productivity
- 2 participants
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Insights into Unsecured Kubernetes in the Wild - Jay Chen & Aviv Sasson, Palo Alto Networks
As much as the cloud-native community devoted to building a rock-solid platform, the weakest link has always been the users who inadvertently introduced insecure configurations. Jay and Aviv will share their findings of misconfigured Kubernetes clusters in the wild and malware campaign that exploited these misconfigurations. Their research found 2,100 unsecured Kubernetes clusters that consist of 5,300 nodes, 31,340 CPUs, and 75,270 pods on the internet. Many sensitive data leaked from these clusters, including access credentials, source code, and PII. The researchers will share how they architected their honeypot infrastructure to collect and monitor malicious activities targeting Kubernetes environments. The research also uncovered the first malware that exploited Kubelets to compromise Kubernetes. The malware used sophisticated tactics to evade detection, harvest credentials, move laterally, and perform cryptojacking operations in compromised clusters.
Insights into Unsecured Kubernetes in the Wild - Jay Chen & Aviv Sasson, Palo Alto Networks
As much as the cloud-native community devoted to building a rock-solid platform, the weakest link has always been the users who inadvertently introduced insecure configurations. Jay and Aviv will share their findings of misconfigured Kubernetes clusters in the wild and malware campaign that exploited these misconfigurations. Their research found 2,100 unsecured Kubernetes clusters that consist of 5,300 nodes, 31,340 CPUs, and 75,270 pods on the internet. Many sensitive data leaked from these clusters, including access credentials, source code, and PII. The researchers will share how they architected their honeypot infrastructure to collect and monitor malicious activities targeting Kubernetes environments. The research also uncovered the first malware that exploited Kubelets to compromise Kubernetes. The malware used sophisticated tactics to evade detection, harvest credentials, move laterally, and perform cryptojacking operations in compromised clusters.
- 2 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro + DeepDive: SIG Scalability - Wojciech Tyczyński & Marcel Zięba, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving improvements, infrastructure for scalability testing, tests and guarding Kubernetes against performance regressions. Each of those areas will first be described at the high level, followed up with deeper insight into concrete aspects and summarized with most recent achievements and a roadmap for future work. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
Intro + DeepDive: SIG Scalability - Wojciech Tyczyński & Marcel Zięba, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving improvements, infrastructure for scalability testing, tests and guarding Kubernetes against performance regressions. Each of those areas will first be described at the high level, followed up with deeper insight into concrete aspects and summarized with most recent achievements and a roadmap for future work. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
- 1 participant
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro and Deep Dive to the CNF Working Group - Ian Wells, Cisco; Jeffrey Saelens, Charter Communications; Taylor Carpenter, Vulk Coop
Speakers: Ian Wells, Jeffrey Saelens, Taylor Carpenter
The Cloud Native Network Function (CNF) Working Group’s task is to recommend best practices for networking applications (aka CNFs) that run on Kubernetes. Our goal is to enable operators and creators of CNFs to take advantage of Kubernetes application development benefits. This session will cover an introduction to the working group, how we work, and what we produce. We will explore an example use case and a set of best practices for networking applications. Finally, we will provide an overview of some of the areas currently in discussion, and how you can participate, or even contribute.
Intro and Deep Dive to the CNF Working Group - Ian Wells, Cisco; Jeffrey Saelens, Charter Communications; Taylor Carpenter, Vulk Coop
Speakers: Ian Wells, Jeffrey Saelens, Taylor Carpenter
The Cloud Native Network Function (CNF) Working Group’s task is to recommend best practices for networking applications (aka CNFs) that run on Kubernetes. Our goal is to enable operators and creators of CNFs to take advantage of Kubernetes application development benefits. This session will cover an introduction to the working group, how we work, and what we produce. We will explore an example use case and a set of best practices for networking applications. Finally, we will provide an overview of some of the areas currently in discussion, and how you can participate, or even contribute.
- 3 participants
- 24 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to Cloud Native Buildpacks - Javier Romero, VMware; Sambhav Kothari, Bloomberg
Cloud Native Buildpacks transform your application source code into images that can run on any cloud. In this session you'll learn the basics of using buildpacks, why they make a great choice over the alternatives, and what new features the project has to offer. Cloud Native Buildpacks embrace modern container standards, such as the OCI image format. They take advantage of the latest capabilities of these standards, such as cross-repository blob mounting and image layer "rebasing" on Docker API v2 registries.
Intro to Cloud Native Buildpacks - Javier Romero, VMware; Sambhav Kothari, Bloomberg
Cloud Native Buildpacks transform your application source code into images that can run on any cloud. In this session you'll learn the basics of using buildpacks, why they make a great choice over the alternatives, and what new features the project has to offer. Cloud Native Buildpacks embrace modern container standards, such as the OCI image format. They take advantage of the latest capabilities of these standards, such as cross-repository blob mounting and image layer "rebasing" on Docker API v2 registries.
- 2 participants
- 24 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro to KubeEdge: Kubernetes Native Edge Computing Framework - Kevin Wang (Zefeng), Huawei & Yin Ding, Pure Storage
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since moved to incubation level, KubeEdge made big progress on user adoption, community development, cross-community collaborations. In this talk, Kevin and Yin will review KubeEdge motivation, architecture; then go through latest updates on new features, user adoptions, SIG updates and new subprojects. After that Kevin and Yin will introduce where the project is heading to, updated project roadmap and how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
Intro to KubeEdge: Kubernetes Native Edge Computing Framework - Kevin Wang (Zefeng), Huawei & Yin Ding, Pure Storage
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since moved to incubation level, KubeEdge made big progress on user adoption, community development, cross-community collaborations. In this talk, Kevin and Yin will review KubeEdge motivation, architecture; then go through latest updates on new features, user adoptions, SIG updates and new subprojects. After that Kevin and Yin will introduce where the project is heading to, updated project roadmap and how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
- 2 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to Open Policy Agent - Ash Narkar, Styra & Rita Zhang, Microsoft
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
Introduction to Open Policy Agent - Ash Narkar, Styra & Rita Zhang, Microsoft
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keeping Up with the CVEs: How to Find a Needle in a Haystack? - Pushkar Joglekar, VMware
An end user team bought a new product that ships as a set of container images. Their CISO requests a scan of the images before going live. The internal scan, to everyone’s surprise results in 314159 vulnerabilities. The CISO is furious & rejects any claims that the scanner is faulty, since it worked fine for VM images. After multiple back and forth exchanges with the product’s vendor, the vast majority of the detected vulnerabilities are false positives / do not have a fix / are not in the code execution path. Everyone breathes a sigh of relief until a few weeks later, the same thing happens for another product & the story repeats itself. It does not have to be this way! In this talk using the Kubernetes images as an example we will unravel how vulnerability scanners work, their blind spots and discuss how to implement a practical approach that allows end users to assess product’s security not by the raw vulnerability numbers & severity but by the risk it poses to their environment.
Keeping Up with the CVEs: How to Find a Needle in a Haystack? - Pushkar Joglekar, VMware
An end user team bought a new product that ships as a set of container images. Their CISO requests a scan of the images before going live. The internal scan, to everyone’s surprise results in 314159 vulnerabilities. The CISO is furious & rejects any claims that the scanner is faulty, since it worked fine for VM images. After multiple back and forth exchanges with the product’s vendor, the vast majority of the detected vulnerabilities are false positives / do not have a fix / are not in the code execution path. Everyone breathes a sigh of relief until a few weeks later, the same thing happens for another product & the story repeats itself. It does not have to be this way! In this talk using the Kubernetes images as an example we will unravel how vulnerability scanners work, their blind spots and discuss how to implement a practical approach that allows end users to assess product’s security not by the raw vulnerability numbers & severity but by the risk it poses to their environment.
- 4 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: A Different Kind of Cloud Native - Tim Pepper, Open Source Engineer, VMware
Keynote: A Different Kind of Cloud Native - Tim Pepper, Open Source Engineer, VMware
- 3 participants
- 8 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: APIs, the Universe, and Everything - Vijoy Pandey, Vice President, Engineering for Emerging Technologies and Incubation, Cisco
Keynote: APIs, the Universe, and Everything - Vijoy Pandey, Vice President, Engineering for Emerging Technologies and Incubation, Cisco
- 1 participant
- 6 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: And Here We Go: Dual-stack Networking in Kubernetes - Lachlan Evenson, Principal Program Manager, OSS at Azure, Microsoft Azure
Keynote: And Here We Go: Dual-stack Networking in Kubernetes - Lachlan Evenson, Principal Program Manager, OSS at Azure, Microsoft Azure
- 1 participant
- 6 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Breaking Tradition: The Future of Package Management with Kubernetes - Shatarupa Nandi, Engineering Director @ VMware Tanzu, VMware
Keynote: Breaking Tradition: The Future of Package Management with Kubernetes - Shatarupa Nandi, Engineering Director @ VMware Tanzu, VMware
- 1 participant
- 5 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Building Support For Your Cloud Native Journey - Robert Duffy, Vice President, Development and Runtime Platform, Expedia
Keynote: Building Support For Your Cloud Native Journey - Robert Duffy, Vice President, Development and Runtime Platform, Expedia
- 1 participant
- 15 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: CNCF Project Updates - Constance Caramanolis, Principal Software Engineer, Splunk & Jasmine James, Engineering Manager, Twitter
Keynote: CNCF Project Updates - Constance Caramanolis, Principal Software Engineer, Splunk & Jasmine James, Engineering Manager, Twitter
- 2 participants
- 12 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Closing Remarks - Constance Caramanolis, Principal Software Engineer, Splunk; Jasmine James, Engineering Manager, Twitter; Stephen Augustus, Head of Open Source, Cisco
Keynote: Closing Remarks - Constance Caramanolis, Principal Software Engineer, Splunk; Jasmine James, Engineering Manager, Twitter; Stephen Augustus, Head of Open Source, Cisco
- 4 participants
- 5 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Creating a Holistic Developer Experience - Jasmine James, Engineering Manager, Twitter
Keynote: Creating a Holistic Developer Experience - Jasmine James, Engineering Manager, Twitter
- 1 participant
- 15 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: End Users: Leaders of the Cloud Native Maturity - Katie Gamanji, Ecosystem Advocate, Cloud Native Computing Foundation
Keynote: End Users: Leaders of the Cloud Native Maturity - Katie Gamanji, Ecosystem Advocate, Cloud Native Computing Foundation
- 1 participant
- 11 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: From One to Many, the Road to Multicluster - Kaslin Fields, Developer Advocate, Google Cloud
Keynote: From One to Many, the Road to Multicluster - Kaslin Fields, Developer Advocate, Google Cloud
- 1 participant
- 6 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Kubernetes Project Updates - Stephen Augustus, Head of Open Source, Cisco
Keynote: Kubernetes Project Updates - Stephen Augustus, Head of Open Source, Cisco
- 1 participant
- 14 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Machine Learning on Kubernetes Made Easy With Kubeflow - Masoud Mirmomeni, Lead Data Scientist, Shell & Jimmy Guerrero, Vice President of Marketing, Arrikto
Keynote: Machine Learning on Kubernetes Made Easy With Kubeflow - Masoud Mirmomeni, Lead Data Scientist, Shell & Jimmy Guerrero, Vice President of Marketing, Arrikto
- 2 participants
- 14 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Maintaining the Maintainers - Stephen Augustus, Head of Open Source, Cisco
Keynote: Maintaining the Maintainers - Stephen Augustus, Head of Open Source, Cisco
- 1 participant
- 13 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: SBOM is Coming: Why You Should Care and How You Can Help - Frederick Kautz, AI Chief; Enterprise Architect, Anthem & Allan Friedman, Senior Advisor and Strategist, CISA
Keynote: SBOM is Coming: Why You Should Care and How You Can Help - Frederick Kautz, AI Chief; Enterprise Architect, Anthem & Allan Friedman, Senior Advisor and Strategist, CISA
- 2 participants
- 16 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Sustaining a Contributor Community’s Next Generation - Christoph Blecker, Principal Site Reliability Engineer, Red Hat & Paris Pittman, Program Manager, Apple
Keynote: Sustaining a Contributor Community’s Next Generation - Christoph Blecker, Principal Site Reliability Engineer, Red Hat & Paris Pittman, Program Manager, Apple
- 2 participants
- 15 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Welcome & Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation
Keynote: Welcome & Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation
- 3 participants
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Welcome to Cloud Native - We’re Here to Help - Vaibhav Kamra, Chief Technical Officer, Kasten by Veeam
Keynote: Welcome to Cloud Native - We’re Here to Help - Vaibhav Kamra, Chief Technical Officer, Kasten by Veeam
- 1 participant
- 5 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Where Do We Go From Here? - Constance Caramanolis, Principal Software Engineer, Splunk
Keynote: Where Do We Go From Here? - Constance Caramanolis, Principal Software Engineer, Splunk
- 1 participant
- 15 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Why a Cloud Native (CNCF) & Open Hardware (RISC-V) Alliance Makes Sense - Kim McMahon, Director of Visibility & Community Engagement, RISC-V International & Katelin Ramer, Director of Business Development, Cloud Native Computing Foundation
Keynote: Why a Cloud Native (CNCF) & Open Hardware (RISC-V) Alliance Makes Sense - Kim McMahon, Director of Visibility & Community Engagement, RISC-V International & Katelin Ramer, Director of Business Development, Cloud Native Computing Foundation
- 2 participants
- 10 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Know Your Enemy: Mapping Security Risks Using Threat Matrix for Kubernetes - Yossi Weizman & Ram Pliskin, Microsoft
In April, Microsoft released an updated version of the Threat Matrix for Kubernetes which was originally released in 2020. The Threat Matrix is a knowledge base for security threats that target Kubernetes. This matrix was the first attempt to systematically cover the attack landscape of Kubernetes. In this session, we will explain how defenders and SecOps engineers can use the matrix to protect their Kubernetes workloads. We will demonstrate how a real-world attack is mapped to the techniques in the matrix and how organizations can measure their coverage to the attack using the matrix. Inspired by the Threat Matrix for Kubernetes, MITRE expanded their ATT&CK framework to include also containers. In the session, we will examine the differences between the Threat Matrix and MITRE ATT&CK and explain how users can leverage both matrices to gain a better security visibility for their environments.
Know Your Enemy: Mapping Security Risks Using Threat Matrix for Kubernetes - Yossi Weizman & Ram Pliskin, Microsoft
In April, Microsoft released an updated version of the Threat Matrix for Kubernetes which was originally released in 2020. The Threat Matrix is a knowledge base for security threats that target Kubernetes. This matrix was the first attempt to systematically cover the attack landscape of Kubernetes. In this session, we will explain how defenders and SecOps engineers can use the matrix to protect their Kubernetes workloads. We will demonstrate how a real-world attack is mapped to the techniques in the matrix and how organizations can measure their coverage to the attack using the matrix. Inspired by the Threat Matrix for Kubernetes, MITRE expanded their ATT&CK framework to include also containers. In the session, we will examine the differences between the Threat Matrix and MITRE ATT&CK and explain how users can leverage both matrices to gain a better security visibility for their environments.
- 2 participants
- 21 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubenetes SIG Node Intro and Deep Dive - Elana Hashman & Derek Carr, Red Hat; Sergey Kanzhelev & Dawn Chen, Google
Kubernetes SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with the various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! In this session, we will begin with an introductory overview of the SIG and what it has worked on in the past. We will then deep dive into ongoing efforts of the SIG, including features targeted for the 1.22 and 1.23 releases and future roadmap. Join this session to learn more about our SIG, and how you might get involved to make Node even better!
Kubenetes SIG Node Intro and Deep Dive - Elana Hashman & Derek Carr, Red Hat; Sergey Kanzhelev & Dawn Chen, Google
Kubernetes SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with the various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! In this session, we will begin with an introductory overview of the SIG and what it has worked on in the past. We will then deep dive into ongoing efforts of the SIG, including features targeted for the 1.22 and 1.23 releases and future roadmap. Join this session to learn more about our SIG, and how you might get involved to make Node even better!
- 4 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Cloud Provider IBM project Overview and Deep Dive - Sahdev Zala & Richard Theis & Guang Ya Liu & Brad Topol, IBM
The Kubernetes IBM Cloud Provider is a subproject of Cloud Provider SIG. Lots of exciting work is going in the project such as a new repository for IBM Cloud Provider code, and kubernetes-sigs/cluster-api-provider-ibmcloud work on IBM VPC Gen 2. In this session, the project leads will provide an overview of the project and details of the ongoing work and future roadmap. This session will be of value to a broad audience including active contributors, new contributors, and anyone with an interest in the Kubernetes IBM Cloud Provider and kubernetes-sigs/cluster-api-provider-ibmcloud.
Kubernetes Cloud Provider IBM project Overview and Deep Dive - Sahdev Zala & Richard Theis & Guang Ya Liu & Brad Topol, IBM
The Kubernetes IBM Cloud Provider is a subproject of Cloud Provider SIG. Lots of exciting work is going in the project such as a new repository for IBM Cloud Provider code, and kubernetes-sigs/cluster-api-provider-ibmcloud work on IBM VPC Gen 2. In this session, the project leads will provide an overview of the project and details of the ongoing work and future roadmap. This session will be of value to a broad audience including active contributors, new contributors, and anyone with an interest in the Kubernetes IBM Cloud Provider and kubernetes-sigs/cluster-api-provider-ibmcloud.
- 3 participants
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Data Protection WG Intro & Deep Dive - Xing Yang, VMware & Xiangqian Yu, Google
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including backup and storage vendors, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
Kubernetes Data Protection WG Intro & Deep Dive - Xing Yang, VMware & Xiangqian Yu, Google
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including backup and storage vendors, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
- 2 participants
- 30 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Exposed! Seven of Nine Hidden Secrets That Will Give You Pause - Ian Coldwater, Twilio & Brad Geesaman, Aqua Security
Think you know Kubernetes? Think again. Kubernetes is full of uncommon knowledge and doesn’t always behave the way we assume, containing unexpected gotchas and surprising behaviors that’ll make you say, “how come nobody told me this earlier?” In this talk, Ian Coldwater and Brad Geesaman will shine a light on hidden secrets in Kubernetes, demonstrating scary science such as pods in non-existent namespaces, bypassing network policies via DNS, fun with capable sidecar containers, and one weird trick attackers don’t want you to know. Defenders hate it! Don’t build your next threat model before watching this! Attendees will learn how not to get caught off guard by learning what to watch out for and how to better secure their systems. You won’t believe what happens next.
Kubernetes Exposed! Seven of Nine Hidden Secrets That Will Give You Pause - Ian Coldwater, Twilio & Brad Geesaman, Aqua Security
Think you know Kubernetes? Think again. Kubernetes is full of uncommon knowledge and doesn’t always behave the way we assume, containing unexpected gotchas and surprising behaviors that’ll make you say, “how come nobody told me this earlier?” In this talk, Ian Coldwater and Brad Geesaman will shine a light on hidden secrets in Kubernetes, demonstrating scary science such as pods in non-existent namespaces, bypassing network policies via DNS, fun with capable sidecar containers, and one weird trick attackers don’t want you to know. Defenders hate it! Don’t build your next threat model before watching this! Attendees will learn how not to get caught off guard by learning what to watch out for and how to better secure their systems. You won’t believe what happens next.
- 3 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Apps Updates - Janet Kuo, Google; Kenneth Owens, Brex; Maciej Szulik, Red Hat
SIG Apps is the special interest group covering deploying and operating applications in Kubernetes with a focus on the application developer and application operator experience. In this session the SIG Apps leads will provide an overview of what we’ve accomplished over the past year, including API promotions, controller improvements, leadership changes, subprojects status etc. They will also share the work that is being planned for the upcoming releases. The session will conclude with an open discussion and Q&A.
Kubernetes SIG Apps Updates - Janet Kuo, Google; Kenneth Owens, Brex; Maciej Szulik, Red Hat
SIG Apps is the special interest group covering deploying and operating applications in Kubernetes with a focus on the application developer and application operator experience. In this session the SIG Apps leads will provide an overview of what we’ve accomplished over the past year, including API promotions, controller improvements, leadership changes, subprojects status etc. They will also share the work that is being planned for the upcoming releases. The session will conclude with an open discussion and Q&A.
- 3 participants
- 16 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG CLI: Intro and Updates - Eddie Zaneski, Amazon Web Services; Katrina Verey, Apple; Sean Sullivan, Google
SIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute including how kubectl is built and tested. They will share the work that's been done the past year and discuss several current and future Kubernetes Enhancement Proposals (KEPs). The session will conclude with open discussion and Q&A.
Kubernetes SIG CLI: Intro and Updates - Eddie Zaneski, Amazon Web Services; Katrina Verey, Apple; Sean Sullivan, Google
SIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute including how kubectl is built and tested. They will share the work that's been done the past year and discuss several current and future Kubernetes Enhancement Proposals (KEPs). The session will conclude with open discussion and Q&A.
- 4 participants
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Docs: A Deep Dive - Jim Angel, Google; Chris Metz, Independent; Brad Topol, IBM
This session covers Kubernetes (K8s) documentation. We'll do an overview of the docs--how they're organized, and how they're maintained--then contribute to the docs ourselves. During the introduction, we'll look at the docs repository (kubernetes/website) and how we organize content. We'll also look at the website stack: how we preview and publish docs to kubernetes.io. We'll talk about the docs workflow: how SIG Docs does the work to review and publish docs. During the deep dive, we'll explore the docs contributor guide and do some hands-on contribution. Remember that contributing to docs is a pathway to Kubernetes membership!
Kubernetes SIG Docs: A Deep Dive - Jim Angel, Google; Chris Metz, Independent; Brad Topol, IBM
This session covers Kubernetes (K8s) documentation. We'll do an overview of the docs--how they're organized, and how they're maintained--then contribute to the docs ourselves. During the introduction, we'll look at the docs repository (kubernetes/website) and how we organize content. We'll also look at the website stack: how we preview and publish docs to kubernetes.io. We'll talk about the docs workflow: how SIG Docs does the work to review and publish docs. During the deep dive, we'll explore the docs contributor guide and do some hands-on contribution. Remember that contributing to docs is a pathway to Kubernetes membership!
- 3 participants
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Storage Introduction and Update - Xing Yang, VMware & Michelle Au, Google
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will give an introduction to SIG Storage and then deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
Kubernetes SIG Storage Introduction and Update - Xing Yang, VMware & Michelle Au, Google
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will give an introduction to SIG Storage and then deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
- 2 participants
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Supply Chain Security: The Software Factory - Andrew Martin, Control Plane
The original supply chain attack was described by Ken Thompson 35 years ago, in Reflections on Trusting Trust. As the SUNBURST attacks abuse the same implicit trust relationship between consumers and vendors today, we ask ourselves: does cloud native have the answer? Based on work from the US Air Force and DoD, we present a Kubernetes Software Factory approach that can defend against supply chain risks. But can we mitigate the risk entirely? What about consuming closed source and binary artefacts? Is there a silver bullet for this producer-consumer problem, that impacts supply chain relationships at all levels of industry and technology? In this talk we: - Showcase work to build a Kubernetes Software Factory with Tekton - Deep dive on signing and verification approaches to securely build software with in-toto, TUF, SPIFFE, SPIRE, and sigstore - Review lessons learned from the SUNBURST attacks - Detail future cloud native solutions to harden Kubernetes, builds, and infrastructure
Kubernetes Supply Chain Security: The Software Factory - Andrew Martin, Control Plane
The original supply chain attack was described by Ken Thompson 35 years ago, in Reflections on Trusting Trust. As the SUNBURST attacks abuse the same implicit trust relationship between consumers and vendors today, we ask ourselves: does cloud native have the answer? Based on work from the US Air Force and DoD, we present a Kubernetes Software Factory approach that can defend against supply chain risks. But can we mitigate the risk entirely? What about consuming closed source and binary artefacts? Is there a silver bullet for this producer-consumer problem, that impacts supply chain relationships at all levels of industry and technology? In this talk we: - Showcase work to build a Kubernetes Software Factory with Tekton - Deep dive on signing and verification approaches to securely build software with in-toto, TUF, SPIFFE, SPIRE, and sigstore - Review lessons learned from the SUNBURST attacks - Detail future cloud native solutions to harden Kubernetes, builds, and infrastructure
- 1 participant
- 36 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes VMware User Group: Using GPUs with K8s on vSphere - Steven Wong & Myles Gray, VMware
An increasing number of applications and services can benefit from GPUs, yet costs and other constraints often prohibit installation in all compute hosts. “Landlocked” GPUs resources often lead to underutilized cycles and wasted spending. This session will describe how a pool of available GPU resources within a vSphere cluster can be shared across a broader number of Kubernetes cluster nodes to accelerate workloads like AI, deep learning and inference. This can provide full or partial GPU compute capacity at scale to Kubernetes workloads, even when these are running in pods on hosts without an installed GPU. The session will show an example based on running a TensorFlow workloads on Knative. The K8s VMware User Group shares best practices for hosting K8s on VMware infrastructure, and we will close the session with details on how you can participate in the group.
Kubernetes VMware User Group: Using GPUs with K8s on vSphere - Steven Wong & Myles Gray, VMware
An increasing number of applications and services can benefit from GPUs, yet costs and other constraints often prohibit installation in all compute hosts. “Landlocked” GPUs resources often lead to underutilized cycles and wasted spending. This session will describe how a pool of available GPU resources within a vSphere cluster can be shared across a broader number of Kubernetes cluster nodes to accelerate workloads like AI, deep learning and inference. This can provide full or partial GPU compute capacity at scale to Kubernetes workloads, even when these are running in pods on hosts without an installed GPU. The session will show an example based on running a TensorFlow workloads on Knative. The K8s VMware User Group shares best practices for hosting K8s on VMware infrastructure, and we will close the session with details on how you can participate in the group.
- 5 participants
- 39 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes and Checkpoint Restore - Adrian Reber, Red Hat
Over 6 years ago a ticket (#3949) was opened asking for Pod migration in Kubernetes and until now there is no support in Kubernetes to migrate a container. Container migration is based on checkpointing and restoring containers and checkpointing and restoring containers is one the main reasons Checkpoint/Restore in User-Space (CRIU) exists. Although container migration is always viewed as an outlier or corner case of containers, because containers are supposed to be stateless, CRIU continues to get better at container migration and even if containers are supposed to be stateless, CRIU still sees growing interest in its container migration features and especially the integration in container runtimes. This talk wants to present the multiple use cases for checkpointing and restoring containers. The talk wants to give a technical background how CRIU is enabling container runtimes to checkpoint and restore containers and the plan how to integrate checkpoint and restore into Kubernetes.
Kubernetes and Checkpoint Restore - Adrian Reber, Red Hat
Over 6 years ago a ticket (#3949) was opened asking for Pod migration in Kubernetes and until now there is no support in Kubernetes to migrate a container. Container migration is based on checkpointing and restoring containers and checkpointing and restoring containers is one the main reasons Checkpoint/Restore in User-Space (CRIU) exists. Although container migration is always viewed as an outlier or corner case of containers, because containers are supposed to be stateless, CRIU continues to get better at container migration and even if containers are supposed to be stateless, CRIU still sees growing interest in its container migration features and especially the integration in container runtimes. This talk wants to present the multiple use cases for checkpointing and restoring containers. The talk wants to give a technical background how CRIU is enabling container runtimes to checkpoint and restore containers and the plan how to integrate checkpoint and restore into Kubernetes.
- 1 participant
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes on Edge: Bringing Your Code to Constrained Places - Steven Wong, VMware; Dejan Bosanac, Red Hat; Kilton Hopkins, Edgeworx
The main goal of IoT and edge solutions is to bring the workloads closer to sources of data, events and transactions. In many cases this means maintaining them in places with network and compute resource constraints. This session will cover technologies and best practices available to achieve this goal. We will start by covering some common challenges of creating IoT edge workloads. We’ll discuss pros and cons of using traditional containers versus upcoming technologies such as WebAssembly and WASI. Next, we’ll explore mechanisms of deploying built artifacts to the actual hardware, ranging from using different Kubernetes deployments, to simpler container runtimes and specialized Edge platforms. We’ll also focus on the evolving state of running WebAssembly workloads using Kubernetes and how to apply best practices to IoT and edge use cases. We’ll try to provide general guidance on how to choose the best approach for your project with a practical demo of one of the possible solutions.
Kubernetes on Edge: Bringing Your Code to Constrained Places - Steven Wong, VMware; Dejan Bosanac, Red Hat; Kilton Hopkins, Edgeworx
The main goal of IoT and edge solutions is to bring the workloads closer to sources of data, events and transactions. In many cases this means maintaining them in places with network and compute resource constraints. This session will cover technologies and best practices available to achieve this goal. We will start by covering some common challenges of creating IoT edge workloads. We’ll discuss pros and cons of using traditional containers versus upcoming technologies such as WebAssembly and WASI. Next, we’ll explore mechanisms of deploying built artifacts to the actual hardware, ranging from using different Kubernetes deployments, to simpler container runtimes and specialized Edge platforms. We’ll also focus on the evolving state of running WebAssembly workloads using Kubernetes and how to apply best practices to IoT and edge use cases. We’ll try to provide general guidance on how to choose the best approach for your project with a practical demo of one of the possible solutions.
- 4 participants
- 38 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Large-Scale Practice of Persistent Memory in Alibaba Cloud - Junbao Kan & Qingcan Wang, Alibaba
Persistent memory allows programs to access data as memory, directly byte-addressable, while the contents are non-volatile, preserved across power cycles. Alibaba have millions of databases and memory prefered applications which need massive of memory resource and make a huge cost every year. PMEM device provides the high performance and lower price which have been widely used in Alibaba Cloud. We have developed a combined system focus on PMEM resource optimization and capacity scheduler, which is widely used in our Kubernetes platforms. With the system, PMEM device is used as kuberentes volume object, and can be configed in different types: kmem, quotapath, lvm, direct. Also we optimize the scheduler to implement that PMEM device has best match with numa node.
Large-Scale Practice of Persistent Memory in Alibaba Cloud - Junbao Kan & Qingcan Wang, Alibaba
Persistent memory allows programs to access data as memory, directly byte-addressable, while the contents are non-volatile, preserved across power cycles. Alibaba have millions of databases and memory prefered applications which need massive of memory resource and make a huge cost every year. PMEM device provides the high performance and lower price which have been widely used in Alibaba Cloud. We have developed a combined system focus on PMEM resource optimization and capacity scheduler, which is widely used in our Kubernetes platforms. With the system, PMEM device is used as kuberentes volume object, and can be configed in different types: kmem, quotapath, lvm, direct. Also we optimize the scheduler to implement that PMEM device has best match with numa node.
- 2 participants
- 30 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Level Unlocked: GitOps to the Edge and Infrastructure Provisioning - Katie Gamanji
ithin its 7 years of existence, Kubernetes has been the centerpiece of the cloud native landscape, elevating a pluggable system that led to the diversification of the technology ecosystem. As a result, multiple areas have developed in the industry, galvanizing solutions for components that introduce standardization, guidelines, and interoperability of the tools. To innovate the developer experience and delivery of the application, the community focused on restructuring and modernizing the CI/CD operations. This talk will outline how cloud native GitOps tools, such as ArgoCD and Flux, unlock the zero-touch deployment of infrastructure and applications at the edge. Attendees will acquire an understanding of GitOps usage in association with ClusterAPI for infrastructure provisioning and KubeEdge for the service propagation to the edge.
Level Unlocked: GitOps to the Edge and Infrastructure Provisioning - Katie Gamanji
ithin its 7 years of existence, Kubernetes has been the centerpiece of the cloud native landscape, elevating a pluggable system that led to the diversification of the technology ecosystem. As a result, multiple areas have developed in the industry, galvanizing solutions for components that introduce standardization, guidelines, and interoperability of the tools. To innovate the developer experience and delivery of the application, the community focused on restructuring and modernizing the CI/CD operations. This talk will outline how cloud native GitOps tools, such as ArgoCD and Flux, unlock the zero-touch deployment of infrastructure and applications at the edge. Attendees will acquire an understanding of GitOps usage in association with ClusterAPI for infrastructure provisioning and KubeEdge for the service propagation to the edge.
- 1 participant
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Manage More Clusters with Less Hassle, with Argo CD Application Sets - Jonathan West, Red Hat & Kshama Jain, Independent Contributor
Many organizations have discovered the advantages of using Argo CD and a GitOps workflow to manage their Kubernetes clusters, with Git repositories as the source of truth for defining the desired application state, and Argo CD responsible for keeping the cluster synchronized with those repositories. However, managing deployments of large numbers of applications/clusters with Argo CD requires complex custom scripting to keep those Applications in sync. The newly released Argo CD ApplicationSet controller aims to solve this problem, by working alongside Argo CD to automatically generate Application deployments using templates and parameterization: manage multiple Kubernetes clusters at once, deploy large numbers of applications from multiples respositories, and more. Best of all, the entire deployment is managed by only a single ApplicationSet Kubernetes custom resource, which means no more juggling of numerous Argo CD Application resources to target those multiple clusters/repos.
Manage More Clusters with Less Hassle, with Argo CD Application Sets - Jonathan West, Red Hat & Kshama Jain, Independent Contributor
Many organizations have discovered the advantages of using Argo CD and a GitOps workflow to manage their Kubernetes clusters, with Git repositories as the source of truth for defining the desired application state, and Argo CD responsible for keeping the cluster synchronized with those repositories. However, managing deployments of large numbers of applications/clusters with Argo CD requires complex custom scripting to keep those Applications in sync. The newly released Argo CD ApplicationSet controller aims to solve this problem, by working alongside Argo CD to automatically generate Application deployments using templates and parameterization: manage multiple Kubernetes clusters at once, deploy large numbers of applications from multiples respositories, and more. Best of all, the entire deployment is managed by only a single ApplicationSet Kubernetes custom resource, which means no more juggling of numerous Argo CD Application resources to target those multiple clusters/repos.
- 2 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
McK8s: Container Orchestration in Kubernetes Multi-Clusters - Mulugeta Ayalew Tamiru, University of Rennes 1 / Elastisys AB
Today many companies deploy their workloads across multiple Kubernetes clusters in private and public cloud data centers or in emerging computing paradigms such as Fog Computing. Recent efforts in the community such as KubeFed address some of the multi-cluster deployment challenges. However, KubeFed currently offers only manual or fully load-balanced placement. Other challenges such as autoscaling and inter-cluster network routing are solved by other projects separately. In this context, we believe there is a need for a more integrated and autonomous approach for managing geo-distributed Kubernetes clusters at scale. In this talk, we will present mck8s -- an extension and partial replacement of KubeFed for geo-distributed computing environments which aims to bring placement, autoscaling, bursting, inter-cluster routing, and cluster provisioning into one package. We will also emphasize its usability and easy adoption by using manifest files very much similar to vanilla Kubernetes.
McK8s: Container Orchestration in Kubernetes Multi-Clusters - Mulugeta Ayalew Tamiru, University of Rennes 1 / Elastisys AB
Today many companies deploy their workloads across multiple Kubernetes clusters in private and public cloud data centers or in emerging computing paradigms such as Fog Computing. Recent efforts in the community such as KubeFed address some of the multi-cluster deployment challenges. However, KubeFed currently offers only manual or fully load-balanced placement. Other challenges such as autoscaling and inter-cluster network routing are solved by other projects separately. In this context, we believe there is a need for a more integrated and autonomous approach for managing geo-distributed Kubernetes clusters at scale. In this talk, we will present mck8s -- an extension and partial replacement of KubeFed for geo-distributed computing environments which aims to bring placement, autoscaling, bursting, inter-cluster routing, and cluster provisioning into one package. We will also emphasize its usability and easy adoption by using manifest files very much similar to vanilla Kubernetes.
- 1 participant
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Measuring K8s Network Performance - Kornilios Kourtis, Isovalent
Benchmarking is hard. Benchmarking K8s networking doubly so. Measuring the performance of K8s networking is the only reliable means for users to understand the capabilities and limitations of their, often unique, infrastructure. Furthermore, benchmarking allows for informed decisions by quantifying the tradeoffs of different stacks and investigating how performance goals can be met in the most cost-effective way. Yet, it is a hard endeavor. Both the software (from the OS to the application) and the hardware (from the CPU to the NIC) stacks are extremely complicated beasts, rendering results confusing or even misguiding. This talk aims to guide practitioners to properly measure k8s network performance. Specifically we will discuss: - How different workloads and metrics can be used to answer different questions - Setting up and executing benchmarks - Common pitfalls we have encountered in practice, and how to avoid them - Validating and interpreting results
Measuring K8s Network Performance - Kornilios Kourtis, Isovalent
Benchmarking is hard. Benchmarking K8s networking doubly so. Measuring the performance of K8s networking is the only reliable means for users to understand the capabilities and limitations of their, often unique, infrastructure. Furthermore, benchmarking allows for informed decisions by quantifying the tradeoffs of different stacks and investigating how performance goals can be met in the most cost-effective way. Yet, it is a hard endeavor. Both the software (from the OS to the application) and the hardware (from the CPU to the NIC) stacks are extremely complicated beasts, rendering results confusing or even misguiding. This talk aims to guide practitioners to properly measure k8s network performance. Specifically we will discuss: - How different workloads and metrics can be used to answer different questions - Setting up and executing benchmarks - Common pitfalls we have encountered in practice, and how to avoid them - Validating and interpreting results
- 1 participant
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Measuring the Health of Your CNCF Project: Going Beyond Stars and Forks - Dawn Foster, VMware
You can brag about stars and forks, but these popularity measures don’t actually help you improve the health of your open source projects. A better approach is to look at some commonly used metrics as a starting point for learning about which parts of your project are doing well and identifying areas for improvement. The challenge is that there are many possible metrics, so the real value is in selecting the right metrics and interpreting them. Every CNCF project is a little different, and you’ll need to interpret your metrics in ways that make sense for your project. This talk will cover: * Finding data for some commonly used metrics, including responsiveness, contributor activity and risk, project velocity, inclusivity, and more * Things to think about when interpreting these metrics for your project * Best practices for measuring and improving project health The audience will walk away with practical advice for measuring and improving the health of their CNCF projects.
Measuring the Health of Your CNCF Project: Going Beyond Stars and Forks - Dawn Foster, VMware
You can brag about stars and forks, but these popularity measures don’t actually help you improve the health of your open source projects. A better approach is to look at some commonly used metrics as a starting point for learning about which parts of your project are doing well and identifying areas for improvement. The challenge is that there are many possible metrics, so the real value is in selecting the right metrics and interpreting them. Every CNCF project is a little different, and you’ll need to interpret your metrics in ways that make sense for your project. This talk will cover: * Finding data for some commonly used metrics, including responsiveness, contributor activity and risk, project velocity, inclusivity, and more * Things to think about when interpreting these metrics for your project * Best practices for measuring and improving project health The audience will walk away with practical advice for measuring and improving the health of their CNCF projects.
- 1 participant
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Microservices Made Easy! - Donovan Brown & Jessica Deen, Microsoft
Have you made the jump to microservices only to discover the development experience is less than ideal? We get it, microservices can be HARD, but they don’t have to be. In this session we will help you simplify your developer interloop and boost your productivity. We will focus on Dapr and Bridge to Kubernetes, both open source, and geared towards simplifying your life as a developer. Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, stateless, and stateful applications using any language, targeting any cloud or the edge. Bridge to Kubernetes uses Envoy to extend the Kubernetes perimeter to your development computer allowing you to write, test, and debug microservice code while connected to any Kubernetes cluster with the rest of your application or services. The bridge to microservices harmony can be messy, but a technical deep dive powered by the open-source tooling will have you looking Dapr in no time.
Microservices Made Easy! - Donovan Brown & Jessica Deen, Microsoft
Have you made the jump to microservices only to discover the development experience is less than ideal? We get it, microservices can be HARD, but they don’t have to be. In this session we will help you simplify your developer interloop and boost your productivity. We will focus on Dapr and Bridge to Kubernetes, both open source, and geared towards simplifying your life as a developer. Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, stateless, and stateful applications using any language, targeting any cloud or the edge. Bridge to Kubernetes uses Envoy to extend the Kubernetes perimeter to your development computer allowing you to write, test, and debug microservice code while connected to any Kubernetes cluster with the rest of your application or services. The bridge to microservices harmony can be messy, but a technical deep dive powered by the open-source tooling will have you looking Dapr in no time.
- 2 participants
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Migrating to Service Mesh at Scale to Support Billions of $ Transactions - Imre Nagi & Giri Kuncoro, Gojek
Gopay, one of the biggest payments companies in South East Asia, processes transactions worth billions of dollars, with peak scale of more than 15000 financial transactions per minute. Gopay has heavily adopted Kubernetes to run its hundreds of microservices and has very recently migrated to a service mesh based architecture. As we grow, our infrastructure was becoming more complex and fragmented, our engineers less productive. Instead of writing code, teams were constantly interrupted by migration requests and spending more time looking for the right information just to get started. "Why do I need to migrate to newer helm chart again, I just upgraded it!" "This service isn’t responding, who owns it?" This talk will guide you how we fulfilled those challenges and fasten service mesh adoption through a developer friendly platform. The platform simplifies end-to-end software development with an abstraction layer that sits on top of our infrastructure and developer tooling.
Migrating to Service Mesh at Scale to Support Billions of $ Transactions - Imre Nagi & Giri Kuncoro, Gojek
Gopay, one of the biggest payments companies in South East Asia, processes transactions worth billions of dollars, with peak scale of more than 15000 financial transactions per minute. Gopay has heavily adopted Kubernetes to run its hundreds of microservices and has very recently migrated to a service mesh based architecture. As we grow, our infrastructure was becoming more complex and fragmented, our engineers less productive. Instead of writing code, teams were constantly interrupted by migration requests and spending more time looking for the right information just to get started. "Why do I need to migrate to newer helm chart again, I just upgraded it!" "This service isn’t responding, who owns it?" This talk will guide you how we fulfilled those challenges and fasten service mesh adoption through a developer friendly platform. The platform simplifies end-to-end software development with an abstraction layer that sits on top of our infrastructure and developer tooling.
- 2 participants
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Movienight 101: How to Power a Video Streaming with Kubernetes and WebRTC - Rachel Sheikh, Twitter
Movienight 101: How to Power Video Streaming with Kubernetes and WebRTC - Over the past several years, the streaming industry has boomed, with industry leaders like Netflix and Amazon setting the pace for newcomers like Discovery Plus. One of the most difficult challenges to watching movies with others around the world, however, is syncing playback together. Kubernetes is a great solution to solving this challenge. Through its built in ability to load balance traffic to containers, as well as self-healing capabilities, video streaming is able to function seamlessly without a large amount of computational overhead. This talk will provide a quick background on WebRTC, walk through a simplified process of setting up WebRTC to work with Kubernetes, and share some learnings/takeaways gathered from spinning up this project!
Movienight 101: How to Power a Video Streaming with Kubernetes and WebRTC - Rachel Sheikh, Twitter
Movienight 101: How to Power Video Streaming with Kubernetes and WebRTC - Over the past several years, the streaming industry has boomed, with industry leaders like Netflix and Amazon setting the pace for newcomers like Discovery Plus. One of the most difficult challenges to watching movies with others around the world, however, is syncing playback together. Kubernetes is a great solution to solving this challenge. Through its built in ability to load balance traffic to containers, as well as self-healing capabilities, video streaming is able to function seamlessly without a large amount of computational overhead. This talk will provide a quick background on WebRTC, walk through a simplified process of setting up WebRTC to work with Kubernetes, and share some learnings/takeaways gathered from spinning up this project!
- 2 participants
- 14 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
My Container Image has 500 Vulnerabilities, Now What? - Matt Jarvis, Snyk
As security becomes a bigger concern in the world of containers and Kubernetes, using vulnerability scanning tooling in our workflows is becoming increasingly common. But many container images can show tens if not hundreds of vulnerabilities, particularly if they are built using upstream base images from public repositories. If your container has a huge amount of vulnerabilities, what do you do ? Many of us will reach information overload when faced with such a list, and struggle to work out what actions we should take. In this talk, we’ll look at how container images are constructed, understand how potential vulnerabilities can get into our images, and explore how we can prioritize and remediate the vulnerabilities we find. Take control of your vulnerabilities !
My Container Image has 500 Vulnerabilities, Now What? - Matt Jarvis, Snyk
As security becomes a bigger concern in the world of containers and Kubernetes, using vulnerability scanning tooling in our workflows is becoming increasingly common. But many container images can show tens if not hundreds of vulnerabilities, particularly if they are built using upstream base images from public repositories. If your container has a huge amount of vulnerabilities, what do you do ? Many of us will reach information overload when faced with such a list, and struggle to work out what actions we should take. In this talk, we’ll look at how container images are constructed, understand how potential vulnerabilities can get into our images, and explore how we can prioritize and remediate the vulnerabilities we find. Take control of your vulnerabilities !
- 1 participant
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
NATS-Sync: Secure, Multi-Tenant, Cross Cluster Message Routing - Brian Mason, NetApp
Wouldn’t it be nice to be able to send and receive NATs messages to your home devices or on-prem enterprise systems from your cloud service? Doing it securely but transparently to those pesky firewalls. With an NATS-Sync, a new open-source project, you can send and receive NATs messages across clusters hosted around the globe securely, through firewalls. This talk introduces the audience to NATS-Sync and describes use cases it can solve including IoT and enterprise device control.
NATS-Sync: Secure, Multi-Tenant, Cross Cluster Message Routing - Brian Mason, NetApp
Wouldn’t it be nice to be able to send and receive NATs messages to your home devices or on-prem enterprise systems from your cloud service? Doing it securely but transparently to those pesky firewalls. With an NATS-Sync, a new open-source project, you can send and receive NATs messages across clusters hosted around the globe securely, through firewalls. This talk introduces the audience to NATS-Sync and describes use cases it can solve including IoT and enterprise device control.
- 1 participant
- 39 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Notary: State of the Container Supply Chain - Justin Cormack, Docker & Steve Lasker, Microsoft
As supply chain security becomes a larger concern for all types of organization, the tooling for supply chain security becomes critical. The Notary v2 project was set up to address issues with the original v1 project that did not see widespread use, and to gather consensus on the types of security mechanisms that were needed. This talk will show the progress we have made, and go through the decisions we made so far, as we are going into early production use. We will look at the future roadmap and the supply chain landscape.
Notary: State of the Container Supply Chain - Justin Cormack, Docker & Steve Lasker, Microsoft
As supply chain security becomes a larger concern for all types of organization, the tooling for supply chain security becomes critical. The Notary v2 project was set up to address issues with the original v1 project that did not see widespread use, and to gather consensus on the types of security mechanisms that were needed. This talk will show the progress we have made, and go through the decisions we made so far, as we are going into early production use. We will look at the future roadmap and the supply chain landscape.
- 2 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Observe with Rust: OpenTelemetry and Tremor - Gary White Jr., Wayfair
Tremor is an early stage event processing system for unstructured data with rich support for structural pattern matching, filtering and transformation. Hundreds of companies around the world are using Rust in production today for fast, low-resource, cross-platform solutions. Gather round your screens and lecterns to hear the story of open source infrastructure helping a tech company sell furniture. We will show how it all happens with Rust and Tremor, and how we tune in and out of what matters; all with a lower cost of infrastructure and maintenance. Tremor users also appreciate the “software-like” syntax of querying through their systems, without sacrificing the performance of Rust. We're proud as supporters of Tremor to integrate OpenTelemetry into our codebase and feature set. We are excited to share details of this integration, how it works, and how we use it at Wayfair. Come to hear bad jokes and good technical content!
Observe with Rust: OpenTelemetry and Tremor - Gary White Jr., Wayfair
Tremor is an early stage event processing system for unstructured data with rich support for structural pattern matching, filtering and transformation. Hundreds of companies around the world are using Rust in production today for fast, low-resource, cross-platform solutions. Gather round your screens and lecterns to hear the story of open source infrastructure helping a tech company sell furniture. We will show how it all happens with Rust and Tremor, and how we tune in and out of what matters; all with a lower cost of infrastructure and maintenance. Tremor users also appreciate the “software-like” syntax of querying through their systems, without sacrificing the performance of Rust. We're proud as supporters of Tremor to integrate OpenTelemetry into our codebase and feature set. We are excited to share details of this integration, how it works, and how we use it at Wayfair. Come to hear bad jokes and good technical content!
- 1 participant
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenTelemetry Collector Deployment Patterns - Juraci Paixão Kröhling, Red Hat
The OpenTelemetry Collector is a versatile piece of software and can be deployed in numerous ways. In this talk, we’ll explore some of these patterns, starting with the classic “agent and collector” and landing at “scalable tail-based sampling,” talking about “multi-tenancy” along the way. We’ll see how they look in theory and practice with live demos on a real Kubernetes cluster. You’ll leave this session with knowledge about some of the essential processors for the OpenTelemetry Collector, how to employ them individually, and as part of a vaster deployment topology.
OpenTelemetry Collector Deployment Patterns - Juraci Paixão Kröhling, Red Hat
The OpenTelemetry Collector is a versatile piece of software and can be deployed in numerous ways. In this talk, we’ll explore some of these patterns, starting with the classic “agent and collector” and landing at “scalable tail-based sampling,” talking about “multi-tenancy” along the way. We’ll see how they look in theory and practice with live demos on a real Kubernetes cluster. You’ll leave this session with knowledge about some of the essential processors for the OpenTelemetry Collector, how to employ them individually, and as part of a vaster deployment topology.
- 1 participant
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Overview and State of Linkerd - Oliver Gould, Buoyant
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They will cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF's most talked-about projects. This talk will cover features from the latest Linkerd release, as well as the latest on Linkerd's Rust micro-proxy, Linkerd2-proxy.
Overview and State of Linkerd - Oliver Gould, Buoyant
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They will cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF's most talked-about projects. This talk will cover features from the latest Linkerd release, as well as the latest on Linkerd's Rust micro-proxy, Linkerd2-proxy.
- 1 participant
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel Discussion: Marketing as Code: How to Rock Out with Non-Code Contributions - Bart Farrell, Data on Kubernetes Community; Kunal Kushwaha, Civo; Kaslin Fields, Google; Matt Broberg, Red Hat; Chris Short, Red Hat
For new folks in the CNCF space, becoming a contributor may sound daunting, and even overwhelming. But guess what? There are tons of ways to contribute apart from code. 5 members of the Contibex Marketing working group (Kunal, Bart, Chris, Kaslin, and Matt) are all participating and contributing through positive attitudes, documentation, networking, videos, drawings, and even raps. They want to share the welcoming spirit of the CNCF where no contribution is too small, and everyone will have something to share. Contributors' stories must be heard, and that's where the upstream marketing team comes in. (This proposal is for the Students' track)
Panel Discussion: Marketing as Code: How to Rock Out with Non-Code Contributions - Bart Farrell, Data on Kubernetes Community; Kunal Kushwaha, Civo; Kaslin Fields, Google; Matt Broberg, Red Hat; Chris Short, Red Hat
For new folks in the CNCF space, becoming a contributor may sound daunting, and even overwhelming. But guess what? There are tons of ways to contribute apart from code. 5 members of the Contibex Marketing working group (Kunal, Bart, Chris, Kaslin, and Matt) are all participating and contributing through positive attitudes, documentation, networking, videos, drawings, and even raps. They want to share the welcoming spirit of the CNCF where no contribution is too small, and everyone will have something to share. Contributors' stories must be heard, and that's where the upstream marketing team comes in. (This proposal is for the Students' track)
- 6 participants
- 38 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel Discussion: OSS101 - Introduction to Open Source for Students - Savitha Raghunathan, Red Hat; Joe Kutner, Salesforce; Mritunjay Sharma, JSSATE Noida; Anushka Mittal, Ramaiah Institute Of Technology
But this is such a huge Open-Source project, where to start?, "Oh, I am from a non-coding background, Open-Source is not for me", "I am fixing a typo, is this even an Open-Source Contribution?" Okay, okay - if you have any such questions in your mind and if Open-Source feels daunting to you - you are not alone. This talk aims to allay all your fears and doubts related to Open-Source. Whatever skills you have - Open-Source is open for you and this talk will help you learn how you can make your first move with any of them. From fixing a typo to designing a logo or writing a blog post, asking a question in the community, or maybe simply hosting a local-community meetup related to even a huge open-source project like Kubernetes or Helm - Open Source has a lot of doors for you to enter and this talk aims to knock a lot of them for you! This talk will make you more confident in open-source and help you understand the value of your contributions to the open-source communities.
Panel Discussion: OSS101 - Introduction to Open Source for Students - Savitha Raghunathan, Red Hat; Joe Kutner, Salesforce; Mritunjay Sharma, JSSATE Noida; Anushka Mittal, Ramaiah Institute Of Technology
But this is such a huge Open-Source project, where to start?, "Oh, I am from a non-coding background, Open-Source is not for me", "I am fixing a typo, is this even an Open-Source Contribution?" Okay, okay - if you have any such questions in your mind and if Open-Source feels daunting to you - you are not alone. This talk aims to allay all your fears and doubts related to Open-Source. Whatever skills you have - Open-Source is open for you and this talk will help you learn how you can make your first move with any of them. From fixing a typo to designing a logo or writing a blog post, asking a question in the community, or maybe simply hosting a local-community meetup related to even a huge open-source project like Kubernetes or Helm - Open Source has a lot of doors for you to enter and this talk aims to knock a lot of them for you! This talk will make you more confident in open-source and help you understand the value of your contributions to the open-source communities.
- 4 participants
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Panel Discussion: OpenGitOps and the GitOps Working Group - Cornelia Davis, Amazon; Dan Garfield, Codefresh; Christian Hernandez, Red Hat; Chris Sanders, Microsoft; Leonardo Murillo, Weaveworks
Hundreds of organizations today are leveraging GitOps to successfully run and manage complex software systems, benefitting from its inherent modern development best practices as well as the tools that implement its responsive continuous deployments. GitOps adoption has seen dozens of companies innovate to offer solutions, and inspired several open source projects including Argo and Flux, both CNCF projects. With innovation accelerating and the number of stakeholders increasing, the time has come for a clear, vendor-neutral definition of GitOps. Inspired by increased interest and informed by years of working toward solutions, a CNCF GitOps Working Group was formed in 2020 to discover and standardize the definition of GitOps and its principles. This group will also focus on interoperability between tools, conformance, and certification. Join us for a panel discussion with members from several of the founding organizations to learn about GitOps, OpenGitOps, and future work.
Panel Discussion: OpenGitOps and the GitOps Working Group - Cornelia Davis, Amazon; Dan Garfield, Codefresh; Christian Hernandez, Red Hat; Chris Sanders, Microsoft; Leonardo Murillo, Weaveworks
Hundreds of organizations today are leveraging GitOps to successfully run and manage complex software systems, benefitting from its inherent modern development best practices as well as the tools that implement its responsive continuous deployments. GitOps adoption has seen dozens of companies innovate to offer solutions, and inspired several open source projects including Argo and Flux, both CNCF projects. With innovation accelerating and the number of stakeholders increasing, the time has come for a clear, vendor-neutral definition of GitOps. Inspired by increased interest and informed by years of working toward solutions, a CNCF GitOps Working Group was formed in 2020 to discover and standardize the definition of GitOps and its principles. This group will also focus on interoperability between tools, conformance, and certification. Join us for a panel discussion with members from several of the founding organizations to learn about GitOps, OpenGitOps, and future work.
- 10 participants
- 45 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Policy Matters! The Why, What, and How of Kubernetes Policy Management - Jayashree Ramanathan, RedHat; Aradhna Chetal, TIAA; Jim Bugwadia, Nirmata; Robert Ficcaglia, SunStone Secure
Policies help address several critical challenges with managing Kubernetes clusters and workloads. In the panel-style session moderated by Robert Ficcaglia, co-chair of the Kubernetes Policy Working Group, contributors from the working group will discuss why policies are important to enterprises and other organizations using Kubernetes. Attendees will have an opportunity to ask policy engine and compliance experts about real world use cases and effective techniques for managing policy-as-code from a small cluster to enterprise multi-cluster scale. Attendees will see examples of how to map real world threats to their systems to specific policy automation tools and how compliance automation helps defend against emerging risks and provides greater visibility and enforcement of best practices.
Policy Matters! The Why, What, and How of Kubernetes Policy Management - Jayashree Ramanathan, RedHat; Aradhna Chetal, TIAA; Jim Bugwadia, Nirmata; Robert Ficcaglia, SunStone Secure
Policies help address several critical challenges with managing Kubernetes clusters and workloads. In the panel-style session moderated by Robert Ficcaglia, co-chair of the Kubernetes Policy Working Group, contributors from the working group will discuss why policies are important to enterprises and other organizations using Kubernetes. Attendees will have an opportunity to ask policy engine and compliance experts about real world use cases and effective techniques for managing policy-as-code from a small cluster to enterprise multi-cluster scale. Attendees will see examples of how to map real world threats to their systems to specific policy automation tools and how compliance automation helps defend against emerging risks and provides greater visibility and enforcement of best practices.
- 4 participants
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Postgres Extensions in Kubernetes - Álvaro Hernández, OnGres
Postgres Extensions are one of the most distinctive and appreciated features of Postgres. Acting like “plugins”, they allow you to extend Postgres functionality. From adding simple data types to turning the database into a sharded cluster with a distributed query planner and executor. Yet they are hard to use in a container environment like Kubernetes. Because container images are immutable! So you either pack all possible extensions in a fat container, which leads to substantial problems; or you load dynamically under demand. Join this talk to explore the extension ecosystem in Kubernetes Postgres Operators; and how to solve this problem by introducing a system for dynamically loading extensions into the containers, and cache them within the cluster to avoid excessive downloads. A new operator pattern, the “pod-local controller” will also be introduced, as the technological solution that powers dynamic extension loading.
Postgres Extensions in Kubernetes - Álvaro Hernández, OnGres
Postgres Extensions are one of the most distinctive and appreciated features of Postgres. Acting like “plugins”, they allow you to extend Postgres functionality. From adding simple data types to turning the database into a sharded cluster with a distributed query planner and executor. Yet they are hard to use in a container environment like Kubernetes. Because container images are immutable! So you either pack all possible extensions in a fat container, which leads to substantial problems; or you load dynamically under demand. Join this talk to explore the extension ecosystem in Kubernetes Postgres Operators; and how to solve this problem by introducing a system for dynamically loading extensions into the containers, and cache them within the cluster to avoid excessive downloads. A new operator pattern, the “pod-local controller” will also be introduced, as the technological solution that powers dynamic extension loading.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Production Workload Identity with SPIRE - Ryan Turner, Uber
Have you ever wondered how to effectively enable secure authentication between workloads and operationalize TLS within your production network at scale? SPIRE, a CNCF Incubating project, addresses these concerns by providing short-lived, automatically rotated identities to workloads based on the SPIFFE specification. This session will introduce the core design of SPIRE and how it can be leveraged in cloud-native architectures to provide defense-in-depth to production environments. To conclude, this session will take a look at some upcoming features that further extend the possibilities of SPIRE as a production identity platform.
Production Workload Identity with SPIRE - Ryan Turner, Uber
Have you ever wondered how to effectively enable secure authentication between workloads and operationalize TLS within your production network at scale? SPIRE, a CNCF Incubating project, addresses these concerns by providing short-lived, automatically rotated identities to workloads based on the SPIFFE specification. This session will introduce the core design of SPIRE and how it can be leveraged in cloud-native architectures to provide defense-in-depth to production environments. To conclude, this session will take a look at some upcoming features that further extend the possibilities of SPIRE as a production identity platform.
- 1 participant
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation
Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation
- 7 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Putting Into Practice the Skills You've Learned Contributing to Kubernetes - Kiran Oliver, Camunda
Contributing to Kubernetes, learning how the community functions, and understanding the key pillars that make this large open source project, and its surrounding community a success may seem like a mystery. The secret is actually no secret at all: It’s about the people behind the project, working tirelessly and making things happen day in, and day out. It is a recurring challenge for many new open source developers to apply the skills they’ve learned when contributing to Kubernetes to the real world, particularly if they are new to the industry, changing careers, or are skilling up in their current role. This talk helps to bring clarity to the questions, “How can I truly use what I’ve learned contributing to Kubernetes to improve my career outlook long-term?” and “How can I use these skills to improve the communities, ecosystems, and other open source projects I’m a part of?”
Putting Into Practice the Skills You've Learned Contributing to Kubernetes - Kiran Oliver, Camunda
Contributing to Kubernetes, learning how the community functions, and understanding the key pillars that make this large open source project, and its surrounding community a success may seem like a mystery. The secret is actually no secret at all: It’s about the people behind the project, working tirelessly and making things happen day in, and day out. It is a recurring challenge for many new open source developers to apply the skills they’ve learned when contributing to Kubernetes to the real world, particularly if they are new to the industry, changing careers, or are skilling up in their current role. This talk helps to bring clarity to the questions, “How can I truly use what I’ve learned contributing to Kubernetes to improve my career outlook long-term?” and “How can I use these skills to improve the communities, ecosystems, and other open source projects I’m a part of?”
- 1 participant
- 14 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Quantifying the Business Value of Cloud-Native Data Management - Prashanto Kochavara, Trilio
Data management and protection in the age of ransomware, cloud outages, and fat finger namespace deletions is too often justified with a loss prevention and insurance policy mentality. While these factors are important and can be quantified, there are other quantifiable measures that should be considered to seek the proper funding and approval for a cloud-native data management project. Learn the basic principles of writing a comprehensive business value analysis that will speak the language of both the finance organization and also allow your companies leadership to fully understand the big picture of improving application migration capabilities, test data related to your CI/CD pipeline, and getting a complete view of the costs of development across the application lifecycle. Learn to easily compare the costs of efforts associated with development time and infrastructure costs as well as the cost of maintaining cloud-native data management in a private or multi-cloud environment.
Quantifying the Business Value of Cloud-Native Data Management - Prashanto Kochavara, Trilio
Data management and protection in the age of ransomware, cloud outages, and fat finger namespace deletions is too often justified with a loss prevention and insurance policy mentality. While these factors are important and can be quantified, there are other quantifiable measures that should be considered to seek the proper funding and approval for a cloud-native data management project. Learn the basic principles of writing a comprehensive business value analysis that will speak the language of both the finance organization and also allow your companies leadership to fully understand the big picture of improving application migration capabilities, test data related to your CI/CD pipeline, and getting a complete view of the costs of development across the application lifecycle. Learn to easily compare the costs of efforts associated with development time and infrastructure costs as well as the cost of maintaining cloud-native data management in a private or multi-cloud environment.
- 1 participant
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
RabbitMQ on Kubernetes Deep Dive - David Ansari, VMware
RabbitMQ is one of the most widely deployed open source message brokers. It is popular for its flexible routing topologies, high scale throughput and support for multiple messaging protocols. This talk presents RabbitMQ on Kubernetes. It gives an introduction to the RabbitMQ Cluster Operator on how to reliably operate RabbitMQ clusters. It provides best practices about monitoring and upgrading RabbitMQ while millions of messages flow through the broker. The presentation covers the Messaging Topology Operator and its use cases to declaratively deploy RabbitMQ resources such as queues, exchanges, and bindings. The session ends with an update of newly released RabbitMQ features and an outlook of what the community can expect of RabbitMQ on Kubernetes in 2022.
RabbitMQ on Kubernetes Deep Dive - David Ansari, VMware
RabbitMQ is one of the most widely deployed open source message brokers. It is popular for its flexible routing topologies, high scale throughput and support for multiple messaging protocols. This talk presents RabbitMQ on Kubernetes. It gives an introduction to the RabbitMQ Cluster Operator on how to reliably operate RabbitMQ clusters. It provides best practices about monitoring and upgrading RabbitMQ while millions of messages flow through the broker. The presentation covers the Messaging Topology Operator and its use cases to declaratively deploy RabbitMQ resources such as queues, exchanges, and bindings. The session ends with an update of newly released RabbitMQ features and an outlook of what the community can expect of RabbitMQ on Kubernetes in 2022.
- 1 participant
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Real-Time Data Anonymization the Serverless Way - Yuval Lifshitz & Huamin Chen, Red Hat
How do you ensure privacy protection in the far-flung computing workloads that make up many Edge infrastructures? One way is to ensure that personal information is hidden, on the fly, without introducing lag. Seems like a tall order, but it can be done. This talk presents a Cloud Native Serverless architecture to ensure real time data anonymization, using KEDA and Rook. Specifically, we have extended Ceph to support AWS SQS compatible APIs and developed an external Scaler in KEDA to allow Serverless functions to query, pull, and anonymize objects. This architecture is lightweight, reliable, and scalable. More importantly, the queue trigger mechanism in this architecture does not require us to expose external endpoints to Serverless functions that could become additional attack surfaces. This talk will demo an open source Serverless workflow based on the above technologies. It uses object detection AI models to anonymize images that are produced by Edge workloads.
Real-Time Data Anonymization the Serverless Way - Yuval Lifshitz & Huamin Chen, Red Hat
How do you ensure privacy protection in the far-flung computing workloads that make up many Edge infrastructures? One way is to ensure that personal information is hidden, on the fly, without introducing lag. Seems like a tall order, but it can be done. This talk presents a Cloud Native Serverless architecture to ensure real time data anonymization, using KEDA and Rook. Specifically, we have extended Ceph to support AWS SQS compatible APIs and developed an external Scaler in KEDA to allow Serverless functions to query, pull, and anonymize objects. This architecture is lightweight, reliable, and scalable. More importantly, the queue trigger mechanism in this architecture does not require us to expose external endpoints to Serverless functions that could become additional attack surfaces. This talk will demo an open source Serverless workflow based on the above technologies. It uses object detection AI models to anonymize images that are produced by Edge workloads.
- 2 participants
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Real-time Kubernetes: How Entain Australia 10x'd throughput with Linkerd - Steve Gray, Entain Australia
Entain Australia operates a large scale Kubernetes deployment consisting of 300 microservices, 3000 pods, and multiple Kubernetes clusters across multiple regions. Due to the nature of Entain's business, this system must be as close to real-time as possible. In this talk, the Entain team describes how they moved from connection-level load balancing to request-level load balancing and increased overall application throughput by an order of magnitude by installing Linkerd. They discuss the impact of Linkerd's load balancing on gRPC calls, the decision-making process for choosing a service mesh, and lessons learned rolling out a service mesh to production.
Real-time Kubernetes: How Entain Australia 10x'd throughput with Linkerd - Steve Gray, Entain Australia
Entain Australia operates a large scale Kubernetes deployment consisting of 300 microservices, 3000 pods, and multiple Kubernetes clusters across multiple regions. Due to the nature of Entain's business, this system must be as close to real-time as possible. In this talk, the Entain team describes how they moved from connection-level load balancing to request-level load balancing and increased overall application throughput by an order of magnitude by installing Linkerd. They discuss the impact of Linkerd's load balancing on gRPC calls, the decision-making process for choosing a service mesh, and lessons learned rolling out a service mesh to production.
- 1 participant
- 19 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Registries After Dark - Daniel Mangum, Upbound & Jon Johnson, Google
You know the registry as your most boring friend. You push and pull images, and it just works, but have you ever taken the time to really get to know it? What is the registry really like behind that unassuming OCI specification? What does it do when it’s not just distributing your images? Maybe it gets a little crazy on the weekend - maybe it has hidden talents you don’t know about. What would happen if this thankless hero went rogue? In this talk we will demonstrate unconventional registry implementations, including those that serve self-modifying and dynamically generated images. Along the way we’ll also take a look at how clients can utilize registries in interesting and unexpected ways, e.g. as a content-addressable key-value store or a general-purpose directed acyclic graph database. Attendees will walk away with a better understanding of what guarantees OCI images and registries provide, as well as how they can exploit the registry’s flexibility to benefit their own use cases.
Registries After Dark - Daniel Mangum, Upbound & Jon Johnson, Google
You know the registry as your most boring friend. You push and pull images, and it just works, but have you ever taken the time to really get to know it? What is the registry really like behind that unassuming OCI specification? What does it do when it’s not just distributing your images? Maybe it gets a little crazy on the weekend - maybe it has hidden talents you don’t know about. What would happen if this thankless hero went rogue? In this talk we will demonstrate unconventional registry implementations, including those that serve self-modifying and dynamically generated images. Along the way we’ll also take a look at how clients can utilize registries in interesting and unexpected ways, e.g. as a content-addressable key-value store or a general-purpose directed acyclic graph database. Attendees will walk away with a better understanding of what guarantees OCI images and registries provide, as well as how they can exploit the registry’s flexibility to benefit their own use cases.
- 2 participants
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Regulations, Ethics And Messy Data: Tales From An Open Source Analyst - Sophia Vargas, Google
Metrics can be a valuable tool for communities to monitor project health, sustainability, operational efficiency and identify deficiencies. For individuals, projects and companies seeking to establish or mature open source metrics programs, this talk will explore opportunities and challenges in and around open source software data and analytics, from identifying relevant metrics to working with unreliable datasets while navigating the ethical challenges of data collection in and around open source communities.
Regulations, Ethics And Messy Data: Tales From An Open Source Analyst - Sophia Vargas, Google
Metrics can be a valuable tool for communities to monitor project health, sustainability, operational efficiency and identify deficiencies. For individuals, projects and companies seeking to establish or mature open source metrics programs, this talk will explore opportunities and challenges in and around open source software data and analytics, from identifying relevant metrics to working with unreliable datasets while navigating the ethical challenges of data collection in and around open source communities.
- 1 participant
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Roll Out the Red Carpet for Production Kubernetes Clusters with a Kube-vip - Dan Finneran, Equinix
This talk begins with the presenter trying to improve upon a problem, namely deploying Kubernetes clusters on bare-metal and taking them into production. Often tasked by customers of making their on-premises clusters as "public cloud like" as possible, a lot of work went into writing solutions for these functionality gaps. Time and time again ensuring highly available access to clusters proved problematic to implement and implement into lifecycle patterns. Kube-vip slowly evolved from trying to fix that one use case into a widely used project that provides highly available Kubernetes clusters for various infrastructures. This talk will cover that journey, and show how from on-prem to the edge you can implement both highly available networking and extend that same functionality to "inside" the cluster with load balancer functionality for Kubernetes services with Kube-Vip.
Roll Out the Red Carpet for Production Kubernetes Clusters with a Kube-vip - Dan Finneran, Equinix
This talk begins with the presenter trying to improve upon a problem, namely deploying Kubernetes clusters on bare-metal and taking them into production. Often tasked by customers of making their on-premises clusters as "public cloud like" as possible, a lot of work went into writing solutions for these functionality gaps. Time and time again ensuring highly available access to clusters proved problematic to implement and implement into lifecycle patterns. Kube-vip slowly evolved from trying to fix that one use case into a widely used project that provides highly available Kubernetes clusters for various infrastructures. This talk will cover that journey, and show how from on-prem to the edge you can implement both highly available networking and extend that same functionality to "inside" the cluster with load balancer functionality for Kubernetes services with Kube-Vip.
- 1 participant
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Rook: Intro and Ceph Deep Dive - Travis Nielsen, Sebastien Han & Blaine Gardner, Red Hat; Satoru Takeuchi, Cybozu, Inc
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with Kubernetes. Rook turns storage software into self-managing and self-healing storage services. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.7 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
Rook: Intro and Ceph Deep Dive - Travis Nielsen, Sebastien Han & Blaine Gardner, Red Hat; Satoru Takeuchi, Cybozu, Inc
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with Kubernetes. Rook turns storage software into self-managing and self-healing storage services. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.7 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
- 2 participants
- 30 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG API Machinery Deep Dive - Applying What We've Learned - Abu Kashem & Stefan Schimanski, Red Hat; Joe Betz & Federico Bongiovanni, Google
We will have at least 2 deep dive topics in this session. It will be mostly focused around Server Side Apply and the how can client-go and other clients use apply server side. We might cover also several other topics around extensibility using CRDs and Webhooks, touching on the deprecation of v1beta1 and related issues. Additionally, we will remind everybody attenting about the structure of the sig, our areas of coverage, our regular meetings, the places where you can find us to chat, and how to become a contributor.
SIG API Machinery Deep Dive - Applying What We've Learned - Abu Kashem & Stefan Schimanski, Red Hat; Joe Betz & Federico Bongiovanni, Google
We will have at least 2 deep dive topics in this session. It will be mostly focused around Server Side Apply and the how can client-go and other clients use apply server side. We might cover also several other topics around extensibility using CRDs and Webhooks, touching on the deprecation of v1beta1 and related issues. Additionally, we will remind everybody attenting about the structure of the sig, our areas of coverage, our regular meetings, the places where you can find us to chat, and how to become a contributor.
- 3 participants
- 30 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Events: Using CloudEvents to Create an Interoperable CI/CD Ecosystem - Andrea Frittoli, IBM
With more organizations adopting a Cloud-Native architecture and microservices, continuous delivery has evolved from mere best practices to an indispensable tool to swiftly and reliably bring new features in front of customers. The CI/CD landscape is rich and diverse, with tools like Keptn, Flux and Argo that offer opinionated solutions to specific problems. Organizations rely on various ones to address their automation requirements, but they lack a way to consistently orchestrate, monitor and measure their overall workflow. There is a real need for interoperability and standardization in the CI/CD space: solving this problem is the mission of the Events Special Interest Group at the CD foundation. The speakers will present their work at the SIG in establishing a shared dictionary and set of CloudEvents, a “lingua franca” for tools to understand each other and collaborate to solve a wide range of scenarios. They will demonstrate using shared events to let existing tools work together.
SIG Events: Using CloudEvents to Create an Interoperable CI/CD Ecosystem - Andrea Frittoli, IBM
With more organizations adopting a Cloud-Native architecture and microservices, continuous delivery has evolved from mere best practices to an indispensable tool to swiftly and reliably bring new features in front of customers. The CI/CD landscape is rich and diverse, with tools like Keptn, Flux and Argo that offer opinionated solutions to specific problems. Organizations rely on various ones to address their automation requirements, but they lack a way to consistently orchestrate, monitor and measure their overall workflow. There is a real need for interoperability and standardization in the CI/CD space: solving this problem is the mission of the Events Special Interest Group at the CD foundation. The speakers will present their work at the SIG in establishing a shared dictionary and set of CloudEvents, a “lingua franca” for tools to understand each other and collaborate to solve a wide range of scenarios. They will demonstrate using shared events to let existing tools work together.
- 1 participant
- 28 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-Multicluster Intro and Deep Dive - Paul Morie, Apple; Jeremy Olmsted-Thompson & Laura Lorenz, Google
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.
SIG-Multicluster Intro and Deep Dive - Paul Morie, Apple; Jeremy Olmsted-Thompson & Laura Lorenz, Google
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.
- 3 participants
- 22 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-NETWORK: Updates and Directions - Tim Hockin & Bowei Du, Google
Speakers: Tim Hockin, Bowei Du
We will be presenting what has been going on in the Network SIG for the past few releases. The session will cover new and upcoming topics, including recent features and new APIs that are under development. Topics include: IPv6, Gateway API, Network Policy improvments, other improvements, as well as future directions for the rea. This session is mostly aimed at people who are already using Kubernetes, although new users are definitely welcome. Significant time will be allotted for Q&A, so bring your questions!
SIG-NETWORK: Updates and Directions - Tim Hockin & Bowei Du, Google
Speakers: Tim Hockin, Bowei Du
We will be presenting what has been going on in the Network SIG for the past few releases. The session will cover new and upcoming topics, including recent features and new APIs that are under development. Topics include: IPv6, Gateway API, Network Policy improvments, other improvements, as well as future directions for the rea. This session is mostly aimed at people who are already using Kubernetes, although new users are definitely welcome. Significant time will be allotted for Q&A, so bring your questions!
- 1 participant
- 11 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-Scheduling Intro and Deep Dive - Wei Huang, IBM
Speakers: Wei Huang
SIG Scheduling is responsible for kube-scheduler and its related subprojects such as the scheduling-plugins and descheduler. These projects share the common goal of enabling users and developers to ensure that pods are assigned to the appropriate nodes based on various scheduling criteria. We also endeavor to ease customizing and extending scheduler for advanced usage. This talk will introduce attendees to SIG-Scheduling with an overview of the current goals and ongoing work within the SIG, as well as opportunities for new contributors to get involved.
SIG-Scheduling Intro and Deep Dive - Wei Huang, IBM
Speakers: Wei Huang
SIG Scheduling is responsible for kube-scheduler and its related subprojects such as the scheduling-plugins and descheduler. These projects share the common goal of enabling users and developers to ensure that pods are assigned to the appropriate nodes based on various scheduling criteria. We also endeavor to ease customizing and extending scheduler for advanced usage. This talk will introduce attendees to SIG-Scheduling with an overview of the current goals and ongoing work within the SIG, as well as opportunities for new contributors to get involved.
- 1 participant
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Scaling Kubeflow for Multi-tenancy at Spotify - Keshi Dai & Jonathan Jin, Spotify
Spotify began offering a centralized Kubeflow Pipelines product to its machine learning teams around two years ago. Since then, adoption has skyrocketed, with more teams training more models and running increasingly complex experiments. These increased demands on our system come with more stringent demands on us, the Kubeflow team at Spotify, to ensure not just cluster reliability, but cluster equitability. Our job is to not just be cluster maintainers, but cluster stewards—ensuring equitable and reliable access to cluster resources, and keeping users from stepping on each others’ toes. In this talk, we’ll discuss our streamlined tooling to maintain, deploy, and monitor Spotify’s distribution of Kubeflow. We’ll illustrate the challenges we face as we scale to increased user load and increasingly distinct and demanding pipelines, and outline our approach to addressing those challenges with “multi-cluster” Kubeflow. Finally, we’ll give a preview of our future plans for the platform.
Scaling Kubeflow for Multi-tenancy at Spotify - Keshi Dai & Jonathan Jin, Spotify
Spotify began offering a centralized Kubeflow Pipelines product to its machine learning teams around two years ago. Since then, adoption has skyrocketed, with more teams training more models and running increasingly complex experiments. These increased demands on our system come with more stringent demands on us, the Kubeflow team at Spotify, to ensure not just cluster reliability, but cluster equitability. Our job is to not just be cluster maintainers, but cluster stewards—ensuring equitable and reliable access to cluster resources, and keeping users from stepping on each others’ toes. In this talk, we’ll discuss our streamlined tooling to maintain, deploy, and monitor Spotify’s distribution of Kubeflow. We’ll illustrate the challenges we face as we scale to increased user load and increasingly distinct and demanding pipelines, and outline our approach to addressing those challenges with “multi-cluster” Kubeflow. Finally, we’ll give a preview of our future plans for the platform.
- 2 participants
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Secure your cluster-to-cluster traffic, the agnostic way - Pauline Lallinec & Dave Kerr, Workday
Workday is shifting to a multi-cloud approach whereby its Kubernetes platform known as Scylla can be deployed to public cloud providers as well as Workday’s own data centers. To achieve this, we needed to route tenant data across existing AWS clusters in different regions, to Workday’s own data centre, and potentially in the future, to other public cloud providers. While cloud providers usually have solutions to migrate data to their own cloud, Workday aims to be cloud-agnostic, and as such needs a solution to migrate data cross-clouds. The infrastructure, platform, and application development teams cooperated to develop a solution relying on Kubernetes operators, Istio, Consul, and Helm-delivered application configuration. This talk will give an overview of the tools and technologies used to migrate tenant data to other clusters, wherever they are deployed. We will additionally review the learnings from this experience and give an overview of the future work.
Secure your cluster-to-cluster traffic, the agnostic way - Pauline Lallinec & Dave Kerr, Workday
Workday is shifting to a multi-cloud approach whereby its Kubernetes platform known as Scylla can be deployed to public cloud providers as well as Workday’s own data centers. To achieve this, we needed to route tenant data across existing AWS clusters in different regions, to Workday’s own data centre, and potentially in the future, to other public cloud providers. While cloud providers usually have solutions to migrate data to their own cloud, Workday aims to be cloud-agnostic, and as such needs a solution to migrate data cross-clouds. The infrastructure, platform, and application development teams cooperated to develop a solution relying on Kubernetes operators, Istio, Consul, and Helm-delivered application configuration. This talk will give an overview of the tools and technologies used to migrate tenant data to other clusters, wherever they are deployed. We will additionally review the learnings from this experience and give an overview of the future work.
- 2 participants
- 24 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Securing Content Repositories with the Update Framework (TUF) - Marina Moore, NYU & Joshua Lock, VMware
The Update Framework (TUF) is a framework for secure content delivery and updates that protects against many known attacks on software update systems. In this talk, Joshua Lock and Marina Moore will describe how TUF works, why content delivery systems need the protections offered by TUF, and share some recent developments in TUF and related projects. Following this introductory content, we will deep dive into proposed new features for TUF by reviewing a TUF Augmentation Proposal (TAP). Come to this talk to learn about how many organizations, including Docker, Amazon, and Google secure software updates and how you can get involved.
Securing Content Repositories with the Update Framework (TUF) - Marina Moore, NYU & Joshua Lock, VMware
The Update Framework (TUF) is a framework for secure content delivery and updates that protects against many known attacks on software update systems. In this talk, Joshua Lock and Marina Moore will describe how TUF works, why content delivery systems need the protections offered by TUF, and share some recent developments in TUF and related projects. Following this introductory content, we will deep dive into proposed new features for TUF by reviewing a TUF Augmentation Proposal (TAP). Come to this talk to learn about how many organizations, including Docker, Amazon, and Google secure software updates and how you can get involved.
- 3 participants
- 22 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Security Through Transparency: Kubernetes SIG Security Update - Ian Coldwater, Twilio; Savitha Raghunathan, Red Hat; Rey Lejano, SUSE; Pushkar Joglekar, VMware
Kubernetes SIG Security is a newer SIG, dedicated to improving Kubernetes security by providing space for learning together, sharing our expertise, and building bridges between SIGS and externally with the broader security community. We’re here this KubeCon to tell you about what we’ve been up to! Come for this session featuring updates from our docs, tooling, and third party security audit subgroups about our efforts to keep Kubernetes secure through transparency, not obscurity. Stay to learn how you can get involved. Happy Honking!
Security Through Transparency: Kubernetes SIG Security Update - Ian Coldwater, Twilio; Savitha Raghunathan, Red Hat; Rey Lejano, SUSE; Pushkar Joglekar, VMware
Kubernetes SIG Security is a newer SIG, dedicated to improving Kubernetes security by providing space for learning together, sharing our expertise, and building bridges between SIGS and externally with the broader security community. We’re here this KubeCon to tell you about what we’ve been up to! Come for this session featuring updates from our docs, tooling, and third party security audit subgroups about our efforts to keep Kubernetes secure through transparency, not obscurity. Stay to learn how you can get involved. Happy Honking!
- 4 participants
- 22 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Service Mesh using Envoy on Windows - Sotiris Nanopoulos & Praveen Balasubramanian & Kalya Subramanian, Microsoft; Nic Jackson, Hashicorp
Learn about the ongoing efforts to enable Service Mesh on the Windows platform, what it can do now, and what is coming next. Learn how to configure the Windows networking stack to redirect traffic to a sidecar proxy. Understand the differences between Windows and Linux platform support. Learn how to configure and deploy Envoy as a sidecar proxy. Finally, watch all the above working together on a live demo of Open Service Mesh (OSM) on Windows.
Service Mesh using Envoy on Windows - Sotiris Nanopoulos & Praveen Balasubramanian & Kalya Subramanian, Microsoft; Nic Jackson, Hashicorp
Learn about the ongoing efforts to enable Service Mesh on the Windows platform, what it can do now, and what is coming next. Learn how to configure the Windows networking stack to redirect traffic to a sidecar proxy. Understand the differences between Windows and Linux platform support. Learn how to configure and deploy Envoy as a sidecar proxy. Finally, watch all the above working together on a live demo of Open Service Mesh (OSM) on Windows.
- 4 participants
- 22 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Serving Machine Learning Models at Scale Using KServing - Animesh Singh, IBM
KServe (previously known as KFServing) is a serverless open source solution to serve machine learning models. With machine learning becoming more widely adopted in organizations, the trend is to deploy larger numbers of models. Plus, there is an increasing need to serve models using GPUs. As GPUs are expensive, engineers are seeking ways to serve multiple models with one GPU. The KServe community designed a Multi-Model Serving solution to scale the number of models that can be served in a Kubernetes cluster. By sharing the serving container that is enabled to host multiple models, Multi-Model Serving addresses three limitations that the current ‘one model, one service’ paradigm encounters: 1) Compute resources (including the cost for public cloud), 2) Maximum number of pods, 3) Maximum number of IP addresses. 4) Maximum number of services This talk will present the design of Multi-Model Serving, describe how to use it to serve models for different frameworks, and share benchmark stats that demonstrate its scalability.
Serving Machine Learning Models at Scale Using KServing - Animesh Singh, IBM
KServe (previously known as KFServing) is a serverless open source solution to serve machine learning models. With machine learning becoming more widely adopted in organizations, the trend is to deploy larger numbers of models. Plus, there is an increasing need to serve models using GPUs. As GPUs are expensive, engineers are seeking ways to serve multiple models with one GPU. The KServe community designed a Multi-Model Serving solution to scale the number of models that can be served in a Kubernetes cluster. By sharing the serving container that is enabled to host multiple models, Multi-Model Serving addresses three limitations that the current ‘one model, one service’ paradigm encounters: 1) Compute resources (including the cost for public cloud), 2) Maximum number of pods, 3) Maximum number of IP addresses. 4) Maximum number of services This talk will present the design of Multi-Model Serving, describe how to use it to serve models for different frameworks, and share benchmark stats that demonstrate its scalability.
- 2 participants
- 40 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Shh, It’s a Secret: Managing Your Secrets in a GitOps Way - Jake Wernette & Josh Kayani, IBM
How do you handle secrets? That is the first question that is asked whenever you are talking about GitOps. And it is a valid question! Do you put secrets directly in Git? Do you inject them in runtime? This is something that is trying to be answered across the community and in many different ways. Jake and his team at IBM looked at the landscape of GitOps specifically with Argo CD and could not find something that fit their needs. This talk will showcase how they were able to build and adopt argocd-vault-plugin and how it was able to simplify their secret management while allowing them to manage it in a GitOps way. Hopefully this talk will help you along in your GitOps journey and bridge the secrets gap that we are seeing so often in the community.
Shh, It’s a Secret: Managing Your Secrets in a GitOps Way - Jake Wernette & Josh Kayani, IBM
How do you handle secrets? That is the first question that is asked whenever you are talking about GitOps. And it is a valid question! Do you put secrets directly in Git? Do you inject them in runtime? This is something that is trying to be answered across the community and in many different ways. Jake and his team at IBM looked at the landscape of GitOps specifically with Argo CD and could not find something that fit their needs. This talk will showcase how they were able to build and adopt argocd-vault-plugin and how it was able to simplify their secret management while allowing them to manage it in a GitOps way. Hopefully this talk will help you along in your GitOps journey and bridge the secrets gap that we are seeing so often in the community.
- 6 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Shifting Spotify Engineering from Spreadsheets to Backstage - Johan Haals & Patrik Oldsberg, Spotify
Is your bookmark bar filled to the brim with links to internal infrastructure tools? Are you using spreadsheets to track the state of your software and infrastructure? Does your company suffer from fragmentation, like hundreds of startups glued together? Then this talk is for you! It will tell the story of how Spotify created a service catalog to bring order to thousands of microservices. It grew to become Backstage, an internal developer portal supporting not just services, but also machine learning models, documentation, over 9000 data pipelines, and much more. With 115 plugins contributed by 58 different teams, Backstage is now Spotify’s single pane of glass for the entire engineering organization. In 2020 Backstage and its software catalog was open sourced and donated to the CNCF, making it available for everyone to use. The talk will also walk you through strategies for adopting Backstage in an existing organization, and how to bootstrap your own catalog.
Shifting Spotify Engineering from Spreadsheets to Backstage - Johan Haals & Patrik Oldsberg, Spotify
Is your bookmark bar filled to the brim with links to internal infrastructure tools? Are you using spreadsheets to track the state of your software and infrastructure? Does your company suffer from fragmentation, like hundreds of startups glued together? Then this talk is for you! It will tell the story of how Spotify created a service catalog to bring order to thousands of microservices. It grew to become Backstage, an internal developer portal supporting not just services, but also machine learning models, documentation, over 9000 data pipelines, and much more. With 115 plugins contributed by 58 different teams, Backstage is now Spotify’s single pane of glass for the entire engineering organization. In 2020 Backstage and its software catalog was open sourced and donated to the CNCF, making it available for everyone to use. The talk will also walk you through strategies for adopting Backstage in an existing organization, and how to bootstrap your own catalog.
- 2 participants
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sigstore: How We Started, Where We Are, Where We are Headed - Bob Callaway, Red Hat & Dan Lorenc, Google
sigstore is a project under the Linux foundation to provide a non profit , public good software security cryptographic signing service. You can think of it like the 'Lets Encrypt' for software signing. If you have not heard of it yet, you certainly will soon. sigstore is used to protect kubernetes release container images and verify them directly in kubernetes release infrastructure. Many other communities are also in the process of looking at how they can implement sigstore (python, rubygems, wasm, maven). The sigstore community is made up of security experts from the communities such as TUF, Kubernetes, in-toto and engineers from Red Hat, Google, Smallstep, VMWare and many more.
Sigstore: How We Started, Where We Are, Where We are Headed - Bob Callaway, Red Hat & Dan Lorenc, Google
sigstore is a project under the Linux foundation to provide a non profit , public good software security cryptographic signing service. You can think of it like the 'Lets Encrypt' for software signing. If you have not heard of it yet, you certainly will soon. sigstore is used to protect kubernetes release container images and verify them directly in kubernetes release infrastructure. Many other communities are also in the process of looking at how they can implement sigstore (python, rubygems, wasm, maven). The sigstore community is made up of security experts from the communities such as TUF, Kubernetes, in-toto and engineers from Red Hat, Google, Smallstep, VMWare and many more.
- 2 participants
- 40 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Storage and Networking: Rook on Multus - Sébastien Han & Rohan Gupta, Red Hat
Networking plays an important role in the world of baremetal cloud storage. I/O on devices are dependent on network latency. Rook-Ceph now makes use of multus to better utilize host network interfaces for Ceph Public and Cluster Networks. Having dedicated networks for storage boosts performance. This talk will introduce Ceph public and cluster networks and their use cases, the requirement of dedicated networks in baremetal environment, HostNetworking vs Multus, defining network-attachment-definitions, and how Rook-Ceph utilizes it. It will also include a demo showing an already running cluster utilizing multus networks and we will compare the performance with and without multus. By the end of the talk, you'll know the perks of using private and cluster networks, when to use them, and will be able to create a basic networking setup for Rook-Ceph.
Storage and Networking: Rook on Multus - Sébastien Han & Rohan Gupta, Red Hat
Networking plays an important role in the world of baremetal cloud storage. I/O on devices are dependent on network latency. Rook-Ceph now makes use of multus to better utilize host network interfaces for Ceph Public and Cluster Networks. Having dedicated networks for storage boosts performance. This talk will introduce Ceph public and cluster networks and their use cases, the requirement of dedicated networks in baremetal environment, HostNetworking vs Multus, defining network-attachment-definitions, and how Rook-Ceph utilizes it. It will also include a demo showing an already running cluster utilizing multus networks and we will compare the performance with and without multus. By the end of the talk, you'll know the perks of using private and cluster networks, when to use them, and will be able to create a basic networking setup for Rook-Ceph.
- 2 participants
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
TAG App Delivery - Jennifer Strejevitch, VMware & Alois Reitbauer, Dynatrace
TAG App Delivery focuses on simplifying application delivery on Kubernetes as well as improving developer experience. This session will showcase recent development around operators, chaos engineering, application delivery methods and demo applications. Whether you are just getting started with cloud-native application deliver or getting up to speed on the latest this session will provide you with ongoing activities, recent developments and selected trends based on feedback from CNCF projects in the app delivery space.
TAG App Delivery - Jennifer Strejevitch, VMware & Alois Reitbauer, Dynatrace
TAG App Delivery focuses on simplifying application delivery on Kubernetes as well as improving developer experience. This session will showcase recent development around operators, chaos engineering, application delivery methods and demo applications. Whether you are just getting started with cloud-native application deliver or getting up to speed on the latest this session will provide you with ongoing activities, recent developments and selected trends based on feedback from CNCF projects in the app delivery space.
- 2 participants
- 36 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
TAG Observability Update - Matt Young, Everquote & Alolita Sharma, Amazon
Calling all disciplines!
At the CNCF TAG Observability session, we'll introduce the TAG and talk about why you might want to join us!
Projects, Vendors, and End Users are all encouraged to share experiences, ideas, and creations. We welcome writers, product managers, designers, producers, platform operators, enginers, end users, and cloud practitioners. We have ambitious goals and are fostering the growing Observability community. Opportunities in this rapidly expanding domain are plentiful.
TAG Observability welcomes your ideas, participation, contributions and YOU. Come check us out on the 1st and 3rd Tuesdays every month.
TAG Observability Update - Matt Young, Everquote & Alolita Sharma, Amazon
Calling all disciplines!
At the CNCF TAG Observability session, we'll introduce the TAG and talk about why you might want to join us!
Projects, Vendors, and End Users are all encouraged to share experiences, ideas, and creations. We welcome writers, product managers, designers, producers, platform operators, enginers, end users, and cloud practitioners. We have ambitious goals and are fostering the growing Observability community. Opportunities in this rapidly expanding domain are plentiful.
TAG Observability welcomes your ideas, participation, contributions and YOU. Come check us out on the 1st and 3rd Tuesdays every month.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Taking Your Database Beyond the Border of a Single Kubernetes Cluster - Christopher Bradford, DataStax & Ty Morton, Google
Deploying applications on Kubernetes is getting easier every day. From a minimal deployment to distributed service mesh enabled applications with planning and a little bit of YAML resilient cloud-native applications are the norm. In this session, Christopher Bradford and Ty Morton will help answer the following questions: - What about your data behind these apps? - Are you running those in a multi-cluster environment or sending everything back to a common location? - How do you modernize to a distributed peer-to-peer data architecture? - How do you plan for this change? - Are there pitfalls on the road to enlightened data? Join this session to explore the key concepts needed when investigating multi-cluster deployments for data. This includes: - Cluster planning - Network design - Security - Failure handling
Taking Your Database Beyond the Border of a Single Kubernetes Cluster - Christopher Bradford, DataStax & Ty Morton, Google
Deploying applications on Kubernetes is getting easier every day. From a minimal deployment to distributed service mesh enabled applications with planning and a little bit of YAML resilient cloud-native applications are the norm. In this session, Christopher Bradford and Ty Morton will help answer the following questions: - What about your data behind these apps? - Are you running those in a multi-cluster environment or sending everything back to a common location? - How do you modernize to a distributed peer-to-peer data architecture? - How do you plan for this change? - Are there pitfalls on the road to enlightened data? Join this session to explore the key concepts needed when investigating multi-cluster deployments for data. This includes: - Cluster planning - Network design - Security - Failure handling
- 2 participants
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Testing Kubernetes Clusters - Building Confidence in Your Changes - Guy Templeton & Matteo Ruina, Skyscanner
Speakers: Matteo Ruina, Guy Templeton
Operating Kubernetes clusters involves a large number of components, each of which can impact the functionality of clusters. As cluster operators, building confidence in the changes being made is key to allowing frequent updates without compromising on reliability. Running the full Kubernetes conformance test suite every time is generally too slow, and doesn't always cover the functionality users of clusters care about. In this talk, you will learn how Skyscanner uses Kubernetes' existing test codebase along with Sonobuoy and Spinnaker to build a custom test suite. This allows cluster operators to build confidence in changes made to their clusters and their components, focussing on the functionality developers care about. This case study will enable you to make a start in developing your own tests for Kubernetes clusters, understanding the benefits this can bring, as well as the drawbacks you need to beware of.
Testing Kubernetes Clusters - Building Confidence in Your Changes - Guy Templeton & Matteo Ruina, Skyscanner
Speakers: Matteo Ruina, Guy Templeton
Operating Kubernetes clusters involves a large number of components, each of which can impact the functionality of clusters. As cluster operators, building confidence in the changes being made is key to allowing frequent updates without compromising on reliability. Running the full Kubernetes conformance test suite every time is generally too slow, and doesn't always cover the functionality users of clusters care about. In this talk, you will learn how Skyscanner uses Kubernetes' existing test codebase along with Sonobuoy and Spinnaker to build a custom test suite. This allows cluster operators to build confidence in changes made to their clusters and their components, focussing on the functionality developers care about. This case study will enable you to make a start in developing your own tests for Kubernetes clusters, understanding the benefits this can bring, as well as the drawbacks you need to beware of.
- 2 participants
- 30 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Thanos: Highly Available, Pluggable, Long Term Metric Storage for Everyone! - Wiard van Rij, Fullstaq
Prometheus was initially made for short metric retention to answer questions on “what is happening ‘now’”. It is a strong project that solves certain problems really well, but still as a monolith when doing so. Thanos has been made to enable scaling, highly available setups and long term (cheap) storage for Prometheus. Everyone could leverage Thanos for these features. It does not stop there; Thanos has multiple components that could be used for multi-cluster telemetry, remote writes, and multi-tenancy. We want to introduce everyone to Thanos. Explaining the use-cases and how it could benefit your stack now observability becomes such an important factor in tech.
Thanos: Highly Available, Pluggable, Long Term Metric Storage for Everyone! - Wiard van Rij, Fullstaq
Prometheus was initially made for short metric retention to answer questions on “what is happening ‘now’”. It is a strong project that solves certain problems really well, but still as a monolith when doing so. Thanos has been made to enable scaling, highly available setups and long term (cheap) storage for Prometheus. Everyone could leverage Thanos for these features. It does not stop there; Thanos has multiple components that could be used for multi-cluster telemetry, remote writes, and multi-tenancy. We want to introduce everyone to Thanos. Explaining the use-cases and how it could benefit your stack now observability becomes such an important factor in tech.
- 1 participant
- 27 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Control Loop As An Application Development Framework - Nick Santos, Tilt
Kubernetes emerged as A Good Idea® in part because it gives you real-time, circular feedback: it's a control loop. Something watches, something reacts, equilibrium is maintained. In this talk we’ll discuss how this model is useful not only for orchestrating containers, but for many applications that handle real-time feedback loops. And thanks to Kubernetes, most of the scaffolding for it is already out there, ready to be used. As a use-case the speaker will talk about a development tool that reacts to source code and server status changes in real-time—a perfect match for a Kubernetes-style control loop. Adopting control loops led to a simpler, more modular app. It made the codebase easier to grasp for new developers, and the application as a whole more uniform and easy to extend. Plus, Kubernetes already has a rich ecosystem of tools for it. Lastly, the speaker will discuss other examples in which this model applies and whether this model makes sense for your own applications.
The Control Loop As An Application Development Framework - Nick Santos, Tilt
Kubernetes emerged as A Good Idea® in part because it gives you real-time, circular feedback: it's a control loop. Something watches, something reacts, equilibrium is maintained. In this talk we’ll discuss how this model is useful not only for orchestrating containers, but for many applications that handle real-time feedback loops. And thanks to Kubernetes, most of the scaffolding for it is already out there, ready to be used. As a use-case the speaker will talk about a development tool that reacts to source code and server status changes in real-time—a perfect match for a Kubernetes-style control loop. Adopting control loops led to a simpler, more modular app. It made the codebase easier to grasp for new developers, and the application as a whole more uniform and easy to extend. Plus, Kubernetes already has a rich ecosystem of tools for it. Lastly, the speaker will discuss other examples in which this model applies and whether this model makes sense for your own applications.
- 3 participants
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Future of Multi-Tenancy in Kubernetes - Tasha Drew, VMware; Adrian Ludwin, Google; Fei Guo, Alibaba; Jim Bugwadia, Nirmata
Applications need multi-tenancy. Shared services need multi-tenancy. Internal users need multi-tenancy. Tenancy requires segmentations at all layers of the infrastructure and services stack, not to mention surrounding capabilities like charge back, service priority, and cost optimization. Where is it all going? What is the future of multi-tenancy? Join the leads of the upstream working group for multi-tenancy to find out! We will discuss how we see users and entrprises leveraging multi-tenancy, the tools and capabilities our group and the rest of Kubernetes upstream community have been building to make multi-tenancy … tenable … and answer audience questions.
The Future of Multi-Tenancy in Kubernetes - Tasha Drew, VMware; Adrian Ludwin, Google; Fei Guo, Alibaba; Jim Bugwadia, Nirmata
Applications need multi-tenancy. Shared services need multi-tenancy. Internal users need multi-tenancy. Tenancy requires segmentations at all layers of the infrastructure and services stack, not to mention surrounding capabilities like charge back, service priority, and cost optimization. Where is it all going? What is the future of multi-tenancy? Join the leads of the upstream working group for multi-tenancy to find out! We will discuss how we see users and entrprises leveraging multi-tenancy, the tools and capabilities our group and the rest of Kubernetes upstream community have been building to make multi-tenancy … tenable … and answer audience questions.
- 4 participants
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Hidden Costs - How "free" is Kubernetes really? - Matthias Haeussler & Thorsten Jakoby, Novatec Consulting GmbH
Kubernetes is often referred to as Container as a Service (CaaS) and is placed as an abstraction layer between the cloud service model Infrastructure and Platform as a Service (IaaS and PaaS). While from a developer perspective it focusses to appear rather as a PaaS model, from a financial perspective the costs incur from the IaaS model. The costs incur from the runtime of the assigned virtual machines - whether they are well utilized or not - as opposed to paying for the runtime of the containers. This is one of many adoption insights in terms of "hidden costs". In this talk Matthias and Thorsten describe their experience about those costs based on the experience of adopting CaaS in several client scenarios. In most cases it was set-up to achieve a "PaaS-like" self-service developer experience. This covers 5+ years of lesson's learned in on- and off-prem setups, GitOps, security, automation, application deployment, legacy integration, observability and skill enablement.
The Hidden Costs - How "free" is Kubernetes really? - Matthias Haeussler & Thorsten Jakoby, Novatec Consulting GmbH
Kubernetes is often referred to as Container as a Service (CaaS) and is placed as an abstraction layer between the cloud service model Infrastructure and Platform as a Service (IaaS and PaaS). While from a developer perspective it focusses to appear rather as a PaaS model, from a financial perspective the costs incur from the IaaS model. The costs incur from the runtime of the assigned virtual machines - whether they are well utilized or not - as opposed to paying for the runtime of the containers. This is one of many adoption insights in terms of "hidden costs". In this talk Matthias and Thorsten describe their experience about those costs based on the experience of adopting CaaS in several client scenarios. In most cases it was set-up to achieve a "PaaS-like" self-service developer experience. This covers 5+ years of lesson's learned in on- and off-prem setups, GitOps, security, automation, application deployment, legacy integration, observability and skill enablement.
- 2 participants
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Hitchhiker's Guide to Kubernetes Vulnerabilities - Robert Clark & Micah Hausler, Amazon
The earth is gone. You’re the only one left. Was Kubernetes to blame? Is prior performance a strong indicator of future behavior? Is Kubernetes on a positive security trajectory? Have community efforts improved security? The speakers will present research that examines security problems throughout the entire history of the Kubernetes project. They explore patterns and trends in the data. They show a taxonomy for classifying k8s vulnerabilities; including analysis of root causes and contributing factors. They dive into each issue, examining metrics like time from commit-to-discovery, time-to-resolution, detection of similar events etc. They look to patterns of previous behavior to help the audience predict future performance. They interview leaders in the community and overlay historical security data with efforts to improve security. They show the impact SIGs, WGs, Audits, etc had on k8s security and suggest how the security posture of k8s might evolve in the future.
The Hitchhiker's Guide to Kubernetes Vulnerabilities - Robert Clark & Micah Hausler, Amazon
The earth is gone. You’re the only one left. Was Kubernetes to blame? Is prior performance a strong indicator of future behavior? Is Kubernetes on a positive security trajectory? Have community efforts improved security? The speakers will present research that examines security problems throughout the entire history of the Kubernetes project. They explore patterns and trends in the data. They show a taxonomy for classifying k8s vulnerabilities; including analysis of root causes and contributing factors. They dive into each issue, examining metrics like time from commit-to-discovery, time-to-resolution, detection of similar events etc. They look to patterns of previous behavior to help the audience predict future performance. They interview leaders in the community and overlay historical security data with efforts to improve security. They show the impact SIGs, WGs, Audits, etc had on k8s security and suggest how the security posture of k8s might evolve in the future.
- 1 participant
- 29 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Hitchhikers Guide to Container Security - Tunde Olu-Isa, Oteemo & Jed Salazar, Isovalent
Speakers: Jed Salazar, Tunde Olu-Isa
You’ve seen the Kubernetes security announcements: CAP_NET_RAW rogue advertisements, runc breakout, hostNetwork hijack.. oh my! It seems that the best you can do is keep up with patching, but often these vulnerabilities take advantage of overly permissive Pods. In this talk, we’ll introduce the riskiest privileges that Pods can request, what allowing those privileges means for your cluster, and how to create security policy to protect your cluster and its users. If you’ve ever wondered, “what does enabling privileged actually mean?”, hitch a ride on a whirlwind and fun guide about the basics of Pod security and how you can easily configure security policy to keep Kubernetes safe. Any level of experience can benefit from learning about the riskiest privileges Pods can request and reducing the threats in your environment by running your workloads safely.
The Hitchhikers Guide to Container Security - Tunde Olu-Isa, Oteemo & Jed Salazar, Isovalent
Speakers: Jed Salazar, Tunde Olu-Isa
You’ve seen the Kubernetes security announcements: CAP_NET_RAW rogue advertisements, runc breakout, hostNetwork hijack.. oh my! It seems that the best you can do is keep up with patching, but often these vulnerabilities take advantage of overly permissive Pods. In this talk, we’ll introduce the riskiest privileges that Pods can request, what allowing those privileges means for your cluster, and how to create security policy to protect your cluster and its users. If you’ve ever wondered, “what does enabling privileged actually mean?”, hitch a ride on a whirlwind and fun guide about the basics of Pod security and how you can easily configure security policy to keep Kubernetes safe. Any level of experience can benefit from learning about the riskiest privileges Pods can request and reducing the threats in your environment by running your workloads safely.
- 2 participants
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Prometheus Conformance Program - Richard Hartmann, Grafana Labs
Prometheus is the standard for cloud-native metric monitoring and beyond. We're a victim of our own success inasmuch as everyone claims to be compatible with Prometheus when many are not. In the best case, this leads to user confusion. In the worst case, this leads to data loss, data change, and missed alerts. In our experience as Prometheus team supporting end users, the latter is scarily common. To fix this situation, CNCF and Prometheus team have launched the Prometheus Conformance Program. We will walk through its design, through current test suites available, through current test results, and show you how to apply for the official mark of Prometheus compatibility. Depending on overall timeline, we might use this talk to publish official marks for projects and products.
The Prometheus Conformance Program - Richard Hartmann, Grafana Labs
Prometheus is the standard for cloud-native metric monitoring and beyond. We're a victim of our own success inasmuch as everyone claims to be compatible with Prometheus when many are not. In the best case, this leads to user confusion. In the worst case, this leads to data loss, data change, and missed alerts. In our experience as Prometheus team supporting end users, the latter is scarily common. To fix this situation, CNCF and Prometheus team have launched the Prometheus Conformance Program. We will walk through its design, through current test suites available, through current test results, and show you how to apply for the official mark of Prometheus compatibility. Depending on overall timeline, we might use this talk to publish official marks for projects and products.
- 1 participant
- 10 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tools That I Wish Existed 3 Years Ago To Build a SaaS Offering - Mauricio Salatino, VMware
If you are tasked with building a Software as a Service (SaaS) offering for your company products/components, you will need to make some big decisions, for example: one or more Cloud Providers, tools, creating your own abstractions, etc. From a developer perspective, this presentation covers tools in the Kubernetes ecosystem that will make your life easier when building a SaaS offering. This session cover tools such as Crossplane, Helm, CloudEvents for integrations and interoperability, Knative and Tekton to make sure that you have the flexibility to deploy your workloads in different cloud providers if needed. This presentation shows you in action tools that provide higher-level abstractions to help you to keep your implementations Multi-Cloud friendly.
Tools That I Wish Existed 3 Years Ago To Build a SaaS Offering - Mauricio Salatino, VMware
If you are tasked with building a Software as a Service (SaaS) offering for your company products/components, you will need to make some big decisions, for example: one or more Cloud Providers, tools, creating your own abstractions, etc. From a developer perspective, this presentation covers tools in the Kubernetes ecosystem that will make your life easier when building a SaaS offering. This session cover tools such as Crossplane, Helm, CloudEvents for integrations and interoperability, Knative and Tekton to make sure that you have the flexibility to deploy your workloads in different cloud providers if needed. This presentation shows you in action tools that provide higher-level abstractions to help you to keep your implementations Multi-Cloud friendly.
- 1 participant
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Trimaran: Real Load Aware Scheduling in Kubernetes - Abdul Qadeer, PayPal & Chen Wang, IBM
Kubernetes is a popular solution for container orchestration and cluster management. Cluster management creates opportunity to improve resource utilization which can provide an organization with cost savings. To achieve this, we can make the native Kubernetes scheduler aware of the gap between its declarative resource allocation model and actual node resource utilization. We can pack pods more efficiently in a lower number of nodes considering real load of nodes. Native scheduler on the other hand only considers pod requests and allocable resources on nodes with its default plugins. We introduced two plugins to the scheduler community - TargetLoadPacking and LoadVariationRiskBalancing under the Trimaran framework to address this problem with collaboration between PayPal and IBM. The plugins provide scheduling support for all pod QoS guarantees.
Trimaran: Real Load Aware Scheduling in Kubernetes - Abdul Qadeer, PayPal & Chen Wang, IBM
Kubernetes is a popular solution for container orchestration and cluster management. Cluster management creates opportunity to improve resource utilization which can provide an organization with cost savings. To achieve this, we can make the native Kubernetes scheduler aware of the gap between its declarative resource allocation model and actual node resource utilization. We can pack pods more efficiently in a lower number of nodes considering real load of nodes. Native scheduler on the other hand only considers pod requests and allocable resources on nodes with its default plugins. We introduced two plugins to the scheduler community - TargetLoadPacking and LoadVariationRiskBalancing under the Trimaran framework to address this problem with collaboration between PayPal and IBM. The plugins provide scheduling support for all pod QoS guarantees.
- 3 participants
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Turn Contributors into Maintainers with TAG Contributor Strategy - Josh Berkus, Red Hat & Catherine Paganini, Bouyant
TAG Contributor Strategy focuses on writing guides and templates to help CNCF maintainers build successful projects and communities. In this session, we will walk you through how to use a contributor ladder along with governance documentation to provide a structure for turning contributors into maintainers. This is done through a gradual process where contributors gain increased responsibility within a project jointly with governance documentation that defines the decision making process, values, and principles. The primary topics for this session will include: Promoting and recognizing contributors using a ladder framework The role of governance in contributor promotion and value communication Evolving these concepts as projects move from sandbox to incubating to graduated The audience will walk away with tools, templates, and best practices for building successful CNCF projects and communities.
Turn Contributors into Maintainers with TAG Contributor Strategy - Josh Berkus, Red Hat & Catherine Paganini, Bouyant
TAG Contributor Strategy focuses on writing guides and templates to help CNCF maintainers build successful projects and communities. In this session, we will walk you through how to use a contributor ladder along with governance documentation to provide a structure for turning contributors into maintainers. This is done through a gradual process where contributors gain increased responsibility within a project jointly with governance documentation that defines the decision making process, values, and principles. The primary topics for this session will include: Promoting and recognizing contributors using a ladder framework The role of governance in contributor promotion and value communication Evolving these concepts as projects move from sandbox to incubating to graduated The audience will walk away with tools, templates, and best practices for building successful CNCF projects and communities.
- 4 participants
- 31 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Unraveling the Mystery of Versioning CRDs - Harsh Thakur, Civo
CRDs have given birth to a lot of projects by extending Kubernetes. As these projects grow, the definitions of the resource start to evolve and maybe completely change, thus requiring versioning of CRDs. Versioning of CRDs can be tough as the end users need to be provided with seamless upgrades, zero downtime and backwards compatibility. Have you asked yourself questions like: “Do I need a conversion webhook if I am just changing the validations?” , “How do I migrate the existing CRs to the new version?” .This talk aims to explain the CRD lifecycle and help users quickly catch up with the changes happening in the CRD ecosystem.
Unraveling the Mystery of Versioning CRDs - Harsh Thakur, Civo
CRDs have given birth to a lot of projects by extending Kubernetes. As these projects grow, the definitions of the resource start to evolve and maybe completely change, thus requiring versioning of CRDs. Versioning of CRDs can be tough as the end users need to be provided with seamless upgrades, zero downtime and backwards compatibility. Have you asked yourself questions like: “Do I need a conversion webhook if I am just changing the validations?” , “How do I migrate the existing CRs to the new version?” .This talk aims to explain the CRD lifecycle and help users quickly catch up with the changes happening in the CRD ecosystem.
- 1 participant
- 17 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak - Brandon Lum & Mariusz Sabath, IBM
When an organization moves to a multi-cloud environment, one of the first questions a developer will ask is “How do I access my S3 bucket in AWS from my GCP cluster?” (or any other permutations thereof cloud services/providers). This is an unsurprising request. However, the solutions to these problems today are surprisingly inadequate, especially when security and compliance are considered. This problem stems from cloud providers/services each having their own notion of workload identity and schema, which makes federation difficult. This talk proposes a shift in the perspective of workload identity from being “platform specific” to “organization wide” using SPIFFE/SPIRE and the new SPIFFE Tornjak project to provide a consistent and secure organization-wide management plane for workload identity and access across multiple clouds. After all, user identities are managed on the organization level (e.g. LDAP, etc.), why should our handling of workload identities be any different?
Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak - Brandon Lum & Mariusz Sabath, IBM
When an organization moves to a multi-cloud environment, one of the first questions a developer will ask is “How do I access my S3 bucket in AWS from my GCP cluster?” (or any other permutations thereof cloud services/providers). This is an unsurprising request. However, the solutions to these problems today are surprisingly inadequate, especially when security and compliance are considered. This problem stems from cloud providers/services each having their own notion of workload identity and schema, which makes federation difficult. This talk proposes a shift in the perspective of workload identity from being “platform specific” to “organization wide” using SPIFFE/SPIRE and the new SPIFFE Tornjak project to provide a consistent and secure organization-wide management plane for workload identity and access across multiple clouds. After all, user identities are managed on the organization level (e.g. LDAP, etc.), why should our handling of workload identities be any different?
- 2 participants
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Using Kubernetes with Data Processing Units to Offload Infrastructure - Thomas Phelan & Thomas Golway, HPE
Application architectures are shifting toward a more disaggregated model that offers greater agility, supports elasticity, and provides greater control for software quality assurance. This has led to an increase in complexity for application topologies, flows and security.
In this session, we will describe some novel work related to offloading core Kubernetes software infrastructure components from the main CPU onto the processing units of DPUs (data processing units). We will show a vendor-neutral way to not only offload the implementation of a Kubernetes CNI (container network interface) plugin, but also offload network packet tracing functionality, such as jaeger, and service mesh components, such as envoy.
In this session, you will learn about CNIs, SmartNICs, Arm CPUs, and how to run software somewhere other than the main CPU. You will also learn why this is becoming increasingly important in the quickly evolving world of DPUs.
Using Kubernetes with Data Processing Units to Offload Infrastructure - Thomas Phelan & Thomas Golway, HPE
Application architectures are shifting toward a more disaggregated model that offers greater agility, supports elasticity, and provides greater control for software quality assurance. This has led to an increase in complexity for application topologies, flows and security.
In this session, we will describe some novel work related to offloading core Kubernetes software infrastructure components from the main CPU onto the processing units of DPUs (data processing units). We will show a vendor-neutral way to not only offload the implementation of a Kubernetes CNI (container network interface) plugin, but also offload network packet tracing functionality, such as jaeger, and service mesh components, such as envoy.
In this session, you will learn about CNIs, SmartNICs, Arm CPUs, and how to run software somewhere other than the main CPU. You will also learn why this is becoming increasingly important in the quickly evolving world of DPUs.
- 2 participants
- 24 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Using SLOs for Continuous Performance Optimizations of Your K8s Workloads - Andreas Grabner, Dynatrace
Moving to k8s doesn’t prevent anyone from bad architectural decisions leading to performance degradations, scalability issues or violating your SLOs in production. In fact – building smaller services running in pods connected through service meshes are even more vulnerable to bad architectural or implementation choices. To avoid any bad deployments, the CNCF project Keptn provides automated SLO-based Performance Analysis as part of your CD process. Keptn automatically detects architectural and deployment changes that have a negative impact to performance and scalability. It uses SLOs (Service Level Objectives) to ensure your services always meet your objectives. The Keptn team has also put out SLO best practices to identify well known performance patterns that have been identified over the years analyzing hundreds of distributed software architectures deployed on k8s. Join this session and learn what these patterns are and how Keptn helps you prevent them from entering production.
Using SLOs for Continuous Performance Optimizations of Your K8s Workloads - Andreas Grabner, Dynatrace
Moving to k8s doesn’t prevent anyone from bad architectural decisions leading to performance degradations, scalability issues or violating your SLOs in production. In fact – building smaller services running in pods connected through service meshes are even more vulnerable to bad architectural or implementation choices. To avoid any bad deployments, the CNCF project Keptn provides automated SLO-based Performance Analysis as part of your CD process. Keptn automatically detects architectural and deployment changes that have a negative impact to performance and scalability. It uses SLOs (Service Level Objectives) to ensure your services always meet your objectives. The Keptn team has also put out SLO best practices to identify well known performance patterns that have been identified over the years analyzing hundreds of distributed software architectures deployed on k8s. Join this session and learn what these patterns are and how Keptn helps you prevent them from entering production.
- 2 participants
- 37 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Vitess: Introduction and New Features - Deepthi Sigireddi & Alkin Tezuysal, PlanetScale, Inc.; Andrew Mason & Malcolm Akinje, Slack Corp.
Vitess is a cloud-native storage solution that can scale indefinitely. In this session, we will first cover a high level overview of Vitess features, the architecture, and what database workloads are a good fit. Then we will demonstrate how to get started with Vitess on Kubernetes. This will be followed by VTAdmin, the next generation of tooling and UIs for managing large-scale, multi-cluster Vitess deployments, built for developers and operators alike. We will demo resharding using VTAdmin, and will talk about improvements to performance and scalability along the way.
Vitess: Introduction and New Features - Deepthi Sigireddi & Alkin Tezuysal, PlanetScale, Inc.; Andrew Mason & Malcolm Akinje, Slack Corp.
Vitess is a cloud-native storage solution that can scale indefinitely. In this session, we will first cover a high level overview of Vitess features, the architecture, and what database workloads are a good fit. Then we will demonstrate how to get started with Vitess on Kubernetes. This will be followed by VTAdmin, the next generation of tooling and UIs for managing large-scale, multi-cluster Vitess deployments, built for developers and operators alike. We will demo resharding using VTAdmin, and will talk about improvements to performance and scalability along the way.
- 4 participants
- 40 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Water is a Driving Force of Innovation: Open Source in the Dutch Government! - Onno Brouwer, Rijkswaterstaat & Tomasz Klimek, Grape Up
Imagine applications dedicated to "Keeping a proper level of water in all Dutch waterways" or "Providing all cargo ships traveling throughout the country with a guaranteed travel slot." Now consider running and maintaining them 24x7 in ‘the cloud’ as a government agency. Failure is not an option. Sounds stressful, right? Running mission-critical systems, meeting all customer requirements, and providing a fully self-service experience is our goal. To do that, we are creating a multi-cloud, hybrid cloud-native application platform based on Open Source technologies, such as Kubernetes, Grafana, Prometheus, Harbor, Minio, or Shield. Providing such services as a government agency is demanding. Awareness of potential damage done by denial of services is also a strong motivating factor. This presentation will cover lessons learned & challenges that happened to our team while planning and building "One platform to run them all”.
Water is a Driving Force of Innovation: Open Source in the Dutch Government! - Onno Brouwer, Rijkswaterstaat & Tomasz Klimek, Grape Up
Imagine applications dedicated to "Keeping a proper level of water in all Dutch waterways" or "Providing all cargo ships traveling throughout the country with a guaranteed travel slot." Now consider running and maintaining them 24x7 in ‘the cloud’ as a government agency. Failure is not an option. Sounds stressful, right? Running mission-critical systems, meeting all customer requirements, and providing a fully self-service experience is our goal. To do that, we are creating a multi-cloud, hybrid cloud-native application platform based on Open Source technologies, such as Kubernetes, Grafana, Prometheus, Harbor, Minio, or Shield. Providing such services as a government agency is demanding. Awareness of potential damage done by denial of services is also a strong motivating factor. This presentation will cover lessons learned & challenges that happened to our team while planning and building "One platform to run them all”.
- 2 participants
- 30 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
We're Marketers. If we can Learn Distributed Systems + K8s, so can you! - Betty Junod, VMware & Paul Burt, HashiCorp
Why is Kubernetes designed the way it is? Distributed systems are hard. That's the short and unsatisfying answer. The long answer is that like quantum mechanics, it's something that tends to make most of us uncomfortable. This talk is an introduction, and a way to build intuition about what makes a system like Kubernetes "correct." We'll do so by contrasting Kubernetes's design choices against other modern systems. We'll look at the implementation details of Docker Swarm, HashiCorp Nomad, K3s, and a "batteries included" Kubernetes distro like VMware Tanzu. In doing so, we'll discuss a number of distSys concepts. We'll learn about CAP theorem, Gossip protocols, High Availability (HA), and the RAFT consensus algorithm. Finally, we'll look at real world cases. Why do so many tools rely on Etcd's RAFT? What caused Target's 2019 cascading failure? Attendees will walk away with a better idea of the problems confronting distSys, and an intuition of what "correct" looks like.
We're Marketers. If we can Learn Distributed Systems + K8s, so can you! - Betty Junod, VMware & Paul Burt, HashiCorp
Why is Kubernetes designed the way it is? Distributed systems are hard. That's the short and unsatisfying answer. The long answer is that like quantum mechanics, it's something that tends to make most of us uncomfortable. This talk is an introduction, and a way to build intuition about what makes a system like Kubernetes "correct." We'll do so by contrasting Kubernetes's design choices against other modern systems. We'll look at the implementation details of Docker Swarm, HashiCorp Nomad, K3s, and a "batteries included" Kubernetes distro like VMware Tanzu. In doing so, we'll discuss a number of distSys concepts. We'll learn about CAP theorem, Gossip protocols, High Availability (HA), and the RAFT consensus algorithm. Finally, we'll look at real world cases. Why do so many tools rely on Etcd's RAFT? What caused Target's 2019 cascading failure? Attendees will walk away with a better idea of the problems confronting distSys, and an intuition of what "correct" looks like.
- 2 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What Kind of CPU is it Anyways? Airbnb's Journey to Heterogeneous Clusters - David Morrison & Evan Sheng, Airbnb
In this talk we describe the technical and organizational hurdles Airbnb needed to overcome to migrate from running "homogeneous" Kubernetes clusters (i.e., clusters in which the majority of nodes are the same type) to "heterogeneous" clusters (i.e., clusters in which pods can be scheduled on a variety of different node types). Why did we make this change? Two reasons: cost and efficiency. Restructuring our clusters to support multiple different node types unlocked the ability to run workloads on the best machines for that workload, not just whatever our "default" happened to be. However, getting to this point wasn't easy. We'll describe in this presentation changes that were required in almost every part of our infrastructure, from changes to the ways we provision and scale clusters all the way down to changes in the API that our customer teams use. We'll also discuss the organizational hurdles that we had to address to build confidence in this new operating model.
What Kind of CPU is it Anyways? Airbnb's Journey to Heterogeneous Clusters - David Morrison & Evan Sheng, Airbnb
In this talk we describe the technical and organizational hurdles Airbnb needed to overcome to migrate from running "homogeneous" Kubernetes clusters (i.e., clusters in which the majority of nodes are the same type) to "heterogeneous" clusters (i.e., clusters in which pods can be scheduled on a variety of different node types). Why did we make this change? Two reasons: cost and efficiency. Restructuring our clusters to support multiple different node types unlocked the ability to run workloads on the best machines for that workload, not just whatever our "default" happened to be. However, getting to this point wasn't easy. We'll describe in this presentation changes that were required in almost every part of our infrastructure, from changes to the ways we provision and scale clusters all the way down to changes in the API that our customer teams use. We'll also discuss the organizational hurdles that we had to address to build confidence in this new operating model.
- 2 participants
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What We Learned from Reading 100+ Kubernetes Post-Mortems - Noaa Barki & Shimon Tolts, Datree
A smart person learns from their own mistakes, but a truly wise person learns from the mistakes of others. When launching our product, we wanted to learn as much as possible about typical pains in our ecosystem, and did so by reviewing many post-mortems (100+!) to discover the recurring patterns, anti-patterns, and root causes of typical outages in Kubernetes-based systems. In this talk we have aggregated for you the insights we gathered, and in particular will review the most obvious DON'Ts and some less obvious ones, that may help you prevent your next production outage by learning from others' real world (horror) stories.
What We Learned from Reading 100+ Kubernetes Post-Mortems - Noaa Barki & Shimon Tolts, Datree
A smart person learns from their own mistakes, but a truly wise person learns from the mistakes of others. When launching our product, we wanted to learn as much as possible about typical pains in our ecosystem, and did so by reviewing many post-mortems (100+!) to discover the recurring patterns, anti-patterns, and root causes of typical outages in Kubernetes-based systems. In this talk we have aggregated for you the insights we gathered, and in particular will review the most obvious DON'Ts and some less obvious ones, that may help you prevent your next production outage by learning from others' real world (horror) stories.
- 2 participants
- 33 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What You Need to Know About OpenMetrics - Richard Hartmann, Grafana Labs
OpenMetrics is now an Incubating project withing CNCF. It's also a required part of the Prometheus Conformance Program. What does that mean? What are the updates to be aware of? How can you leverage all of this today?
What You Need to Know About OpenMetrics - Richard Hartmann, Grafana Labs
OpenMetrics is now an Incubating project withing CNCF. It's also a required part of the Prometheus Conformance Program. What does that mean? What are the updates to be aware of? How can you leverage all of this today?
- 1 participant
- 19 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What You Need to Know Before Using Local Persistent Volumes - Sebastien Guilloux, Elastic
As Kubernetes matures, it becomes easier to run distributed databases and other stateful workloads on top of it. In order to do so, one important thing to figure out is how to manage persistent data. Local PersistentVolumes, as opposed to network-attached ones, can be particularly tricky to operate at scale. In this talk we will explore various options to make use of local volumes, along with a few important gotchas to be aware of. Come learn about static vs. dynamic provisioning, storage-aware scheduling problems, host failures, upgrades, and why your Pods may stay stuck in a Pending state.
What You Need to Know Before Using Local Persistent Volumes - Sebastien Guilloux, Elastic
As Kubernetes matures, it becomes easier to run distributed databases and other stateful workloads on top of it. In order to do so, one important thing to figure out is how to manage persistent data. Local PersistentVolumes, as opposed to network-attached ones, can be particularly tricky to operate at scale. In this talk we will explore various options to make use of local volumes, along with a few important gotchas to be aware of. Come learn about static vs. dynamic provisioning, storage-aware scheduling problems, host failures, upgrades, and why your Pods may stay stuck in a Pending state.
- 1 participant
- 35 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What's New With SIG-Windows: HostProcess and Developer environments - Brandon Smith & Danny Canter, Microsoft; Jay Vyas, VMware; Friedrich Wilken, SAP
Members of the SIG-Windows community will provide an update on the efforts to bringing Windows workloads to Kubernetes. We'll start off by going over recent improvements including a demo of the new HostProcess feature enabling “privileged” containers on Windows. Next we'll talk about planned future improvements. We'll then show our new development tooling that will enable you to get started with development for Windows in Kubernetes. Lastly we'll finish up with some Questions and Answers with the speakers.
What's New With SIG-Windows: HostProcess and Developer environments - Brandon Smith & Danny Canter, Microsoft; Jay Vyas, VMware; Friedrich Wilken, SAP
Members of the SIG-Windows community will provide an update on the efforts to bringing Windows workloads to Kubernetes. We'll start off by going over recent improvements including a demo of the new HostProcess feature enabling “privileged” containers on Windows. Next we'll talk about planned future improvements. We'll then show our new development tooling that will enable you to get started with development for Windows in Kubernetes. Lastly we'll finish up with some Questions and Answers with the speakers.
- 5 participants
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What's New in CRI-O? - Mrunal Patel, Urvashi Mohnani, Sascha Grunert & Peter Hunt, Red Hat
CRI-O is a lightweight container runtime written exclusively for Kubernetes. In addition to being a standard component for deploying secure and stable Kubernetes clusters, CRI-O has the unique advantage of being able to tailor its behavior to the needs of the Kubernetes ecosystem. In this talk, Mrunal Patel, Urvashi Mohnani, Sascha Grunert and Peter Hunt, the maintainers of CRI-O, will provide an update about the latest feature developments, as well as live demonstrating typical real world use cases around them. In addition to a review of the basics of setting up and using CRI-O with Kubernetes, the talk will cover improvements around the handling of CNI resources, the ability to tailor container resources with workload types, and updates to the collection and broadcasting of stats and metrics. Join the CRI-O maintainers to learn more about how CRI-O works in action and why it’s the perfect choice for your Kubernetes cluster!
What's New in CRI-O? - Mrunal Patel, Urvashi Mohnani, Sascha Grunert & Peter Hunt, Red Hat
CRI-O is a lightweight container runtime written exclusively for Kubernetes. In addition to being a standard component for deploying secure and stable Kubernetes clusters, CRI-O has the unique advantage of being able to tailor its behavior to the needs of the Kubernetes ecosystem. In this talk, Mrunal Patel, Urvashi Mohnani, Sascha Grunert and Peter Hunt, the maintainers of CRI-O, will provide an update about the latest feature developments, as well as live demonstrating typical real world use cases around them. In addition to a review of the basics of setting up and using CRI-O with Kubernetes, the talk will cover improvements around the handling of CNI resources, the ability to tailor container resources with workload types, and updates to the collection and broadcasting of stats and metrics. Join the CRI-O maintainers to learn more about how CRI-O works in action and why it’s the perfect choice for your Kubernetes cluster!
- 4 participants
- 26 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Who Killed My Pod? #Whodunit - Suneeta Mall, Nearmap
A few weeks ago, we deployed a brand new thoroughly tested, and profiled application onto a self-managed Kubernetes cluster. Suffice to say, all hell broke loose. The pods were getting OOMKilled with error code 137 left and right. This sparked a massive crime scene investigation and some interesting insights were discovered. In this Kube-CSI [crime scene investigation] episode, we will talk about exactly whodunit, why, and the fix!
Who Killed My Pod? #Whodunit - Suneeta Mall, Nearmap
A few weeks ago, we deployed a brand new thoroughly tested, and profiled application onto a self-managed Kubernetes cluster. Suffice to say, all hell broke loose. The pods were getting OOMKilled with error code 137 left and right. This sparked a massive crime scene investigation and some interesting insights were discovered. In this Kube-CSI [crime scene investigation] episode, we will talk about exactly whodunit, why, and the fix!
- 1 participant
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Why is Anyone Using Kubernetes Anyway? - Tasha Drew & Josephene Pynadath, VMware; Gaby Moreno Cesar, IBM; Carl J Pearson
Have you ever taken a step back and wondered, what is up with this whole Kubernetes thing? Why are people using it all over the place? Is it becase of Phippy and Captain Kube? The Docker whale being so cute and retro? Or is there something else going on? The team at SIG Usability had these questions too, and we have embarked on a two year user research study to find out what exactly is going on. Our goal is to make sure the upstream Kubernetes' community deeply understands the needs and goals of the users of Kubernetes, and how they are met and not met today. Join this talk for a deep dive into our study and data, and what we're learning about our users. Spoiler: getting started with Kubernetes is real hard, and we should fix our on-ramp. Learn more at our talk!
Why is Anyone Using Kubernetes Anyway? - Tasha Drew & Josephene Pynadath, VMware; Gaby Moreno Cesar, IBM; Carl J Pearson
Have you ever taken a step back and wondered, what is up with this whole Kubernetes thing? Why are people using it all over the place? Is it becase of Phippy and Captain Kube? The Docker whale being so cute and retro? Or is there something else going on? The team at SIG Usability had these questions too, and we have embarked on a two year user research study to find out what exactly is going on. Our goal is to make sure the upstream Kubernetes' community deeply understands the needs and goals of the users of Kubernetes, and how they are met and not met today. Join this talk for a deep dive into our study and data, and what we're learning about our users. Spoiler: getting started with Kubernetes is real hard, and we should fix our on-ramp. Learn more at our talk!
- 4 participants
- 25 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
YAML Your Cloud! Managing Your Hosted Resources With Kubernetes - Megan O'Keefe & Shabir Mohamed Abdul Samadh, Google
One of Kubernetes’ most powerful features is its declarative API, where the cluster is defined by its intended state. This transfers the responsibility to reconcile the intended and actual state from the user to the cluster. But it’s likely that users are also running workloads outside of Kubernetes, from databases to virtual machines— and they might be using multiple cloud providers at once. How to manage it all? In this talk, the speakers explore how Kubernetes’ declarative model can be used to manage cloud-hosted resources alongside their Kubernetes workloads. They will demonstrate this, first using Crossplane, a Kubernetes add-on with native multi-cloud support, and second, using custom controllers built by different cloud providers. Finally, they will show how to integrate OpenPolicyAgent with cloud-hosted resource definitions, to enforce custom policies across environments. Attendees will leave this talk ready to simplify their cloud configuration with Kubernetes.
YAML Your Cloud! Managing Your Hosted Resources With Kubernetes - Megan O'Keefe & Shabir Mohamed Abdul Samadh, Google
One of Kubernetes’ most powerful features is its declarative API, where the cluster is defined by its intended state. This transfers the responsibility to reconcile the intended and actual state from the user to the cluster. But it’s likely that users are also running workloads outside of Kubernetes, from databases to virtual machines— and they might be using multiple cloud providers at once. How to manage it all? In this talk, the speakers explore how Kubernetes’ declarative model can be used to manage cloud-hosted resources alongside their Kubernetes workloads. They will demonstrate this, first using Crossplane, a Kubernetes add-on with native multi-cloud support, and second, using custom controllers built by different cloud providers. Finally, they will show how to integrate OpenPolicyAgent with cloud-hosted resource definitions, to enforce custom policies across environments. Attendees will leave this talk ready to simplify their cloud configuration with Kubernetes.
- 2 participants
- 32 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
gRPC Proxyless Service Mesh with Security - Sanjay M Pujare, Google
gRPC has been a popular choice for building microservices based service mesh architectures especially after the recent introduction of service mesh features such as service discovery, load balancing, and observability which eliminated the need for sidecar proxies - like Envoy - in the service mesh. The introduction of these features in gRPC enabled a "proxyless service mesh". In this session we will talk about the addition of mTLS based transport security to the proxyless service mesh. We will describe the orchestration of security by the xDS control plane, the addition of a security plugin architecture to gRPC, and the implementation of some of those plugins to take advantage of security infrastructure in the Google Kubernetes Environment (GKE).
gRPC Proxyless Service Mesh with Security - Sanjay M Pujare, Google
gRPC has been a popular choice for building microservices based service mesh architectures especially after the recent introduction of service mesh features such as service discovery, load balancing, and observability which eliminated the need for sidecar proxies - like Envoy - in the service mesh. The introduction of these features in gRPC enabled a "proxyless service mesh". In this session we will talk about the addition of mTLS based transport security to the proxyless service mesh. We will describe the orchestration of security by the xDS control plane, the addition of a security plugin architecture to gRPC, and the implementation of some of those plugins to take advantage of security infrastructure in the Google Kubernetes Environment (GKE).
- 3 participants
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
k8snetlook – Root-Causing k8s Network Problems in an Automated Way - Arun Sriraman, VMware
More and more applications in production call Kubernetes their home. As the density of workloads on a Kubernetes cluster increases, so does the probability of downtime due to an underlying network issue. Some of the most common quibbles we hear from users: I can’t connect to my service A running within a K8s cluster or my service A seems to not be responding some % of the time. What do you do in these situations; Do you call the network gurus to help out, or kubectl delete the application and let Kubernetes self heal? What if you could identify an issue without needing to master the internals of K8s Networking? Arun will go over the various issues seen in the data plane, from dns, external traffic to internal app-to-app communication, and then discuss open source tools available to identify these issues in real time. We will look at k8snetlook - a simple open source tool that empowers every Kubenretes user; expert or otherwise, to root cause these issues in an automated way.
k8snetlook – Root-Causing k8s Network Problems in an Automated Way - Arun Sriraman, VMware
More and more applications in production call Kubernetes their home. As the density of workloads on a Kubernetes cluster increases, so does the probability of downtime due to an underlying network issue. Some of the most common quibbles we hear from users: I can’t connect to my service A running within a K8s cluster or my service A seems to not be responding some % of the time. What do you do in these situations; Do you call the network gurus to help out, or kubectl delete the application and let Kubernetes self heal? What if you could identify an issue without needing to master the internals of K8s Networking? Arun will go over the various issues seen in the data plane, from dns, external traffic to internal app-to-app communication, and then discuss open source tools available to identify these issues in real time. We will look at k8snetlook - a simple open source tool that empowers every Kubenretes user; expert or otherwise, to root cause these issues in an automated way.
- 1 participant
- 34 minutes
29 Oct 2021
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
kOps: Recent Advances and the Journey to an OSS Kubernetes Distribution - Peter Rifel, DataDog; Ciprian Hacman, eyeo; John Gardiner Myers, Proofpoint; Ole Markus With, Sportradar
kOps is a kubernetes subproject to manage and operate kubernetes clusters, delivering the full end-to-end user experience. We’ll give a quick introduction to kOps, and cover recent advances. Learn about better security, certificate rotation; support for containerd, arm64, azure; dedicated apiserver nodes; binding cloud roles to kubernetes service accounts; initial ipv6 support; much deeper testing and more! We’ll then deep-dive into how we are continuing to deliver the end-to-end experience, even as the core kubernetes repository extracts out networking, storage and cloud support … are we building a distro? What are the implications for how we can continue to develop and build kOps, and what can we learn from traditional Linux distros?
kOps: Recent Advances and the Journey to an OSS Kubernetes Distribution - Peter Rifel, DataDog; Ciprian Hacman, eyeo; John Gardiner Myers, Proofpoint; Ole Markus With, Sportradar
kOps is a kubernetes subproject to manage and operate kubernetes clusters, delivering the full end-to-end user experience. We’ll give a quick introduction to kOps, and cover recent advances. Learn about better security, certificate rotation; support for containerd, arm64, azure; dedicated apiserver nodes; binding cloud roles to kubernetes service accounts; initial ipv6 support; much deeper testing and more! We’ll then deep-dive into how we are continuing to deliver the end-to-end experience, even as the core kubernetes repository extracts out networking, storage and cloud support … are we building a distro? What are the implications for how we can continue to develop and build kOps, and what can we learn from traditional Linux distros?
- 4 participants
- 22 minutes
