17 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Salesforce Is Moving From Spinnaker To Argo Workflows For Provisioning Add-Ons - Mayank Kumar & Andy Chen, Salesforce
Speakers: Mayank Kumar, Andy Chen
Many companies are thinking about automating application provisioning on Kubernetes but are stuck with old tools which cannot natively leverage the K8s apis and offer little scalability and extensibility. Mayank will show you how the Salesforce Hyper compute team that manages thousands of EKS clusters, is migrating Spinnaker pipelines that deploy K8s integrations like logging, monitoring and certificates to every EKS cluster on Hyperforce, to ArgoWorkflows. Mayank will talk through the existing problems and walk you through a step by step process, their team is using to convert all Spinnaker pipelines to Argo Workflow templates to improve reliability using custom retries, deployment velocity using memoization and using K8s features to gain more control over the various continuous deployment stages. He will also talk about a reusable library of ArgoWorkflow stages that is helping speed up the conversion process and making the developer experience around maintaining these deployment pipelines a true joy.
How Salesforce Is Moving From Spinnaker To Argo Workflows For Provisioning Add-Ons - Mayank Kumar & Andy Chen, Salesforce
Speakers: Mayank Kumar, Andy Chen
Many companies are thinking about automating application provisioning on Kubernetes but are stuck with old tools which cannot natively leverage the K8s apis and offer little scalability and extensibility. Mayank will show you how the Salesforce Hyper compute team that manages thousands of EKS clusters, is migrating Spinnaker pipelines that deploy K8s integrations like logging, monitoring and certificates to every EKS cluster on Hyperforce, to ArgoWorkflows. Mayank will talk through the existing problems and walk you through a step by step process, their team is using to convert all Spinnaker pipelines to Argo Workflow templates to improve reliability using custom retries, deployment velocity using memoization and using K8s features to gain more control over the various continuous deployment stages. He will also talk about a reusable library of ArgoWorkflow stages that is helping speed up the conversion process and making the developer experience around maintaining these deployment pipelines a true joy.
- 5 participants
- 35 minutes
16 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Stateful Apps On Kubernetes - Bring Them On! - Diane Patton & Gunna Marripudi, NetApp; Scott Surovich, HSBC Bank, USA; Scott Miller, DreamWorks Animation; Lisa-Marie Namphy, Cockroach Labs
Speakers: Gunna Marripudi, Scott Surovich, Lisa-Marie Namphy, Tina Gill, Scott Miller
Worried about brining stateful applications onto your Kubernetes clusters? Learn from the Kubernetes experts at DreamWorks, HSBC and NetApp how you can build and operate at scale. In this session, panel members from DreamWorks, HSBC and NetApp will share their experiences from running data rich stateful applications on Kubernetes for years. The panel discussion will cover the following topics and others as related to data management and protection in Kubernetes. (1) Addressing challenges in managing ‘state’ in stateful application. (2) Use of different tools and capabilities Kubernetes ecosystem has delivered. (3) Best practices to optimize storage resource utilization. (4) Future needs of their expanding Kubernetes environments in hybrid-cloud/multi-cloud.
Stateful Apps On Kubernetes - Bring Them On! - Diane Patton & Gunna Marripudi, NetApp; Scott Surovich, HSBC Bank, USA; Scott Miller, DreamWorks Animation; Lisa-Marie Namphy, Cockroach Labs
Speakers: Gunna Marripudi, Scott Surovich, Lisa-Marie Namphy, Tina Gill, Scott Miller
Worried about brining stateful applications onto your Kubernetes clusters? Learn from the Kubernetes experts at DreamWorks, HSBC and NetApp how you can build and operate at scale. In this session, panel members from DreamWorks, HSBC and NetApp will share their experiences from running data rich stateful applications on Kubernetes for years. The panel discussion will cover the following topics and others as related to data management and protection in Kubernetes. (1) Addressing challenges in managing ‘state’ in stateful application. (2) Use of different tools and capabilities Kubernetes ecosystem has delivered. (3) Best practices to optimize storage resource utilization. (4) Future needs of their expanding Kubernetes environments in hybrid-cloud/multi-cloud.
- 7 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
100Gbit/S Clusters With Cilium: Building Tomorrow’s Networking Data Plane - Daniel Borkmann & Nikolay Aleksandrov, Isovalent
Speakers: Daniel Borkmann, Nikolay Aleksandrov
The vast majority of Kubernetes users today are running IPv4-only clusters or transitioning to dual stack deployments as an interim step on the journey towards IPv6-only clusters. The latter are not only an enabler for more IPAM flexibility and larger cluster scale, but also unlock new Linux kernel innovations in networking and eBPF to cater for data intensive workloads. In this talk, we examine what's possible once we arrive at IPv6-only clusters. We present recent advancements in Cilium's networking data plane enabling a low-latency architecture suitable for "BIG TCP"-based workloads requiring IPv6 for 100Gbit/s transfers and beyond for a single socket. In addition, we deep dive our path into achieving host networking performance characteristics for Pods through a new veth driver replacement we specifically developed for the kernel in context of Cilium. With the resulting eBPF forwarding architecture, most unneeded parts of the stack are bypassed, drastically improving networking.
100Gbit/S Clusters With Cilium: Building Tomorrow’s Networking Data Plane - Daniel Borkmann & Nikolay Aleksandrov, Isovalent
Speakers: Daniel Borkmann, Nikolay Aleksandrov
The vast majority of Kubernetes users today are running IPv4-only clusters or transitioning to dual stack deployments as an interim step on the journey towards IPv6-only clusters. The latter are not only an enabler for more IPAM flexibility and larger cluster scale, but also unlock new Linux kernel innovations in networking and eBPF to cater for data intensive workloads. In this talk, we examine what's possible once we arrive at IPv6-only clusters. We present recent advancements in Cilium's networking data plane enabling a low-latency architecture suitable for "BIG TCP"-based workloads requiring IPv6 for 100Gbit/s transfers and beyond for a single socket. In addition, we deep dive our path into achieving host networking performance characteristics for Pods through a new veth driver replacement we specifically developed for the kernel in context of Cilium. With the resulting eBPF forwarding architecture, most unneeded parts of the stack are bypassed, drastically improving networking.
- 1 participant
- 28 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
2022 Observability TAG Update - Alolita Sharma, Apple & Matt Young, TAG Observability
The CNCF Technical Advisory Group (TAG) on Observability serves as a discussion forum for topics related to observability of cloud native systems and workloads. We also produce supporting material and best practices for end users and provide guidance and coordination for CNCF observability projects working within the TAG’s scope. This session will provide an update on major observability projects in the CNCF, technology updates from these projects and opportunities to get involved in the TAG to build momentum on cross-collaboration across observability projects, data protocols and new areas. We also invite observability practitioners, developers and contributors to join in for this session to discuss features, gaps and open source solutions for end-users.
2022 Observability TAG Update - Alolita Sharma, Apple & Matt Young, TAG Observability
The CNCF Technical Advisory Group (TAG) on Observability serves as a discussion forum for topics related to observability of cloud native systems and workloads. We also produce supporting material and best practices for end users and provide guidance and coordination for CNCF observability projects working within the TAG’s scope. This session will provide an update on major observability projects in the CNCF, technology updates from these projects and opportunities to get involved in the TAG to build momentum on cross-collaboration across observability projects, data protocols and new areas. We also invite observability practitioners, developers and contributors to join in for this session to discuss features, gaps and open source solutions for end-users.
- 3 participants
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
73,000 Pods a Day, Lessons From Misadventures In Multi-Tenant - Shane Corbett, Amazon Web Services & Wil Reed, Acquia
We spent over two years pouring through 800 page linux kernel performance books, tweaking obscure control plane settings, and developing detailed custom monitoring dashboards so you don’t have to! We found there is a large delta between what we learned in CKA training, and the layer upon layer of hard fought knowledge it takes run a large scale multi-tenant application in production. Join us as we take you through real world findings that took months of research to fully understand, and provide evidence that some of the things we were convinced were best practices, were the very things holding us back the most.
73,000 Pods a Day, Lessons From Misadventures In Multi-Tenant - Shane Corbett, Amazon Web Services & Wil Reed, Acquia
We spent over two years pouring through 800 page linux kernel performance books, tweaking obscure control plane settings, and developing detailed custom monitoring dashboards so you don’t have to! We found there is a large delta between what we learned in CKA training, and the layer upon layer of hard fought knowledge it takes run a large scale multi-tenant application in production. Join us as we take you through real world findings that took months of research to fully understand, and provide evidence that some of the things we were convinced were best practices, were the very things holding us back the most.
- 2 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
9-1-1: Cloud Native - Kubernetes For Public Safety Systems - Marc Boorshtein, Tremolo Security, Inc.
Speakers: Marc Boorshtein
This session is a case study on using Kubernetes for the US National Capital Region’s Identity and Access Management System (IAMS), managed by Fairfax County VA. IAMS provides secure access to applications for first responders and public safety personnel in the DC region. This session will walk through IAMS’ ten year journey from “virtual appliances'', to trying docker containers, and ultimately implementing Kubernetes. The case study will cover the program’s journey and how it managed issues around automation, scalability, and cost. The case study will work through how the program approached automating builds, updating dependencies, moving from stateful log management to stateless log management and the program’s move to GitOps covering how it manages multiple environments and secrets. Finally, the case study will also address the challenges in particular to building an automated system in a public safety environment where there is a diverse mix of cloud native and legacy systems.
9-1-1: Cloud Native - Kubernetes For Public Safety Systems - Marc Boorshtein, Tremolo Security, Inc.
Speakers: Marc Boorshtein
This session is a case study on using Kubernetes for the US National Capital Region’s Identity and Access Management System (IAMS), managed by Fairfax County VA. IAMS provides secure access to applications for first responders and public safety personnel in the DC region. This session will walk through IAMS’ ten year journey from “virtual appliances'', to trying docker containers, and ultimately implementing Kubernetes. The case study will cover the program’s journey and how it managed issues around automation, scalability, and cost. The case study will work through how the program approached automating builds, updating dependencies, moving from stateful log management to stateless log management and the program’s move to GitOps covering how it manages multiple environments and secrets. Finally, the case study will also address the challenges in particular to building an automated system in a public safety environment where there is a diverse mix of cloud native and legacy systems.
- 1 participant
- 29 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Containerd And Friends Update: What’s New In Runtimes? - Phil Estes, AWS; Mike Brown, IBM; Maksym Pavlenko, Apple; Michael Zappa, Microsoft
After five years as a CNCF project, containerd is still actively growing in contributors and maintainers who are busy working on interesting features and capabilities in the core and non-core containerd projects. During this project update from maintainers you'll learn about the latest work in containerd, including our recent addition of sandboxes, a handful of CRI and CNI improvements, as well as various improvements to the architecture and services that drive containerd's use by other projects and platforms. Outside of the core containerd project, our "non-core" projects have grown in number, including several Rust-based projects, new snapshotter implementations, and the increasingly popular client-focused project, nerdctl. Come join us for a fast-paced update on all these areas and to ask your containerd questions with the handful of on-site containerd maintainers.
A Containerd And Friends Update: What’s New In Runtimes? - Phil Estes, AWS; Mike Brown, IBM; Maksym Pavlenko, Apple; Michael Zappa, Microsoft
After five years as a CNCF project, containerd is still actively growing in contributors and maintainers who are busy working on interesting features and capabilities in the core and non-core containerd projects. During this project update from maintainers you'll learn about the latest work in containerd, including our recent addition of sandboxes, a handful of CRI and CNI improvements, as well as various improvements to the architecture and services that drive containerd's use by other projects and platforms. Outside of the core containerd project, our "non-core" projects have grown in number, including several Rust-based projects, new snapshotter implementations, and the increasingly popular client-focused project, nerdctl. Come join us for a fast-paced update on all these areas and to ask your containerd questions with the handful of on-site containerd maintainers.
- 4 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A New Way To Roll: Supply Chain Choreography For Enterprise Grade Kubernetes - Kirti Apte & Steve Watkins, VMware
Speakers: Kirti Apte, Steve Watkins
Kubernetes has become a popular choice for container orchestration as enterprises embark on their cloud-native application journey. We have observed that while enterprises quickly adopt Kubernetes by building and deploying microservices-based applications, full software development lifecycle (SDLC) considerations such as continuous integration and deployment (CI/CD) are often an afterthought. What does it take to incorporate DevSecOps practices into your CI/CD pipelines to deliver enterprise-grade cloud-native applications that adhere to best practices, and ensure a frictionless handoff between developers, operations and security? How do you make sure that your development, test, and production environments are consistent to deliver high-quality, secure, and reliable code at the velocity demanded by your business? In this talk, we will present all aspects of defining, building, and managing a secure software supply chain within your organization to deploy cloud-native applications into Kubernetes using a set of open standard based Tanzu Application Platform and DevSecOps best practices. We will also cover how supply chain choreography helps you define a delivery system with infrastructure as code while keeping it tools and programming language agnostic.
A New Way To Roll: Supply Chain Choreography For Enterprise Grade Kubernetes - Kirti Apte & Steve Watkins, VMware
Speakers: Kirti Apte, Steve Watkins
Kubernetes has become a popular choice for container orchestration as enterprises embark on their cloud-native application journey. We have observed that while enterprises quickly adopt Kubernetes by building and deploying microservices-based applications, full software development lifecycle (SDLC) considerations such as continuous integration and deployment (CI/CD) are often an afterthought. What does it take to incorporate DevSecOps practices into your CI/CD pipelines to deliver enterprise-grade cloud-native applications that adhere to best practices, and ensure a frictionless handoff between developers, operations and security? How do you make sure that your development, test, and production environments are consistent to deliver high-quality, secure, and reliable code at the velocity demanded by your business? In this talk, we will present all aspects of defining, building, and managing a secure software supply chain within your organization to deploy cloud-native applications into Kubernetes using a set of open standard based Tanzu Application Platform and DevSecOps best practices. We will also cover how supply chain choreography helps you define a delivery system with infrastructure as code while keeping it tools and programming language agnostic.
- 2 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Raccoon And a Group Of Turtles Secure Clusters Together! - Pushkar Joglekar & Naadir Jeewa, VMware
How does a Raccoon and a bunch of Turtles find common ground? Answer: You find a Goose who makes space where both feel welcome. In this session, Pushkar Joglekar and Naadir Jeewa will talk about how a multi-year collaboration where Kubernetes SIG Cluster Lifecycle, SIG Security & TAG Security came together to write the first community driven self-assessment of a Kubernetes sub-project: Cluster API. The session will cover how it all started from the basics with data flow diagrams to understand the internals of the project, then using that to model threats and assess next steps. Next, they will discuss challenges faced doing this exercise with folks around the globe (5 countries), limited maintainer time, doing our best to avoid zoom fatigue while trying and at times failing to be async first. Finally they will talk about what is happening with the findings from this exercise and how they plan to apply the lessons learnt from this exercise to future self-assessments across all Kubernetes sub-projects. Come for the stories from the animal kingdom; Stay for the real stories of humans bringing their best self to break some new ground in the form of community driven security improvements!
A Raccoon And a Group Of Turtles Secure Clusters Together! - Pushkar Joglekar & Naadir Jeewa, VMware
How does a Raccoon and a bunch of Turtles find common ground? Answer: You find a Goose who makes space where both feel welcome. In this session, Pushkar Joglekar and Naadir Jeewa will talk about how a multi-year collaboration where Kubernetes SIG Cluster Lifecycle, SIG Security & TAG Security came together to write the first community driven self-assessment of a Kubernetes sub-project: Cluster API. The session will cover how it all started from the basics with data flow diagrams to understand the internals of the project, then using that to model threats and assess next steps. Next, they will discuss challenges faced doing this exercise with folks around the globe (5 countries), limited maintainer time, doing our best to avoid zoom fatigue while trying and at times failing to be async first. Finally they will talk about what is happening with the findings from this exercise and how they plan to apply the lessons learnt from this exercise to future self-assessments across all Kubernetes sub-projects. Come for the stories from the animal kingdom; Stay for the real stories of humans bringing their best self to break some new ground in the form of community driven security improvements!
- 3 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
ADHD: Understanding, Awareness, And Shared Experience - Bart Farrell, Data on Kubernetes Community; Heba elAyoty, Microsoft; Farrah Campbell, Amazon Web Services; Rich Burroughs, Loft Labs
Speakers: Rich Burroughs, Bartholomew Farrell, Heba elAyoty, Farrah Campbell
The cloud-native has a welcoming, diverse and inclusive community. However, are we as a community aware and inclusive of neurodivergent people? Are we neurodiverse? Is our documentation, talks, processes, conferences, applications, interactions and resources in line and aware of neurodivergent needs as it is for the neurotypical? How can we recognize and support our neurodivergent people? What efforts, approaches, and awareness programs are accomplished by the cncf or the community to accommodate and extend such inclusivity and strengthen our neurodiversity? What community data do we have on mental disorders among us, our developers, advocates, and the rest of the community? Join us, neurodivergent people answering the above questions and sharing our experiences, journeys, concerns, and insights reflecting on the CNCF community ecosystem and how it can benefit from being more neurodiverse. Presenting tips and tricks on how ADHD might be recognized as early as possible for you, a member of your family or the community? Our contribution is how to continue the self-care journey and extend inclusivity to mental health disorders, starting with ADHD. Hopefully, this will encourage more, including specialists and professionals, to come forward and help.
ADHD: Understanding, Awareness, And Shared Experience - Bart Farrell, Data on Kubernetes Community; Heba elAyoty, Microsoft; Farrah Campbell, Amazon Web Services; Rich Burroughs, Loft Labs
Speakers: Rich Burroughs, Bartholomew Farrell, Heba elAyoty, Farrah Campbell
The cloud-native has a welcoming, diverse and inclusive community. However, are we as a community aware and inclusive of neurodivergent people? Are we neurodiverse? Is our documentation, talks, processes, conferences, applications, interactions and resources in line and aware of neurodivergent needs as it is for the neurotypical? How can we recognize and support our neurodivergent people? What efforts, approaches, and awareness programs are accomplished by the cncf or the community to accommodate and extend such inclusivity and strengthen our neurodiversity? What community data do we have on mental disorders among us, our developers, advocates, and the rest of the community? Join us, neurodivergent people answering the above questions and sharing our experiences, journeys, concerns, and insights reflecting on the CNCF community ecosystem and how it can benefit from being more neurodiverse. Presenting tips and tricks on how ADHD might be recognized as early as possible for you, a member of your family or the community? Our contribution is how to continue the self-care journey and extend inclusivity to mental health disorders, starting with ADHD. Hopefully, this will encourage more, including specialists and professionals, to come forward and help.
- 5 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
API Evolution With CRDs: Best Practices For Authoring & Fuzz Testing APIs - James Munnelly & Andrea Tosatto, Apple
CustomResourceDefinitions are prolific in Kubernetes. With so many new projects being prototyped, developed and released into the ecosystem, it's essential to ensure you're designing your APIs in a scalable, well tested way. Projects like Kubebuilder and the Operator Framework provide plentiful tooling to keep you on 'the straight and narrow', but some fundamental issues still trip up even the most experienced Kubernetes engineers. In this talk, we'll go over strategies & tooling that can help ensure you are successful when authoring and evolving your APIs, including:
* How to ensure your APIs follow best practices/standards (and linting OpenAPI schemas!)
* Fuzz & integration testing API version conversion functions to ensure platform stability in your clusters
* Automatically validating your OpenAPI schemas are up to date for your type definitions
* Best practices in 2022 for writing validations & mutations
* Ensuring your OpenAPI schema changes are backwards compatible within an API version
James has helped bring various API groups to stability across projects in the ecosystem and both he and Andrea have experience with unique problems that are found when projects reach a certain scale & maturity, having helped take CRDs through a full alpha to beta to GA deprecation cycle.
API Evolution With CRDs: Best Practices For Authoring & Fuzz Testing APIs - James Munnelly & Andrea Tosatto, Apple
CustomResourceDefinitions are prolific in Kubernetes. With so many new projects being prototyped, developed and released into the ecosystem, it's essential to ensure you're designing your APIs in a scalable, well tested way. Projects like Kubebuilder and the Operator Framework provide plentiful tooling to keep you on 'the straight and narrow', but some fundamental issues still trip up even the most experienced Kubernetes engineers. In this talk, we'll go over strategies & tooling that can help ensure you are successful when authoring and evolving your APIs, including:
* How to ensure your APIs follow best practices/standards (and linting OpenAPI schemas!)
* Fuzz & integration testing API version conversion functions to ensure platform stability in your clusters
* Automatically validating your OpenAPI schemas are up to date for your type definitions
* Best practices in 2022 for writing validations & mutations
* Ensuring your OpenAPI schema changes are backwards compatible within an API version
James has helped bring various API groups to stability across projects in the ecosystem and both he and Andrea have experience with unique problems that are found when projects reach a certain scale & maturity, having helped take CRDs through a full alpha to beta to GA deprecation cycle.
- 2 participants
- 30 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Balancing Yin (Community) And Yang (Company) In OSS - Nikhita Raghunath & Kiran Mova, VMware
The Kubernetes Annual Report [1] shows that there are very few contributors, especially senior and experienced folks, who are paid to work on k8s. The report also shows that PR reviews were down -24% across the k8s repo. The existing contributors are burnt out and have started to move away from the project. This is affecting the sustainability, quality and velocity of the project, with major regression-related backports in recent releases. It clearly shows that most companies profit from k8s but don’t contribute back. Continuing this model is a huge risk to the whole CNCF ecosystem. We will show strategies on how employers can practice “Business Aligned Open Source”. We will cover how to: - Add value to internal products, improve speed to market and innovation - Build expertise and better support customers - Have employees dedicate a certain percentage to upstream - Incentivize career growth - Surface areas of risk that require investment - Establish company’s influence and credibility in the community [1] https://www.cncf.io/reports/kubernetes-annual-report-2021/
Balancing Yin (Community) And Yang (Company) In OSS - Nikhita Raghunath & Kiran Mova, VMware
The Kubernetes Annual Report [1] shows that there are very few contributors, especially senior and experienced folks, who are paid to work on k8s. The report also shows that PR reviews were down -24% across the k8s repo. The existing contributors are burnt out and have started to move away from the project. This is affecting the sustainability, quality and velocity of the project, with major regression-related backports in recent releases. It clearly shows that most companies profit from k8s but don’t contribute back. Continuing this model is a huge risk to the whole CNCF ecosystem. We will show strategies on how employers can practice “Business Aligned Open Source”. We will cover how to: - Add value to internal products, improve speed to market and innovation - Build expertise and better support customers - Have employees dedicate a certain percentage to upstream - Incentivize career growth - Surface areas of risk that require investment - Establish company’s influence and credibility in the community [1] https://www.cncf.io/reports/kubernetes-annual-report-2021/
- 2 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Beyond Kubebuilder - Generating Entire Kubernetes Controller Implementations - Amine Hilaly & Jay Pipes, Amazon Web Services
"Tales from the Kubernetes controller factory floor" If you have used the Kubernetes controller-tools and kubebuilder projects to create a custom Kubernetes controller, you already know the immense power of these tools. However, a significant amount of work remains to implement a controller once kubebuilder has produced API types and basic controller scaffolding. What if you had to build dozens of controllers managing thousands of resources? You'd need a factory to produce full controller implementations from API model schemas. Amine and Jay happen to work in such a Kubernetes controller factory! In this talk, they will give you a tour of the Kubernetes controller factory, showing you how to use the API machinery and what dangers linger on the factory floor. They will teach you how to be the most productive worker in the whole factory by building on top of controller-tools and kubebuilder functionality. You will be introduced to open source tools and strategies that make Kubernetes controller factory life safe and enjoyable!
Beyond Kubebuilder - Generating Entire Kubernetes Controller Implementations - Amine Hilaly & Jay Pipes, Amazon Web Services
"Tales from the Kubernetes controller factory floor" If you have used the Kubernetes controller-tools and kubebuilder projects to create a custom Kubernetes controller, you already know the immense power of these tools. However, a significant amount of work remains to implement a controller once kubebuilder has produced API types and basic controller scaffolding. What if you had to build dozens of controllers managing thousands of resources? You'd need a factory to produce full controller implementations from API model schemas. Amine and Jay happen to work in such a Kubernetes controller factory! In this talk, they will give you a tour of the Kubernetes controller factory, showing you how to use the API machinery and what dangers linger on the factory floor. They will teach you how to be the most productive worker in the whole factory by building on top of controller-tools and kubebuilder functionality. You will be introduced to open source tools and strategies that make Kubernetes controller factory life safe and enjoyable!
- 7 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Beyond Orchestration: The Cloud Native Runtimes Ecosystem for Performance and Security - Alexander Jung, Unikraft
Speakers: Alexander Jung
The ecosystem of runtimes for container-based applications has been growing dramatically over the last few years with new implementations providing deeper integration between host and application with two primary goals in mind: performance and security.
Many of these systems, however, rely on manually adapting your application for the runtime provider for performance which negatively impacts adoption or uses existing virtualized, ad-hoc and traditional OSes/kernels for security which negatively impacts performance.
In this talk, we introduce Unikraft: an open-source library Operating System which enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage (e.g. 3-5ms boot times, MBs of memory and disk usage, to name a few metrics) and a small attack surface (e.g.: no co-processes, no shell). We make comparisons across the current runtime landscape and demonstrate how you can use Unikraft with Kubernetes today.
Beyond Orchestration: The Cloud Native Runtimes Ecosystem for Performance and Security - Alexander Jung, Unikraft
Speakers: Alexander Jung
The ecosystem of runtimes for container-based applications has been growing dramatically over the last few years with new implementations providing deeper integration between host and application with two primary goals in mind: performance and security.
Many of these systems, however, rely on manually adapting your application for the runtime provider for performance which negatively impacts adoption or uses existing virtualized, ad-hoc and traditional OSes/kernels for security which negatively impacts performance.
In this talk, we introduce Unikraft: an open-source library Operating System which enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage (e.g. 3-5ms boot times, MBs of memory and disk usage, to name a few metrics) and a small attack surface (e.g.: no co-processes, no shell). We make comparisons across the current runtime landscape and demonstrate how you can use Unikraft with Kubernetes today.
- 3 participants
- 30 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
BoF: Intro to Open Source Licenses and Q&A - Jeff Shapiro, The Linux Foundation
Speakers: Jeff Shapiro
All open source projects contain one, and possibly many open source licenses. Whether you are consuming, contributing, or using a project downstream with your own code, you need to understand how those licenses will impact your project and your company. We will start with an overview of basic license information, and then open up the floor to discussion and Q&A for more advanced license topics, as well as your specific project use cases. This BoF session is suitable for anyone who wants to know more about open source licenses, from beginner to advanced topics. The presenter is the License Scanning Manager for The Linux Foundation, and has 30 years experience in the software industry, including 10 years in software auditing, open source license scanning, and training developers in OSS license compliance.
BoF: Intro to Open Source Licenses and Q&A - Jeff Shapiro, The Linux Foundation
Speakers: Jeff Shapiro
All open source projects contain one, and possibly many open source licenses. Whether you are consuming, contributing, or using a project downstream with your own code, you need to understand how those licenses will impact your project and your company. We will start with an overview of basic license information, and then open up the floor to discussion and Q&A for more advanced license topics, as well as your specific project use cases. This BoF session is suitable for anyone who wants to know more about open source licenses, from beginner to advanced topics. The presenter is the License Scanning Manager for The Linux Foundation, and has 30 years experience in the software industry, including 10 years in software auditing, open source license scanning, and training developers in OSS license compliance.
- 6 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Container Images In Kubernetes: It’s Been a Journey! - Laurent Bernaille & Eric Mountain, Datadog
Speakers: Laurent Bernaille, Eric Mountain
Almost all of Datadog now runs on Kubernetes, but for a long time we needed dedicated nodes running Docker to build container images. We have recently migrated container image builds to Kubernetes and it's been an interesting journey!
The main challenge to build container images inside Kubernetes is to achieve it without additional privileges. We will explain why we chose buildkit in rootless mode, the architecture we ended up using, as well as the challenges we faced.
Building container images in rootless mode worked flawlessly for over 90% of our images, but for the remaining 10% we encountered complex and interesting issues. We will dive into these problems and explain in detail how rootless builds work and why they sometimes behave differently. We will also explain how we addressed these issues together with the community.
Building Container Images In Kubernetes: It’s Been a Journey! - Laurent Bernaille & Eric Mountain, Datadog
Speakers: Laurent Bernaille, Eric Mountain
Almost all of Datadog now runs on Kubernetes, but for a long time we needed dedicated nodes running Docker to build container images. We have recently migrated container image builds to Kubernetes and it's been an interesting journey!
The main challenge to build container images inside Kubernetes is to achieve it without additional privileges. We will explain why we chose buildkit in rootless mode, the architecture we ended up using, as well as the challenges we faced.
Building container images in rootless mode worked flawlessly for over 90% of our images, but for the remaining 10% we encountered complex and interesting issues. We will dive into these problems and explain in detail how rootless builds work and why they sometimes behave differently. We will also explain how we addressed these issues together with the community.
- 2 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Multi-Architecture Images With Buildpacks - Aidan Delaney, Bloomberg
Buildpacks transforms source applications into images that run on any cloud. We will introduce the key architecture of Buildpacks and explain the separation of concerns between the buildpack and the platform API. In addition, we will take a deeper dive into two platform implementations. We deep-dive into a stand-alone buildpack builder (pack) and a Kubernetes native buildpack service (kpack), detailing how both use the lifecycle component to build source applications into images.
Having established a deeper understanding of how a platform works, we workshop approaches to supporting multi-architecture builds. It is increasingly common for developers to require their application to run on both x86_64 and ARM64. The current platform specification maps a platform onto a single architecture and implementations build x86_64 images on x86_64 build platforms and ARM64 images on ARM64 platforms. We ask how applications can be built on x86_64 and produce images for both x86_64 and ARM64? Are the necessary changes to the platform and Buildpacks APIs backward compatible? Is it feasible for pack and kpack to produce muti-architecture output?
Building Multi-Architecture Images With Buildpacks - Aidan Delaney, Bloomberg
Buildpacks transforms source applications into images that run on any cloud. We will introduce the key architecture of Buildpacks and explain the separation of concerns between the buildpack and the platform API. In addition, we will take a deeper dive into two platform implementations. We deep-dive into a stand-alone buildpack builder (pack) and a Kubernetes native buildpack service (kpack), detailing how both use the lifecycle component to build source applications into images.
Having established a deeper understanding of how a platform works, we workshop approaches to supporting multi-architecture builds. It is increasingly common for developers to require their application to run on both x86_64 and ARM64. The current platform specification maps a platform onto a single architecture and implementations build x86_64 images on x86_64 build platforms and ARM64 images on ARM64 platforms. We ask how applications can be built on x86_64 and produce images for both x86_64 and ARM64? Are the necessary changes to the platform and Buildpacks APIs backward compatible? Is it feasible for pack and kpack to produce muti-architecture output?
- 3 participants
- 39 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building a Day1/Day2 Application Operations Platform On CNCF Projects. - Alois Reitbauer, Dynatrace & Alex Jones, Canonical
Effectively delivering and operating large and complex cloud-native applications becomes more and more important as companies move an increasing number of applications to Kubernetes. Most companies are building self-service platforms which can be used by individual teams while enabling companies to drive company wide practices. The cloud-native ecosystem provides a large number of projects that help with different aspects of building these platforms. In this talk we will cover all major aspects of the application lifecycle from build, test over to provision, delivery and release all the way to operational management and showcase different tools and how they can be used and combined together. After the talk you will be able to answer all the below questions and more: How can I best build cloud native applications? What are the best approaches to provide standard components like databases, etc? How can I provision infrastructure following the same cloud native approach I use for my application? How can best manage the deployment and rollout process? How can I seamlessly integrate practices like chaos testing? How can I automate the setup of operations requirements like security, observability, …? How can I automate day2 operations at an infrastructure and application level? We will focus on sharing concepts combines with small examples which help illustrate how different aspects can be done with different tools.
Building a Day1/Day2 Application Operations Platform On CNCF Projects. - Alois Reitbauer, Dynatrace & Alex Jones, Canonical
Effectively delivering and operating large and complex cloud-native applications becomes more and more important as companies move an increasing number of applications to Kubernetes. Most companies are building self-service platforms which can be used by individual teams while enabling companies to drive company wide practices. The cloud-native ecosystem provides a large number of projects that help with different aspects of building these platforms. In this talk we will cover all major aspects of the application lifecycle from build, test over to provision, delivery and release all the way to operational management and showcase different tools and how they can be used and combined together. After the talk you will be able to answer all the below questions and more: How can I best build cloud native applications? What are the best approaches to provide standard components like databases, etc? How can I provision infrastructure following the same cloud native approach I use for my application? How can best manage the deployment and rollout process? How can I seamlessly integrate practices like chaos testing? How can I automate the setup of operations requirements like security, observability, …? How can I automate day2 operations at an infrastructure and application level? We will focus on sharing concepts combines with small examples which help illustrate how different aspects can be done with different tools.
- 2 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
B’Envoy-age to Pre-Quantum Encryption - Daniel Rouhana, Independent; Emma Dickenson, Washington State University; Doron Podoleanu, F5
Speakers: Doron Podoleanu, Daniel Rouhana, Emma Dickenson
Reverse proxies, services meshes and API Gateways are booming as the cloud native motion soars and eats the world. Meanwhile, the implications of fault-tolerant quantum computers and the variety of actors pursuing such capabilities threaten the underlying security and integrity of widely used software and network stacks. What happens to cloud native stacks, organizations which operate cloud stacks and to the operators when faced with an adversary who possesses a quantum computer? The issue necessitated the development of novel protocols and schema to protect the free flow of information across the internet. While public cloud providers are leading the industry charge in that aspect, the most popular reverse proxies, service meshes, and other commonly used software seems to not address those issues. In this panel we would like to share with you our work which includes the inception of quantum resistant cloud stack. We are porting Envoy and Istio to run quantum resistant cryptography algorithms across the stack thus incepting quantum resistant cloud native stack. We hope to see continued expansion of the effort is needed to cover multiple projects, undoubtedly with the help of the open-source community.
B’Envoy-age to Pre-Quantum Encryption - Daniel Rouhana, Independent; Emma Dickenson, Washington State University; Doron Podoleanu, F5
Speakers: Doron Podoleanu, Daniel Rouhana, Emma Dickenson
Reverse proxies, services meshes and API Gateways are booming as the cloud native motion soars and eats the world. Meanwhile, the implications of fault-tolerant quantum computers and the variety of actors pursuing such capabilities threaten the underlying security and integrity of widely used software and network stacks. What happens to cloud native stacks, organizations which operate cloud stacks and to the operators when faced with an adversary who possesses a quantum computer? The issue necessitated the development of novel protocols and schema to protect the free flow of information across the internet. While public cloud providers are leading the industry charge in that aspect, the most popular reverse proxies, service meshes, and other commonly used software seems to not address those issues. In this panel we would like to share with you our work which includes the inception of quantum resistant cloud stack. We are porting Envoy and Istio to run quantum resistant cryptography algorithms across the stack thus incepting quantum resistant cloud native stack. We hope to see continued expansion of the effort is needed to cover multiple projects, undoubtedly with the help of the open-source community.
- 6 participants
- 30 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
CRI-O’s Senior Year - Peter Hunt, Urvashi Mohnani, Mrunal Patel, Red Hat
Speakers: Urvashi Mohnani, Peter Hunt, Mrunal Patel
As CRI-O approaches CNCF graduation, it continues in its mission to provide a stable and secure OCI implementation of the Kubernetes CRI. Join the CRI-O team as they give an overview of CRI-O as well as talk about some new work, such as the progress on the new container monitor conmon-rs, rewritten completely in Rust. The team will also talk about the integration with sigstore to secure CRI-O’s supply chain as well as some of the interesting work being done in CRI-O to stay in-line with upstream Kubernetes. These include the stats collection rework as well as the work to support evented PLEG. Audience members will leave with an understanding of what CRI-O is, and where it is going.
CRI-O’s Senior Year - Peter Hunt, Urvashi Mohnani, Mrunal Patel, Red Hat
Speakers: Urvashi Mohnani, Peter Hunt, Mrunal Patel
As CRI-O approaches CNCF graduation, it continues in its mission to provide a stable and secure OCI implementation of the Kubernetes CRI. Join the CRI-O team as they give an overview of CRI-O as well as talk about some new work, such as the progress on the new container monitor conmon-rs, rewritten completely in Rust. The team will also talk about the integration with sigstore to secure CRI-O’s supply chain as well as some of the interesting work being done in CRI-O to stay in-line with upstream Kubernetes. These include the stats collection rework as well as the work to support evented PLEG. Audience members will leave with an understanding of what CRI-O is, and where it is going.
- 5 participants
- 40 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cgroups V2: Before You Jump In - Tony Gosselin & Mike Tougeron, Adobe Systems
Speakers: Mike Tougeron, Tony Gosselin
Adobe jumped into upgrading to cgroups v2 head-first and hit rocks beneath the surface. Our telemetry broke, HPA ceased to function, and then we started to notice some issues with our java apps. We ended up having to drag ourselves back to shore. However, that doesn’t mean you shouldn’t take the plunge! In this talk, we will give a background on what cgroups are (and why you should care) and how this impacts cloud-native architecture. We’ll also be touching on new cgroupv2 features in development for Kubernetes, such as tools to better manage resource utilization and an intelligent OOM killer for multi-container pods. At last spring’s KubeCon + CloudNativeCon Europe, SIG-Node shared their roadmap for Cgroups and Kubernetes, letting the community know where support for v1 and v2 is heading. This talk will help guide you in your transition and provide valuable feedback as you make the jump. Learn from our bumps and bruises, the water’s great!
Cgroups V2: Before You Jump In - Tony Gosselin & Mike Tougeron, Adobe Systems
Speakers: Mike Tougeron, Tony Gosselin
Adobe jumped into upgrading to cgroups v2 head-first and hit rocks beneath the surface. Our telemetry broke, HPA ceased to function, and then we started to notice some issues with our java apps. We ended up having to drag ourselves back to shore. However, that doesn’t mean you shouldn’t take the plunge! In this talk, we will give a background on what cgroups are (and why you should care) and how this impacts cloud-native architecture. We’ll also be touching on new cgroupv2 features in development for Kubernetes, such as tools to better manage resource utilization and an intelligent OOM killer for multi-container pods. At last spring’s KubeCon + CloudNativeCon Europe, SIG-Node shared their roadmap for Cgroups and Kubernetes, letting the community know where support for v1 and v2 is heading. This talk will help guide you in your transition and provide valuable feedback as you make the jump. Learn from our bumps and bruises, the water’s great!
- 3 participants
- 29 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cgroupv2 Is Coming Soon To a Cluster Near You - David Porter, Google & Mrunal Patel, RedHat
Speakers: David Porter, Mrunal Patel
K8S 1.25 will aim to default cgroupv2 KEP to GA and many new linux distros are already defaulting to cgroupv2 such as latest versions of Ubuntu, Debian, RHEL, etc. This talk will focus on what is cgroupv2 (new kernel APIs for resource management), what cluster administrations need to be aware of during this transition to cgroupv2, and what new features cgroupv2 in k8s will unlock. Some examples of areas we will cover will be memory throttling, disk latency targets, and pressure monitoring. We will discuss some of the active KEPS in k8s taking advantage of these new capabilities and future work in this space. cgroups underlie how resource management works in k8s and focuses on how to properly reserve, allocate, and isolate finite resources on nodes such as CPU, memory, disk, network, etc. This talk will cover the present and future of resource management in k8s. Starting from use cases, we will look under the hood at how kubelet utilizes the underlying linux kernel cgroups for resource isolation and what will change with cgroupv2. There is widespread confusion in the community - should CPU limits be used or not or do they introduce unintended throttling? We hope to provide clarity around this topic and how cgroupv2 will affect it. We will also look at future work in this area.
Cgroupv2 Is Coming Soon To a Cluster Near You - David Porter, Google & Mrunal Patel, RedHat
Speakers: David Porter, Mrunal Patel
K8S 1.25 will aim to default cgroupv2 KEP to GA and many new linux distros are already defaulting to cgroupv2 such as latest versions of Ubuntu, Debian, RHEL, etc. This talk will focus on what is cgroupv2 (new kernel APIs for resource management), what cluster administrations need to be aware of during this transition to cgroupv2, and what new features cgroupv2 in k8s will unlock. Some examples of areas we will cover will be memory throttling, disk latency targets, and pressure monitoring. We will discuss some of the active KEPS in k8s taking advantage of these new capabilities and future work in this space. cgroups underlie how resource management works in k8s and focuses on how to properly reserve, allocate, and isolate finite resources on nodes such as CPU, memory, disk, network, etc. This talk will cover the present and future of resource management in k8s. Starting from use cases, we will look under the hood at how kubelet utilizes the underlying linux kernel cgroups for resource isolation and what will change with cgroupv2. There is widespread confusion in the community - should CPU limits be used or not or do they introduce unintended throttling? We hope to provide clarity around this topic and how cgroupv2 will affect it. We will also look at future work in this area.
- 11 participants
- 46 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cilium Updates, News And Roadmap - Thomas Graf, Bill Mulligan & Liz Rice, Isovalent; Purvi Desai, Google; Chandan Aggarwal, Microsoft
Welcome to Cilium! In this session you'll get an update on how the Cilium project has been progressing on the road towards graduation. You'll hear about the latest developments and future roadmap, including news about some of the largest and most interesting deployments of Cilium. And don't miss this session if you're interested in contributing to the project, as there will be guides on how to get involved and where your help is needed.
Cilium Updates, News And Roadmap - Thomas Graf, Bill Mulligan & Liz Rice, Isovalent; Purvi Desai, Google; Chandan Aggarwal, Microsoft
Welcome to Cilium! In this session you'll get an update on how the Cilium project has been progressing on the road towards graduation. You'll hear about the latest developments and future roadmap, including news about some of the largest and most interesting deployments of Cilium. And don't miss this session if you're interested in contributing to the project, as there will be guides on how to get involved and where your help is needed.
- 6 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Class Resources: Kubernetes’ Fastest Way Of Shushing Noisy Neighbors - Markus Lehtonen, Intel & Peter Hunt, Red Hat
Speakers: Peter Hunt, Markus Lehtonen
Is your application disturbed by noisy neighbors, abusing communal resources that are out of your control? Currently in Kubernetes, there are some resources that workloads are forced to share, such as cache, memory bandwidth and disk I/O. Luckily, there’s an effort to fix this with Class Resources, enabling QoS control of workloads by putting them into different classes and allowing independent control of cache allocation and memory and I/O bandwidth. In this talk, join Markus Lehtonen and Peter Hunt as they present the concept of class resources, the prior work done in the container runtimes, as well as the future of first-class integration. We invite anyone interested in managing their workload QoS to join us, be it cache allocation, memory, or disk I/O bandwidth, or interest in developing support for new types of class resources. People who join will learn that Class Resources is the best way to let your applications run in peace.
Class Resources: Kubernetes’ Fastest Way Of Shushing Noisy Neighbors - Markus Lehtonen, Intel & Peter Hunt, Red Hat
Speakers: Peter Hunt, Markus Lehtonen
Is your application disturbed by noisy neighbors, abusing communal resources that are out of your control? Currently in Kubernetes, there are some resources that workloads are forced to share, such as cache, memory bandwidth and disk I/O. Luckily, there’s an effort to fix this with Class Resources, enabling QoS control of workloads by putting them into different classes and allowing independent control of cache allocation and memory and I/O bandwidth. In this talk, join Markus Lehtonen and Peter Hunt as they present the concept of class resources, the prior work done in the container runtimes, as well as the future of first-class integration. We invite anyone interested in managing their workload QoS to join us, be it cache allocation, memory, or disk I/O bandwidth, or interest in developing support for new types of class resources. People who join will learn that Class Resources is the best way to let your applications run in peace.
- 6 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud Governance With Infrastructure As Code (IaC) With Kyverno And Crossplane - Dolis Sharma, Nirmata
Speakers: Dolis Sharma
While self-service clusters are desirable, there are many cloud resources that need to be created for a cluster. In an enterprise, these may fall under a different team’s responsibilities. So, how does a cloud or infrastructure team provide the necessary guardrails to ensure that the Kubernetes environments created by developers are compliant with the organization’s security, governance, and cost management standards? In this talk, Dolis shares an approach where Crossplane and Kyverno, both CNCF projects, can be used to provide self-service Kubernetes environments on the cloud for developers with necessary checks and restrictions in place. While Crossplane, an increasingly popular IaC orchestrator running using Kubernetes, is used to provision different infrastructure resources, Kyverno can be utilized to provide governance on what type of resources can be created, by whom, and how the resources are configured. We can automate resource provisioning with governance using Crossplane and Kyverno. In addition to deploying and managing cloud resources, you can also create Kyerno policies to ensure that the generated resources are compliant with your company’s requirements.
Cloud Governance With Infrastructure As Code (IaC) With Kyverno And Crossplane - Dolis Sharma, Nirmata
Speakers: Dolis Sharma
While self-service clusters are desirable, there are many cloud resources that need to be created for a cluster. In an enterprise, these may fall under a different team’s responsibilities. So, how does a cloud or infrastructure team provide the necessary guardrails to ensure that the Kubernetes environments created by developers are compliant with the organization’s security, governance, and cost management standards? In this talk, Dolis shares an approach where Crossplane and Kyverno, both CNCF projects, can be used to provide self-service Kubernetes environments on the cloud for developers with necessary checks and restrictions in place. While Crossplane, an increasingly popular IaC orchestrator running using Kubernetes, is used to provision different infrastructure resources, Kyverno can be utilized to provide governance on what type of resources can be created, by whom, and how the resources are configured. We can automate resource provisioning with governance using Crossplane and Kyverno. In addition to deploying and managing cloud resources, you can also create Kyerno policies to ensure that the generated resources are compliant with your company’s requirements.
- 9 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloud-Native WebAssembly: Containerization On the Edge - Michael Yuan, Second State
Speakers: Michael Yuan
The Linux container is a critical innovation that drives cloud-native applications. Developers are now deploying containerized applications outside of cloud centers on edge networks (e.g., serverless functions on CDNs), on edge devices (e.g., smart cars), and on SaaS (including databases) as embedded functions. In those use cases, the Linux container, with guest OS and support software, is too heavy, too slow, and not portable enough. WebAssembly (WASM) has emerged as a lightweight runtime for those applications. The WasmEdge Runtime and crun projects work together to make WASM a first-class citizen in the container ecosystem, running side by side with Linux containers in a single cluster, managed by existing container tools. In this talk, Michael will discuss how WASM fits into the container ecosystem, how to use container tools (e.g., CRI-O and containerd) to start WASM images, and how edge-optimized Kubernetes (e.g., KubeEdge / SuperEdge / OpenYurt) manage WASM applications.
Cloud-Native WebAssembly: Containerization On the Edge - Michael Yuan, Second State
Speakers: Michael Yuan
The Linux container is a critical innovation that drives cloud-native applications. Developers are now deploying containerized applications outside of cloud centers on edge networks (e.g., serverless functions on CDNs), on edge devices (e.g., smart cars), and on SaaS (including databases) as embedded functions. In those use cases, the Linux container, with guest OS and support software, is too heavy, too slow, and not portable enough. WebAssembly (WASM) has emerged as a lightweight runtime for those applications. The WasmEdge Runtime and crun projects work together to make WASM a first-class citizen in the container ecosystem, running side by side with Linux containers in a single cluster, managed by existing container tools. In this talk, Michael will discuss how WASM fits into the container ecosystem, how to use container tools (e.g., CRI-O and containerd) to start WASM images, and how edge-optimized Kubernetes (e.g., KubeEdge / SuperEdge / OpenYurt) manage WASM applications.
- 1 participant
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Cloudy With a Chance Of Chaos: Verifying the Resiliency Of Cloud-Native Applications - Bella Wiseman, Goldman Sachs
Speakers: Bella Wiseman
Interest in chaos engineering has exploded over the last few years, with more and more organizations looking to adopt the practice. But as those same organizations shift to using managed services in the cloud, traditional chaos engineering techniques are often no longer viable. Powering down a machine is a simple, powerful, and versatile way to uniformly inject failure across all types of applications. But today, when we build cloud native apps, we often choose to use managed services that provide a layer of abstraction on top of the underlying machines. How can we inject realistic chaos when we have no access to the underlying machines? Join Bella Wiseman of Goldman Sachs, as she discusses chaos engineering essentials, chaos on the cloud, and a real-life case study of a chaos engineering experiment at Goldman Sachs.
Cloudy With a Chance Of Chaos: Verifying the Resiliency Of Cloud-Native Applications - Bella Wiseman, Goldman Sachs
Speakers: Bella Wiseman
Interest in chaos engineering has exploded over the last few years, with more and more organizations looking to adopt the practice. But as those same organizations shift to using managed services in the cloud, traditional chaos engineering techniques are often no longer viable. Powering down a machine is a simple, powerful, and versatile way to uniformly inject failure across all types of applications. But today, when we build cloud native apps, we often choose to use managed services that provide a layer of abstraction on top of the underlying machines. How can we inject realistic chaos when we have no access to the underlying machines? Join Bella Wiseman of Goldman Sachs, as she discusses chaos engineering essentials, chaos on the cloud, and a real-life case study of a chaos engineering experiment at Goldman Sachs.
- 9 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Connect All the Things! Using NATS To Simplify Communication Everywhere - Jeremy Saenz & Todd Beets, Synadia
Speakers: Jeremy Saenz, Todd Beets
NATS is an open source, high performance messaging system and connective fabric. It aims to simultaneously simplify the number of technologies you use for your services to communicate, while also empowering you to build systems that are globally available, multi-cloud, multi-geo, and highly adaptive to change and scale. In this session you'll receive a brief introduction to NATS, then dive in to some of the many features of NATS like communication patterns, streaming/persistence, key/value and more. This session is highly interactive so come ready to participate and have fun!
Connect All the Things! Using NATS To Simplify Communication Everywhere - Jeremy Saenz & Todd Beets, Synadia
Speakers: Jeremy Saenz, Todd Beets
NATS is an open source, high performance messaging system and connective fabric. It aims to simultaneously simplify the number of technologies you use for your services to communicate, while also empowering you to build systems that are globally available, multi-cloud, multi-geo, and highly adaptive to change and scale. In this session you'll receive a brief introduction to NATS, then dive in to some of the many features of NATS like communication patterns, streaming/persistence, key/value and more. This session is highly interactive so come ready to participate and have fun!
- 7 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Consumers To Contributors: Open Source As a Competitive Advantage - Brendan O'Leary, GitLab
Speakers: Brendan O'Leary
As open source software has eaten the software world, it can be your biggest asset or cause your biggest problems. Most of the time, we consume open source without really considering the long-term impact on our business. So why would a business, enterprise, or organization decide to become a Contributor instead of just a Consumer? In this talk, we'll look at some of the biggest success stories in enterprise open source software partnerships and some of the cautionary tales. The more an organization is involved in co-creating the open source packages they use, the more both the organization and the open source project benefit. This session is for everyone: open source maintainers, OSPO leaders, or open source advocates in large enterprises. At the end of our session, you'll be able to articulate the tangible and emergent benefits organizations and enterprises gain when they stop just consuming open source software and instead embrace "Everyone can contribute."
Consumers To Contributors: Open Source As a Competitive Advantage - Brendan O'Leary, GitLab
Speakers: Brendan O'Leary
As open source software has eaten the software world, it can be your biggest asset or cause your biggest problems. Most of the time, we consume open source without really considering the long-term impact on our business. So why would a business, enterprise, or organization decide to become a Contributor instead of just a Consumer? In this talk, we'll look at some of the biggest success stories in enterprise open source software partnerships and some of the cautionary tales. The more an organization is involved in co-creating the open source packages they use, the more both the organization and the open source project benefit. This session is for everyone: open source maintainers, OSPO leaders, or open source advocates in large enterprises. At the end of our session, you'll be able to articulate the tangible and emergent benefits organizations and enterprises gain when they stop just consuming open source software and instead embrace "Everyone can contribute."
- 5 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Data On Kubernetes, Deploying And Running PostgreSQL And Patterns For Databases In a Kubernetes Cluster. - Chris Milsted, Ondat & Gabriele Bartolini, EDB
Speakers: Chris Milsted, Gabriele Bartolini
In this talk we are going to focus on the newly open sourced Cloud Native PostgreSQL operator. From work in the Data on Kubernetes community, we are seeing databases becoming first class citizens in our kubernetes clusters. This talk is going to look at how to combine the cloudnative-pg operator with a CSI-plugin, and how to leverage these two components to deliver databases which are as fast and resilient as their non-kubernetes equivalents. Wondering how to architect for a zero or low RTO and what the effect of replication has on recovery time for your database? Wondering how to use an object store as well to deliver point in time backups to protect from cyber attacks? In this talk we are going to answer these questions and more mapping to the patterns in the cloud native disaster recovery whitepaper and the data protection whitepaper. Like all good talks we will also have a live demo of this all in action. The time of Data on Kubernetes is now, come and find out how.
Data On Kubernetes, Deploying And Running PostgreSQL And Patterns For Databases In a Kubernetes Cluster. - Chris Milsted, Ondat & Gabriele Bartolini, EDB
Speakers: Chris Milsted, Gabriele Bartolini
In this talk we are going to focus on the newly open sourced Cloud Native PostgreSQL operator. From work in the Data on Kubernetes community, we are seeing databases becoming first class citizens in our kubernetes clusters. This talk is going to look at how to combine the cloudnative-pg operator with a CSI-plugin, and how to leverage these two components to deliver databases which are as fast and resilient as their non-kubernetes equivalents. Wondering how to architect for a zero or low RTO and what the effect of replication has on recovery time for your database? Wondering how to use an object store as well to deliver point in time backups to protect from cyber attacks? In this talk we are going to answer these questions and more mapping to the patterns in the cloud native disaster recovery whitepaper and the data protection whitepaper. Like all good talks we will also have a live demo of this all in action. The time of Data on Kubernetes is now, come and find out how.
- 2 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Decentralized Routing For a Sharded Application On Service Mesh - Vinay Gonuguntla & Pankaj Sikka, Intuit
Speakers: Pankaj Sikka, Vinay Gonuguntla
Intuit has a few monolithic applications that are scaled horizontally by sharding. It is common practice to use a dedicated frontend layer to route requests to a specific application shard based on request attributes. The attributes used for shard determination are non static and include tens of millions of users and thousands of services. Hence maintaining a static mapping of these attributes to shards is not feasible. For maintainability and separation of concerns, a dedicated look up service could be used to store and retrieve this shard information. Currently at Intuit, the sharded routing is performed in a central API Gateway using this lookup service. However, as we move our monolithic applications to service mesh, our next step was to decentralize the sharded routing to happen on a client’s service mesh proxy. A service mesh that utilizes a client side proxy like Envoy does not have an out of the box support for lookup based dynamic routing to the destination shards. This session discusses and demos how Intuit uses WASM to extend Envoy in a service mesh to provide decentralized routing for a sharded application.
Decentralized Routing For a Sharded Application On Service Mesh - Vinay Gonuguntla & Pankaj Sikka, Intuit
Speakers: Pankaj Sikka, Vinay Gonuguntla
Intuit has a few monolithic applications that are scaled horizontally by sharding. It is common practice to use a dedicated frontend layer to route requests to a specific application shard based on request attributes. The attributes used for shard determination are non static and include tens of millions of users and thousands of services. Hence maintaining a static mapping of these attributes to shards is not feasible. For maintainability and separation of concerns, a dedicated look up service could be used to store and retrieve this shard information. Currently at Intuit, the sharded routing is performed in a central API Gateway using this lookup service. However, as we move our monolithic applications to service mesh, our next step was to decentralize the sharded routing to happen on a client’s service mesh proxy. A service mesh that utilizes a client side proxy like Envoy does not have an out of the box support for lookup based dynamic routing to the destination shards. This session discusses and demos how Intuit uses WASM to extend Envoy in a service mesh to provide decentralized routing for a sharded application.
- 9 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Don't Be Greedy: Rightsize Your Kubernetes Cluster With Prometheus - Jesus Angel Samitier & David Lorite Solanas, Sysdig
Speakers: David Lorite, Jesus Angel Samitier
Setting the proper limits and requests to a Kubernetes cluster is one of the most challenging tasks engineers have to face. Not doing this could have critical consequences, like outages or astronomical cloud bills. Sometimes, when engineers don't have the full picture of the cluster they're working on, they tend to use more resources than actually needed for their workloads. This is called the "greedy developer" problem. To avoid this, you'll have not only to identify the unused resources, containers without limits, or very tight ones. But also to set the right requests and limits. In this talk, Jesus and David will walk you through this process. You might have to add new nodes, or just resize your workloads. Since every cluster is different, also measure the optimizations made, to help our audience with their own clusters.
Don't Be Greedy: Rightsize Your Kubernetes Cluster With Prometheus - Jesus Angel Samitier & David Lorite Solanas, Sysdig
Speakers: David Lorite, Jesus Angel Samitier
Setting the proper limits and requests to a Kubernetes cluster is one of the most challenging tasks engineers have to face. Not doing this could have critical consequences, like outages or astronomical cloud bills. Sometimes, when engineers don't have the full picture of the cluster they're working on, they tend to use more resources than actually needed for their workloads. This is called the "greedy developer" problem. To avoid this, you'll have not only to identify the unused resources, containers without limits, or very tight ones. But also to set the right requests and limits. In this talk, Jesus and David will walk you through this process. You might have to add new nodes, or just resize your workloads. Since every cluster is different, also measure the optimizations made, to help our audience with their own clusters.
- 12 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Don't Mind the Gap: Securely Accessing Cloud Resources From Anywhere With SPIFFE/SPIRE - Evan Gilman, VMware
Of all the things you can do with SPIFFE and SPIRE, accessing cloud services from anywhere without having to generate, store, or manage API keys is a particularly powerful one. Without it, answering simple questions such as "How can I access an S3 bucket from Azure?" means solving for headaches like encryption at rest, tokens that never expire, and manual rotation processes. Unfortunately, this is still par for the course in many environments, but SPIRE is here to help.
In this session, we will go over the basics of identity federation with SPIFFE and SPIRE, which brings the "Sign in with Google" experience to cloud native workloads. We'll discuss how this approach compares to others, and demonstrate how you can use it to securely access AWS resources and more without a secret access key.
Don't Mind the Gap: Securely Accessing Cloud Resources From Anywhere With SPIFFE/SPIRE - Evan Gilman, VMware
Of all the things you can do with SPIFFE and SPIRE, accessing cloud services from anywhere without having to generate, store, or manage API keys is a particularly powerful one. Without it, answering simple questions such as "How can I access an S3 bucket from Azure?" means solving for headaches like encryption at rest, tokens that never expire, and manual rotation processes. Unfortunately, this is still par for the course in many environments, but SPIRE is here to help.
In this session, we will go over the basics of identity federation with SPIFFE and SPIRE, which brings the "Sign in with Google" experience to cloud native workloads. We'll discuss how this approach compares to others, and demonstrate how you can use it to securely access AWS resources and more without a secret access key.
- 5 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Dynamically Testing Individual Microservice Releases In Production - Matt Turner, Tetrate
Speakers: Matt Turner
A lot of us test new versions of services in our Production environment, since it's the best way to get representative, reliable results. If the new service is "on the edge" of the topology then hitting it is easy, as the test clients can directly call it. But if it's in the middle of a chain of services, then calling the current versions of all of them, except one beta version in the middle of the chain, is the dream. This kind of advanced traffic control is possible with a Service Mesh like Istio. But the configuration needed to enable this for all versions of all services is complex and error-prone. In this session Matt will show you how to use an Operator which auto-generates the necessary config. We'll see how just deploying a new version results in all the necessary config for sophisticated "override-based testing". Matt will walk through the technique, the underlying config, and the operator that generates it from Deployments.
Dynamically Testing Individual Microservice Releases In Production - Matt Turner, Tetrate
Speakers: Matt Turner
A lot of us test new versions of services in our Production environment, since it's the best way to get representative, reliable results. If the new service is "on the edge" of the topology then hitting it is easy, as the test clients can directly call it. But if it's in the middle of a chain of services, then calling the current versions of all of them, except one beta version in the middle of the chain, is the dream. This kind of advanced traffic control is possible with a Service Mesh like Istio. But the configuration needed to enable this for all versions of all services is complex and error-prone. In this session Matt will show you how to use an Operator which auto-generates the necessary config. We'll see how just deploying a new version results in all the necessary config for sophisticated "override-based testing". Matt will walk through the technique, the underlying config, and the operator that generates it from Deployments.
- 1 participant
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Edge Computing Is Hot. Find Out the Business Value From Three Experts - Larry Carvalho, RobustCloud LLC; Stu Miniman, Red Hat; Marilyn Basanta, VMware; Muneyb Minhazuddin, Intel
Edge computing is drawing increased investments by organizations gaining efficiencies by taking advantage of automating physical activities. While consumer applications with connected homes have high awareness, significant business benefits are gained from using edge technology in commercial applications like the factory floor, mining operations, etc. Simulation of a digital twin of a complete factory or warehouse by embedding technology into devices can assist in making better decisions without large investments. Technologies used in edge solutions are AI/ML, 5G, IoT, and cloud native architectures.
This panel discussion will discuss how cloud native tools provide business benefits to applying edge technology for physical process efficiencies. Larry Carvalho, Principal Consultant at RobustCloud LLC, will moderate this session. Stu Miniman from Red Hat will highlight how a cruise line operator used a Kubernetes-powered edge solution to deliver an excellent digital experience to ship guests in disconnected environments. Marilyn Basanta will discuss how a large ground shipping service was able to add a modern application platform to their distribution centers, ensuring higher employee productivity and business continuity during natural events. Muneyb Minhazuddin will talk about how a manufacturer modernizes applications on the factory floor as they converge IT and OT to create a dynamic and agile production line in a factory shop by software defining constrained devices.
Join this session to learn more.
Edge Computing Is Hot. Find Out the Business Value From Three Experts - Larry Carvalho, RobustCloud LLC; Stu Miniman, Red Hat; Marilyn Basanta, VMware; Muneyb Minhazuddin, Intel
Edge computing is drawing increased investments by organizations gaining efficiencies by taking advantage of automating physical activities. While consumer applications with connected homes have high awareness, significant business benefits are gained from using edge technology in commercial applications like the factory floor, mining operations, etc. Simulation of a digital twin of a complete factory or warehouse by embedding technology into devices can assist in making better decisions without large investments. Technologies used in edge solutions are AI/ML, 5G, IoT, and cloud native architectures.
This panel discussion will discuss how cloud native tools provide business benefits to applying edge technology for physical process efficiencies. Larry Carvalho, Principal Consultant at RobustCloud LLC, will moderate this session. Stu Miniman from Red Hat will highlight how a cruise line operator used a Kubernetes-powered edge solution to deliver an excellent digital experience to ship guests in disconnected environments. Marilyn Basanta will discuss how a large ground shipping service was able to add a modern application platform to their distribution centers, ensuring higher employee productivity and business continuity during natural events. Muneyb Minhazuddin will talk about how a manufacturer modernizes applications on the factory floor as they converge IT and OT to create a dynamic and agile production line in a factory shop by software defining constrained devices.
Join this session to learn more.
- 4 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Edge-Native Application Principles: Taking Your App Beyond the Cloud - Kate Goldenring, Fermyon; Amar Kapadia, Aarna Networks
Speakers: Amar Kapadia, Kate Goldenring
Over the past few years, edge computing has been thoroughly discussed, with different technology fields having varying views on what defines edge computing. But in the end, despite the varied use cases of telco, retail, industrial, etc., it's clear that edge is seen as an extension to the cloud and that everyone is interested in bringing their cloud-native infrastructure and applications to the edge. In this session we will focus on this migration. Can we identify common characteristics of edge native applications? How do we tackle some of the common issues like hardware diversity, resource constraints, network availability and more? Basic cloud-native principles are well known and represent a valuable resource for developers. They serve as a check-list for developers, instructing what to keep in mind in order to successfully develop and operate their cloud applications, such as considerations for scalability, observability, ease of deployment on the edge. In the same way we see edge computing as a superset of cloud computing, we can consider edge-native principles a superset of cloud-native principles. So instead of starting from zero, let's focus on additional considerations of the edge. Let's see what additional principles we need to consider for edge-native applications in order to enable successful projects. The CNCF IoT Edge working group has started working on a white paper that aims to define these principles. In this session we will present our progress so far and give a call to action to join the effort.
Edge-Native Application Principles: Taking Your App Beyond the Cloud - Kate Goldenring, Fermyon; Amar Kapadia, Aarna Networks
Speakers: Amar Kapadia, Kate Goldenring
Over the past few years, edge computing has been thoroughly discussed, with different technology fields having varying views on what defines edge computing. But in the end, despite the varied use cases of telco, retail, industrial, etc., it's clear that edge is seen as an extension to the cloud and that everyone is interested in bringing their cloud-native infrastructure and applications to the edge. In this session we will focus on this migration. Can we identify common characteristics of edge native applications? How do we tackle some of the common issues like hardware diversity, resource constraints, network availability and more? Basic cloud-native principles are well known and represent a valuable resource for developers. They serve as a check-list for developers, instructing what to keep in mind in order to successfully develop and operate their cloud applications, such as considerations for scalability, observability, ease of deployment on the edge. In the same way we see edge computing as a superset of cloud computing, we can consider edge-native principles a superset of cloud-native principles. So instead of starting from zero, let's focus on additional considerations of the edge. Let's see what additional principles we need to consider for edge-native applications in order to enable successful projects. The CNCF IoT Edge working group has started working on a white paper that aims to define these principles. In this session we will present our progress so far and give a call to action to join the effort.
- 5 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Edge-Native: The New Paradigm For Operating And Developing Edge Apps - Krisztian Flautner, Cisco
Speakers: Krisztián Flautner, Frank Brockners
“Cloud native?” Check! Apply the same principles at the Edge? Hmmm! How do I operate Apps across 1000s of locations, which are often hidden behind layers of NAT? How do I run AI apps on nodes that are too small to fit the AI model? How to make it operationally simple? Lets discuss and demo! We’re all familiar with “cloud native” -but once we start to operate applications at the edge, we have to adopt a new set of principles and evolve our cloud-native paradigms. We deploy Apps at the edge to achieve lower latency or higher performance, to comply with data sovereignty regulations, to reduce transit cost or to perform near real-time decision making on local data sources. Developing and operating Edge apps requires us to answer questions like: How do I operate Apps across 1000s of locations, which are often hidden behind layers of NAT and have spotty cloud connectivity? How do I run computation heavy tasks, like AI apps, on a set of nodes where each node does not have sufficient CPU and memory to run the entire model? How do I deal with a heterogeneous environment, with x86 and ARM-based devices? Which additional tools do I need to assure compliance to data-privacy rules, run AI models that just don’t fit a single compute element, or perform federated learning in an efficient way?
Edge-Native: The New Paradigm For Operating And Developing Edge Apps - Krisztian Flautner, Cisco
Speakers: Krisztián Flautner, Frank Brockners
“Cloud native?” Check! Apply the same principles at the Edge? Hmmm! How do I operate Apps across 1000s of locations, which are often hidden behind layers of NAT? How do I run AI apps on nodes that are too small to fit the AI model? How to make it operationally simple? Lets discuss and demo! We’re all familiar with “cloud native” -but once we start to operate applications at the edge, we have to adopt a new set of principles and evolve our cloud-native paradigms. We deploy Apps at the edge to achieve lower latency or higher performance, to comply with data sovereignty regulations, to reduce transit cost or to perform near real-time decision making on local data sources. Developing and operating Edge apps requires us to answer questions like: How do I operate Apps across 1000s of locations, which are often hidden behind layers of NAT and have spotty cloud connectivity? How do I run computation heavy tasks, like AI apps, on a set of nodes where each node does not have sufficient CPU and memory to run the entire model? How do I deal with a heterogeneous environment, with x86 and ARM-based devices? Which additional tools do I need to assure compliance to data-privacy rules, run AI models that just don’t fit a single compute element, or perform federated learning in an efficient way?
- 2 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Efficient Scheduling Of High Performance Batch Computing For Analytics Workloads With Volcano - Krzysztof Adamski & Tinco Boekestijn, ING
Three years ago ING Wholesale Banking Advanced Analytics team set up an ambitious goal to gather in one place a curated portfolio of internal data sources together with a large scale compute platform. At its core the idea of allowing internal projects to get access to a rich toolset of open source and industry standards frameworks and preprocessed data to validate business ideas in the secure exploration environment. Extensive growth with over 300 internal projects so far and more than 2000 internal users proofs advanced analytics i.e. ML, AI, NLP capabilities should become easily consumable not only by specialized, dedicated teams, but make them close to subject matter experts. In this session we would like to shed more light on how a specialized cloud native Kubernetes scheduler (Volcano) enables us to deliver multi-tenant large scale processing capabilities. The optimal resource usage with stability of core services are key for our cloud native platform. To enable dynamic allocation and hdrf (hierarchical dominant resource fairness) we have created an extension to Apache Spark binaries. This allows users to use Volcano with Spark interactive mode in a Jupyter notebook. Additionally we have created interfaces to visualize all the scheduling metrics like the yarn ui.
Efficient Scheduling Of High Performance Batch Computing For Analytics Workloads With Volcano - Krzysztof Adamski & Tinco Boekestijn, ING
Three years ago ING Wholesale Banking Advanced Analytics team set up an ambitious goal to gather in one place a curated portfolio of internal data sources together with a large scale compute platform. At its core the idea of allowing internal projects to get access to a rich toolset of open source and industry standards frameworks and preprocessed data to validate business ideas in the secure exploration environment. Extensive growth with over 300 internal projects so far and more than 2000 internal users proofs advanced analytics i.e. ML, AI, NLP capabilities should become easily consumable not only by specialized, dedicated teams, but make them close to subject matter experts. In this session we would like to shed more light on how a specialized cloud native Kubernetes scheduler (Volcano) enables us to deliver multi-tenant large scale processing capabilities. The optimal resource usage with stability of core services are key for our cloud native platform. To enable dynamic allocation and hdrf (hierarchical dominant resource fairness) we have created an extension to Apache Spark binaries. This allows users to use Volcano with Spark interactive mode in a Jupyter notebook. Additionally we have created interfaces to visualize all the scheduling metrics like the yarn ui.
- 2 participants
- 28 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Envoy Maintainer Q+A - Matt Klein, Lyft
Come ask questions of the Envoy maintainers in this open ended Q&A! Any and all questions and open ended discussion is fair game!
Envoy Maintainer Q+A - Matt Klein, Lyft
Come ask questions of the Envoy maintainers in this open ended Q&A! Any and all questions and open ended discussion is fair game!
- 8 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Evolving the Cloud Native Maturity Model - John Forman & Robert Glenn, Accenture; Danielle Cook, Fairwinds; Simon Forster, Stackegy
Speakers: John Forman, Danielle Cook, Robert Glenn, Simon Forster
Am I doing this cloud native stuff the right way? The Cloud Native Landscape is a great resource for users to see the technology in the cloud native space. But it can lead to uncertainty and constant second guessing if you are doing cloud native right. The Cartografos Working Group developed the Cloud Native Maturity Model, a five phase framework to help those new to cloud native and those deep in the trenches understand where they are in their journey and what they should be considering or doing. In this session, panelists from the Cartografos Working Group will discuss the maturity model and its phases. They’ll give an overview of what you should expect out of the people at your organization, the processes and policies to put in place, and where CNCF projects fit in. The session will also dive into how the Cloud Native Maturity Model should evolve with the ever-changing CNCF landscape. Audience members will be encouraged to join the group and offer suggestions on ways to improve the Maturity Model.
Evolving the Cloud Native Maturity Model - John Forman & Robert Glenn, Accenture; Danielle Cook, Fairwinds; Simon Forster, Stackegy
Speakers: John Forman, Danielle Cook, Robert Glenn, Simon Forster
Am I doing this cloud native stuff the right way? The Cloud Native Landscape is a great resource for users to see the technology in the cloud native space. But it can lead to uncertainty and constant second guessing if you are doing cloud native right. The Cartografos Working Group developed the Cloud Native Maturity Model, a five phase framework to help those new to cloud native and those deep in the trenches understand where they are in their journey and what they should be considering or doing. In this session, panelists from the Cartografos Working Group will discuss the maturity model and its phases. They’ll give an overview of what you should expect out of the people at your organization, the processes and policies to put in place, and where CNCF projects fit in. The session will also dive into how the Cloud Native Maturity Model should evolve with the ever-changing CNCF landscape. Audience members will be encouraged to join the group and offer suggestions on ways to improve the Maturity Model.
- 4 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Exiting Ingress With the Gateway API - Rob Scott, Google & Shane Utt, Kong, Inc.
Speakers: Rob Scott, Shane Utt
Are you currently using Ingress but curious about what Gateway API is? Wondering if you should switch to Gateway API or how that would even work? This is the talk for you. The development of Gateway API has unlocked a wide set of new capabilities within Kubernetes, but it can also be overwhelming to understand the full scope of it. In this talk, Rob and Shane will answer some of the most common questions they get as Gateway API maintainers, including what you gain over using the Ingress API. They’ll walk through a step-by-step demo of what it takes to get started with Gateway API. This demo will show you how to migrate from Ingress to Gateway API and showcase some of the newest features in Gateway API, including traffic splitting between backends in different namespaces.
Exiting Ingress With the Gateway API - Rob Scott, Google & Shane Utt, Kong, Inc.
Speakers: Rob Scott, Shane Utt
Are you currently using Ingress but curious about what Gateway API is? Wondering if you should switch to Gateway API or how that would even work? This is the talk for you. The development of Gateway API has unlocked a wide set of new capabilities within Kubernetes, but it can also be overwhelming to understand the full scope of it. In this talk, Rob and Shane will answer some of the most common questions they get as Gateway API maintainers, including what you gain over using the Ingress API. They’ll walk through a step-by-step demo of what it takes to get started with Gateway API. This demo will show you how to migrate from Ingress to Gateway API and showcase some of the newest features in Gateway API, including traffic splitting between backends in different namespaces.
- 7 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fast Image Pulls Using IPFS And Opportunistic Caching - Christian Weichel & Manuel de Brito Fontes, Gitpod
Speakers: Christian Weichel, Manuel de Brito Fontes
Image pull times pose a considerable challenge when optimising for fast container starts within Kubernetes, due to potentially large images or network topology, bandwidth and egress cost constraints. Container runtimes offer layer-based node-local caches which help improve pull-times when there’s high layer-reuse, but find their limits when clusters need to scale quickly or there’s little control over the images which are used. We present the results of our efforts to bring down pull times down, which brought about considerable pull time improvement. Our goal was to optimise performance and networking cost, without imposing limits on the container images themselves. We went through several iterations which combined eStargz, nerdctl-registry with an in-cluster IPFS deployment. Using an opportunistic pull-through caching mechanism, we were able to considerably bring image pull times down without imposing extra burden on users (i.e. folks deploying the pods). We have been operating this setup in production on gitpod.io for over six months. In this session we will provide insight into our learnings, backed by the real-world data and observations we have gathered.
Fast Image Pulls Using IPFS And Opportunistic Caching - Christian Weichel & Manuel de Brito Fontes, Gitpod
Speakers: Christian Weichel, Manuel de Brito Fontes
Image pull times pose a considerable challenge when optimising for fast container starts within Kubernetes, due to potentially large images or network topology, bandwidth and egress cost constraints. Container runtimes offer layer-based node-local caches which help improve pull-times when there’s high layer-reuse, but find their limits when clusters need to scale quickly or there’s little control over the images which are used. We present the results of our efforts to bring down pull times down, which brought about considerable pull time improvement. Our goal was to optimise performance and networking cost, without imposing limits on the container images themselves. We went through several iterations which combined eStargz, nerdctl-registry with an in-cluster IPFS deployment. Using an opportunistic pull-through caching mechanism, we were able to considerably bring image pull times down without imposing extra burden on users (i.e. folks deploying the pods). We have been operating this setup in production on gitpod.io for over six months. In this session we will provide insight into our learnings, backed by the real-world data and observations we have gathered.
- 12 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
FinKube – Making the Business Case For Kubernetes At Your Company - Somik Behera, CloudNatix
Speakers: Somik Behera
This session is for DevOps leads and managers that are driving Kubernetes (K8s) adoption within their company and want to level up their influence and skill set in making the financial business case for adoption of K8s and associated CNCF ecosystem components. As Kubernetes crosses the “chasm” in the technology adoption lifecycle, K8s champions now have the opportunity to further drive K8s adoption and transformation of their enterprise. This new phase will require “T-shirts” (Dev & Ops teams) to speak the language of the “Suits” (Finance and execs), figuratively and literally. This session will provide you the toolkit to make that business case, capture results and demonstrate value from K8s roll-out and expansion across 4 dimensions: - Capacity & Cost Optimization - quantify the bottom line benefits - DevOps Productivity - quantify the benefits in % of FTE savings - Developer Velocity - quantify the reduction in time to value - Business agility - finally, quantify the business impact of new K8s based services on top line We will open-source and provide the Excel, Google Sheet, Google Slides and Powerpoint templates used in this talk to help the community create a compelling business case proposal with solid ROI.
FinKube – Making the Business Case For Kubernetes At Your Company - Somik Behera, CloudNatix
Speakers: Somik Behera
This session is for DevOps leads and managers that are driving Kubernetes (K8s) adoption within their company and want to level up their influence and skill set in making the financial business case for adoption of K8s and associated CNCF ecosystem components. As Kubernetes crosses the “chasm” in the technology adoption lifecycle, K8s champions now have the opportunity to further drive K8s adoption and transformation of their enterprise. This new phase will require “T-shirts” (Dev & Ops teams) to speak the language of the “Suits” (Finance and execs), figuratively and literally. This session will provide you the toolkit to make that business case, capture results and demonstrate value from K8s roll-out and expansion across 4 dimensions: - Capacity & Cost Optimization - quantify the bottom line benefits - DevOps Productivity - quantify the benefits in % of FTE savings - Developer Velocity - quantify the reduction in time to value - Business agility - finally, quantify the business impact of new K8s based services on top line We will open-source and provide the Excel, Google Sheet, Google Slides and Powerpoint templates used in this talk to help the community create a compelling business case proposal with solid ROI.
- 5 participants
- 29 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fluent Bit V2.0: Unifying Open Standards For Logs, Metrics & Traces - Eduardo Silva & Anurag Gupta, Calyptia
Fluent Bit is the next-generation tool to deliver a unified layer for Logs, Metrics, and Traces. In this session, Fluent maintainers will do a 101 intro to the observability space and also will do a deep dive into the new features available in Fluent Bit v2.0 . Attendees will benefit from this session by learning different techniques for observability associated with Fluent Bit, Prometheus, and OpenTelemetry, as well as a couple of tips and best practices that are a must when deploying observability tools in production.
Fluent Bit V2.0: Unifying Open Standards For Logs, Metrics & Traces - Eduardo Silva & Anurag Gupta, Calyptia
Fluent Bit is the next-generation tool to deliver a unified layer for Logs, Metrics, and Traces. In this session, Fluent maintainers will do a 101 intro to the observability space and also will do a deep dive into the new features available in Fluent Bit v2.0 . Attendees will benefit from this session by learning different techniques for observability associated with Fluent Bit, Prometheus, and OpenTelemetry, as well as a couple of tips and best practices that are a must when deploying observability tools in production.
- 8 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Flux Maturity, Feature, and Contrib Update - Kingdon Barrett & Somtochi Onyekwere, Weaveworks
Speakers: Kingdon Barrett, Somtochi Onyekwere
Join Flux Maintainers for this informative session on important updates! We will share what we've done to make it easier to contribute to Flux, where Flux is at in terms of maturity, and where Flux features are at, both old and new. The contribution update will preview what you can expect for Flux's participation in the KubeCon contribfest, and invite everyone to contribute at whatever level they are able. Flux maturity update will give a high level of Flux's production readiness for different use cases. Including security topics such as multi-tenancy threat modeling, where Flux helps mitigate security issues/concerns, recommended deployment models, and so on. We will end with a recap of key features landed in the last 6 months, and encourage users to upgrade to make use of both tried and true as well as the latest features.
Flux Maturity, Feature, and Contrib Update - Kingdon Barrett & Somtochi Onyekwere, Weaveworks
Speakers: Kingdon Barrett, Somtochi Onyekwere
Join Flux Maintainers for this informative session on important updates! We will share what we've done to make it easier to contribute to Flux, where Flux is at in terms of maturity, and where Flux features are at, both old and new. The contribution update will preview what you can expect for Flux's participation in the KubeCon contribfest, and invite everyone to contribute at whatever level they are able. Flux maturity update will give a high level of Flux's production readiness for different use cases. Including security topics such as multi-tenancy threat modeling, where Flux helps mitigate security issues/concerns, recommended deployment models, and so on. We will end with a recap of key features landed in the last 6 months, and encourage users to upgrade to make use of both tried and true as well as the latest features.
- 6 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Get Projects Approved By Articulating the Business Value Of a Cloud Native Solution - Larry Carvalho, RobustCloud LLC; Krisztián Flautner, Cisco; Betty Junod, VMware; Chris Rosen, IBM
Cloud native technology is a robust set of tools that enable the development of innovative solutions, but practitioners often do not understand the business value delivered. This panel discussion will focus on three examples of how cloud native tools provide significant benefits not possible with traditional technology. Larry Carvalho, Principal Consultant at RobustCloud LLC, will moderate this session. Krisztián Flautner from Cisco will touch upon how a financial enterprise customer with challenges around digital transformation and the acceleration of FinTech uses cloud native technology to accelerate the introduction of new applications with lifecycle management. Chris Rosen from IBM will highlight how a customer used cloud native technologies to build a hybrid cloud solution that leveraged insights from data to speed up the insurance claim process while preventing fraud. Betty Junod from VMware will discuss how a traditional retailer was able to turn a production downtime of their primary in-store system over a busy sale weekend into a modern system that is more resilient, scalable, and agile for their central IT and store associates. This panel discussion will help you articulate the bottom line value delivered by a collection of open source cloud native technologies.
Get Projects Approved By Articulating the Business Value Of a Cloud Native Solution - Larry Carvalho, RobustCloud LLC; Krisztián Flautner, Cisco; Betty Junod, VMware; Chris Rosen, IBM
Cloud native technology is a robust set of tools that enable the development of innovative solutions, but practitioners often do not understand the business value delivered. This panel discussion will focus on three examples of how cloud native tools provide significant benefits not possible with traditional technology. Larry Carvalho, Principal Consultant at RobustCloud LLC, will moderate this session. Krisztián Flautner from Cisco will touch upon how a financial enterprise customer with challenges around digital transformation and the acceleration of FinTech uses cloud native technology to accelerate the introduction of new applications with lifecycle management. Chris Rosen from IBM will highlight how a customer used cloud native technologies to build a hybrid cloud solution that leveraged insights from data to speed up the insurance claim process while preventing fraud. Betty Junod from VMware will discuss how a traditional retailer was able to turn a production downtime of their primary in-store system over a busy sale weekend into a modern system that is more resilient, scalable, and agile for their central IT and store associates. This panel discussion will help you articulate the bottom line value delivered by a collection of open source cloud native technologies.
- 4 participants
- 40 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How CNET (And Friends) Use the CNCF Landscape To Run High Traffic, Dynamic, Scalable, And Cost-Effective Websites. - Corey McGalliard, Red Ventures
Speakers: Corey McGalliard
CNET is no stranger to the world of containers; having been an early adopter of Docker Swarm, we've been using containers for many years! Recently, we migrated our workloads to Kubernetes, and the CNCF ecosystem has been a core component of our tech stack. As we started our application modernization initiative, we quickly realized by utilizing tools like Prometheus, Cert-Manager, External DNS, Traefik Ingress controller, Open Policy Agent, and others, we could give our developers a robust environment. The Kubernetes-based platform is not only for Production but Development Environments as well. The consistency between environments has kept our error rates down and websites up! Let's look at the flexibility the open software platform has given our developers! Let's take a journey from the perspective of a requested change on the front door of the website! First, a Product Manager makes the request, then we can see how a developer makes the change to the codebase and how quickly we can give the product manager a sandboxed environment to validate the requested change. the whole process takes only a few minutes. All of this is possible using open technology and our cloud provider. Let us show you how these tools work together to accomplish this flexibility and scale!
How CNET (And Friends) Use the CNCF Landscape To Run High Traffic, Dynamic, Scalable, And Cost-Effective Websites. - Corey McGalliard, Red Ventures
Speakers: Corey McGalliard
CNET is no stranger to the world of containers; having been an early adopter of Docker Swarm, we've been using containers for many years! Recently, we migrated our workloads to Kubernetes, and the CNCF ecosystem has been a core component of our tech stack. As we started our application modernization initiative, we quickly realized by utilizing tools like Prometheus, Cert-Manager, External DNS, Traefik Ingress controller, Open Policy Agent, and others, we could give our developers a robust environment. The Kubernetes-based platform is not only for Production but Development Environments as well. The consistency between environments has kept our error rates down and websites up! Let's look at the flexibility the open software platform has given our developers! Let's take a journey from the perspective of a requested change on the front door of the website! First, a Product Manager makes the request, then we can see how a developer makes the change to the codebase and how quickly we can give the product manager a sandboxed environment to validate the requested change. the whole process takes only a few minutes. All of this is possible using open technology and our cloud provider. Let us show you how these tools work together to accomplish this flexibility and scale!
- 7 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How SIG Release Cooks Trustworthy Artifacts From Raw Source Code - Carlos Panato & Adolfo García Veytia, Chainguard; Jeremy Rickard, Microsoft; Sascha Grunert, Red Hat
Speakers: Carlos Panato, Jeremy Rickard, Sascha Grunert, Adolfo García Veytia
Have you ever wondered how the Kubernetes source code is turned into artifacts for everyone to use? How do you know you can trust those artifacts? Have you heard about signing things and you're not sure how that fits in with Kubernetes? In this Kubernetes Special Interest Group (SIG) Release update, we will give a quick overview of SIG Release, highlight recent accomplishments, review our updated roadmap and discuss our continued efforts to move toward full SLSA (Supply-chain Levels for Software Artifacts) compliance. As part of this, we will deep dive into efforts to move all aspects of the build process and distribution to community controlled infrastructure and our efforts to expand artifact signing beyond just containers. Finally, we’ll talk about how attendees can become involved in SIG Release. These efforts are exciting and important, but we need your help! We’ll discuss how to contribute to SIG Release tooling, the Release Manager role, and discuss our contributor ladder.
How SIG Release Cooks Trustworthy Artifacts From Raw Source Code - Carlos Panato & Adolfo García Veytia, Chainguard; Jeremy Rickard, Microsoft; Sascha Grunert, Red Hat
Speakers: Carlos Panato, Jeremy Rickard, Sascha Grunert, Adolfo García Veytia
Have you ever wondered how the Kubernetes source code is turned into artifacts for everyone to use? How do you know you can trust those artifacts? Have you heard about signing things and you're not sure how that fits in with Kubernetes? In this Kubernetes Special Interest Group (SIG) Release update, we will give a quick overview of SIG Release, highlight recent accomplishments, review our updated roadmap and discuss our continued efforts to move toward full SLSA (Supply-chain Levels for Software Artifacts) compliance. As part of this, we will deep dive into efforts to move all aspects of the build process and distribution to community controlled infrastructure and our efforts to expand artifact signing beyond just containers. Finally, we’ll talk about how attendees can become involved in SIG Release. These efforts are exciting and important, but we need your help! We’ll discuss how to contribute to SIG Release tooling, the Release Manager role, and discuss our contributor ladder.
- 4 participants
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How To Build a Distributed System (And Should You?) - Rebecca Bilbro & Patrick Deziel, Rotational Labs
In this talk, we’ll tell the story of how we built our very own eventually consistent system which is currently deployed in production clusters across the US, Germany, and Singapore -- including all the mistakes we made along the way. We’ll walk through how we leveraged tools like gRPC, Kubernetes, LevelDB, and Prometheus to implement two new open source projects that serve as the heart of our system. We’ll also confess all the ways we messed up during the process — from struggling to debug protocol buffer errors, to tangling up send and receive goroutines, to reasoning about the phases of replication. It won’t all be pretty, but we hope you’ll benefit from the lessons we learned, including the most important lesson — that you *can* build your own distributed system. We’ll close out by talking about why rolling our own system (in spite of all the headaches and mistakes) made sense for our use case, and why it might also make sense for you. Attendees will walk away with a hearty introduction to distributed systems concepts, as well as a to-do list of things they can investigate in their own systems to determine how they might be able to reduce concurrency-related bugs and/or consistency-related costs, improve maintenance, and reach more daily active users around the world.
How To Build a Distributed System (And Should You?) - Rebecca Bilbro & Patrick Deziel, Rotational Labs
In this talk, we’ll tell the story of how we built our very own eventually consistent system which is currently deployed in production clusters across the US, Germany, and Singapore -- including all the mistakes we made along the way. We’ll walk through how we leveraged tools like gRPC, Kubernetes, LevelDB, and Prometheus to implement two new open source projects that serve as the heart of our system. We’ll also confess all the ways we messed up during the process — from struggling to debug protocol buffer errors, to tangling up send and receive goroutines, to reasoning about the phases of replication. It won’t all be pretty, but we hope you’ll benefit from the lessons we learned, including the most important lesson — that you *can* build your own distributed system. We’ll close out by talking about why rolling our own system (in spite of all the headaches and mistakes) made sense for our use case, and why it might also make sense for you. Attendees will walk away with a hearty introduction to distributed systems concepts, as well as a to-do list of things they can investigate in their own systems to determine how they might be able to reduce concurrency-related bugs and/or consistency-related costs, improve maintenance, and reach more daily active users around the world.
- 6 participants
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How To Handle Node Shutdown In Kubernetes - Xing Yang & Ashutosh Kumar, VMware
Speakers: Ashutosh Kumar, Xing Yang
Shutting down of a node is an inevitable event and it can be graceful or non graceful in a Kubernetes cluster. A node shutdown can be graceful only if it can be detected by the Kubelet ahead of the actual shutdown. A node shutdown may not be detected by the Kubelet due to a variety of reasons causing the shutdown to be non graceful. In the talk, Xing and Ashutosh will explain the graceful shutdown concepts and its impact on the running workloads including the systemd inhibitor locks mechanism and configuration settings. In Kubernetes v1.24, alpha support for handling non graceful shutdown is introduced which enables replacement pods for StatefulSets to be created successfully on a different running node which otherwise would be stuck. The talk will explain how to use the non graceful shutdown feature using taints and the future roadmap around making the feature more automated.
How To Handle Node Shutdown In Kubernetes - Xing Yang & Ashutosh Kumar, VMware
Speakers: Ashutosh Kumar, Xing Yang
Shutting down of a node is an inevitable event and it can be graceful or non graceful in a Kubernetes cluster. A node shutdown can be graceful only if it can be detected by the Kubelet ahead of the actual shutdown. A node shutdown may not be detected by the Kubelet due to a variety of reasons causing the shutdown to be non graceful. In the talk, Xing and Ashutosh will explain the graceful shutdown concepts and its impact on the running workloads including the systemd inhibitor locks mechanism and configuration settings. In Kubernetes v1.24, alpha support for handling non graceful shutdown is introduced which enables replacement pods for StatefulSets to be created successfully on a different running node which otherwise would be stuck. The talk will explain how to use the non graceful shutdown feature using taints and the future roadmap around making the feature more automated.
- 7 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How We Revolutionized Developer Experience With 3.5 Platform Engineers - Jessica Andersson, Kognic
Speakers: Jessica Andersson
As a small team there is a lot of leverage to be gained from using cloud native projects, but the task might seem daunting and something that you need to have a very large organisation to have any use of. This couldn’t be further from the truth! Join this case study and learn how Jessica and her team of three and a half Platform Engineers revolutionized the developer experience for 30 developers at Annotell with the help of cloud native projects.
How We Revolutionized Developer Experience With 3.5 Platform Engineers - Jessica Andersson, Kognic
Speakers: Jessica Andersson
As a small team there is a lot of leverage to be gained from using cloud native projects, but the task might seem daunting and something that you need to have a very large organisation to have any use of. This couldn’t be further from the truth! Join this case study and learn how Jessica and her team of three and a half Platform Engineers revolutionized the developer experience for 30 developers at Annotell with the help of cloud native projects.
- 1 participant
- 25 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How the Basics Of Kubernetes Auth Scale For Organizations - Leigh Capili, VMware
Speakers: Leigh Capili
Every day, someone new wants to deploy their cloud-native app... then it ends up running on Kubernetes! Suddenly, all sorts of people have questions about the app and need to make changes. Developers, SREs, Product Folks, and Organization Leaders all have different needs and levels of experience with the myriad of Kubernetes resources needed for an app, so how should platform teams give folks the access they need? This session will show how the basics of Kubernetes Role-Based Access Control (RBAC) compose together to create a flexible system that lets teams work together. Come learn about: - RBAC Basics - The Details of Identity - Common Misunderstandings - RBAC's Limitations - Auditing - Useful Patterns for Real-world Implementations This session will also include some fun, relatable Live Demos! Expect to leave better equipped to support the transparent, collaborative, self-service ownership of a DevOps culture.
How the Basics Of Kubernetes Auth Scale For Organizations - Leigh Capili, VMware
Speakers: Leigh Capili
Every day, someone new wants to deploy their cloud-native app... then it ends up running on Kubernetes! Suddenly, all sorts of people have questions about the app and need to make changes. Developers, SREs, Product Folks, and Organization Leaders all have different needs and levels of experience with the myriad of Kubernetes resources needed for an app, so how should platform teams give folks the access they need? This session will show how the basics of Kubernetes Role-Based Access Control (RBAC) compose together to create a flexible system that lets teams work together. Come learn about: - RBAC Basics - The Details of Identity - Common Misunderstandings - RBAC's Limitations - Auditing - Useful Patterns for Real-world Implementations This session will also include some fun, relatable Live Demos! Expect to leave better equipped to support the transparent, collaborative, self-service ownership of a DevOps culture.
- 1 participant
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How to Get Involved in CNCF Environmental Sustainability TAG - Marlow Weston, Intel & Huamin Chen, Red Hat
In September of 2022, the Environmental Sustainability Technical Advisory Group (TAG) was created within the CNCF. The charter was worked on by many members of the community with passion for minimizing carbon consumption. The TAG was created to advocate, develop, support, and help evaluate environmental sustainability initiatives within cloud native technologies.
Hear from the one of the TAG co-chairs and a community contributor on the CNCF community the TAG’s charter and scope, introduce ongoing and planned initiatives, and answer questions from the community.
In this session, we will discuss in detail the goals of the TAG, share how it will identify values and incentives for service providers to reduce their consumption and carbon footprint through cloud native tooling, and discuss how you can become involved.
How to Get Involved in CNCF Environmental Sustainability TAG - Marlow Weston, Intel & Huamin Chen, Red Hat
In September of 2022, the Environmental Sustainability Technical Advisory Group (TAG) was created within the CNCF. The charter was worked on by many members of the community with passion for minimizing carbon consumption. The TAG was created to advocate, develop, support, and help evaluate environmental sustainability initiatives within cloud native technologies.
Hear from the one of the TAG co-chairs and a community contributor on the CNCF community the TAG’s charter and scope, introduce ongoing and planned initiatives, and answer questions from the community.
In this session, we will discuss in detail the goals of the TAG, share how it will identify values and incentives for service providers to reduce their consumption and carbon footprint through cloud native tooling, and discuss how you can become involved.
- 2 participants
- 22 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Human-Friendly, Production-Ready Data Science Stack With Metaflow & Kubernetes - Savin Goyal, Outerbounds & Saravanan Balasubramanian, Intuit
Speakers: Saravanan Balasubramanian, Savin Goyal
There is a pressing need for tools and workflows that meet data scientists where they are. This is also a serious business need: How to enable an organization of data scientists, who are not software engineers by training, to build and deploy end-to-end machine learning workflows and applications independently.
In this talk, we discuss the problem space and the approach we took to solving it with Metaflow, the open-source framework we developed at Netflix, which now powers hundreds of business-critical ML projects at Netflix and other companies from bioinformatics and drones to real estate. We wanted to provide the best possible user experience for data scientists, allowing them to focus on parts they like (modeling using their favorite off-the-shelf libraries) while providing robust built-in solutions for the foundational infrastructure: data, compute, orchestration, and versioning.
In this talk, we will demo our latest work that builds on top of Kubernetes.
You will learn about - What to expect from a modern ML infrastructure stack. - Using tools such as Metaflow & Kubernetes to boost the productivity of your data science organization, based on lessons learned from Netflix and many other companies.
Human-Friendly, Production-Ready Data Science Stack With Metaflow & Kubernetes - Savin Goyal, Outerbounds & Saravanan Balasubramanian, Intuit
Speakers: Saravanan Balasubramanian, Savin Goyal
There is a pressing need for tools and workflows that meet data scientists where they are. This is also a serious business need: How to enable an organization of data scientists, who are not software engineers by training, to build and deploy end-to-end machine learning workflows and applications independently.
In this talk, we discuss the problem space and the approach we took to solving it with Metaflow, the open-source framework we developed at Netflix, which now powers hundreds of business-critical ML projects at Netflix and other companies from bioinformatics and drones to real estate. We wanted to provide the best possible user experience for data scientists, allowing them to focus on parts they like (modeling using their favorite off-the-shelf libraries) while providing robust built-in solutions for the foundational infrastructure: data, compute, orchestration, and versioning.
In this talk, we will demo our latest work that builds on top of Kubernetes.
You will learn about - What to expect from a modern ML infrastructure stack. - Using tools such as Metaflow & Kubernetes to boost the productivity of your data science organization, based on lessons learned from Netflix and many other companies.
- 3 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Implementing Private 5G Networks For Enterprises With Kubernetes - Amar Kapadia, Aarna Networks & Christian Huebner, Mirantis
Images of large scale telecommunications wireless networks built using big iron boxes come to mind for many when they hear the term 5G. We will introduce you to a new type of private network built using 5G technology that brings with it numerous benefits over existing wired and wireless networks commonly found in enterprise environments. We will then continue to show how Private 5G networks will be built using cloud native (containerized) network functions that are orchestrated by Kubernetes as opposed to the legacy way of using purpose-built appliances. In this talk, you will learn: * What are Private 5G networks * What are the benefits of a Private 5G network * What hardware and software components are required to build a Private 5G network * How can Kubernetes be used as the orchestration layer for the software components * What special requirements are imposed on Kubernetes to support networking traffic * The role of Linux Foundation Anuket in supporting these requirements
Implementing Private 5G Networks For Enterprises With Kubernetes - Amar Kapadia, Aarna Networks & Christian Huebner, Mirantis
Images of large scale telecommunications wireless networks built using big iron boxes come to mind for many when they hear the term 5G. We will introduce you to a new type of private network built using 5G technology that brings with it numerous benefits over existing wired and wireless networks commonly found in enterprise environments. We will then continue to show how Private 5G networks will be built using cloud native (containerized) network functions that are orchestrated by Kubernetes as opposed to the legacy way of using purpose-built appliances. In this talk, you will learn: * What are Private 5G networks * What are the benefits of a Private 5G network * What hardware and software components are required to build a Private 5G network * How can Kubernetes be used as the orchestration layer for the software components * What special requirements are imposed on Kubernetes to support networking traffic * The role of Linux Foundation Anuket in supporting these requirements
- 3 participants
- 31 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Improving Longhorn Performance With SPDK - Keith Lucas & David Ko, SUSE
Longhorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. The Longhorn team is working on a new data plane backend for block storage to improve performance. SPDK is an open source, high performance development kit for storage applications. Longhorn’s engine component is being rewritten to take advantage of SPDK’s architecture to improve the performance. SPDK will simplify the architecture of Longhorn and make it more scalable. This presentation will go over the new architecture, some preliminary performance data, and areas of future growth. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021.
Improving Longhorn Performance With SPDK - Keith Lucas & David Ko, SUSE
Longhorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. The Longhorn team is working on a new data plane backend for block storage to improve performance. SPDK is an open source, high performance development kit for storage applications. Longhorn’s engine component is being rewritten to take advantage of SPDK’s architecture to improve the performance. SPDK will simplify the architecture of Longhorn and make it more scalable. This presentation will go over the new architecture, some preliminary performance data, and areas of future growth. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021.
- 3 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Improving User Experience For Device Consumption In Kubernetes - Alexander Kanevskiy & Patrick Ohly, Intel & Kate Goldenring, Fermyon
Speakers: Patrick Ohly, Alexander Kanevskiy, Kate Goldenring
Kubernetes is powerfully declarative with YAML being the UX to request all that a workload needs. Kubernetes has tried to maintain this defining characteristic even as scenarios continue to expand. The device plugin interface was introduced to Kubernetes back in v1.10 to enable requesting and reserving static hardware for workloads, such as GPUs for ML applications. What about other devices used by workloads? This talk will cover several stories of how different types of the devices can be used in Kubernetes clusters: - From traditional datacenters to small IoT centric devices. - From exclusively accessed to shared devices. - From local stateless devices to network attached devices. - From simple single-purpose devices to pipelines of devices. All these scenarios require both a simple yet flexible UX for users to request a variety of devices with various properties. Alexander and Kate will discuss projects and proposals in the Kubernetes ecosystem that are working towards this goal of connecting devices and workloads. They will also discuss how to get involved in this evolution to let workloads be utterly materialistic. Whatever the app needs, it shall get.
Improving User Experience For Device Consumption In Kubernetes - Alexander Kanevskiy & Patrick Ohly, Intel & Kate Goldenring, Fermyon
Speakers: Patrick Ohly, Alexander Kanevskiy, Kate Goldenring
Kubernetes is powerfully declarative with YAML being the UX to request all that a workload needs. Kubernetes has tried to maintain this defining characteristic even as scenarios continue to expand. The device plugin interface was introduced to Kubernetes back in v1.10 to enable requesting and reserving static hardware for workloads, such as GPUs for ML applications. What about other devices used by workloads? This talk will cover several stories of how different types of the devices can be used in Kubernetes clusters: - From traditional datacenters to small IoT centric devices. - From exclusively accessed to shared devices. - From local stateless devices to network attached devices. - From simple single-purpose devices to pipelines of devices. All these scenarios require both a simple yet flexible UX for users to request a variety of devices with various properties. Alexander and Kate will discuss projects and proposals in the Kubernetes ecosystem that are working towards this goal of connecting devices and workloads. They will also discuss how to get involved in this evolution to let workloads be utterly materialistic. Whatever the app needs, it shall get.
- 3 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Inclusive, Accessible Tech: Bias-Free Language In Code And Configurations - Anne Gentle, Cisco
Speakers: Anne Gentle
Heard of suss? You can suss out more information or you can find someone's information to be suss. "Suss" shows the flexibility of language. It’s an ongoing process to change how we use certain words. It's important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let's explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let's walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let's examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What's in the future for these efforts? Inclusive language should expand beyond English and North American-centered efforts. To do so, let's organize the work with automation tooling, as engineers do.
Inclusive, Accessible Tech: Bias-Free Language In Code And Configurations - Anne Gentle, Cisco
Speakers: Anne Gentle
Heard of suss? You can suss out more information or you can find someone's information to be suss. "Suss" shows the flexibility of language. It’s an ongoing process to change how we use certain words. It's important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let's explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let's walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let's examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What's in the future for these efforts? Inclusive language should expand beyond English and North American-centered efforts. To do so, let's organize the work with automation tooling, as engineers do.
- 4 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
It’s Complicated: Relationships Between Objects In OCI Registries - Josh Dolitsky, Chainguard & Sajay Antony, Microsoft
Speakers: Josh Dolitsky, Sajay Antony
The limitations of the current OCI spec are causing people to come up with all sorts of wild hacks to connect objects in a registry. For example, tools like cosign push image signatures to the registry using a long, cryptic tag suffixed with “.sig”. There must be a better way! To solve this issue, all of the major registries have come together to form the OCI Reference Types Working Group. This group has been tasked with determining how to describe and query relationships between objects stored in an OCI registry. This means potential changes to the registry HTTP API (distribution-spec) and/or associated JSON schema (image-spec). Josh and Sajay will describe the ways in which the OCI plans to address these topics with backwards compatibility in mind. Beyond the technical details, hear about various challenges and techniques used within the working group to successfully bring people together to agree on changes to a critical spec that hasn’t been modified for years.
It’s Complicated: Relationships Between Objects In OCI Registries - Josh Dolitsky, Chainguard & Sajay Antony, Microsoft
Speakers: Josh Dolitsky, Sajay Antony
The limitations of the current OCI spec are causing people to come up with all sorts of wild hacks to connect objects in a registry. For example, tools like cosign push image signatures to the registry using a long, cryptic tag suffixed with “.sig”. There must be a better way! To solve this issue, all of the major registries have come together to form the OCI Reference Types Working Group. This group has been tasked with determining how to describe and query relationships between objects stored in an OCI registry. This means potential changes to the registry HTTP API (distribution-spec) and/or associated JSON schema (image-spec). Josh and Sajay will describe the ways in which the OCI plans to address these topics with backwards compatibility in mind. Beyond the technical details, hear about various challenges and techniques used within the working group to successfully bring people together to agree on changes to a critical spec that hasn’t been modified for years.
- 2 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KEDA - Real Time And Serverless Scaling In Kubernetes - Zbynek Roubalik, Red Hat & Jeff Hollan, Snowflake
Event driven architectures are exploding in popularity, often coupled with the desire to make them real time. These applications enable us to design and develop scalable, distributed, and flexible systems. Kubernetes brings flexibility and a distributed platform, but it doesn't provide any built-in way to deal with event-driven scaling properly and in real time. KEDA is one of the fastest growing CNCF projects that solved these needs. Scaling based on CPU and/or memory usage doesn’t fit well with event-driven processes. Current autoscaling solutions are usually complex, and their scope is too attached to a specific provider. KEDA provides a simple way to gather the metrics from external sources (such as queues, streams, databases) and translates them into Kubernetes metrics to drive event-driven autoscaling. During this session, two of the current KEDA maintainers and creators will introduce KEDA: what it is, how it works (with demos), and discuss future development plans.
KEDA - Real Time And Serverless Scaling In Kubernetes - Zbynek Roubalik, Red Hat & Jeff Hollan, Snowflake
Event driven architectures are exploding in popularity, often coupled with the desire to make them real time. These applications enable us to design and develop scalable, distributed, and flexible systems. Kubernetes brings flexibility and a distributed platform, but it doesn't provide any built-in way to deal with event-driven scaling properly and in real time. KEDA is one of the fastest growing CNCF projects that solved these needs. Scaling based on CPU and/or memory usage doesn’t fit well with event-driven processes. Current autoscaling solutions are usually complex, and their scope is too attached to a specific provider. KEDA provides a simple way to gather the metrics from external sources (such as queues, streams, databases) and translates them into Kubernetes metrics to drive event-driven autoscaling. During this session, two of the current KEDA maintainers and creators will introduce KEDA: what it is, how it works (with demos), and discuss future development plans.
- 5 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kcp: Towards 1,000,000 Clusters, Name^WWorkspaced CRDs - Stefan Schimanski, Red Hat
Speakers: Stefan Schimanski
In 2014, namespaces were added to Kubernetes. Many tried to implement multi-tenancy on-top, with limited success. What if namespaces are just the wrong tool, and we better invest into cluster-like isolation called workspaces, built deeply into the apiserver. The kcp project explors Kubernetes - with logical cluster support to implement workspaces - with ability to scale horizontally via sharding, towards 1,000,000 clusters - with novel API service models disrupting CRDs. In contrast to other projects like vcluster or OpenClusterManager, kcp challenges years old decisions in Kubernetes by going deep into API-Machinery and apiserver. Strategically, we reduce the size of clusters to those of namespaces, and by that open up the space between workspaces for innovation, while within a workspace kcp is just Kubernetes. Outline: 1. from namespaces to workspaces 2. APIExport and APIBindings, identity based security 3. scaling up kcp to 1,000,000 workspaces.
Kcp: Towards 1,000,000 Clusters, Name^WWorkspaced CRDs - Stefan Schimanski, Red Hat
Speakers: Stefan Schimanski
In 2014, namespaces were added to Kubernetes. Many tried to implement multi-tenancy on-top, with limited success. What if namespaces are just the wrong tool, and we better invest into cluster-like isolation called workspaces, built deeply into the apiserver. The kcp project explors Kubernetes - with logical cluster support to implement workspaces - with ability to scale horizontally via sharding, towards 1,000,000 clusters - with novel API service models disrupting CRDs. In contrast to other projects like vcluster or OpenClusterManager, kcp challenges years old decisions in Kubernetes by going deep into API-Machinery and apiserver. Strategically, we reduce the size of clusters to those of namespaces, and by that open up the space between workspaces for innovation, while within a workspace kcp is just Kubernetes. Outline: 1. from namespaces to workspaces 2. APIExport and APIBindings, identity based security 3. scaling up kcp to 1,000,000 workspaces.
- 7 participants
- 41 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: A Cloud Native Swiss Knife - Ricardo Rocha, Computing Engineer, CERN
Speakers: Ricardo Rocha
Dealing with cloud native deployments can be challenging at first. Knowing and having the right tool for each task can make all the difference, ideally conveniently stored in a close by pocket.
In this session Ricardo will present what could be a cloud native swiss knife. A set of tools and functionalities he wishes he knew existed from the start, as well as others the community introduced later on which have significantly improved the daily life of developers and operators.
Keynote: A Cloud Native Swiss Knife - Ricardo Rocha, Computing Engineer, CERN
Speakers: Ricardo Rocha
Dealing with cloud native deployments can be challenging at first. Knowing and having the right tool for each task can make all the difference, ideally conveniently stored in a close by pocket.
In this session Ricardo will present what could be a cloud native swiss knife. A set of tools and functionalities he wishes he knew existed from the start, as well as others the community introduced later on which have significantly improved the daily life of developers and operators.
- 1 participant
- 17 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: CI/CD Isn't Reserved for Software! - Erin Boyd, Distinguished Engineer + Director of Emerging Technologies, Red Hat & Matt Farina, Distinguished Engineer, SUSE
Speakers: Erin Boyd, Matt Farina
With more than 125 CNCF projects with various levels of maturity, the TOC is continuously evolving to meet the scale of project adoption and provide value to the cloud native community.This keynote will focus on how we are executing on our strategic objectives outlined in Valencia to improve the way we serve this community.
Keynote: CI/CD Isn't Reserved for Software! - Erin Boyd, Distinguished Engineer + Director of Emerging Technologies, Red Hat & Matt Farina, Distinguished Engineer, SUSE
Speakers: Erin Boyd, Matt Farina
With more than 125 CNCF projects with various levels of maturity, the TOC is continuously evolving to meet the scale of project adoption and provide value to the cloud native community.This keynote will focus on how we are executing on our strategic objectives outlined in Valencia to improve the way we serve this community.
- 2 participants
- 15 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: CNCF Project Updates Continued - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
Keynote: CNCF Project Updates Continued - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
- 3 participants
- 12 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: From Silicon to Serverless: A Full Stack Journey - Cathy Zhang, Senior Principal Engineer, Intel
Speakers: Cathy Zhang
The cloud native journey starts with silicon and ends with delivered applications. In this talk, Cathy Zhang will walk us through everything from cores to cloud.
Keynote: From Silicon to Serverless: A Full Stack Journey - Cathy Zhang, Senior Principal Engineer, Intel
Speakers: Cathy Zhang
The cloud native journey starts with silicon and ends with delivered applications. In this talk, Cathy Zhang will walk us through everything from cores to cloud.
- 1 participant
- 6 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Kubernetes Project Updates - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
Keynote: Kubernetes Project Updates - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
- 3 participants
- 6 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: What a RUSH! Let’s Deploy Straight to Production! - Whitney Lee, Staff Technical Advocate & Mauricio Salatino, Staff Engineer, VMware
Speakers: Mauricio Salatino, Whitney Lee
Feel the adrenaline of deploying to production during business hours! Join as Whitney and Mauricio discuss how to empower application teams to be happily productive, and to enable them continuously deliver value to end users. Learn how a platform built on top of Kubernetes can facilitate the creation and consumption of complex infrastructure, so that developers can have the tools that they need at the moment that they need them. By understanding best practices around platform engineering and how a platform team can provide a beautiful developer experience, you can pave the path to production for the entire organization.
Watch a live demo showing tools including CNCF projects Crossplane, Helm, VCluster, Knative, and ArgoCD to gain a practical understanding of how to adopt, integrate and glue different tools together to build a platform that your application development teams will love.
Keynote: What a RUSH! Let’s Deploy Straight to Production! - Whitney Lee, Staff Technical Advocate & Mauricio Salatino, Staff Engineer, VMware
Speakers: Mauricio Salatino, Whitney Lee
Feel the adrenaline of deploying to production during business hours! Join as Whitney and Mauricio discuss how to empower application teams to be happily productive, and to enable them continuously deliver value to end users. Learn how a platform built on top of Kubernetes can facilitate the creation and consumption of complex infrastructure, so that developers can have the tools that they need at the moment that they need them. By understanding best practices around platform engineering and how a platform team can provide a beautiful developer experience, you can pave the path to production for the entire organization.
Watch a live demo showing tools including CNCF projects Crossplane, Helm, VCluster, Knative, and ArgoCD to gain a practical understanding of how to adopt, integrate and glue different tools together to build a platform that your application development teams will love.
- 2 participants
- 16 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
KubeEdge: From Fixed Location To Movable Edge, Latest Updates And Future - Zefeng (Kevin) Wang, Huawei & Yin Ding, Google
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since last met, KubeEdge has made big progress on user adoption, community development, cross-community collaborations. In this talk, Kevin and Yin will cover: 1. latest user adoptions in several new industries, including: cloud native satellite, smart vehicles, offshore oil fields, etc; 2. development updates, including: significant scalability improvement, brand new device mapping interface, 3. Project roadmap, TSC, SIG and subproject updates. 4. Community Security updates including: security audit report, threat model and security protection analysis. 5. Useful informations on how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
KubeEdge: From Fixed Location To Movable Edge, Latest Updates And Future - Zefeng (Kevin) Wang, Huawei & Yin Ding, Google
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since last met, KubeEdge has made big progress on user adoption, community development, cross-community collaborations. In this talk, Kevin and Yin will cover: 1. latest user adoptions in several new industries, including: cloud native satellite, smart vehicles, offshore oil fields, etc; 2. development updates, including: significant scalability improvement, brand new device mapping interface, 3. Project roadmap, TSC, SIG and subproject updates. 4. Community Security updates including: security audit report, threat model and security protection analysis. 5. Useful informations on how new contributors to get involved. There will be an open Q&A for attendees to ask questions.
- 1 participant
- 22 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernet-Bees: How Bees Solve Problems Of Distributed Systems - Simon Emms & Christian Weichel, Gitpod
Speakers: Christian Weichel, Simon Emms
Many CNCF participants use bees as logos (e.g. eBPF, Cilium, GiantSwam, Honeycomb). This is no coincidence; the two worlds have more in common than you might think. Honey bees are social animals which operate as a distributed system. As experienced beekeepers and cloud-native engineers, the similarities between bees and Kubernetes are fascinating. Bee hives autoscale, self-heal, have message passing mechanisms, service discovery, and RBAC. For bee colonies, these are fundamental processes which must be cost-effective. This talk is an introduction to the fascinating world of honey bees, explains how bees have solved problems we face on a daily basis as Kubernetes users and gives an outlook on features that are missing from Kubernetes which bees support today.
Kubernet-Bees: How Bees Solve Problems Of Distributed Systems - Simon Emms & Christian Weichel, Gitpod
Speakers: Christian Weichel, Simon Emms
Many CNCF participants use bees as logos (e.g. eBPF, Cilium, GiantSwam, Honeycomb). This is no coincidence; the two worlds have more in common than you might think. Honey bees are social animals which operate as a distributed system. As experienced beekeepers and cloud-native engineers, the similarities between bees and Kubernetes are fascinating. Bee hives autoscale, self-heal, have message passing mechanisms, service discovery, and RBAC. For bee colonies, these are fundamental processes which must be cost-effective. This talk is an introduction to the fascinating world of honey bees, explains how bees have solved problems we face on a daily basis as Kubernetes users and gives an outlook on features that are missing from Kubernetes which bees support today.
- 5 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google
Speakers: Xiangqian Yu
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google
Speakers: Xiangqian Yu
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
- 2 participants
- 30 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes For GPU Powered Machine Learning Workloads In Academia - Camille Rodriguez, Canonical & John-Paul Robinson, University of Alabama at Birmingham
Speakers: John-Paul Robinson, Camille Rodriguez
This talk aims to inform the architects and users of Kubernetes, as well as teams planning to transition for Kubernetes for research purposes, how we designed a high-performing Kubernetes cluster specifically geared towards machine learning and AI workloads. On the architectural side, the use of NVIDIA DGX A100 machines provides unprecedented compute density and performance for those workloads. Those nodes are integrated to the cluster with open-source software. We will also cover our challenges & successes in integrating to other components, such as external CEPH storage, gitlab registry and runners, and SAML authentication. The University of Alabama at Birmingham team will cover how they leverage container-enabled GPUs for their research and development workloads. Research workloads increasingly demand access to ad hoc, GPU-enable compute capacity, with complex software environments to power cloud-native workflows. K8s helps address needs ranging from regular ML training runs to supporting software development via CI pipelines.
Kubernetes For GPU Powered Machine Learning Workloads In Academia - Camille Rodriguez, Canonical & John-Paul Robinson, University of Alabama at Birmingham
Speakers: John-Paul Robinson, Camille Rodriguez
This talk aims to inform the architects and users of Kubernetes, as well as teams planning to transition for Kubernetes for research purposes, how we designed a high-performing Kubernetes cluster specifically geared towards machine learning and AI workloads. On the architectural side, the use of NVIDIA DGX A100 machines provides unprecedented compute density and performance for those workloads. Those nodes are integrated to the cluster with open-source software. We will also cover our challenges & successes in integrating to other components, such as external CEPH storage, gitlab registry and runners, and SAML authentication. The University of Alabama at Birmingham team will cover how they leverage container-enabled GPUs for their research and development workloads. Research workloads increasingly demand access to ad hoc, GPU-enable compute capacity, with complex software environments to power cloud-native workflows. K8s helps address needs ranging from regular ML training runs to supporting software development via CI pipelines.
- 6 participants
- 31 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes On the Edge With K3s For a Smart Metering Use Case - Harry Lee, Melio AI
Speakers: Harry Lee
Running Kubernetes in the cloud is a common use case. You can make use of all the features that hyperscalers have to offer: resiliency, scalability, load-balancing etc. But what if you only have a single machine sitting on-premise that lacks consistent internet access? Should you still use Kubernetes? Our client has embarked on a journey to build a smart energy metering solution for remote industrial plants. The solution aggregates data produced by IoT measurement devices to a central point on site before sending the data to the cloud. The challenge for us, of course, is the design of this central aggregation point on site. This talk describes how we analysed the requirements to decide on using Kubernetes (K3s) as a central aggregation point on site. We will go through the why of the design and how we have also incorporated other CNCF projects (Prometheus, Helm, Cert-manager and Longhorn) into the final solution.
Kubernetes On the Edge With K3s For a Smart Metering Use Case - Harry Lee, Melio AI
Speakers: Harry Lee
Running Kubernetes in the cloud is a common use case. You can make use of all the features that hyperscalers have to offer: resiliency, scalability, load-balancing etc. But what if you only have a single machine sitting on-premise that lacks consistent internet access? Should you still use Kubernetes? Our client has embarked on a journey to build a smart energy metering solution for remote industrial plants. The solution aggregates data produced by IoT measurement devices to a central point on site before sending the data to the cloud. The challenge for us, of course, is the design of this central aggregation point on site. This talk describes how we analysed the requirements to decide on using Kubernetes (K3s) as a central aggregation point on site. We will go through the why of the design and how we have also incorporated other CNCF projects (Prometheus, Helm, Cert-manager and Longhorn) into the final solution.
- 5 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Policy, Governance, And Compliance: A WG Policy Update - Jim Bugwadia, Nirmata; Anca Sailer, IBM Research; Jayashree Ramanathan, Red Hat; Robert Ficcaglia, Sunstone Secure
Speakers: Jim Bugwadia, Jayashree Ramanathan, Anca Sailer, Robert Ficcaglia
Kubernetes policies can help simplify management particularly of multiple clusters, scale Day 2 operations, and automate security and resiliency and software engineering concerns, thereby optimizing cost of operations. Policies also serve as the building block to help enforce multi-cluster governance and deliver continuous compliance and readiness for audits. The Kubernetes Policy Working Group (WG) focuses on defining overall architecture recommendations and guidance on both current policy related implementations as well as future policy related proposals in Kubernetes. Join this session to find out about the working groups current and upcoming projects, and also learn how you can get involved to learn and contribute.
Kubernetes Policy, Governance, And Compliance: A WG Policy Update - Jim Bugwadia, Nirmata; Anca Sailer, IBM Research; Jayashree Ramanathan, Red Hat; Robert Ficcaglia, Sunstone Secure
Speakers: Jim Bugwadia, Jayashree Ramanathan, Anca Sailer, Robert Ficcaglia
Kubernetes policies can help simplify management particularly of multiple clusters, scale Day 2 operations, and automate security and resiliency and software engineering concerns, thereby optimizing cost of operations. Policies also serve as the building block to help enforce multi-cluster governance and deliver continuous compliance and readiness for audits. The Kubernetes Policy Working Group (WG) focuses on defining overall architecture recommendations and guidance on both current policy related implementations as well as future policy related proposals in Kubernetes. Join this session to find out about the working groups current and upcoming projects, and also learn how you can get involved to learn and contribute.
- 5 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG CLI: Intro And Updates - Eddie Zaneski, Chainguard; Katrina Verey, Shopify; Sean Sullivan, Google
Speakers: Sean Sullivan, Katrina Verey, Eddie Zaneski
SIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work done over the past year and an introduction to the kuberc KEP for defining user preferences. The session will conclude with Q&A.
Kubernetes SIG CLI: Intro And Updates - Eddie Zaneski, Chainguard; Katrina Verey, Shopify; Sean Sullivan, Google
Speakers: Sean Sullivan, Katrina Verey, Eddie Zaneski
SIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work done over the past year and an introduction to the kuberc KEP for defining user preferences. The session will conclude with Q&A.
- 5 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Storage Deep Dive - Xing Yang, VMware & Mauricio Poppe, Google
Speakers: Xing Yang, Mauricio Poppe
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
Kubernetes SIG Storage Deep Dive - Xing Yang, VMware & Mauricio Poppe, Google
Speakers: Xing Yang, Mauricio Poppe
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
- 3 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Steering Committee AMA - Moderated by Christoph Blecker, Red Hat
Speakers: Bob Killen, Nabarun Pal, Benjamin Elder, Tim Pepper, Christoph Blecker, Stephen Augustus
The steering committee is tasked with decision-making and oversight with all things related to Kubernetes. This panel discussion is a chance for some navel gazing on where we are today, what got us here and where we are headed to next. This will also be a chance for the steering committee to meet face to face with their constituents in the community and wider ecosystem. https://github.com/kubernetes/steering
Kubernetes Steering Committee AMA - Moderated by Christoph Blecker, Red Hat
Speakers: Bob Killen, Nabarun Pal, Benjamin Elder, Tim Pepper, Christoph Blecker, Stephen Augustus
The steering committee is tasked with decision-making and oversight with all things related to Kubernetes. This panel discussion is a chance for some navel gazing on where we are today, what got us here and where we are headed to next. This will also be a chance for the steering committee to meet face to face with their constituents in the community and wider ecosystem. https://github.com/kubernetes/steering
- 10 participants
- 39 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes to Cloud Attack Vectors: Demos Inside - Danny Hershko Shemesh & Alon Schindel, Wiz
Cloud service providers are constantly enhancing and releasing new capabilities to provide the best managed Kubernetes experience, intertwining cloud-specific capabilities within, to ease integrations and reduce friction. This talk is about the fine line between your managed Kubernetes cluster and its underlying Cloud environment, and how intertwining cloud-specific capabilities within the managed Kubernetes services introduces potential attack vectors and lateral movement paths – from Kubernetes outwards, or from the cloud inwards. This talk is demo-driven, we'll demonstrates several scenarios where an attacker can gain a foothold in a Kubernetes cluster and move laterally in order to compromise other cloud resources outside the cluster, or alternatively, gaining access to a cloud resource with the intent of compromising resources within a cluster. This talk also covers some of the best practices for configurations and standards to adopt in EKS, AKS and GKE to secure them from cluster-to-cloud or cloud-to-cluster attacks.
Kubernetes to Cloud Attack Vectors: Demos Inside - Danny Hershko Shemesh & Alon Schindel, Wiz
Cloud service providers are constantly enhancing and releasing new capabilities to provide the best managed Kubernetes experience, intertwining cloud-specific capabilities within, to ease integrations and reduce friction. This talk is about the fine line between your managed Kubernetes cluster and its underlying Cloud environment, and how intertwining cloud-specific capabilities within the managed Kubernetes services introduces potential attack vectors and lateral movement paths – from Kubernetes outwards, or from the cloud inwards. This talk is demo-driven, we'll demonstrates several scenarios where an attacker can gain a foothold in a Kubernetes cluster and move laterally in order to compromise other cloud resources outside the cluster, or alternatively, gaining access to a cloud resource with the intent of compromising resources within a cluster. This talk also covers some of the best practices for configurations and standards to adopt in EKS, AKS and GKE to secure them from cluster-to-cloud or cloud-to-cluster attacks.
- 4 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kyverno Introduction And Overview - Chip Zoller & Dolis Sharma, Nirmata
Speakers: Chip Zoller, Dolis Sharma
Kyverno is a Kubernetes-native policy engine which allows for validation, mutation, generation, and software supply chain security use cases all without requiring knowledge of a programming language. In this session, we will introduce you to Kyverno and explain and demonstrate in detail all of its capabilities. We will also share future roadmap plans, how you can get involved in the community, and provide all the resources you need to start solving your use cases. Kyverno was accepted as a CNCF Incubation project in June 2022.
Kyverno Introduction And Overview - Chip Zoller & Dolis Sharma, Nirmata
Speakers: Chip Zoller, Dolis Sharma
Kyverno is a Kubernetes-native policy engine which allows for validation, mutation, generation, and software supply chain security use cases all without requiring knowledge of a programming language. In this session, we will introduce you to Kyverno and explain and demonstrate in detail all of its capabilities. We will also share future roadmap plans, how you can get involved in the community, and provide all the resources you need to start solving your use cases. Kyverno was accepted as a CNCF Incubation project in June 2022.
- 8 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Learn About Helm And Its Ecosystem - Andrew Block & Karena Angell, Red Hat; Matt Farina, SUSE; Scott Rigby, Weaveworks
Speakers: Matt Farina, Karena Angell, Scott Rigby, Andrew Block
Helm, the package manager for Kubernetes, isn't just a mature graduated CNCF project. It's a package manager with an ecosystem surrounding it that makes life better for those building and using Kubernetes packages. In this session you'll get a short introduction to Helm itself. From there we'll take a journey down two paths. One path will look at the ecosystem around building packages. This will include tools and processes to help you with that. On the other path we'll look at using Helm and its packages in your clusters. This will explore Helm and the various projects around it that you may want to use. When this session is done you'll have a good grasp on what Helm is and where you can get started using it.
Learn About Helm And Its Ecosystem - Andrew Block & Karena Angell, Red Hat; Matt Farina, SUSE; Scott Rigby, Weaveworks
Speakers: Matt Farina, Karena Angell, Scott Rigby, Andrew Block
Helm, the package manager for Kubernetes, isn't just a mature graduated CNCF project. It's a package manager with an ecosystem surrounding it that makes life better for those building and using Kubernetes packages. In this session you'll get a short introduction to Helm itself. From there we'll take a journey down two paths. One path will look at the ecosystem around building packages. This will include tools and processes to help you with that. On the other path we'll look at using Helm and its packages in your clusters. This will explore Helm and the various projects around it that you may want to use. When this session is done you'll have a good grasp on what Helm is and where you can get started using it.
- 4 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Like Peas And Carrots: Argo CD And Crossplane For Infrastructure Management - Jesse Suen, Akuity & Viktor Farcic, Upbound
Kubernetes adopters have realized the benefits of declarative APIs and the ability to leverage modern deployment practices such as GitOps for safe and repeatable application delivery. These teams naturally wish to apply these same processes and tools to manage infrastructure deployments. The Crossplane project extends Kubernetes to enable the provisioning of cloud infrastructure. Combined with Argo CD, they become a powerful infrastructure management dashboard. This talk covers the benefits of using Kubernetes as a control plane of your cloud infrastructure over Terraform and CloudFormation, such as native RBAC and seamless integration with other cloud-native tools. See how Akuity uses Argo CD and Crossplane to manage its production AWS infrastructure. Learn to leverage advanced Argo CD features (health checks, resource actions, extensions) to get the most out of your Crossplane installation. Implement best practices recommended directly from the project maintainers Upbound and Akuity.
Like Peas And Carrots: Argo CD And Crossplane For Infrastructure Management - Jesse Suen, Akuity & Viktor Farcic, Upbound
Kubernetes adopters have realized the benefits of declarative APIs and the ability to leverage modern deployment practices such as GitOps for safe and repeatable application delivery. These teams naturally wish to apply these same processes and tools to manage infrastructure deployments. The Crossplane project extends Kubernetes to enable the provisioning of cloud infrastructure. Combined with Argo CD, they become a powerful infrastructure management dashboard. This talk covers the benefits of using Kubernetes as a control plane of your cloud infrastructure over Terraform and CloudFormation, such as native RBAC and seamless integration with other cloud-native tools. See how Akuity uses Argo CD and Crossplane to manage its production AWS infrastructure. Learn to leverage advanced Argo CD features (health checks, resource actions, extensions) to get the most out of your Crossplane installation. Implement best practices recommended directly from the project maintainers Upbound and Akuity.
- 3 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Longhorn: Intro, Deep Dive And Q+A - David Ko & Joshua Moody, SUSE
Speakers: David Ko, Joshua Moody
Longhorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. In this talk, there will be several parts to have an introduction of Longhorn and have deep-dive discussions to talk about the technical details, the recent release, and future plans. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021.
Longhorn: Intro, Deep Dive And Q+A - David Ko & Joshua Moody, SUSE
Speakers: David Ko, Joshua Moody
Longhorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. In this talk, there will be several parts to have an introduction of Longhorn and have deep-dive discussions to talk about the technical details, the recent release, and future plans. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021.
- 4 participants
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Mentor-Mentee Framework To Build the Next Generation Of Cloud Native - Kunal Kushwaha & Mark Boost, Civo
Speakers: Kunal Kushwaha, Mark Boost
The CNCF Students community has been around for a few months now. There have been various initiatives by the CNCF to get more young folks involved in the ecosystem. Some of the challenges faced by the community include finding contributors willing to get involved for a more extended period. In this talk, Kunal and Mark will cover a framework that proves mentor-mentee interactions to be productive in the long run. They’ve decided to share the learnings that led Kunal, a student, to start the CNCF Students community and scale it to thousands; student track at KubeCon with the help of mentors in the CNCF. Mark will share his experience and insights regarding being a great mentor to upskill the next generation. The talk starts with what the mentee is looking to accomplish from having a mentor and how they can find one in the CNCF community. Then, the framework will cover topics such as setting goals, asking the right questions, reviewing progress, assigning tasks to create a roadmap, and more, including advice for both mentors and mentees to make the most out of their journey. Last but not least, how contributors and students mentored can pay it forward to keep the cycle going.
Mentor-Mentee Framework To Build the Next Generation Of Cloud Native - Kunal Kushwaha & Mark Boost, Civo
Speakers: Kunal Kushwaha, Mark Boost
The CNCF Students community has been around for a few months now. There have been various initiatives by the CNCF to get more young folks involved in the ecosystem. Some of the challenges faced by the community include finding contributors willing to get involved for a more extended period. In this talk, Kunal and Mark will cover a framework that proves mentor-mentee interactions to be productive in the long run. They’ve decided to share the learnings that led Kunal, a student, to start the CNCF Students community and scale it to thousands; student track at KubeCon with the help of mentors in the CNCF. Mark will share his experience and insights regarding being a great mentor to upskill the next generation. The talk starts with what the mentee is looking to accomplish from having a mentor and how they can find one in the CNCF community. Then, the framework will cover topics such as setting goals, asking the right questions, reviewing progress, assigning tasks to create a roadmap, and more, including advice for both mentors and mentees to make the most out of their journey. Last but not least, how contributors and students mentored can pay it forward to keep the cycle going.
- 5 participants
- 29 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Mentoring WG And You - Nate Waddington, The Linux Foundation & Jay Tihema, II.com
Most CNCF projects want to participate in new contributor mentoring programs, but it's hard to get started -- and it's even harder to be successful. Meet the new Mentoring Working Group, who will help you with information, resources, and peer coaching. We'll also be introducing an exciting new program. LFX, GSOC, Outreach, and others let you grow and diversity project contributors through mentoring. We'll talk about the existing programs, how you can get involved, and ways to minimize the work involved. We'll also review how you can help build up the Mentorship WG to assist all CNCF projects, mentors, and mentees. We'll also introduce a new regional program, He Waka Eke Noa/HWEN, which is helping New Zealand and Maori students get involved in cloud native without leaving home. This program can serve as a model for new ways to recruit non-traditional contributors. You'll learn what you need to get started or become more successful in your project mentorship efforts.
Mentoring WG And You - Nate Waddington, The Linux Foundation & Jay Tihema, II.com
Most CNCF projects want to participate in new contributor mentoring programs, but it's hard to get started -- and it's even harder to be successful. Meet the new Mentoring Working Group, who will help you with information, resources, and peer coaching. We'll also be introducing an exciting new program. LFX, GSOC, Outreach, and others let you grow and diversity project contributors through mentoring. We'll talk about the existing programs, how you can get involved, and ways to minimize the work involved. We'll also review how you can help build up the Mentorship WG to assist all CNCF projects, mentors, and mentees. We'll also introduce a new regional program, He Waka Eke Noa/HWEN, which is helping New Zealand and Maori students get involved in cloud native without leaving home. This program can serve as a model for new ways to recruit non-traditional contributors. You'll learn what you need to get started or become more successful in your project mentorship efforts.
- 7 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Migrating From Single-Node Kubernetes Control Plane To HA In Production - Cong Yue & David Oppenheimer, Databricks
Databricks adopted Kubernetes in 2016, before highly available (HA) Kubernetes control plane deployments were common. As a result, we built our self-managed Kubernetes clusters using a single-node control plane in AWS, and then later also on Azure and GCP. Recently we migrated these production clusters to use a multi-node control plane, which provides higher reliability and enables us to upgrade Kubernetes versions more safely and therefore faster across the fleet. In this talk we describe the architecture we chose for our HA control plane, how we safely migrated a fleet of clusters from a single-node control plane to HA without affecting workloads in production, and how we adapted some of our Day 2 operations to accomodate multi-node control plane.
Migrating From Single-Node Kubernetes Control Plane To HA In Production - Cong Yue & David Oppenheimer, Databricks
Databricks adopted Kubernetes in 2016, before highly available (HA) Kubernetes control plane deployments were common. As a result, we built our self-managed Kubernetes clusters using a single-node control plane in AWS, and then later also on Azure and GCP. Recently we migrated these production clusters to use a multi-node control plane, which provides higher reliability and enables us to upgrade Kubernetes versions more safely and therefore faster across the fleet. In this talk we describe the architecture we chose for our HA control plane, how we safely migrated a fleet of clusters from a single-node control plane to HA without affecting workloads in production, and how we adapted some of our Day 2 operations to accomodate multi-node control plane.
- 5 participants
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-Cluster Stateful Set Migration: A Solution To Upgrade Pain - Peter Schuurman, Google & Matt Schallert, Chronosphere
As more stateful workloads like Redis, Kafka, or custom DBs are migrated to Kubernetes, what operational paradigms need to change to support moving state across clusters and maintaining availability during migration? How do admins safely and reliably perform Day 2 operations and maintenance events while protecting the data and state of the app? What visibility is needed? Today, cluster administrators design complex workflows for data replication, pod and persistent volume migration, and state management for Day 2 ops. What if there was a way to seamlessly migrate StatefulSets between node pools or across clusters to simplify problems related to upgrades, workload migration, and stretching clusters? The speakers will demonstrate the complex patterns developed at Chronosphere to safely migrate stateful workloads to coordinate maintenance operations for thousands of pods across multiple zones and regions. They will then discuss a new enhancement to Kubernetes called StatefulSet Partition which is integrated into a multi-cluster deployment like Chronosphere's and how this can dramatically simplify their operations to focus instead on core business logic.
Multi-Cluster Stateful Set Migration: A Solution To Upgrade Pain - Peter Schuurman, Google & Matt Schallert, Chronosphere
As more stateful workloads like Redis, Kafka, or custom DBs are migrated to Kubernetes, what operational paradigms need to change to support moving state across clusters and maintaining availability during migration? How do admins safely and reliably perform Day 2 operations and maintenance events while protecting the data and state of the app? What visibility is needed? Today, cluster administrators design complex workflows for data replication, pod and persistent volume migration, and state management for Day 2 ops. What if there was a way to seamlessly migrate StatefulSets between node pools or across clusters to simplify problems related to upgrades, workload migration, and stretching clusters? The speakers will demonstrate the complex patterns developed at Chronosphere to safely migrate stateful workloads to coordinate maintenance operations for thousands of pods across multiple zones and regions. They will then discuss a new enhancement to Kubernetes called StatefulSet Partition which is integrated into a multi-cluster deployment like Chronosphere's and how this can dramatically simplify their operations to focus instead on core business logic.
- 6 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-Tenancy For Argo Workflows And Argo CD At Adobe - Srinivas Malladi, Adobe
Speakers: Srinivas Malladi
Argo Workflows and Argo CD are powerful tools, but unifying them under a multi-tenant experience is necessary to run at scale across multiple teams in any large organization. Argo Workflows and Argo CD use different approaches to RBAC and both have different security considerations and available security features. We at Ethos, the Adobe Cloud Platform, have designed an architecture to create a secure multi-tenant CI/CD experience for our developer teams. Join our talk to learn how we achieved multi-tenancy through the isolation of each component of our developer CI/CD workflows, such as building, scanning, pushing, workflow artifacts, workflow secrets, as well as the restriction of application deployment with Argo CD AppProjects and RBAC.
Multi-Tenancy For Argo Workflows And Argo CD At Adobe - Srinivas Malladi, Adobe
Speakers: Srinivas Malladi
Argo Workflows and Argo CD are powerful tools, but unifying them under a multi-tenant experience is necessary to run at scale across multiple teams in any large organization. Argo Workflows and Argo CD use different approaches to RBAC and both have different security considerations and available security features. We at Ethos, the Adobe Cloud Platform, have designed an architecture to create a secure multi-tenant CI/CD experience for our developer teams. Join our talk to learn how we achieved multi-tenancy through the isolation of each component of our developer CI/CD workflows, such as building, scanning, pushing, workflow artifacts, workflow secrets, as well as the restriction of application deployment with Argo CD AppProjects and RBAC.
- 5 participants
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
NRI: Extending Containerd And CRI-O With Common Plugins - Krisztian Litkey, Intel & Mike Brown, IBM
Speakers: Mike Brown, Krisztian Litkey
The Node Resource Interface (NRI) was started as a subproject of containerd to provide OCI hook-like extensions as plugins which can perform extra actions outside the scope of CRI. This idea has since evolved into providing a common infrastructure for plugging extensions into CRI runtimes. Our proposed revision, which hopefully gets merged by the time of this presentation, turns NRI into a common runtime agnostic extension interface for plugging custom container adjustment logic into runtimes. It defines NRI using a formal protobuf protocol description and implements it as a set of ttRPC services. This improves the efficiency of plugin-runtime communication and enables straightforward implementation of stateful plugins. Our additions also expand the original scope of NRI, by allowing plugins to hook into virtually any of the pod and container life-cycle events and adjust a carefully chosen subset of container parameters. Integration to both containerd and CRI-O is available as experimental features. In this talk we'll take a closer look at how NRI and the plugins fit into runtimes, then cover some common and novel use cases, and example plugins for OCI hook injection and custom resource assignment.
NRI: Extending Containerd And CRI-O With Common Plugins - Krisztian Litkey, Intel & Mike Brown, IBM
Speakers: Mike Brown, Krisztian Litkey
The Node Resource Interface (NRI) was started as a subproject of containerd to provide OCI hook-like extensions as plugins which can perform extra actions outside the scope of CRI. This idea has since evolved into providing a common infrastructure for plugging extensions into CRI runtimes. Our proposed revision, which hopefully gets merged by the time of this presentation, turns NRI into a common runtime agnostic extension interface for plugging custom container adjustment logic into runtimes. It defines NRI using a formal protobuf protocol description and implements it as a set of ttRPC services. This improves the efficiency of plugin-runtime communication and enables straightforward implementation of stateful plugins. Our additions also expand the original scope of NRI, by allowing plugins to hook into virtually any of the pod and container life-cycle events and adjust a carefully chosen subset of container parameters. Integration to both containerd and CRI-O is available as experimental features. In this talk we'll take a closer look at how NRI and the plugins fit into runtimes, then cover some common and novel use cases, and example plugins for OCI hook injection and custom resource assignment.
- 6 participants
- 45 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
No One Is Saving Us But Us - Tabitha Sable, Datadog & Paris Pittman, Independent
No one corporation, individual, or organization can save or sustain open source. There is no sweeping solution to sustainability, as we have seen in decades of trying to maintain the commons we all depend on. Project funding, corporate support of full-time contributors, and balance in contributors’ lives are all critical to keep a large project healthy. But this isn’t all doom and gloom: we provide hope for our own future. Join Tabitha and Paris, as they discuss how your intentionality helps our sustainability. As an organization participating or an individual donating their time, how can we help each other successfully let our projects go on without us? How do mutual aid principles apply in open source? Where do corporations fit into the larger “us”? Intentional open source strategies sustain our long term needs by supporting the people doing the work. There isn’t one person or group working on open source sustainability - we all need to in whatever way we can: through participation, sticking around, and having a plan. Walk away with a beautiful idea of how you are contributing to the long term success of Kubernetes and the open source projects that you care about.
No One Is Saving Us But Us - Tabitha Sable, Datadog & Paris Pittman, Independent
No one corporation, individual, or organization can save or sustain open source. There is no sweeping solution to sustainability, as we have seen in decades of trying to maintain the commons we all depend on. Project funding, corporate support of full-time contributors, and balance in contributors’ lives are all critical to keep a large project healthy. But this isn’t all doom and gloom: we provide hope for our own future. Join Tabitha and Paris, as they discuss how your intentionality helps our sustainability. As an organization participating or an individual donating their time, how can we help each other successfully let our projects go on without us? How do mutual aid principles apply in open source? Where do corporations fit into the larger “us”? Intentional open source strategies sustain our long term needs by supporting the people doing the work. There isn’t one person or group working on open source sustainability - we all need to in whatever way we can: through participation, sticking around, and having a plan. Walk away with a beautiful idea of how you are contributing to the long term success of Kubernetes and the open source projects that you care about.
- 4 participants
- 26 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Observability In ArgoCD/Rollouts Using Streaming ML For Reducing MTTR - Vigith Maurice & Amit Kalamkar, Intuit
Speakers: Amit Kalamkar, Vigith Maurice
At Intuit one third of P1/P2 outages are caused by a change. As Intuit runs ~2500 services on K8s we need to quickly detect and resolve problems using AIOps. Our talk focuses on how we built a K8s native DAG-based streaming processing platform (Numaflow) and streaming ML platform (Numalogic) which is open-sourced under Numaproj to address this problem. We will show how we collect, process, and analyze in-cluster data in real-time and how our Numalogic computes anomaly scores for each deployment. This DAG-based ML platform has now been adopted by Intuit and helps our ML engineers focus on writing just the inference and pre/post-processing logic while the platform takes care of building the dynamic execution model, retries, buffering between the vertices, back-pressure, conditional-forwarding, and auto-scaling. We will also show how we integrated Observability into Argo CD so users can understand and remediate the behavior induced by change and how this is helping Intuit reduce MTTD/MTTR.
Observability In ArgoCD/Rollouts Using Streaming ML For Reducing MTTR - Vigith Maurice & Amit Kalamkar, Intuit
Speakers: Amit Kalamkar, Vigith Maurice
At Intuit one third of P1/P2 outages are caused by a change. As Intuit runs ~2500 services on K8s we need to quickly detect and resolve problems using AIOps. Our talk focuses on how we built a K8s native DAG-based streaming processing platform (Numaflow) and streaming ML platform (Numalogic) which is open-sourced under Numaproj to address this problem. We will show how we collect, process, and analyze in-cluster data in real-time and how our Numalogic computes anomaly scores for each deployment. This DAG-based ML platform has now been adopted by Intuit and helps our ML engineers focus on writing just the inference and pre/post-processing logic while the platform takes care of building the dynamic execution model, retries, buffering between the vertices, back-pressure, conditional-forwarding, and auto-scaling. We will also show how we integrated Observability into Argo CD so users can understand and remediate the behavior induced by change and how this is helping Intuit reduce MTTD/MTTR.
- 2 participants
- 25 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
One API To Rule Them All? What the Gateway API Means For Service Meshes - Keith Mattix II, Microsoft & John Howard, Google
Speakers: John Howard, Keith Mattix
The explosion of the service mesh ecosystem over the past 5 years is well-documented; cloud-native users are consistently reaching for common mesh features like advanced traffic routing and policy enforcement(authn/z, timeouts, retries, etc). Unfortunately, the innovation of various service mesh implementations has led to a sprawl in APIs and features that can make life difficult for end-users and tooling providers. In this session, you’ll learn about historical efforts to unify the service mesh space and how the new Kubernetes Gateway API may hold the key to achieving that vision.
One API To Rule Them All? What the Gateway API Means For Service Meshes - Keith Mattix II, Microsoft & John Howard, Google
Speakers: John Howard, Keith Mattix
The explosion of the service mesh ecosystem over the past 5 years is well-documented; cloud-native users are consistently reaching for common mesh features like advanced traffic routing and policy enforcement(authn/z, timeouts, retries, etc). Unfortunately, the innovation of various service mesh implementations has led to a sprawl in APIs and features that can make life difficult for end-users and tooling providers. In this session, you’ll learn about historical efforts to unify the service mesh space and how the new Kubernetes Gateway API may hold the key to achieving that vision.
- 6 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
One VTOrc To Rule Them All – High Availability In a Distributed Database System - Deepthi Sigireddi & Manan Gupta, PlanetScale
Speakers: Deepthi Sigireddi, Manan Gupta
Vitess is a scalable, highly available distributed database system built around MySQL. It achieves scalability through sharding and durability through replication. High availability is accomplished through a Vitess feature known as cluster management. The next generation cluster management service in Vitess is called VTOrc. Users can specify their durability rules as a system configuration, which is respected while performing planned failovers. VTOrc also performs failure detection with automatic failovers while honoring the durability rules. VTOrc is already running successfully in production in multiple deployments including at PlanetScale, and it will be Generally Available in Vitess release 15 (October 25). The session will provide an introduction to VTOrc and an outline of the theory that underpins its implementation, followed by a demo of its capabilities showing multiple failover scenarios.
One VTOrc To Rule Them All – High Availability In a Distributed Database System - Deepthi Sigireddi & Manan Gupta, PlanetScale
Speakers: Deepthi Sigireddi, Manan Gupta
Vitess is a scalable, highly available distributed database system built around MySQL. It achieves scalability through sharding and durability through replication. High availability is accomplished through a Vitess feature known as cluster management. The next generation cluster management service in Vitess is called VTOrc. Users can specify their durability rules as a system configuration, which is respected while performing planned failovers. VTOrc also performs failure detection with automatic failovers while honoring the durability rules. VTOrc is already running successfully in production in multiple deployments including at PlanetScale, and it will be Generally Available in Vitess release 15 (October 25). The session will provide an introduction to VTOrc and an outline of the theory that underpins its implementation, followed by a demo of its capabilities showing multiple failover scenarios.
- 3 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenMetrics; the State Of 1.X And the Plans For 2.0 - Richard Hartmann, Grafana Labs
Speakers: Richard Hartmann
OpenMetrics is the open standard for transmitting Prometheus-style metrics. It's also part of OpenTelemetry's compatibility efforts with Prometheus. We will go through a 101 of OpenMetrics, the current state of 1.0, what could potentially go into 1.1, and look at what 2.0 will look like.
OpenMetrics; the State Of 1.X And the Plans For 2.0 - Richard Hartmann, Grafana Labs
Speakers: Richard Hartmann
OpenMetrics is the open standard for transmitting Prometheus-style metrics. It's also part of OpenTelemetry's compatibility efforts with Prometheus. We will go through a 101 of OpenMetrics, the current state of 1.0, what could potentially go into 1.1, and look at what 2.0 will look like.
- 11 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OpenTelemetry: Meet the Community, Build the Roadmap - Morgan McLean, Splunk; Daniel Dyla, Dynatrace; Ted Young, Lightstep; Alolita Sharma, Apple
Speakers: Ted Young, Alolita Sharma, Morgan McLean, Daniel Dyla
This session is for anyone interested in observability or OpenTelemetry to learn more about the project, and to meet and discuss our status and roadmap with maintainers! We will begin with a brief presentation of our recent releases and roadmap for the next year, followed by in-person feedback from users and maintainers, and we will finish with a panel discussion hosted by governance committee members, technical committee members, and maintainers. This session provides a forum for end-users, contributors, and maintainers to meet in person, discuss the project's successes, improve our processes as a community, and to collaborate on the overall project roadmap.
OpenTelemetry: Meet the Community, Build the Roadmap - Morgan McLean, Splunk; Daniel Dyla, Dynatrace; Ted Young, Lightstep; Alolita Sharma, Apple
Speakers: Ted Young, Alolita Sharma, Morgan McLean, Daniel Dyla
This session is for anyone interested in observability or OpenTelemetry to learn more about the project, and to meet and discuss our status and roadmap with maintainers! We will begin with a brief presentation of our recent releases and roadmap for the next year, followed by in-person feedback from users and maintainers, and we will finish with a panel discussion hosted by governance committee members, technical committee members, and maintainers. This session provides a forum for end-users, contributors, and maintainers to meet in person, discuss the project's successes, improve our processes as a community, and to collaborate on the overall project roadmap.
- 9 participants
- 39 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Orchestrating Interconnected Apps Across Geographically Distributed Kubernetes Clusters - John Belamaric, Google
Speakers: John Belamaric
Imagine deploying a set of complex, interconnected workloads across a fleet of geographically distributed Kubernetes clusters. How do you decide where to run each workload? How do we specialize the configs for each site? How do we make sure those configs conform to our policies? How do we deliver the configs to the right clusters, and make sure they don't drift? What happens when we add a site - how do we know which interconnected workloads need to be reconfigured? How do we know what to change in each of those workloads? Do we just need to change Kubernetes manifests, or do the configuration files of the workloads themselves need to be changed? How do we do that? Can we really automate all this? Linux Foundation’s Nephio project (https://nephio.org) uses Kubernetes-based automation to solve these problems with an extensible platform for large scale, multi-site workload orchestration and configuration management. Come learn how we’re doing it!
Orchestrating Interconnected Apps Across Geographically Distributed Kubernetes Clusters - John Belamaric, Google
Speakers: John Belamaric
Imagine deploying a set of complex, interconnected workloads across a fleet of geographically distributed Kubernetes clusters. How do you decide where to run each workload? How do we specialize the configs for each site? How do we make sure those configs conform to our policies? How do we deliver the configs to the right clusters, and make sure they don't drift? What happens when we add a site - how do we know which interconnected workloads need to be reconfigured? How do we know what to change in each of those workloads? Do we just need to change Kubernetes manifests, or do the configuration files of the workloads themselves need to be changed? How do we do that? Can we really automate all this? Linux Foundation’s Nephio project (https://nephio.org) uses Kubernetes-based automation to solve these problems with an extensible platform for large scale, multi-site workload orchestration and configuration management. Come learn how we’re doing it!
- 5 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Overview And State Of Linkerd - Alex Leong, Buoyant
Speakers: Alex Leong
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They’ll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF’s most talked-about projects. This talk will cover Linkerd's recent adoption of the Gateway API and the many new features that move unlocks.
Overview And State Of Linkerd - Alex Leong, Buoyant
Speakers: Alex Leong
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They’ll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF’s most talked-about projects. This talk will cover Linkerd's recent adoption of the Gateway API and the many new features that move unlocks.
- 9 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Prometheus - Intro, Deep Dive, And Open Q+A - Goutham Veeramachaneni & Ganesh Vernekar, Grafana Labs
Speakers: Goutham Veeramachaneni, Ganesh Vernekar
Prometheus is the de facto standard in cloud-native metrics monitoring and beyond, in large part because Kubernetes is literally designing its custom metrics engine for Prometheus. With ever more people adopting cloud-native technologies, we will cover a mix of intro/101 content, a deeper dive into current developments, and open Q&A at the end.
Prometheus - Intro, Deep Dive, And Open Q+A - Goutham Veeramachaneni & Ganesh Vernekar, Grafana Labs
Speakers: Goutham Veeramachaneni, Ganesh Vernekar
Prometheus is the de facto standard in cloud-native metrics monitoring and beyond, in large part because Kubernetes is literally designing its custom metrics engine for Prometheus. With ever more people adopting cloud-native technologies, we will cover a mix of intro/101 content, a deeper dive into current developments, and open Q&A at the end.
- 11 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Remote Control Planes With Konnectivity; What, Why And How? - Jussi Nummelin, Mirantis & Rastislav Szabo, Kubermatic
Speakers: Rastislav Szabo, Jussi Nummelin
It’s a pretty common pattern to run the Kubernetes control plane on a dedicated node or a set of nodes co-located with the worker nodes. But what if we want to run the control plane as truly separated from the workers? Can the control plane be located in a completely different datacenter than the worker nodes even with some network-level disconnection separating the control and worker planes? We’ll start the talk by looking at why to build clusters with a remote control plane, and use cases for such setups. The second part of the talk will introduce the technical concepts that can be used to make it happen. We will look at how the api-server can be set up to use an egress selector proxy for different use cases. Next, we’ll look at a practical example of how it can be used with the Konnectivity API server network proxy. Lastly, we will showcase how all of this works together in open-source Kubernetes platforms like k0s and Kubermatic.
Remote Control Planes With Konnectivity; What, Why And How? - Jussi Nummelin, Mirantis & Rastislav Szabo, Kubermatic
Speakers: Rastislav Szabo, Jussi Nummelin
It’s a pretty common pattern to run the Kubernetes control plane on a dedicated node or a set of nodes co-located with the worker nodes. But what if we want to run the control plane as truly separated from the workers? Can the control plane be located in a completely different datacenter than the worker nodes even with some network-level disconnection separating the control and worker planes? We’ll start the talk by looking at why to build clusters with a remote control plane, and use cases for such setups. The second part of the talk will introduce the technical concepts that can be used to make it happen. We will look at how the api-server can be set up to use an egress selector proxy for different use cases. Next, we’ll look at a practical example of how it can be used with the Konnectivity API server network proxy. Lastly, we will showcase how all of this works together in open-source Kubernetes platforms like k0s and Kubermatic.
- 6 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Resize Your Pods In-Place With Deterministic eBPF Triggers - Pablo Chico de Guzman, Okteto & Vinay Kulkarni, Futurewei Technologies
Cloud-native community has long desired the ability to resize pods in-place because pod restarts are expensive for long-running applications and disruptive to services. To resize pods, we commonly rely on Vertical Pod Autoscaler (VPA) to observe usage, recommend, and reactively enact resource updates.
An alternative approach is to resize pods based on deterministic events. For example, you can capture events with eBPF to detect when a CPU-intensive command is going to be executed, and proactively resize the pod CPU accordingly. In this talk, Pablo will show an interesting use case where remote development environments run inside pods. These pods need minimal resources when a developer is writing code, but need significantly higher CPU & memory when a developer issues a “build” command or runs a battery of tests. In-place resize is mandatory in this scenario, otherwise, the development experience would be broken on every pod restart.
Vinay will then talk about the current in-place pod resize feature design, which is soon landing as alpha in Kubernetes. He will go over the CRI changes, discuss the design rationale & trade-offs. He will then lay out the next steps and discuss what the community can do to help to drive this feature to a rock-solid GA over the next year.
Resize Your Pods In-Place With Deterministic eBPF Triggers - Pablo Chico de Guzman, Okteto & Vinay Kulkarni, Futurewei Technologies
Cloud-native community has long desired the ability to resize pods in-place because pod restarts are expensive for long-running applications and disruptive to services. To resize pods, we commonly rely on Vertical Pod Autoscaler (VPA) to observe usage, recommend, and reactively enact resource updates.
An alternative approach is to resize pods based on deterministic events. For example, you can capture events with eBPF to detect when a CPU-intensive command is going to be executed, and proactively resize the pod CPU accordingly. In this talk, Pablo will show an interesting use case where remote development environments run inside pods. These pods need minimal resources when a developer is writing code, but need significantly higher CPU & memory when a developer issues a “build” command or runs a battery of tests. In-place resize is mandatory in this scenario, otherwise, the development experience would be broken on every pod restart.
Vinay will then talk about the current in-place pod resize feature design, which is soon landing as alpha in Kubernetes. He will go over the CRI changes, discuss the design rationale & trade-offs. He will then lay out the next steps and discuss what the community can do to help to drive this feature to a rock-solid GA over the next year.
- 2 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Running Isolated VirtualClusters With Kata & Cluster API - Chris Hein & Eric Ernst, Apple, Inc
Speakers: Chris Hein, Eric Ernst
Kubernetes is generally considered a single-tenant container orchestrator, but as companies have been running it and realizing the benefits of the Kubernetes architecture contrasted with the nontrivial level-of-effort of managing many single tenant clusters we’ve seen a spike in use cases & projects that support the need for multi-tenant & zero-trust deployments. You can see this in the growth of “Sandboxed Runtimes” like Kata, gVisor & Firecracker. As well as tools like vCluster, Kamaji & HNC. In this talk Chris Hein & Eric Ernst will demonstrate one way hard multi-tenancy can be achieved by leveraging Cluster API Nested with VirtualCluster running inside a Kubernetes cluster with workload isolation & virtual networking being provided by the Kata runtime. Users of this architecture get the benefits of per-tenant Kubernetes control planes to use CRDs, Admission Webhooks, Cluster level RBAC, Aggregate APIServers along with workload & network segregation while reducing the overall maintenance burden. Modeled after the ICDCS paper by folks from Alibaba - https://bit.ly/3tfnWnA If you are interested in sandboxed runtimes, hard multi-tenancy, scaling Kubernetes, Cluster API or multi-cluster Kubernetes this is the talk for you.
Running Isolated VirtualClusters With Kata & Cluster API - Chris Hein & Eric Ernst, Apple, Inc
Speakers: Chris Hein, Eric Ernst
Kubernetes is generally considered a single-tenant container orchestrator, but as companies have been running it and realizing the benefits of the Kubernetes architecture contrasted with the nontrivial level-of-effort of managing many single tenant clusters we’ve seen a spike in use cases & projects that support the need for multi-tenant & zero-trust deployments. You can see this in the growth of “Sandboxed Runtimes” like Kata, gVisor & Firecracker. As well as tools like vCluster, Kamaji & HNC. In this talk Chris Hein & Eric Ernst will demonstrate one way hard multi-tenancy can be achieved by leveraging Cluster API Nested with VirtualCluster running inside a Kubernetes cluster with workload isolation & virtual networking being provided by the Kata runtime. Users of this architecture get the benefits of per-tenant Kubernetes control planes to use CRDs, Admission Webhooks, Cluster level RBAC, Aggregate APIServers along with workload & network segregation while reducing the overall maintenance burden. Modeled after the ICDCS paper by folks from Alibaba - https://bit.ly/3tfnWnA If you are interested in sandboxed runtimes, hard multi-tenancy, scaling Kubernetes, Cluster API or multi-cluster Kubernetes this is the talk for you.
- 7 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Architecture Intro And Deep Dive - John Belamaric, Google & Davanum Srinivas, AWS
Speakers: Davanum Srinivas, John Belamaric
SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.
SIG Architecture Intro And Deep Dive - John Belamaric, Google & Davanum Srinivas, AWS
Speakers: Davanum Srinivas, John Belamaric
SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.
- 2 participants
- 31 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Cloud Provider Update - Michael McCune, Red Hat & Bridget Kromhout, Microsoft
Speakers: Michael McCune, Bridget Kromhout
Cloud Provider code allows Kubernetes to run on top of different platforms. Originally, support for all variations was built directly into a K8s release. This brought bloat and created an unnecessary dependency on cloud-provider specific code. This talk will be a status report on the effort to remove the cloud provider code from the main Kubernetes repository. For each in-tree cloud provider, we will report on efforts, accomplishments, and roadmap for getting "out-of-tree". We’ll also discuss the plans to handle the speed bumps that are left including removing disabling the cloud provider in upstream with a new feature gate and what to do about E2E testing.
SIG Cloud Provider Update - Michael McCune, Red Hat & Bridget Kromhout, Microsoft
Speakers: Michael McCune, Bridget Kromhout
Cloud Provider code allows Kubernetes to run on top of different platforms. Originally, support for all variations was built directly into a K8s release. This brought bloat and created an unnecessary dependency on cloud-provider specific code. This talk will be a status report on the effort to remove the cloud provider code from the main Kubernetes repository. For each in-tree cloud provider, we will report on efforts, accomplishments, and roadmap for getting "out-of-tree". We’ll also discuss the plans to handle the speed bumps that are left including removing disabling the cloud provider in upstream with a new feature gate and what to do about E2E testing.
- 6 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Cluster Lifecycle Intro - Fabrizio Pandini, VMware & Cecile Robert-Michon, Microsoft
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Since the group's formation we have focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience, and building a Cluster API to provide an abstraction of machines across different deployment environments and a common control plane configuration. In this introduction session, we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes' cluster lifecycle management.
SIG Cluster Lifecycle Intro - Fabrizio Pandini, VMware & Cecile Robert-Michon, Microsoft
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Since the group's formation we have focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience, and building a Cluster API to provide an abstraction of machines across different deployment environments and a common control plane configuration. In this introduction session, we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes' cluster lifecycle management.
- 8 participants
- 41 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Contributor Experience Deep Dive - Nabarun Pal & Madhav Jivrajani, VMware; Marky Jackson, Equinix; Kaslin Fields, Google Cloud
Speakers: Marky Jackson, Nabarun Pal, Kaslin Fields, Madhav Jivrajani
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. It also provides an excellent place to get involved with the Kubernetes project, either through code, non-code, or both. Join us and learn about ContribEx's many programs that you can participate in, including mentoring, meetings, community infrastructure, moderation, elections, contributor events, the contributor site, and more. Whether you're interested in helping the Kubernetes project run smoothly, or you want to see how these programs can benefit you, or just have questions about how the project is organized, you'll find answers here.
SIG Contributor Experience Deep Dive - Nabarun Pal & Madhav Jivrajani, VMware; Marky Jackson, Equinix; Kaslin Fields, Google Cloud
Speakers: Marky Jackson, Nabarun Pal, Kaslin Fields, Madhav Jivrajani
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. It also provides an excellent place to get involved with the Kubernetes project, either through code, non-code, or both. Join us and learn about ContribEx's many programs that you can participate in, including mentoring, meetings, community infrastructure, moderation, elections, contributor events, the contributor site, and more. Whether you're interested in helping the Kubernetes project run smoothly, or you want to see how these programs can benefit you, or just have questions about how the project is organized, you'll find answers here.
- 4 participants
- 38 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Testing: Intro And Updates - Benjamin Elder & Michelle Shepardson & Chao Dai, Google; Antonio Ojea Garcia, Red Hat
Speakers: Michelle Shepardson, Antonio Ojea Garcia, Chao Dai, Benjamin Elder
SIG Testing is the special interest group for the test tooling and infrastructure of the Kubernetes project. The SIG maintains Prow (Kubernetes's CI), KIND, kubetest, the e2e-framework, and related tools. In this session the SIG Testing leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work done over the past year The session will conclude with Q&A.
SIG Testing: Intro And Updates - Benjamin Elder & Michelle Shepardson & Chao Dai, Google; Antonio Ojea Garcia, Red Hat
Speakers: Michelle Shepardson, Antonio Ojea Garcia, Chao Dai, Benjamin Elder
SIG Testing is the special interest group for the test tooling and infrastructure of the Kubernetes project. The SIG maintains Prow (Kubernetes's CI), KIND, kubetest, the e2e-framework, and related tools. In this session the SIG Testing leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work done over the past year The session will conclude with Q&A.
- 6 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Testing: Intro And Updates - Benjamin Elder & Michelle Shepardson & Chao Dai, Google; Antonio Ojea Garcia, Red Hat
Speakers: Michelle Shepardson, Antonio Ojea Garcia, Chao Dai, Benjamin Elder
SIG Testing is the special interest group for the test tooling and infrastructure of the Kubernetes project. The SIG maintains Prow (Kubernetes's CI), KIND, kubetest, the e2e-framework, and related tools. In this session the SIG Testing leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work done over the past year The session will conclude with Q&A.
SIG Testing: Intro And Updates - Benjamin Elder & Michelle Shepardson & Chao Dai, Google; Antonio Ojea Garcia, Red Hat
Speakers: Michelle Shepardson, Antonio Ojea Garcia, Chao Dai, Benjamin Elder
SIG Testing is the special interest group for the test tooling and infrastructure of the Kubernetes project. The SIG maintains Prow (Kubernetes's CI), KIND, kubetest, the e2e-framework, and related tools. In this session the SIG Testing leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work done over the past year The session will conclude with Q&A.
- 6 participants
- 42 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-Scheduling Deep Dive - Wei Huang, Apple; Qingcan Wang, Alibaba; Kante Yin, DaoCloud; Kensei Nakada, Mercari
Speakers: Kensei Nakada, Wei Huang, Alex Wang, Kante Yin
SIG Scheduling is responsible for kube-scheduler and its related subprojects such as the scheduling-plugins and descheduler. These projects share the common goal of enabling users and developers to ensure that pods are assigned to the appropriate nodes based on various scheduling criteria. We also endeavor to ease customizing and extending scheduler for advanced usage. This talk will introduce attendees to SIG-Scheduling with an overview of the current goals and ongoing work within the SIG, as well as opportunities for new contributors to get involved.
SIG-Scheduling Deep Dive - Wei Huang, Apple; Qingcan Wang, Alibaba; Kante Yin, DaoCloud; Kensei Nakada, Mercari
Speakers: Kensei Nakada, Wei Huang, Alex Wang, Kante Yin
SIG Scheduling is responsible for kube-scheduler and its related subprojects such as the scheduling-plugins and descheduler. These projects share the common goal of enabling users and developers to ensure that pods are assigned to the appropriate nodes based on various scheduling criteria. We also endeavor to ease customizing and extending scheduler for advanced usage. This talk will introduce attendees to SIG-Scheduling with an overview of the current goals and ongoing work within the SIG, as well as opportunities for new contributors to get involved.
- 5 participants
- 39 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIGs Aren’t Silos: A Case Study Into Solving Inter-Domain Problems In Kubernetes Development - Swetha Repakula, Google & Antonio Ojea Garcia, RedHat
The Kubernetes project development activity is organized into Special Interest Groups (SIGs). Each SIG is composed of members from multiple companies and organizations, with a common purpose of advancing the project with respect to a specific topic, such as Networking, Testing, Node or Documentation . Most of the time, tasks fall neatly within a SIG that is vertically focused on a particular component or domain area. However, what happens when those changes have an impact broader than that SIG? What happens because SIGs operate as silos? This talk is a case study in a recent cross-sig bug where a subtle behavior change by one SIG led to an outage causing bug in another. Due to the subtlety and cross-SIG nature of the bug, it went unnoticed for 6 months. Antonio and Swetha will walk through the incident and share the lessons learned.
SIGs Aren’t Silos: A Case Study Into Solving Inter-Domain Problems In Kubernetes Development - Swetha Repakula, Google & Antonio Ojea Garcia, RedHat
The Kubernetes project development activity is organized into Special Interest Groups (SIGs). Each SIG is composed of members from multiple companies and organizations, with a common purpose of advancing the project with respect to a specific topic, such as Networking, Testing, Node or Documentation . Most of the time, tasks fall neatly within a SIG that is vertically focused on a particular component or domain area. However, what happens when those changes have an impact broader than that SIG? What happens because SIGs operate as silos? This talk is a case study in a recent cross-sig bug where a subtle behavior change by one SIG led to an outage causing bug in another. Due to the subtlety and cross-SIG nature of the bug, it went unnoticed for 6 months. Antonio and Swetha will walk through the incident and share the lessons learned.
- 7 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Secure Multi-Tenant GitOps Application & Infrastructure Rollouts At Adobe - Vikram Sethi, Adobe & Manabu McCloskey, Amazon Web Services
Securing a multi-tenant deployment for an enterprise is very challenging. Adobe built a scalable GitOps based application deployment solution for their individual teams using Argo projects. However, due to a lack of a standard solution for infrastructure automation across teams, enabling secure multi-tenant rollouts was a challenge. Adobe leveraged Crossplane in tandem with Argo to broker the provisioning of cloud resources consistently and across all teams. With this solution, Adobe and Amazon designed a layered isolation mechanism for tenant teams on top of existing shared Kubernetes clusters via a mix of technologies such as OPA Gatekeeper, ServiceAccount boundaries, IAM roles etc. This solved the non-negotiable requirements of security and multi-tenancy, which are hard to achieve natively with Crossplane and Argo. Interested? Join Adobe and Amazon engineers to hear their vision, architecture, challenges, solutions, and key takeaways.
Secure Multi-Tenant GitOps Application & Infrastructure Rollouts At Adobe - Vikram Sethi, Adobe & Manabu McCloskey, Amazon Web Services
Securing a multi-tenant deployment for an enterprise is very challenging. Adobe built a scalable GitOps based application deployment solution for their individual teams using Argo projects. However, due to a lack of a standard solution for infrastructure automation across teams, enabling secure multi-tenant rollouts was a challenge. Adobe leveraged Crossplane in tandem with Argo to broker the provisioning of cloud resources consistently and across all teams. With this solution, Adobe and Amazon designed a layered isolation mechanism for tenant teams on top of existing shared Kubernetes clusters via a mix of technologies such as OPA Gatekeeper, ServiceAccount boundaries, IAM roles etc. This solved the non-negotiable requirements of security and multi-tenancy, which are hard to achieve natively with Crossplane and Argo. Interested? Join Adobe and Amazon engineers to hear their vision, architecture, challenges, solutions, and key takeaways.
- 2 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Simplified Experience Of Building Cluster API Provider In Multitenant Cloud - Sahithi Ayloo & Arun Krishnakumar, VMware
Speakers: Arun M. Krishnakumar, Sahithi Ayloo
Cluster life cycle management is a challenging task and Cluster API promises to simplify provisioning, upgrading, and operating multiple Kubernetes clusters. With the growing adoption of CAPI in recent times, are you looking into writing your own Cluster API provider for your infrastructure (or) cloud with a unique set of requirements and constraints? We got you covered. This talk will walk you through our journey as a Cluster API provider and all the lessons learned the hard way.
- Building blocks to implement Cluster API provider, and bare essentials like CSI & CPI.
- What are the common patterns around developing and debugging workflows?
- How to enable multi-version API support via webhooks?
- How to address common problems like multi-tenancy, and user quota management in a strong multitenant cloud environment with Enterprise customers?
- How to leverage CAPI in building Kubernetes as a Service layer on your clouds.
Come and learn from the maintainers of a Cluster API infrastructure provider - "our journey around moving from handcrafted Kubernetes life cycle management to Cluster API based life cycle management in a multitenant cloud".
Simplified Experience Of Building Cluster API Provider In Multitenant Cloud - Sahithi Ayloo & Arun Krishnakumar, VMware
Speakers: Arun M. Krishnakumar, Sahithi Ayloo
Cluster life cycle management is a challenging task and Cluster API promises to simplify provisioning, upgrading, and operating multiple Kubernetes clusters. With the growing adoption of CAPI in recent times, are you looking into writing your own Cluster API provider for your infrastructure (or) cloud with a unique set of requirements and constraints? We got you covered. This talk will walk you through our journey as a Cluster API provider and all the lessons learned the hard way.
- Building blocks to implement Cluster API provider, and bare essentials like CSI & CPI.
- What are the common patterns around developing and debugging workflows?
- How to enable multi-version API support via webhooks?
- How to address common problems like multi-tenancy, and user quota management in a strong multitenant cloud environment with Enterprise customers?
- How to leverage CAPI in building Kubernetes as a Service layer on your clouds.
Come and learn from the maintainers of a Cluster API infrastructure provider - "our journey around moving from handcrafted Kubernetes life cycle management to Cluster API based life cycle management in a multitenant cloud".
- 2 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
So, What If I Don’t Want My Persistent Storage To Be Yet Another Bindmount? - Deep Debroy, Apple & Feng Wang, Databricks
Speakers: Feng Wang, Deep Debroy
Most CSI plugins assume that a mounted volume will be consumed directly on the host. For sandboxed runtimes like Kata Containers, this results in less efficient storage IO; there’s a tradeoff between ease of compatibility versus performant storage. So, what if getting the PVC to the container isn’t just a bind-mount away? There has been progress in Kata Containers and within the greater container ecosystem to allow for storage to be presented to the runtime in a more VM-friendly way that results in better IO performance as well as a better security profile. In this talk, we'll highlight the work done for direct storage assignment, as well as the challenges we’ve worked through with the node and storage communities, as well as KEPS to facilitate this pattern in CSI and Kubernetes. We will show how a well defined generic API can allow for efficient storage handling for all sandboxed runtimes.
So, What If I Don’t Want My Persistent Storage To Be Yet Another Bindmount? - Deep Debroy, Apple & Feng Wang, Databricks
Speakers: Feng Wang, Deep Debroy
Most CSI plugins assume that a mounted volume will be consumed directly on the host. For sandboxed runtimes like Kata Containers, this results in less efficient storage IO; there’s a tradeoff between ease of compatibility versus performant storage. So, what if getting the PVC to the container isn’t just a bind-mount away? There has been progress in Kata Containers and within the greater container ecosystem to allow for storage to be presented to the runtime in a more VM-friendly way that results in better IO performance as well as a better security profile. In this talk, we'll highlight the work done for direct storage assignment, as well as the challenges we’ve worked through with the node and storage communities, as well as KEPS to facilitate this pattern in CSI and Kubernetes. We will show how a well defined generic API can allow for efficient storage handling for all sandboxed runtimes.
- 3 participants
- 29 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Staring Into the Abyss With the Security Technical Advisory Group - Andrew Martin, ControlPlane; Ragashree Shekar, Carnegie Mellon University; Marina Moore, NYU
The CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved.
Staring Into the Abyss With the Security Technical Advisory Group - Andrew Martin, ControlPlane; Ragashree Shekar, Carnegie Mellon University; Marina Moore, NYU
The CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved.
- 5 participants
- 24 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Storage Wars - Seán C McCord, Sidero Labs
Speakers: Seán McCord
Storage is always a sticky topic in Kubernetes, and all the more so when you have choices to make. When you are not using a cloud-provider's block storage, there are quite a number of options available to you. Which system should you use? In this talk, we will examine a number of the storage systems available to Kubernetes and give you tools to evaluate when it makes sense for you to use which. We look at performance, reliability, sustainability, cost, and many other factors to arm you with enough information to make the choice for yourself.
Storage Wars - Seán C McCord, Sidero Labs
Speakers: Seán McCord
Storage is always a sticky topic in Kubernetes, and all the more so when you have choices to make. When you are not using a cloud-provider's block storage, there are quite a number of options available to you. Which system should you use? In this talk, we will examine a number of the storage systems available to Kubernetes and give you tools to evaluate when it makes sense for you to use which. We look at performance, reliability, sustainability, cost, and many other factors to arm you with enough information to make the choice for yourself.
- 2 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Surviving From Endless Issues Coming From 7K+ Kubernetes Clusters - Wanhae Lee & Seok-yong Hong, Kakao Corp
Speakers: Seok-yong Hong, Wanhae Lee
Kakao is the 'mobile life platform' company dedicated to renewing daily lives and the leading player in the mobile messenger market in South Korea. As a member of the private Kubernetes as a Service team at Kakao Corp, we have seen an impressive expansion of the service which was 2K clusters with 20K nodes last year to be a 7K+ clusters with 100K+ nodes. With an unprecedented growing number of the clusters in our service, we have faced several problems never met before. One of them is an ever-growing number of on-call issues that are barely manageable with a DevOps team consisting of a small group of developers. In this session, we are going to reveal the secret of how the small team could successfully survive from endless issues generated from 7K+ Kubernetes clusters. We will also illustrate what tools we have made and why we opensource some of them.
Surviving From Endless Issues Coming From 7K+ Kubernetes Clusters - Wanhae Lee & Seok-yong Hong, Kakao Corp
Speakers: Seok-yong Hong, Wanhae Lee
Kakao is the 'mobile life platform' company dedicated to renewing daily lives and the leading player in the mobile messenger market in South Korea. As a member of the private Kubernetes as a Service team at Kakao Corp, we have seen an impressive expansion of the service which was 2K clusters with 20K nodes last year to be a 7K+ clusters with 100K+ nodes. With an unprecedented growing number of the clusters in our service, we have faced several problems never met before. One of them is an ever-growing number of on-call issues that are barely manageable with a DevOps team consisting of a small group of developers. In this session, we are going to reveal the secret of how the small team could successfully survive from endless issues generated from 7K+ Kubernetes clusters. We will also illustrate what tools we have made and why we opensource some of them.
- 10 participants
- 32 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sustainability Research the Cloud Native Way - Chen Wang, IBM & Huamin Chen, Red Hat
Speakers: Huamin Chen, Chen Wang
Do you want to help combat climate change? Are you interested in sustainability research? Then join our open systems for Cloud-native sustainability infrastructure. We present the research opportunities of using Cloud-native patterns, observing, optimizing, and executing, to improve Cloud efficiency in sustainable architecture. Core to this architecture is Project Kepler (Kubernetes-based Efficient Power Level Exporter) and its integration with Kubernetes ecosystems. By leveraging eBPF programs and other system libraries, Kepler probes the full spectrum of energy, performance, and resource measurements to enable energy-relevant observability and further empower advanced sustainable management on clusters. Kepler is an open system for exciting research topics like energy-efficient workload scheduling, energy-aware autoscaling, and frequency tuning. In this session, a sample Kepler integration is case-studied to help researchers build their advanced vertical autoscaler to improve the energy performance objectives of the Kubernetes applications.
Sustainability Research the Cloud Native Way - Chen Wang, IBM & Huamin Chen, Red Hat
Speakers: Huamin Chen, Chen Wang
Do you want to help combat climate change? Are you interested in sustainability research? Then join our open systems for Cloud-native sustainability infrastructure. We present the research opportunities of using Cloud-native patterns, observing, optimizing, and executing, to improve Cloud efficiency in sustainable architecture. Core to this architecture is Project Kepler (Kubernetes-based Efficient Power Level Exporter) and its integration with Kubernetes ecosystems. By leveraging eBPF programs and other system libraries, Kepler probes the full spectrum of energy, performance, and resource measurements to enable energy-relevant observability and further empower advanced sustainable management on clusters. Kepler is an open system for exciting research topics like energy-efficient workload scheduling, energy-aware autoscaling, and frequency tuning. In this session, a sample Kepler integration is case-studied to help researchers build their advanced vertical autoscaler to improve the energy performance objectives of the Kubernetes applications.
- 5 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
TUF-En Up Your Signatures - Marina Moore & Justin Cappos, NYU
Speakers: Justin Cappos, Marina Moore
Description: As supply chain security has garnered a lot of attention recently, software signing and verification has emerged as a vital step in the process of distributing software. However, a signature alone is insufficient for ensuring the security of a software artifact. Come learn about The Update Framework (TUF), the technology used by sigstore, Notary, Google Fuchsia, and more to not only sign software, but determine which keys should be used and prevent known attacks on software update systems. We will give an overview of TUF that describes its security features and how it has been integrated into fields as diverse as container registries and automobiles. We will also discuss new features we are working on to better support secure software distribution at scale, usability, and some emerging uses of TUF.
TUF-En Up Your Signatures - Marina Moore & Justin Cappos, NYU
Speakers: Justin Cappos, Marina Moore
Description: As supply chain security has garnered a lot of attention recently, software signing and verification has emerged as a vital step in the process of distributing software. However, a signature alone is insufficient for ensuring the security of a software artifact. Come learn about The Update Framework (TUF), the technology used by sigstore, Notary, Google Fuchsia, and more to not only sign software, but determine which keys should be used and prevent known attacks on software update systems. We will give an overview of TUF that describes its security features and how it has been integrated into fields as diverse as container registries and automobiles. We will also discuss new features we are working on to better support secure software distribution at scale, usability, and some emerging uses of TUF.
- 2 participants
- 26 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The 10 Biggest Mistakes You Shouldn’t Make In Open Source - Bill Mulligan, Isovalent & Divya Mohan, SUSE
Speakers: Divya Mohan, Bill Mulligan
“How can I get started?” is a common refrain heard from newcomers wanting to enter open source. This talk is the exact opposite - where you shouldn't invest your efforts while getting started. Being a new contributor to open source can be intimidating because you don’t know exactly what is helpful and what could hurt the community and frustrated maintainers. While a part of this gap can be attributed to the choose-your-own-adventure nature inherent to open source, there's already tons of material on how to get started technically. What nobody actually shines light on is the cultural dynamics. With this talk, the speakers aim to retell their experience and list common pitfalls almost everyone (including the speakers!) have made. This isn’t just about the right way to make a PR. The hardest, and most rewarding part, of any community is the people. The audience will learn how to engage in open source to ensure that the community they join will continue to be happy and healthy.
The 10 Biggest Mistakes You Shouldn’t Make In Open Source - Bill Mulligan, Isovalent & Divya Mohan, SUSE
Speakers: Divya Mohan, Bill Mulligan
“How can I get started?” is a common refrain heard from newcomers wanting to enter open source. This talk is the exact opposite - where you shouldn't invest your efforts while getting started. Being a new contributor to open source can be intimidating because you don’t know exactly what is helpful and what could hurt the community and frustrated maintainers. While a part of this gap can be attributed to the choose-your-own-adventure nature inherent to open source, there's already tons of material on how to get started technically. What nobody actually shines light on is the cultural dynamics. With this talk, the speakers aim to retell their experience and list common pitfalls almost everyone (including the speakers!) have made. This isn’t just about the right way to make a PR. The hardest, and most rewarding part, of any community is the people. The audience will learn how to engage in open source to ensure that the community they join will continue to be happy and healthy.
- 5 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Challenges Managing a Kubernetes-Based Machine Learning Infrastructure - Yuzhui Liu & Keith Laban, Bloomberg; Ed Shee, Seldon; Keshi Dai, Spotify
Speakers: Keith, Keshi Dai, Yuzhui Liu, Ed Shee
Managing a machine learning infrastructure is a great challenge, as its scope covers both common infrastructure tasks – such as cluster management, network, security, container management, and observability – and ML-focused tasks – such as GPU compute, data exploration, distributed training, and model serving. Kubernetes and its prosperous open source ecosystem provides great infrastructure tools (e.g., Knative, Cloud Native Buildpacks, Argo, and Envoy), as well as ML-focused projects (e.g., Kubeflow, KServe, Seldon Core, and KubeRay) that enable infrastructure engineers to build a modern machine learning infrastructure. In this panel, you’ll hear from engineers at Bloomberg, Seldon, and Spotify about how they’re using the Kubernetes ecosystem to provide machine learning infrastructure and their current challenges. Panelists represent a variety of use cases, including end-users and infrastructure providers, as well as both on-prem and cloud-based infrastructures.
The Challenges Managing a Kubernetes-Based Machine Learning Infrastructure - Yuzhui Liu & Keith Laban, Bloomberg; Ed Shee, Seldon; Keshi Dai, Spotify
Speakers: Keith, Keshi Dai, Yuzhui Liu, Ed Shee
Managing a machine learning infrastructure is a great challenge, as its scope covers both common infrastructure tasks – such as cluster management, network, security, container management, and observability – and ML-focused tasks – such as GPU compute, data exploration, distributed training, and model serving. Kubernetes and its prosperous open source ecosystem provides great infrastructure tools (e.g., Knative, Cloud Native Buildpacks, Argo, and Envoy), as well as ML-focused projects (e.g., Kubeflow, KServe, Seldon Core, and KubeRay) that enable infrastructure engineers to build a modern machine learning infrastructure. In this panel, you’ll hear from engineers at Bloomberg, Seldon, and Spotify about how they’re using the Kubernetes ecosystem to provide machine learning infrastructure and their current challenges. Panelists represent a variety of use cases, including end-users and infrastructure providers, as well as both on-prem and cloud-based infrastructures.
- 10 participants
- 42 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Course Of True Community Management Never Did Run Smooth, In 1 Act - Karsten Wade & Jen Madriaga, Red Hat
Over the years the Open Source ecosystem has evolved community values and practices. The Kubernetes community centers kindness and inclusivity, practicing accessibility as a way of building a diverse community. While the K8s community has brought attention and change in the ecosystem, neither the values nor the practices originated there. K8s-flavored, yes, but also similar to other communities such as OpenInfra, Drupal, and the Linux distributions. In this one-act play with two practitioners, Jen breaks down successful community caretaking and stewardship through the way we run events such as KubeCon, and Karsten offers a live diff, comparing and contrasting the Jen's experience with his own and what is gathered in the Open Source Way guidebook for community management practices. Embracing storytelling, two very different literary nerds provide an overview of how community management works in the Open Source world, and an understanding of the differences and similarities to a broader, extrapolated view from a diverse community of practice.
The Course Of True Community Management Never Did Run Smooth, In 1 Act - Karsten Wade & Jen Madriaga, Red Hat
Over the years the Open Source ecosystem has evolved community values and practices. The Kubernetes community centers kindness and inclusivity, practicing accessibility as a way of building a diverse community. While the K8s community has brought attention and change in the ecosystem, neither the values nor the practices originated there. K8s-flavored, yes, but also similar to other communities such as OpenInfra, Drupal, and the Linux distributions. In this one-act play with two practitioners, Jen breaks down successful community caretaking and stewardship through the way we run events such as KubeCon, and Karsten offers a live diff, comparing and contrasting the Jen's experience with his own and what is gathered in the Open Source Way guidebook for community management practices. Embracing storytelling, two very different literary nerds provide an overview of how community management works in the Open Source world, and an understanding of the differences and similarities to a broader, extrapolated view from a diverse community of practice.
- 4 participants
- 29 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The State of the Cloud Native Network: Deep-dive from TAG-Network - Ed Warnicke, Cisco & Lee Calcote, Layer5
Speakers: Ed Warnicke, Lee Calcote
Every application needs to communicate.
That communication happens over the network.
Cloud Native, at its most basic, is an evolution of how to better meet application developers needs in a world that has moved beyond the mental model of the underlying infrastructure. The Network is also evolving with new, more powerful, more flexible ways to allow applications to communicate with each other.
Cloud Native Networking is vast, encompassing CNI, CoreDNS, Envoy, gRPC, Linkerd, NATs, Network Service Mesh, BFE, Contour, Kuma, Service Mesh Interface, Chaos Mesh, Open Service Mesh, Emissary, k8gb, Service Mesh Performance, Submariner, Cilium, Meshery, Fab Edge, Istio, Nighthawk, Aeraki, and FabEdge. The vastness can be daunting.
Come learn about the big picture in Cloud Native Networking in the CNCF from basic L3 Connectivity up to the latest in Service Mesh and how to put it all in a context you can use.
The State of the Cloud Native Network: Deep-dive from TAG-Network - Ed Warnicke, Cisco & Lee Calcote, Layer5
Speakers: Ed Warnicke, Lee Calcote
Every application needs to communicate.
That communication happens over the network.
Cloud Native, at its most basic, is an evolution of how to better meet application developers needs in a world that has moved beyond the mental model of the underlying infrastructure. The Network is also evolving with new, more powerful, more flexible ways to allow applications to communicate with each other.
Cloud Native Networking is vast, encompassing CNI, CoreDNS, Envoy, gRPC, Linkerd, NATs, Network Service Mesh, BFE, Contour, Kuma, Service Mesh Interface, Chaos Mesh, Open Service Mesh, Emissary, k8gb, Service Mesh Performance, Submariner, Cilium, Meshery, Fab Edge, Istio, Nighthawk, Aeraki, and FabEdge. The vastness can be daunting.
Come learn about the big picture in Cloud Native Networking in the CNCF from basic L3 Connectivity up to the latest in Service Mesh and how to put it all in a context you can use.
- 1 participant
- 39 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Windows Operational Readiness Specification - Amim Moises Salum Knabben & Xinqi Li, VMware
Speakers: Amim Knabben, Xinqi Li
Windows nodes have been a bit of an enigma in the Kubernetes community for some time. What do they support? How are they different from Linux nodes? And what “Conformance” standards should they adhere to in an enterprise environment? In this talk, we’ll introduce the Sig-Windows operational readiness specification which does for Windows what the Kubernetes Conformance tests have provided for Linux clusters: A standard for defining a fully functional Kubernetes environment. We’ll go through the 6 categories of Enterprise Windows use cases that we’ve identified as part of our Operational Readiness tests for windows, how each one is tested and how this framework works under the hood. We’ll also demonstrate how we use it to verify advanced “realistic” Windows scenarios, such as GMSA and Windows NetworkPolicy support.
The Windows Operational Readiness Specification - Amim Moises Salum Knabben & Xinqi Li, VMware
Speakers: Amim Knabben, Xinqi Li
Windows nodes have been a bit of an enigma in the Kubernetes community for some time. What do they support? How are they different from Linux nodes? And what “Conformance” standards should they adhere to in an enterprise environment? In this talk, we’ll introduce the Sig-Windows operational readiness specification which does for Windows what the Kubernetes Conformance tests have provided for Linux clusters: A standard for defining a fully functional Kubernetes environment. We’ll go through the 6 categories of Enterprise Windows use cases that we’ve identified as part of our Operational Readiness tests for windows, how each one is tested and how this framework works under the hood. We’ll also demonstrate how we use it to verify advanced “realistic” Windows scenarios, such as GMSA and Windows NetworkPolicy support.
- 3 participants
- 23 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tips And Tricks To Successfully Migrate From Jaeger To OpenTelemetry - Vineeth Pothulapati, Timescale Inc
Speakers: Vineeth Pothulapati
With Jaeger announcing the end of life for all Jaeger client libraries and recommending all users to migrate to OpenTelemetry SDKs, for many users, it is becoming important to plan an effective migration from Jaeger to OpenTelemetry. But this migration isn't simple. There are multiple ways to perform it, each one implying different tradeoffs; besides, Jaeger has some fantastic features (such as remote-controlled samplers or per- operation-based adaptive sampling) that could be lost during the migration, if best practices are not followed. In this talk, we’ll discuss some of the best approaches to the migration from Jaeger to OpenTelemetry, the different paths that organizations can take and its related implications, and what users can do to not lose any of the Jager functionality they really love when moving to OpenTelemetry. We will illustrate everything with a demo application, which will be using the Jaeger client at the start of the session and will have migrated to OpenTelemetry by the end.
Tips And Tricks To Successfully Migrate From Jaeger To OpenTelemetry - Vineeth Pothulapati, Timescale Inc
Speakers: Vineeth Pothulapati
With Jaeger announcing the end of life for all Jaeger client libraries and recommending all users to migrate to OpenTelemetry SDKs, for many users, it is becoming important to plan an effective migration from Jaeger to OpenTelemetry. But this migration isn't simple. There are multiple ways to perform it, each one implying different tradeoffs; besides, Jaeger has some fantastic features (such as remote-controlled samplers or per- operation-based adaptive sampling) that could be lost during the migration, if best practices are not followed. In this talk, we’ll discuss some of the best approaches to the migration from Jaeger to OpenTelemetry, the different paths that organizations can take and its related implications, and what users can do to not lose any of the Jager functionality they really love when moving to OpenTelemetry. We will illustrate everything with a demo application, which will be using the Jaeger client at the start of the session and will have migrated to OpenTelemetry by the end.
- 1 participant
- 30 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tips To Fight Impostor Syndrome - Aurélie Vache, OVHcloud
Speakers: Aurélie Vache
Who has not once said the phrase:
- I sucks
- I don't know anything
- I feel like an impostor
- I don't feel legitimate to do this or do that
Some people are convinced that they do not deserve their success, despite the efforts they make to succeed. They often convince themselves that their success is not linked to their work, their personal accomplishment, but simply to luck or the work of others. In fact, they live permanently with a feeling of deception and constantly fear that someone will unmask them from one day to another. Despite my stuttering, I am a speaker, a mentor, a conference organizer and very invested in women in tech and tech communities.
In this talk, we will see what the impostor syndrome is, how it is reflected on a daily basis and we will see that it is not inevitable, on the contrary, that there are tips and tricks for the fight, overcome and improve. And I will also tell you several anecdotes that happened to me, which were very hard and which made me who I am today.
Tips To Fight Impostor Syndrome - Aurélie Vache, OVHcloud
Speakers: Aurélie Vache
Who has not once said the phrase:
- I sucks
- I don't know anything
- I feel like an impostor
- I don't feel legitimate to do this or do that
Some people are convinced that they do not deserve their success, despite the efforts they make to succeed. They often convince themselves that their success is not linked to their work, their personal accomplishment, but simply to luck or the work of others. In fact, they live permanently with a feeling of deception and constantly fear that someone will unmask them from one day to another. Despite my stuttering, I am a speaker, a mentor, a conference organizer and very invested in women in tech and tech communities.
In this talk, we will see what the impostor syndrome is, how it is reflected on a daily basis and we will see that it is not inevitable, on the contrary, that there are tips and tricks for the fight, overcome and improve. And I will also tell you several anecdotes that happened to me, which were very hard and which made me who I am today.
- 1 participant
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Towards Something Better Than CRDs In a Post-Operator World - Stefan Schimanski, Red Hat
Speakers: Stefan Schimanski
CustomResourceDefinitions are driving the extension ecosystem around Kubernetes. This talk is about the search for the next step, a successor for CRDs in a post-operator world where service providers use CRDs as first-class API for the services they are building and offering to tenants. CRDs as we know them are installed in customer clusters, usually together with operators or controllers. With that they are under control of the users: - users can tweak the CRDs. - users are the ones updating and controlling the operators with all the complexity and pitfalls updating operators and APIs can have. This situation is not a good fit for today's problems, and it's mostly an artifact of how CRDs and their life-cycle were conceived years ago as a tool to add in-cluster concepts. This talk is about lifting CRDs up to be a first-class verhicle for APIs provided and consumed by different parties, without the operator-glue, in different clusters, standardized, securely and federated.
Towards Something Better Than CRDs In a Post-Operator World - Stefan Schimanski, Red Hat
Speakers: Stefan Schimanski
CustomResourceDefinitions are driving the extension ecosystem around Kubernetes. This talk is about the search for the next step, a successor for CRDs in a post-operator world where service providers use CRDs as first-class API for the services they are building and offering to tenants. CRDs as we know them are installed in customer clusters, usually together with operators or controllers. With that they are under control of the users: - users can tweak the CRDs. - users are the ones updating and controlling the operators with all the complexity and pitfalls updating operators and APIs can have. This situation is not a good fit for today's problems, and it's mostly an artifact of how CRDs and their life-cycle were conceived years ago as a tool to add in-cluster concepts. This talk is about lifting CRDs up to be a first-class verhicle for APIs provided and consumed by different parties, without the operator-glue, in different clusters, standardized, securely and federated.
- 9 participants
- 36 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Trust But Verify: Bringing Supply Chain Integrity To CD GitOps - Yuji Watanabe & Hirokuni Kitahara, IBM Research
Speakers: Yuji Watanabe, Hirokuni Kitahara
Using GitOps automation to deliver Kubernetes cloud native applications allows management of infrastructure in the same way you manage application code, but lacks the supply chain controls needed to ensure integrity and tamper-proof deployments. Whilst application source dependencies have quickly benefited from SBOMs, transparency logs, and cryptographic signatures, delivery side automation has not participated in the end to end integrity guarantees. Using CD Gitops, Kubernetes manifests are composed from multiple source assets, across several locations, each having their own potential sources of malicious or accidental tampering. Template based mutations occur throughout continuous deployment and prohibit typical signing and verification methods. This talk describes how a properly instrumented CD GitOps process can be extended to provide verification of source assets with cluster enforcement of signatures and policy permissions. By combining keyless signing via Sigstore and intersecting control points throughout GitOps, accurate cryptographic signing of source assets can be obtained and transparency of configuration provenance produced. Finally using an admission controller such as integrity shield, cluster enforcement validates pipeline integrity.
Trust But Verify: Bringing Supply Chain Integrity To CD GitOps - Yuji Watanabe & Hirokuni Kitahara, IBM Research
Speakers: Yuji Watanabe, Hirokuni Kitahara
Using GitOps automation to deliver Kubernetes cloud native applications allows management of infrastructure in the same way you manage application code, but lacks the supply chain controls needed to ensure integrity and tamper-proof deployments. Whilst application source dependencies have quickly benefited from SBOMs, transparency logs, and cryptographic signatures, delivery side automation has not participated in the end to end integrity guarantees. Using CD Gitops, Kubernetes manifests are composed from multiple source assets, across several locations, each having their own potential sources of malicious or accidental tampering. Template based mutations occur throughout continuous deployment and prohibit typical signing and verification methods. This talk describes how a properly instrumented CD GitOps process can be extended to provide verification of source assets with cluster enforcement of signatures and policy permissions. By combining keyless signing via Sigstore and intersecting control points throughout GitOps, accurate cryptographic signing of source assets can be obtained and transparency of configuration provenance produced. Finally using an admission controller such as integrity shield, cluster enforcement validates pipeline integrity.
- 4 participants
- 34 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Becoming a Kubernetes Developer: Writing Your First Operator - Abby Bangser, Syntasso
Speakers: Abby Bangser
Kubernetes is effectively a blank canvas which we as engineers need to compose into a shape and style that fits our needs. This nearly always starts with running software through deployments. While this can get us started, many of our high value use cases require more complex compositions. Operators provide engineers a way to extend the building blocks of Kubernetes to build higher level abstractions. These abstractions can codify complex setup requirements, standardise capabilities across an organisation, and more. An example of operators at work include the Prometheus operator. This helps teams get started with monitoring and alerting with packaging and providing sensible defaults across an array of associated tools including Prometheus (for metric gathering), Thanos (for metric retention), Alertmanager (for alerts), and Grafana (for graphing). In this workshop we will build a basic operator which will enable a hands on exploration into use cases and structures of operators in more depth.
Tutorial: Becoming a Kubernetes Developer: Writing Your First Operator - Abby Bangser, Syntasso
Speakers: Abby Bangser
Kubernetes is effectively a blank canvas which we as engineers need to compose into a shape and style that fits our needs. This nearly always starts with running software through deployments. While this can get us started, many of our high value use cases require more complex compositions. Operators provide engineers a way to extend the building blocks of Kubernetes to build higher level abstractions. These abstractions can codify complex setup requirements, standardise capabilities across an organisation, and more. An example of operators at work include the Prometheus operator. This helps teams get started with monitoring and alerting with packaging and providing sensible defaults across an array of associated tools including Prometheus (for metric gathering), Thanos (for metric retention), Alertmanager (for alerts), and Grafana (for graphing). In this workshop we will build a basic operator which will enable a hands on exploration into use cases and structures of operators in more depth.
- 4 participants
- 1:31 hours
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Build Your Own Heroku With Cloud Native Stack - Muvaffak Onus, Upbound & Sidarta Aguiar de Oliveira, Grupo Boticário
Speakers: Muvaffak Onus, Sidarta Aguiar de Oliveira
Heroku has led the transformational PaaS experience we're all used to today and we still see companies building a variant of that experience in their specific niche. However, while the opinionated nature of Heroku made it a really sound choice for general use cases, everyone knows that they will outgrow it at one point. What if you could build your own Heroku and tailor it to your needs as you grow? With the help of the cloud native stack, we will build a Heroku experience that is fully customizable for your ever changing use cases. By combining Backstage, Crossplane and several other cloud native tools, we will build our platform that can give the Heroku experience to your users consistently while your organization’s needs grow and you accommodate the changes.
Tutorial: Build Your Own Heroku With Cloud Native Stack - Muvaffak Onus, Upbound & Sidarta Aguiar de Oliveira, Grupo Boticário
Speakers: Muvaffak Onus, Sidarta Aguiar de Oliveira
Heroku has led the transformational PaaS experience we're all used to today and we still see companies building a variant of that experience in their specific niche. However, while the opinionated nature of Heroku made it a really sound choice for general use cases, everyone knows that they will outgrow it at one point. What if you could build your own Heroku and tailor it to your needs as you grow? With the help of the cloud native stack, we will build a Heroku experience that is fully customizable for your ever changing use cases. By combining Backstage, Crossplane and several other cloud native tools, we will build our platform that can give the Heroku experience to your users consistently while your organization’s needs grow and you accommodate the changes.
- 2 participants
- 1:29 hours
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Set Up Your Shell For Kubernetes Productivity And Be Efficient Quickly - Sebastien “Prune” Thomas, Wunderkind & Archy Ayrat Khayretdinov, Google
Speakers: Ayrat Khayretdinov, Sebastien Prune Thomas
You just started a new gig ? You switched laptop ? or you're new to using Kubernetes ?
From the new users of Kubernetes to the most experienced gurus, we all spend a large amount of time on the terminal* (shell).
This talk will focus on setting up your laptop and terminal, installing all the cool tools to get you productive fast with Kubernetes. It is intended for all levels of experience.
By mixing a presentation of the tooling and demos, you'll quickly see how some little tuning can increase your productivity by a large amount.
During this talk you'll learn (not limited to):
- setup your shell to connect to a Cloud K8s service
- add shortcuts to type less when using kubectl
- get a clean access to cluster's logs
- add colors to your kubectl outputs
- install and use a local k8s cluster for prototyping
- work with Containers without Docker-For-Desktop
- get to know a lot of small tools to ease the pain of maintaining a cluster, playing with yaml and more
This talk also gives access to a companion tutorial with all the commands that you can play on your laptop, during the talk or at home.
Bring your laptop and start being more productive right now !
Join us in this adventure and impress your co-workers on your first day at work !
WARNING !
If you want to follow the talk and replicate on your own laptop, you will need a Kubernetes cluster.
it is advised to pre-install some tools so we don't burn down the WIFI of the whole conference: either Docker Desktop, Podman and Kind
For Mac OS X:
brew install podman
brew install kind
podman machine init --cpus=2 --memory=4096 --disk-size=200 --now
kind create cluster dev
Tutorial: Set Up Your Shell For Kubernetes Productivity And Be Efficient Quickly - Sebastien “Prune” Thomas, Wunderkind & Archy Ayrat Khayretdinov, Google
Speakers: Ayrat Khayretdinov, Sebastien Prune Thomas
You just started a new gig ? You switched laptop ? or you're new to using Kubernetes ?
From the new users of Kubernetes to the most experienced gurus, we all spend a large amount of time on the terminal* (shell).
This talk will focus on setting up your laptop and terminal, installing all the cool tools to get you productive fast with Kubernetes. It is intended for all levels of experience.
By mixing a presentation of the tooling and demos, you'll quickly see how some little tuning can increase your productivity by a large amount.
During this talk you'll learn (not limited to):
- setup your shell to connect to a Cloud K8s service
- add shortcuts to type less when using kubectl
- get a clean access to cluster's logs
- add colors to your kubectl outputs
- install and use a local k8s cluster for prototyping
- work with Containers without Docker-For-Desktop
- get to know a lot of small tools to ease the pain of maintaining a cluster, playing with yaml and more
This talk also gives access to a companion tutorial with all the commands that you can play on your laptop, during the talk or at home.
Bring your laptop and start being more productive right now !
Join us in this adventure and impress your co-workers on your first day at work !
WARNING !
If you want to follow the talk and replicate on your own laptop, you will need a Kubernetes cluster.
it is advised to pre-install some tools so we don't burn down the WIFI of the whole conference: either Docker Desktop, Podman and Kind
For Mac OS X:
brew install podman
brew install kind
podman machine init --cpus=2 --memory=4096 --disk-size=200 --now
kind create cluster dev
- 4 participants
- 1:32 hours
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Unified Chaos Injection And SLO Validation Experiments In Kubernetes - Srinivasan Parthasarathy, IBM & Shubham Chaudhary, JFrog
Speakers: Srinivasan Parthasarathy, Shubham Chaudhary
You have a principled process for releasing your Kubernetes app that involves load testing, benchmarking and validation of service-level objectives (SLOs). But, will your app perform well when your cluster is subject to compute, memory, i/o, or network stress? In this talk, we will explore a novel approach that combines chaos injection for probing weaknesses in your Kubernetes infrastructure, with load testing, benchmarking and performance validation with SLOs for your app. The core thrust of our approach will be flexibility combined with simplicity. Your app may be cluster-local or externally exposed, may implement an HTTP or a gRPC endpoint, may have been specified using built-in or custom Kubernetes resources, may use any type of horizontal or vertical autoscaling, may use any CD/GitOps process for deployment, and you may be interested in probing your cluster by injecting compute, memory, i/o, network, or any other types of chaos. Regardless of these variations, this talk will demonstrate a dead simple way to automatically launch the unified “chaos + performance validation" experiment whenever the app is updated, and automatically notify an event receiver with metrics and SLO validation results once the experiment is completed.
Unified Chaos Injection And SLO Validation Experiments In Kubernetes - Srinivasan Parthasarathy, IBM & Shubham Chaudhary, JFrog
Speakers: Srinivasan Parthasarathy, Shubham Chaudhary
You have a principled process for releasing your Kubernetes app that involves load testing, benchmarking and validation of service-level objectives (SLOs). But, will your app perform well when your cluster is subject to compute, memory, i/o, or network stress? In this talk, we will explore a novel approach that combines chaos injection for probing weaknesses in your Kubernetes infrastructure, with load testing, benchmarking and performance validation with SLOs for your app. The core thrust of our approach will be flexibility combined with simplicity. Your app may be cluster-local or externally exposed, may implement an HTTP or a gRPC endpoint, may have been specified using built-in or custom Kubernetes resources, may use any type of horizontal or vertical autoscaling, may use any CD/GitOps process for deployment, and you may be interested in probing your cluster by injecting compute, memory, i/o, network, or any other types of chaos. Regardless of these variations, this talk will demonstrate a dead simple way to automatically launch the unified “chaos + performance validation" experiment whenever the app is updated, and automatically notify an event receiver with metrics and SLO validation results once the experiment is completed.
- 1 participant
- 26 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Untrusted Execution: Attacking the Cloud Native Supply Chain - Andrew Martin, ControlPlane
Should we trust the code we run in production? Not if a motivated attacker can compromise our system’s complex supply chains. While hardened runtimes and detection can mitigate some zero day attacks, malicious internal threat actors and software implants are much harder to detect. Supply chain security looks to address some of these concerns, but with so many signing options available to us, what do we really care about? Our source code, open source dependencies, CI/CD, built containers, vendor software — or the hardware and operating systems we run on? Securing the whole supply chain is a non-trivial task, and requires consideration at all of these levels. In this talk we: - Undertake a risk-based threat model of supply chain attacks against our systems - Compare the open source supply chain security controls available to us - Examine trusted execution environments and their security properties - Propose a solution for end to end supply chain security
Untrusted Execution: Attacking the Cloud Native Supply Chain - Andrew Martin, ControlPlane
Should we trust the code we run in production? Not if a motivated attacker can compromise our system’s complex supply chains. While hardened runtimes and detection can mitigate some zero day attacks, malicious internal threat actors and software implants are much harder to detect. Supply chain security looks to address some of these concerns, but with so many signing options available to us, what do we really care about? Our source code, open source dependencies, CI/CD, built containers, vendor software — or the hardware and operating systems we run on? Securing the whole supply chain is a non-trivial task, and requires consideration at all of these levels. In this talk we: - Undertake a risk-based threat model of supply chain attacks against our systems - Compare the open source supply chain security controls available to us - Examine trusted execution environments and their security properties - Propose a solution for end to end supply chain security
- 2 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Using the EBPF Superpowers To Generate Kubernetes Security Policies - Mauricio Vásquez Bernal & Alban Crequy, Microsoft
Kubernetes has several security mechanisms that can be used to secure your applications: - limit network connectivity with network policies - block some system calls with seccomp profiles - restrict access to some Linux capabilities in security contexts Defining those policies is difficult. It usually happens that the team defining them is not the one that created the application, hence they might not have a good enough view of the architecture to know how to write them. We will present and demo different ways to automatically generate the 3 different kind of policies mentioned above by monitoring the application's events with the following eBPF-based tools: - Inspektor Gadget - Kubernetes Security Profiles Operator - oci-seccomp-bpf-hook We'll discuss the limitations of this approach and the future ahead of these tools. Finally, we will explain how applications can be audited to see if the security policies are respected.
Using the EBPF Superpowers To Generate Kubernetes Security Policies - Mauricio Vásquez Bernal & Alban Crequy, Microsoft
Kubernetes has several security mechanisms that can be used to secure your applications: - limit network connectivity with network policies - block some system calls with seccomp profiles - restrict access to some Linux capabilities in security contexts Defining those policies is difficult. It usually happens that the team defining them is not the one that created the application, hence they might not have a good enough view of the architecture to know how to write them. We will present and demo different ways to automatically generate the 3 different kind of policies mentioned above by monitoring the application's events with the following eBPF-based tools: - Inspektor Gadget - Kubernetes Security Profiles Operator - oci-seccomp-bpf-hook We'll discuss the limitations of this approach and the future ahead of these tools. Finally, we will explain how applications can be audited to see if the security policies are respected.
- 7 participants
- 40 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Webhook Fatigue? You're Not Alone: Introducing the CEL Expression Language Features Solving This Problem - Joe Betz, Google
Speakers: Joe Betz
In Kubernetes 1.23 we integrated the CEL expression language into open source Kubernetes, making it possible to support the vast majority of CRD validation use cases without a webhook. This includes multi-field validation rules, immutability checks and more. And this is just the beginning, we plan to extend admission control to support CEL expressions as well, which will make it possible to replace far more of those operationally troublesome webhooks with a much simpler alternative. We're convinced this leads to a better development experience for anyone extending Kubernetes. And more importantly, it makes cluster operations simpler and safer. Learn about this future of Kubernetes extensibility from a contributor who has been involved in Kubernetes extensibility for over 5 years, including the projects to bring CRDs and Webhooks to GA, and who has been involved in improving the stability of Kubnernetes control planes in GKE for years. In this talk I'll introduce CEL and how we've integrated it into Kuberentes and answer questions including: What can you do with CEL in Kubernetes today? What future features are planned? Can there really a future where webhooks are the exception instead of the norm?
Webhook Fatigue? You're Not Alone: Introducing the CEL Expression Language Features Solving This Problem - Joe Betz, Google
Speakers: Joe Betz
In Kubernetes 1.23 we integrated the CEL expression language into open source Kubernetes, making it possible to support the vast majority of CRD validation use cases without a webhook. This includes multi-field validation rules, immutability checks and more. And this is just the beginning, we plan to extend admission control to support CEL expressions as well, which will make it possible to replace far more of those operationally troublesome webhooks with a much simpler alternative. We're convinced this leads to a better development experience for anyone extending Kubernetes. And more importantly, it makes cluster operations simpler and safer. Learn about this future of Kubernetes extensibility from a contributor who has been involved in Kubernetes extensibility for over 5 years, including the projects to bring CRDs and Webhooks to GA, and who has been involved in improving the stability of Kubnernetes control planes in GKE for years. In this talk I'll introduce CEL and how we've integrated it into Kuberentes and answer questions including: What can you do with CEL in Kubernetes today? What future features are planned? Can there really a future where webhooks are the exception instead of the norm?
- 9 participants
- 35 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What's Going ARM: Adopting ARM64 At Airbnb - Melanie Cebula, Airbnb
Speakers: Melanie Cebula
What’s going ARM? With all the recent developments in the architecture space, you may be wondering how these changes apply to your infrastructure. At Airbnb, we’re going through a multi-year journey to evaluate and adopt support for ARM64 and “multi-arch” support-- from our local laptop developer environments, to CI infrastructure, all the way through to production workloads. In this talk, we will go over: - An overview and evaluation of the current state of ARM - The pitfalls and challenges we faced - How we designed multi-arch support - And more!
What's Going ARM: Adopting ARM64 At Airbnb - Melanie Cebula, Airbnb
Speakers: Melanie Cebula
What’s going ARM? With all the recent developments in the architecture space, you may be wondering how these changes apply to your infrastructure. At Airbnb, we’re going through a multi-year journey to evaluate and adopt support for ARM64 and “multi-arch” support-- from our local laptop developer environments, to CI infrastructure, all the way through to production workloads. In this talk, we will go over: - An overview and evaluation of the current state of ARM - The pitfalls and challenges we faced - How we designed multi-arch support - And more!
- 1 participant
- 27 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What’s New In Chaos Mesh And Deep Dive Into Multi Clusters Support - Ed Huang & Chao Zheng, PingCAP
Chaos Mesh is one of the most popular open-source chaos engineering platforms, with the goal of making chaos engineering easier and more accessible. In this session, In addition to a brief overview of Chaos Mesh, Cwen will provide an update about the latest feature developments, and deep into how to support chaos experiments on multiple Kubernetes clusters. In the real case, chaos experiments across multiple clusters are often needed, to achieve it and make it easy, chaos mesh supports this feature natively. In this session, Cwen will introduce how to design and implement this feature and introduce typical real world use cases.
What’s New In Chaos Mesh And Deep Dive Into Multi Clusters Support - Ed Huang & Chao Zheng, PingCAP
Chaos Mesh is one of the most popular open-source chaos engineering platforms, with the goal of making chaos engineering easier and more accessible. In this session, In addition to a brief overview of Chaos Mesh, Cwen will provide an update about the latest feature developments, and deep into how to support chaos experiments on multiple Kubernetes clusters. In the real case, chaos experiments across multiple clusters are often needed, to achieve it and make it easy, chaos mesh supports this feature natively. In this session, Cwen will introduce how to design and implement this feature and introduce typical real world use cases.
- 8 participants
- 33 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Windows HostProcess Containers For Configuration And Beyond - James Sturtevant & Mark Rossetti, Microsoft
The days of needing custom scripts and hard-won knowledge to set up and configure Windows Server hosts are over. The new Windows HostProcess Container feature in Kubernetes has begun to close a major feature gap between Windows and Linux containers. We now have a way to carry out key tasks such as running kube-proxy and CNIs (Container Network Interface) as containers in the cluster. Beyond the basics, HostProcess containers also open the door to more effective logging, monitoring and debugging of the Windows environment. In this session, we will cover the basics of using HostProcess containers and see how they differ from other Windows containers. After gaining an understanding of these differences, we will explore three examples covering the common use cases for HostProcess containers: CNIs, debugging, and on-demand monitoring. The attendees will see concrete examples of HostProcess Containers, novel approaches to debugging, and gain inspiration for new ways of interacting with Windows enabled clusters.
Windows HostProcess Containers For Configuration And Beyond - James Sturtevant & Mark Rossetti, Microsoft
The days of needing custom scripts and hard-won knowledge to set up and configure Windows Server hosts are over. The new Windows HostProcess Container feature in Kubernetes has begun to close a major feature gap between Windows and Linux containers. We now have a way to carry out key tasks such as running kube-proxy and CNIs (Container Network Interface) as containers in the cluster. Beyond the basics, HostProcess containers also open the door to more effective logging, monitoring and debugging of the Windows environment. In this session, we will cover the basics of using HostProcess containers and see how they differ from other Windows containers. After gaining an understanding of these differences, we will explore three examples covering the common use cases for HostProcess containers: CNIs, debugging, and on-demand monitoring. The attendees will see concrete examples of HostProcess Containers, novel approaches to debugging, and gain inspiration for new ways of interacting with Windows enabled clusters.
- 7 participants
- 37 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Writing Reliable, Scalable, Fault Oblivious Code On K8s the Easy Way - Kendall Roden, Microsoft & Alice Gibbons, Diagrid
Speakers: Alice Gibbons, Kendall Roden
Remember when writing connected application code to do something innovative was the hard part? These days developers have to do more than ever, not only to write innovative and elegant code to run their business, but now also have to deal with all the faults, outages, disasters, hot spots, scale points, and concurrency issues that come with building distributed apps and microservices at scale. In this session, you will learn about the best practices to write distributed app code that sings at scale directly from the team that helped bring you Dapr and a number of hyper-scale cloud services in production. It will focus on the topics of resiliency, distributed locking, and optimization in common tasks like async messaging & Pub-Sub, state management, secrets and more. You will also learn about abstractions and implementations to do this the easy way in your favorite programming model and language, while targeting Kubernetes.
Writing Reliable, Scalable, Fault Oblivious Code On K8s the Easy Way - Kendall Roden, Microsoft & Alice Gibbons, Diagrid
Speakers: Alice Gibbons, Kendall Roden
Remember when writing connected application code to do something innovative was the hard part? These days developers have to do more than ever, not only to write innovative and elegant code to run their business, but now also have to deal with all the faults, outages, disasters, hot spots, scale points, and concurrency issues that come with building distributed apps and microservices at scale. In this session, you will learn about the best practices to write distributed app code that sings at scale directly from the team that helped bring you Dapr and a number of hyper-scale cloud services in production. It will focus on the topics of resiliency, distributed locking, and optimization in common tasks like async messaging & Pub-Sub, state management, secrets and more. You will also learn about abstractions and implementations to do this the easy way in your favorite programming model and language, while targeting Kubernetes.
- 2 participants
- 31 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Zero Trust Supply Chains with Project Sigstore and SPIFFE - Andres Vega & Jake Sanders
In order to ensure the trustworthiness of your software supply chain, maintainers must restate a number of assumptions. As opposed to inherently trusting build systems to serve accurate package metadata, we propose verification of every claim in the chain against the actors and tasks involved in the process. The combination of cryptographically verifiable identities with the use of transparency logs provides a novel approach to accomplish so and increase the security guarantees of your release artifacts.
Project Sigstore provides a toolkit to allow organizations to publish verifiable provenance about publicly distributed artifacts. This metadata is in turn stored on the Sigstore Binary Transparency Log (Rekor), signed and verified by use of Keyless Signatures (Cosign) and the Sigstore Certificate Authority (Fulcio), and stored in an OCI registry where it can be verified, discovered, and used in policy engines. Backed by SPIFFE’s reference implementation SPIRE, all cryptographic operations are rooted in a strongly attested universal identity control plane for distributed systems.
This presentation will demonstrate how a zero trust supply chain architecture can be applied to build systems, through the use of Sigstore and SPIRE for a Federated, Verifiable, Zero-Trust Supply Chain. Additionally, TektonCD will be used as the example build system and in-toto as the example provenance format.
Zero Trust Supply Chains with Project Sigstore and SPIFFE - Andres Vega & Jake Sanders
In order to ensure the trustworthiness of your software supply chain, maintainers must restate a number of assumptions. As opposed to inherently trusting build systems to serve accurate package metadata, we propose verification of every claim in the chain against the actors and tasks involved in the process. The combination of cryptographically verifiable identities with the use of transparency logs provides a novel approach to accomplish so and increase the security guarantees of your release artifacts.
Project Sigstore provides a toolkit to allow organizations to publish verifiable provenance about publicly distributed artifacts. This metadata is in turn stored on the Sigstore Binary Transparency Log (Rekor), signed and verified by use of Keyless Signatures (Cosign) and the Sigstore Certificate Authority (Fulcio), and stored in an OCI registry where it can be verified, discovered, and used in policy engines. Backed by SPIFFE’s reference implementation SPIRE, all cryptographic operations are rooted in a strongly attested universal identity control plane for distributed systems.
This presentation will demonstrate how a zero trust supply chain architecture can be applied to build systems, through the use of Sigstore and SPIRE for a Federated, Verifiable, Zero-Trust Supply Chain. Additionally, TektonCD will be used as the example build system and in-toto as the example provenance format.
- 5 participants
- 31 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
cert-manager - Past, Present and Future - Jake Sanders, cert-manager Maintainer & Ashley Davis, Jetstack
Speakers: Ashley Davis, Jake Sanders
cert-manager is the Cloud Native way to use X.509 certificates inside Kubernetes. It's usually one of the first things administrators install on a new cluster, with 15 million image pulls per day!
The project has just entered incubation, after being part of the CNCF sandbox for almost 2 years.
Join two of the maintainers for a talk about why you should use cert-manager, how we got to where we are today, and our plans for the future!
cert-manager - Past, Present and Future - Jake Sanders, cert-manager Maintainer & Ashley Davis, Jetstack
Speakers: Ashley Davis, Jake Sanders
cert-manager is the Cloud Native way to use X.509 certificates inside Kubernetes. It's usually one of the first things administrators install on a new cluster, with 15 million image pulls per day!
The project has just entered incubation, after being part of the CNCF sandbox for almost 2 years.
Join two of the maintainers for a talk about why you should use cert-manager, how we got to where we are today, and our plans for the future!
- 2 participants
- 26 minutes
12 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
“Why Can’t Kubernetes Devs Just Add This New Feature? Seems So Easy!” - Understanding the Feature Lifecycle In Kubernetes - Ricardo Katz, VMware & Carlos Panato, Chainguard
Speakers: Carlos Panato, Ricardo Katz
You started using Kubernetes. You are doing great! Then you figure out "hey if kubectl has colors probably it would be helpful for other people!" You go ahead, and open an issue in the Kubernetes repository, to figure out that there's another issue opened since 2016 about this! And with a lot of discussions! Yeah, it happens! But why does it take so long? Is this really necessary? In this talk, we will present to you how a new feature gets into Kubernetes and, most importantly, why it takes so long! We are going to pass through some simple scenarios to understand what is this review process, what problems were caught in some real life feature requests reviews, and also other examples of features that were promoted and now became a problem, trying to understand why they reached this status! Join us and learn a bit more about the enhancement process of Kubernetes!
“Why Can’t Kubernetes Devs Just Add This New Feature? Seems So Easy!” - Understanding the Feature Lifecycle In Kubernetes - Ricardo Katz, VMware & Carlos Panato, Chainguard
Speakers: Carlos Panato, Ricardo Katz
You started using Kubernetes. You are doing great! Then you figure out "hey if kubectl has colors probably it would be helpful for other people!" You go ahead, and open an issue in the Kubernetes repository, to figure out that there's another issue opened since 2016 about this! And with a lot of discussions! Yeah, it happens! But why does it take so long? Is this really necessary? In this talk, we will present to you how a new feature gets into Kubernetes and, most importantly, why it takes so long! We are going to pass through some simple scenarios to understand what is this review process, what problems were caught in some real life feature requests reviews, and also other examples of features that were promoted and now became a problem, trying to understand why they reached this status! Join us and learn a bit more about the enhancement process of Kubernetes!
- 5 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Achieving End-To-End Software Supply Chain Security With in-toto - Santiago Torres-Arias, Purdue University & Aditya Sirish A Yelgundhalli, New York University
in-toto is a CNCF Incubated project that can be used to secure software supply chains. Since joining incubation this year, in-toto has grown in various ways through community contributions. This includes features to perform better artifact tracking (e.g., to include Git, GitBOM, SBOMs and OCI images), as well as extending the base attestation type to include more expressive notions (e.g., SLSA provenance, measured execution, or to sign and attach SBOMs to their corresponding artifacts). Lastly, better integration with CNCF projects for cloud-native identity have been developed through projects such as SPIFFE and Sigstore. In this talk, we will showcase these exciting contributions, and help introduce new members of the audience to ways to particpate, collaborate, and use in-toto to protect their software supply chains. We will showcase in-toto's existing integrations. This will include projects such as Tekton Chains, Jenkins, Gitlab Runners, and rebuiderd (from the reproducible builds project). Finally, the talk will also feature current work on exciting features like Sigstore, SPDX, GitBOM and more!
Achieving End-To-End Software Supply Chain Security With in-toto - Santiago Torres-Arias, Purdue University & Aditya Sirish A Yelgundhalli, New York University
in-toto is a CNCF Incubated project that can be used to secure software supply chains. Since joining incubation this year, in-toto has grown in various ways through community contributions. This includes features to perform better artifact tracking (e.g., to include Git, GitBOM, SBOMs and OCI images), as well as extending the base attestation type to include more expressive notions (e.g., SLSA provenance, measured execution, or to sign and attach SBOMs to their corresponding artifacts). Lastly, better integration with CNCF projects for cloud-native identity have been developed through projects such as SPIFFE and Sigstore. In this talk, we will showcase these exciting contributions, and help introduce new members of the audience to ways to particpate, collaborate, and use in-toto to protect their software supply chains. We will showcase in-toto's existing integrations. This will include projects such as Tekton Chains, Jenkins, Gitlab Runners, and rebuiderd (from the reproducible builds project). Finally, the talk will also feature current work on exciting features like Sigstore, SPDX, GitBOM and more!
- 6 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Armoring Cloud Native Workloads With LSM Superpowers - Barun Acharya, Accuknox
Speakers: Barun Acharya
Containers are not protected by default as the various tools for security into place provides perimeter security at the host, or the network and not necessarily the workload itself. LSMs(Linux Security Modules) provide with security hooks necessary to set up least permissive perimeter for various workloads. KubeArmor is a cloud-native runtime security enforcement system that leverages various LSMs to secure your workloads. LSMs are a really powerful system but they come with a high barrier of entry, steep learning curve and do not provide enough metadata for modern cloud native workloads. This talk will be about how KubeArmor leverages LSM superpowers to abstract away the complexities to help protect modern cloud native workloads, how we leverage eBPF to provide context about what's happening in the containers, how various kernel primitives fair with each to protect modern container workloads and what design considerations/challenges for integrating various LSM into KubeArmor.
Armoring Cloud Native Workloads With LSM Superpowers - Barun Acharya, Accuknox
Speakers: Barun Acharya
Containers are not protected by default as the various tools for security into place provides perimeter security at the host, or the network and not necessarily the workload itself. LSMs(Linux Security Modules) provide with security hooks necessary to set up least permissive perimeter for various workloads. KubeArmor is a cloud-native runtime security enforcement system that leverages various LSMs to secure your workloads. LSMs are a really powerful system but they come with a high barrier of entry, steep learning curve and do not provide enough metadata for modern cloud native workloads. This talk will be about how KubeArmor leverages LSM superpowers to abstract away the complexities to help protect modern cloud native workloads, how we leverage eBPF to provide context about what's happening in the containers, how various kernel primitives fair with each to protect modern container workloads and what design considerations/challenges for integrating various LSM into KubeArmor.
- 1 participant
- 21 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Arsenal Of Democracy: What Open Source Can Learn From the Motor City - Shane Lawrence, Shopify
Speakers: Shane Lawrence
Most of us will spend most of the conference learning what's new in the cloud, focusing on developments from the last six to twelve months and discovering what our colleagues are working on in the future. In this talk, we'll break from that paradigm to ground ourselves by taking a look at Detroit's history and the lessons we can learn from its dominant industry. Shane will describe parallels between open source software and manufacturing, explain how lessons learned by automakers in the last century can benefit software development today, and point out potential pitfalls made by industrialists that we should seek to avoid.
Arsenal Of Democracy: What Open Source Can Learn From the Motor City - Shane Lawrence, Shopify
Speakers: Shane Lawrence
Most of us will spend most of the conference learning what's new in the cloud, focusing on developments from the last six to twelve months and discovering what our colleagues are working on in the future. In this talk, we'll break from that paradigm to ground ourselves by taking a look at Detroit's history and the lessons we can learn from its dominant industry. Shane will describe parallels between open source software and manufacturing, explain how lessons learned by automakers in the last century can benefit software development today, and point out potential pitfalls made by industrialists that we should seek to avoid.
- 1 participant
- 29 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Backstage: Shaping the Future Of Developer Experience - Ben Lambert & Francesco Corti, Spotify
The CNCF Landscape offers an incredible and diverse ecosystem of frameworks, technologies, and platforms. Your teams have their own implementations of these technologies. Onboarding new developers is super confusing, and docs are scattered around the place. In short: chaos and fragmentation in dozens of different tools. The solution to this might be… another portal? Backstage (https://backstage.io), an open source platform you can use to build your own developer portal. It is highly customisable and adopted by companies like Unity, Netflix, American Airlines, and Epic Games. Lee & Francesco will share the lessons learned and latest tips from the hundreds of Backstage adopters and thousands of contributors. We’ll cover how core features such as the Software Catalog and software templates are changing the way end users interact and manage their ecosystem. Let’s shape the future of developer experience together! 🎉
Backstage: Shaping the Future Of Developer Experience - Ben Lambert & Francesco Corti, Spotify
The CNCF Landscape offers an incredible and diverse ecosystem of frameworks, technologies, and platforms. Your teams have their own implementations of these technologies. Onboarding new developers is super confusing, and docs are scattered around the place. In short: chaos and fragmentation in dozens of different tools. The solution to this might be… another portal? Backstage (https://backstage.io), an open source platform you can use to build your own developer portal. It is highly customisable and adopted by companies like Unity, Netflix, American Airlines, and Epic Games. Lee & Francesco will share the lessons learned and latest tips from the hundreds of Backstage adopters and thousands of contributors. We’ll cover how core features such as the Software Catalog and software templates are changing the way end users interact and manage their ecosystem. Let’s shape the future of developer experience together! 🎉
- 2 participants
- 26 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Bare-Metal Chronicles: Intertwinement Of Tinkerbell, Cluster API And GitOps - Katie Gamanji, Apple
Speakers: Katie Gamanji
Within its 8 years of existence, Kubernetes has been the gravitational center of the Cloud Native, elevating a pluggable system that diversified the entire ecosystem. Multiple areas emerged in the industry, galvanizing solutions for components such as network, runtime, storage, and cluster provisioning. The maturity of the cloud native landscape is led by the wider adoption of enterprise and large organizations. However, for these companies deployment and handling of bare-metal infrastructure has always been essential. A pivotal tool to manage cross-provider infrastructure has been Cluster API, leading a unique and radical stance for Kubernetes distribution. In association with a model such as GitOps, Cluster API assembles a mechanism that leverages the concept of a "cluster as a resource". This talk will outline how cloud native tools, such as Tinkerbell and Cluster API unlock a robust deployment of bare-metal infrastructure. Attendees will acquire an understanding of why the usage of ClusterAPI and provisioning automation with GitOps tools, such as ArgoCD, is a powerful concept that leads an organization towards the discovery of a modernized provisioning model.
Bare-Metal Chronicles: Intertwinement Of Tinkerbell, Cluster API And GitOps - Katie Gamanji, Apple
Speakers: Katie Gamanji
Within its 8 years of existence, Kubernetes has been the gravitational center of the Cloud Native, elevating a pluggable system that diversified the entire ecosystem. Multiple areas emerged in the industry, galvanizing solutions for components such as network, runtime, storage, and cluster provisioning. The maturity of the cloud native landscape is led by the wider adoption of enterprise and large organizations. However, for these companies deployment and handling of bare-metal infrastructure has always been essential. A pivotal tool to manage cross-provider infrastructure has been Cluster API, leading a unique and radical stance for Kubernetes distribution. In association with a model such as GitOps, Cluster API assembles a mechanism that leverages the concept of a "cluster as a resource". This talk will outline how cloud native tools, such as Tinkerbell and Cluster API unlock a robust deployment of bare-metal infrastructure. Attendees will acquire an understanding of why the usage of ClusterAPI and provisioning automation with GitOps tools, such as ArgoCD, is a powerful concept that leads an organization towards the discovery of a modernized provisioning model.
- 1 participant
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
BoF: How Can We Build Stronger User Support Groups? - Steven Wong, VMware
Speakers: Steven Wong
Local User Groups, with physical meetings and were growing until covid hit. Replacement Zoom based groups have seen limited success.
We would like to gather the user community to brainstorm ideas on how we might come out of the covid break, with a strong support system that allow users to make friends, share experiences and best practices, while providing feedback to projects & vendors. We are seeking an environment offering coaching and education, without crossing the line into highly partial promotion of commercial products.
We’ll start with a brief introduction - then turn to moderator managed audience participation. If you are a member or an organizer of a group, we need your ideas. Please attend.
Topics: How can we foster and improve local physical meetings, where users have a great learning & sharing experience? How can the CNCF and projects support the groups operating now?
What is the best structure for global scope Zoom based User Groups? Special interest groups based on cloud type, or should it be use case based (such as Machine Learning, Financial, Retail, etc.)? Other?
Bring us your ideas, and challenges, and share your experiences with the community - Help make the cloud native journey better for users.
BoF: How Can We Build Stronger User Support Groups? - Steven Wong, VMware
Speakers: Steven Wong
Local User Groups, with physical meetings and were growing until covid hit. Replacement Zoom based groups have seen limited success.
We would like to gather the user community to brainstorm ideas on how we might come out of the covid break, with a strong support system that allow users to make friends, share experiences and best practices, while providing feedback to projects & vendors. We are seeking an environment offering coaching and education, without crossing the line into highly partial promotion of commercial products.
We’ll start with a brief introduction - then turn to moderator managed audience participation. If you are a member or an organizer of a group, we need your ideas. Please attend.
Topics: How can we foster and improve local physical meetings, where users have a great learning & sharing experience? How can the CNCF and projects support the groups operating now?
What is the best structure for global scope Zoom based User Groups? Special interest groups based on cloud type, or should it be use case based (such as Machine Learning, Financial, Retail, etc.)? Other?
Bring us your ideas, and challenges, and share your experiences with the community - Help make the cloud native journey better for users.
- 6 participants
- 37 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Build a Cloud Native Asynchronous Messaging System For Scale With Redis - Madelyn Olson, Amazon Web Services (AWS)
Speakers: Madelyn Elizabeth Olson
Large scale microservices architectures often rely on synchronous APIs to implement their functionality by communicating with a large number of other services. This pattern works well when all services are aware of when and how data changes. However, as the system size increases, the tight coupling and complexity can become difficult to maintain. A solution for this growing complexity is asynchronous message passing, where services register what types of messages they are interested in and submit messages to be broadcasted to the system. This highly decoupled system allows new services to be added without changing code of the existing components. In this talk, hear from Madelyn Olson, one of the Redis core maintainers and a software development engineer who will deep dive into best practices for implementing this asynchronous message design pattern. She will also demonstrate how to build, deploy, and monitor a highly scalable message broker system by using standard CNCF components, specifically Kubernetes and Prometheus, along with Redis, the “most loved” database.
Build a Cloud Native Asynchronous Messaging System For Scale With Redis - Madelyn Olson, Amazon Web Services (AWS)
Speakers: Madelyn Elizabeth Olson
Large scale microservices architectures often rely on synchronous APIs to implement their functionality by communicating with a large number of other services. This pattern works well when all services are aware of when and how data changes. However, as the system size increases, the tight coupling and complexity can become difficult to maintain. A solution for this growing complexity is asynchronous message passing, where services register what types of messages they are interested in and submit messages to be broadcasted to the system. This highly decoupled system allows new services to be added without changing code of the existing components. In this talk, hear from Madelyn Olson, one of the Redis core maintainers and a software development engineer who will deep dive into best practices for implementing this asynchronous message design pattern. She will also demonstrate how to build, deploy, and monitor a highly scalable message broker system by using standard CNCF components, specifically Kubernetes and Prometheus, along with Redis, the “most loved” database.
- 4 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Building Multi-Tenant Routing And Scaling With Envoy - Yiming Peng, Amazon Web Services, Inc.
AWS App Runner is using Envoy underhood for its multi-tenant request-routing, load balancing and auto scaling. In this session, the AWS App Runner service team will share Envoy user experience. Journey of building an Envoy-based scalable request-router from developer point of view. Reason to choose Envoy and benefits it brings to the product. Lessons learnt and best practices for maintaining and operating Envoy-based systems in day-to-day work life.
Building Multi-Tenant Routing And Scaling With Envoy - Yiming Peng, Amazon Web Services, Inc.
AWS App Runner is using Envoy underhood for its multi-tenant request-routing, load balancing and auto scaling. In this session, the AWS App Runner service team will share Envoy user experience. Journey of building an Envoy-based scalable request-router from developer point of view. Reason to choose Envoy and benefits it brings to the product. Lessons learnt and best practices for maintaining and operating Envoy-based systems in day-to-day work life.
- 1 participant
- 26 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Chaos Engineering Applied To the FinTech Domain - Rajeshwar Vadheraju, FIS & Neelanjan Manna, Harness
Speakers: Rajeshwar Vadheraju, Neelanjan Manna
FIS, a Fintech company with more than 20,000 clients around the globe, offers Banking-as-a-Service Hub, which enables banks and corporations the ability to rapidly configure new financial services. The Delivery of “as-a-service” features across accounts, cards, and establishments is enabled by functional modules deployed on Kubernetes, which are used by thousands of customers each day. To bolster the resiliency of this critical infrastructure, FIS uses LitmusChaos to expose and help remediate the system flaws thereby ensuring highly available services for the customers. In this talk, Rajeshwar (FIS) & Neelanjan (Harness) will lay out the reliability challenges while delivering Banking-as-an-Service and demonstrate how chaos experimentation was leveraged as part of the organization’s “client-experience-year” initiatives to improve the banking APIs.
Chaos Engineering Applied To the FinTech Domain - Rajeshwar Vadheraju, FIS & Neelanjan Manna, Harness
Speakers: Rajeshwar Vadheraju, Neelanjan Manna
FIS, a Fintech company with more than 20,000 clients around the globe, offers Banking-as-a-Service Hub, which enables banks and corporations the ability to rapidly configure new financial services. The Delivery of “as-a-service” features across accounts, cards, and establishments is enabled by functional modules deployed on Kubernetes, which are used by thousands of customers each day. To bolster the resiliency of this critical infrastructure, FIS uses LitmusChaos to expose and help remediate the system flaws thereby ensuring highly available services for the customers. In this talk, Rajeshwar (FIS) & Neelanjan (Harness) will lay out the reliability challenges while delivering Banking-as-an-Service and demonstrate how chaos experimentation was leveraged as part of the organization’s “client-experience-year” initiatives to improve the banking APIs.
- 2 participants
- 25 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Chaos Engineering For Hybrid Targets With LitmusChaos - Uma Mukkara, Karthik S & Prithvi Raj, Harness
Speakers: Uma Mukkara, Karthik S, Prithvi Raj
Downtime amongst platform resources is very common today and is one of the reasons why SRE teams are heavily invested in Chaos Engineering. Another upcoming phenomenon is that of multi-cloud deployments wherein organizations attempt to achieve redundancy through cross-cloud instances of their services. These requirements together warrant a vendor-agnostic approach to chaos experimentation, preferably from a common control plane (read: Kubernetes) with the flexibility to add custom constraints around the fault injection process as well as the expectations (hypothesis) around them. There is also a need to marry this process with the standard CI/CD pipelines to derive maximum benefit via continuous chaos testing. In this session, the maintainers of the LitmusChaos project explain how this can be achieved.
Chaos Engineering For Hybrid Targets With LitmusChaos - Uma Mukkara, Karthik S & Prithvi Raj, Harness
Speakers: Uma Mukkara, Karthik S, Prithvi Raj
Downtime amongst platform resources is very common today and is one of the reasons why SRE teams are heavily invested in Chaos Engineering. Another upcoming phenomenon is that of multi-cloud deployments wherein organizations attempt to achieve redundancy through cross-cloud instances of their services. These requirements together warrant a vendor-agnostic approach to chaos experimentation, preferably from a common control plane (read: Kubernetes) with the flexibility to add custom constraints around the fault injection process as well as the expectations (hypothesis) around them. There is also a need to marry this process with the standard CI/CD pipelines to derive maximum benefit via continuous chaos testing. In this session, the maintainers of the LitmusChaos project explain how this can be achieved.
- 2 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Community Awards - Hosted by Chris Aniszczyk
Speakers: Chris Aniszczyk
Community Awards - Hosted by Chris Aniszczyk
Speakers: Chris Aniszczyk
- 2 participants
- 7 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Computational Fluid Dynamics (CFD) Analysis With Kubernetes, Kubeflow, And OpenFOAM - Erik Jacobs, Red Hat
Speakers: Erik Jacobs
Frequently, organizations build dedicated clusters for high-performance computing (HPC) workloads. These clusters may sit idle when there are no HPC jobs to run, which is a waste of expensive resources. Kubernetes clusters can run these workloads alongside all of the other applications typically deployed, which helps improve overall operations and drives higher utilization of resources. In this presentation, you will learn how the Kubeflow project and its MPI operator can be used to run computational fluid dynamics (CFD) jobs with OpenFOAM on top of a Kubernetes cluster.
Computational Fluid Dynamics (CFD) Analysis With Kubernetes, Kubeflow, And OpenFOAM - Erik Jacobs, Red Hat
Speakers: Erik Jacobs
Frequently, organizations build dedicated clusters for high-performance computing (HPC) workloads. These clusters may sit idle when there are no HPC jobs to run, which is a waste of expensive resources. Kubernetes clusters can run these workloads alongside all of the other applications typically deployed, which helps improve overall operations and drives higher utilization of resources. In this presentation, you will learn how the Kubeflow project and its MPI operator can be used to run computational fluid dynamics (CFD) jobs with OpenFOAM on top of a Kubernetes cluster.
- 7 participants
- 37 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Content Addressable CRDs: Type Uniqueness Across Kubernetes Clusters - Daniel Mangum, Upbound
Speakers: Daniel Mangum
As the Kubernetes extensibility story has evolved over time, the system has grown to more closely resemble a programming interface. As a result, more and more projects have standardized on Kubernetes, utilizing Custom Resource Definitions to define the schemas for interacting with the functionality they offer. However, defining higher level types outside the context of an individual cluster is difficult due to the fact that the unique identifier of a type – its Group, Version, and Kind – are not globally universal. In this talk we’ll explore a proposal for content addressable storage of type definitions for Kubernetes, inspired by the OCI distribution specification. The focus will be on the ergonomics of the system, how it compares to existing packaging and installation mechanisms for Custom Resource Definitions, and what future use cases could be enabled by aligning on a shared standard. Live demos will illustrate the full workflow and serve as inspiration for subsequent collaboration.
Content Addressable CRDs: Type Uniqueness Across Kubernetes Clusters - Daniel Mangum, Upbound
Speakers: Daniel Mangum
As the Kubernetes extensibility story has evolved over time, the system has grown to more closely resemble a programming interface. As a result, more and more projects have standardized on Kubernetes, utilizing Custom Resource Definitions to define the schemas for interacting with the functionality they offer. However, defining higher level types outside the context of an individual cluster is difficult due to the fact that the unique identifier of a type – its Group, Version, and Kind – are not globally universal. In this talk we’ll explore a proposal for content addressable storage of type definitions for Kubernetes, inspired by the OCI distribution specification. The focus will be on the ergonomics of the system, how it compares to existing packaging and installation mechanisms for Custom Resource Definitions, and what future use cases could be enabled by aligning on a shared standard. Live demos will illustrate the full workflow and serve as inspiration for subsequent collaboration.
- 4 participants
- 47 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Crossplane Intro And Deep Dive - The Cloud Native Control Plane Framework - Jared Watts, Matthias Luebken & Nic Cope, Upbound; Bob Haddleton, Nokia
Speakers: Jared Watts, Nic Cope, Matthias Luebken, Bob Haddleton
The maintainers of Crossplane, a CNCF Incubating project, will lead this session that will introduce the project to new attendees, as well as dive into the finer details of Crossplane’s functionality and roadmap. We will explain how Crossplane enables you to compose cloud infrastructure and services into your custom platform APIs, and how best to get started building a platform of your own. We will take a tour through the key features included in the latest releases, what problems and use cases they are solving, and how you can adopt them into your control planes. Finally, there will be an interactive opportunity to engage with the maintainers, ask questions, and influence the future of the project direction.
Crossplane Intro And Deep Dive - The Cloud Native Control Plane Framework - Jared Watts, Matthias Luebken & Nic Cope, Upbound; Bob Haddleton, Nokia
Speakers: Jared Watts, Nic Cope, Matthias Luebken, Bob Haddleton
The maintainers of Crossplane, a CNCF Incubating project, will lead this session that will introduce the project to new attendees, as well as dive into the finer details of Crossplane’s functionality and roadmap. We will explain how Crossplane enables you to compose cloud infrastructure and services into your custom platform APIs, and how best to get started building a platform of your own. We will take a tour through the key features included in the latest releases, what problems and use cases they are solving, and how you can adopt them into your control planes. Finally, there will be an interactive opportunity to engage with the maintainers, ask questions, and influence the future of the project direction.
- 5 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Current State and the Future of Cortex - Alvin Lin & Alan Protasio, Amazon Web Services
Speakers: Alvin Lin, Alan Protasio
Cortex provides horizontally scalable, highly available, multi-tenant, long term storage for Prometheus. We will walk through what happened to Cortex throughout 2022, and what's next.
Current State and the Future of Cortex - Alvin Lin & Alan Protasio, Amazon Web Services
Speakers: Alvin Lin, Alan Protasio
Cortex provides horizontally scalable, highly available, multi-tenant, long term storage for Prometheus. We will walk through what happened to Cortex throughout 2022, and what's next.
- 6 participants
- 37 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
DoorDash’s Journey From StatsD To Prometheus With 10 Million Metrics/Second - Emma Wang, Doordash & Ben Raskin, Chronosphere
Speakers: Benjamin Raskin, Emma Wang
Prometheus and PromQL are widely adopted, and an increasing number of engineering teams are either migrating to use Prometheus metrics or use the Prometheus client libraries from day one. Migrations are difficult and at scale require significant engineering. This high barrier can deter organizations and place roadblocks on the way to becoming wholly instrumented with Prometheus metrics. Organizations also face challenges moving certain use cases from a metrics push model to Prometheus, such as exposing metrics from CI and CD, batch jobs and short running tasks. Using histograms at scale efficiently across many teams all using similar RPC libraries and migrating from a primarily percentile driven set of latency metrics that used to be aggregated centrally can be challenging without the right guidance for developers. Emma and Ben will provide best practices around migrating to Prometheus and share lessons and challenges from DoorDash’s migration journey from StatsD to Prometheus.
DoorDash’s Journey From StatsD To Prometheus With 10 Million Metrics/Second - Emma Wang, Doordash & Ben Raskin, Chronosphere
Speakers: Benjamin Raskin, Emma Wang
Prometheus and PromQL are widely adopted, and an increasing number of engineering teams are either migrating to use Prometheus metrics or use the Prometheus client libraries from day one. Migrations are difficult and at scale require significant engineering. This high barrier can deter organizations and place roadblocks on the way to becoming wholly instrumented with Prometheus metrics. Organizations also face challenges moving certain use cases from a metrics push model to Prometheus, such as exposing metrics from CI and CD, batch jobs and short running tasks. Using histograms at scale efficiently across many teams all using similar RPC libraries and migrating from a primarily percentile driven set of latency metrics that used to be aggregated centrally can be challenging without the right guidance for developers. Emma and Ben will provide best practices around migrating to Prometheus and share lessons and challenges from DoorDash’s migration journey from StatsD to Prometheus.
- 5 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Emissary + Linkerd Resilience Patterns: Rate Limits, Retries & Timeouts - Flynn, Buoyant & Daniel Bryant, Ambassador Labs
Speakers: Flynn, Daniel Bryant
In this talk, members of the Emissary-Ingress and Linkerd teams will show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide resilience and reliability for both end user requests and service-to-service application calls. They'll guide you through the best practices for using Linkerd and Emissary to give you capabilities like rate limiting, retries, and timeouts. Join the talk for 1) A tour of each project and discussion of how they complement each other and make a great addition to your production infrastructure stack; 2) an overview of best practices and antipatterns related to resilience. For example, retry budgets are essential within a deep microservice call chain, and 3) live demonstration of a reliability-focused reference architecture for running Linkerd and Emissary together.
Emissary + Linkerd Resilience Patterns: Rate Limits, Retries & Timeouts - Flynn, Buoyant & Daniel Bryant, Ambassador Labs
Speakers: Flynn, Daniel Bryant
In this talk, members of the Emissary-Ingress and Linkerd teams will show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide resilience and reliability for both end user requests and service-to-service application calls. They'll guide you through the best practices for using Linkerd and Emissary to give you capabilities like rate limiting, retries, and timeouts. Join the talk for 1) A tour of each project and discussion of how they complement each other and make a great addition to your production infrastructure stack; 2) an overview of best practices and antipatterns related to resilience. For example, retry budgets are essential within a deep microservice call chain, and 3) live demonstration of a reliability-focused reference architecture for running Linkerd and Emissary together.
- 5 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Energizing the Manufacturing Industry With Kubernetes And Cloud Native - Marcel Wagner, Intel
Speakers: Marcel Wagner
We present the Cloud Native Digital Twin architecture of IndustryFusion Foundation (IFF). The goal of IFF is to develop an open-source platform to digitize factory processes and achieve carbon neutrality in metal processing. From the start, IFF chose Cloud Native and Kubernetes as the foundation of all workload management. The machine gateways, the factory servers, and cloud deployments all run on CNCF certified K8s clusters and are, therefore, independent of a specific Cloud or Edge Service Provider. The Digital Twin architecture is fully declarative, based on Semantic Web frameworks like RDF and JSON-LD. We developed a special K8s operator to monitor and deploy the factory processes as Apache Flink jobs, defined with Streaming SQL. We will also describe our experience running K8s and Cloud Native in a manufacturing environment, especially the challenges we overcame with the machine builders and factory owners to make them comfortable with the Cloud Native and K8s approach.
Energizing the Manufacturing Industry With Kubernetes And Cloud Native - Marcel Wagner, Intel
Speakers: Marcel Wagner
We present the Cloud Native Digital Twin architecture of IndustryFusion Foundation (IFF). The goal of IFF is to develop an open-source platform to digitize factory processes and achieve carbon neutrality in metal processing. From the start, IFF chose Cloud Native and Kubernetes as the foundation of all workload management. The machine gateways, the factory servers, and cloud deployments all run on CNCF certified K8s clusters and are, therefore, independent of a specific Cloud or Edge Service Provider. The Digital Twin architecture is fully declarative, based on Semantic Web frameworks like RDF and JSON-LD. We developed a special K8s operator to monitor and deploy the factory processes as Apache Flink jobs, defined with Streaming SQL. We will also describe our experience running K8s and Cloud Native in a manufacturing environment, especially the challenges we overcame with the machine builders and factory owners to make them comfortable with the Cloud Native and K8s approach.
- 1 participant
- 30 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Enterprise Cloud Native Artifact Registry - Yan Wang & Daojun Zhang & Chenyu Zhang, VMware; Vadim Bauer, 8gears Container Registry
Speakers: Daojun Zhang, Yan Wang, Chenyu Zhang, Vadim Bauer
Project Harbor is an open source trusted cloud-native registry project that stores, manages, signs and scans content to solve common OCI artifact management challenges. It has been widely used by organizations large and small around the world to address container image and other OCI-compatible artifact management challenges. In this presentation, we will cover some advanced features using Harbor such as OCI artifact management in cloud environments, management of artifacts and their attachments (cosign, nydus), recommended settings for high concurrent use, and high availability deployments. In addition, the team would like to get feedback from users and contributors on current features and future roadmap.
Enterprise Cloud Native Artifact Registry - Yan Wang & Daojun Zhang & Chenyu Zhang, VMware; Vadim Bauer, 8gears Container Registry
Speakers: Daojun Zhang, Yan Wang, Chenyu Zhang, Vadim Bauer
Project Harbor is an open source trusted cloud-native registry project that stores, manages, signs and scans content to solve common OCI artifact management challenges. It has been widely used by organizations large and small around the world to address container image and other OCI-compatible artifact management challenges. In this presentation, we will cover some advanced features using Harbor such as OCI artifact management in cloud environments, management of artifacts and their attachments (cosign, nydus), recommended settings for high concurrent use, and high availability deployments. In addition, the team would like to get feedback from users and contributors on current features and future roadmap.
- 3 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Enterprise Grade Minecraft On Kubernetes - Casey West, Google
Speakers: Casey West
Minecraft runs in a multi-client, single-server architecture. State and configuration are stored on disk. Minecraft servers are network sensitive, CPU and memory intensive, and can only operate as a single instance. It's a great example of Commercial Off-The-Shelf (COTS) software. In this talk we'll take a look at some of the key capabilities in Kubernetes we can leverage to run a high-performance, reliable, and disaster-proof Minecraft server, which you can apply to many other stateful applications your team has to manage. Or just use these techniques to run your own Minecraft server! By the end of this talk you'll understand how to configure high performance storage, manage on-disk configuration, run custom Pod initializations, back-up your state on a regular basis, expose custom service endpoints, and more. We'll take advantage of the flexibility of Kubernetes to increase reliability of software developed by others, not initially meant for a container runtime.
Enterprise Grade Minecraft On Kubernetes - Casey West, Google
Speakers: Casey West
Minecraft runs in a multi-client, single-server architecture. State and configuration are stored on disk. Minecraft servers are network sensitive, CPU and memory intensive, and can only operate as a single instance. It's a great example of Commercial Off-The-Shelf (COTS) software. In this talk we'll take a look at some of the key capabilities in Kubernetes we can leverage to run a high-performance, reliable, and disaster-proof Minecraft server, which you can apply to many other stateful applications your team has to manage. Or just use these techniques to run your own Minecraft server! By the end of this talk you'll understand how to configure high performance storage, manage on-disk configuration, run custom Pod initializations, back-up your state on a regular basis, expose custom service endpoints, and more. We'll take advantage of the flexibility of Kubernetes to increase reliability of software developed by others, not initially meant for a container runtime.
- 1 participant
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Essential Patterns For Designing And Implementing Your Operator - Michael Hrivnak & Austin Macdonald, Red Hat
It’s easy to get started developing operators with kubebuilder and operator-sdk to manage your workloads and infrastructure – but what challenges will you face as your operator matures? This presentation will share the most essential lessons learned across years of experience helping teams and organizations design and implement real-world operators for a wide variety of use cases. Coding topics will focus on Go-based operators. You will learn about: - API anti-patterns: Common API design choices that lead to future regret, and how to overcome them in the wild. - Bridging the gap between slow (and complex and buggy) imperative infrastructure management and the declarative Kubernetes API. - Taking control of the client’s cache to maximize its usefulness and avoid memory bloat. - Interacting with multiple clusters efficiently from a single operator instance. - Minimizing load imposed on the API server. Attendees will be ready to face key challenges as they enhance their operators with new features and evolving APIs.
Essential Patterns For Designing And Implementing Your Operator - Michael Hrivnak & Austin Macdonald, Red Hat
It’s easy to get started developing operators with kubebuilder and operator-sdk to manage your workloads and infrastructure – but what challenges will you face as your operator matures? This presentation will share the most essential lessons learned across years of experience helping teams and organizations design and implement real-world operators for a wide variety of use cases. Coding topics will focus on Go-based operators. You will learn about: - API anti-patterns: Common API design choices that lead to future regret, and how to overcome them in the wild. - Bridging the gap between slow (and complex and buggy) imperative infrastructure management and the declarative Kubernetes API. - Taking control of the client’s cache to maximize its usefulness and avoid memory bloat. - Interacting with multiple clusters efficiently from a single operator instance. - Minimizing load imposed on the API server. Attendees will be ready to face key challenges as they enhance their operators with new features and evolving APIs.
- 3 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Extend Your Microservices With Pluggable Components Via Dapr - Artur Souza, Microsoft & Yaron Schneider, Diagrid
Speakers: Artur Souza, Yaron Schneider
The Distributed Application Runtime (Dapr) provides APIs that simplify microservice connectivity. Dapr is a portable, serverless, event-driven runtime that makes it easy for developers to build resilient, stateless and stateful microservices that run on the cloud and edge and embraces the diversity of languages and developer frameworks. Dapr codifies the best practices for building microservice applications into open, independent, building blocks that enable you to build portable applications with the language and framework of your choice. Each building block is configured via components in Dapr. Dapr components required to be written in Go and built into the runtime binary, limiting the set the services that can be used via Dapr. This session will show how microservices can now use Dapr building blocks with their own components, written in any language and take advantage of the Dapr runtime capabilities.
Extend Your Microservices With Pluggable Components Via Dapr - Artur Souza, Microsoft & Yaron Schneider, Diagrid
Speakers: Artur Souza, Yaron Schneider
The Distributed Application Runtime (Dapr) provides APIs that simplify microservice connectivity. Dapr is a portable, serverless, event-driven runtime that makes it easy for developers to build resilient, stateless and stateful microservices that run on the cloud and edge and embraces the diversity of languages and developer frameworks. Dapr codifies the best practices for building microservice applications into open, independent, building blocks that enable you to build portable applications with the language and framework of your choice. Each building block is configured via components in Dapr. Dapr components required to be written in Go and built into the runtime binary, limiting the set the services that can be used via Dapr. This session will show how microservices can now use Dapr building blocks with their own components, written in any language and take advantage of the Dapr runtime capabilities.
- 6 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Feature Work In GRPC; XDS And Not - Eric Anderson & Kevin Nilson, Google
Speakers: Eric Anderson, Kevin Nilson
gRPC provides services with high performance communication to use in many environments. Much of the recent work in gRPC has involved xDS (https://github.com/cncf/xds), a collection of control plane protocols that can configure data planes like Envoy and gRPC that is becoming popular to use in datacenter service meshes. The work is just past a turning point with the foundational features implemented in gRPC. In this session we'll discuss how all users, those that use xDS and those that don't, can benefit. We will cover newer features and how they achieve their goals using the cross-language xDS gRPC architecture.
Feature Work In GRPC; XDS And Not - Eric Anderson & Kevin Nilson, Google
Speakers: Eric Anderson, Kevin Nilson
gRPC provides services with high performance communication to use in many environments. Much of the recent work in gRPC has involved xDS (https://github.com/cncf/xds), a collection of control plane protocols that can configure data planes like Envoy and gRPC that is becoming popular to use in datacenter service meshes. The work is just past a turning point with the foundational features implemented in gRPC. In this session we'll discuss how all users, those that use xDS and those that don't, can benefit. We will cover newer features and how they achieve their goals using the cross-language xDS gRPC architecture.
- 3 participants
- 26 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Five Ways With a CNI: Understanding Kubernetes Networking For Performance-Intensive Workloads - Stig Telfer, StackHPC Ltd & Erez Cohen, Nvidia
Speakers: Stig Telfer, Erez Cohen
Network abstractions are a cornerstone of Kubernetes, interconnecting containers, pods and services, both across the cluster and beyond. Historically this rich functionality often came at the expense of performance. However, recent innovations and new implementations of the Kubernetes Container Network Interface (CNI) have transformed the Kubernetes networking landscape. Some classes of scientific computing workloads are highly network-intensive: sensitive to network performance to a degree that renders them unsuitable for execution in a Kubernetes context. In machine learning, the most demanding distributed training applications are also becoming increasingly network-intensive. The CNIs now available offer different architectures and technologies. Many claim performance advantages over their predecessors. How can we distinguish between them? In this talk we describe the leading CNIs, and use real-world benchmarks to compare and analyze performance for demanding workloads.
Five Ways With a CNI: Understanding Kubernetes Networking For Performance-Intensive Workloads - Stig Telfer, StackHPC Ltd & Erez Cohen, Nvidia
Speakers: Stig Telfer, Erez Cohen
Network abstractions are a cornerstone of Kubernetes, interconnecting containers, pods and services, both across the cluster and beyond. Historically this rich functionality often came at the expense of performance. However, recent innovations and new implementations of the Kubernetes Container Network Interface (CNI) have transformed the Kubernetes networking landscape. Some classes of scientific computing workloads are highly network-intensive: sensitive to network performance to a degree that renders them unsuitable for execution in a Kubernetes context. In machine learning, the most demanding distributed training applications are also becoming increasingly network-intensive. The CNIs now available offer different architectures and technologies. Many claim performance advantages over their predecessors. How can we distinguish between them? In this talk we describe the leading CNIs, and use real-world benchmarks to compare and analyze performance for demanding workloads.
- 2 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Flagger, Linkerd, And Gateway API: Oh My! - Jason Morgan, Buoyant & Sanskar Jaiswal, Weaveworks
In this session, you’ll learn about Flagger, Linkerd, and the Gateway API specification. You’ll also learn how to use Flagger and Linkerd to enable automated progressive delivery. The Gateway API specification is gaining momentum in the Kubernetes space as it attempts to change how users manage traffic. Both Flagger and Linkerd were able to standardize on the Gateway API to enable their users to simplify how they define traffic management within, and between, their clusters. Join Jason and Sanskar to discuss how each project independently implemented the Gateway API, how those implementations benefitted their respective projects, and how this allowed them to work together without any explicit configuration.
Flagger, Linkerd, And Gateway API: Oh My! - Jason Morgan, Buoyant & Sanskar Jaiswal, Weaveworks
In this session, you’ll learn about Flagger, Linkerd, and the Gateway API specification. You’ll also learn how to use Flagger and Linkerd to enable automated progressive delivery. The Gateway API specification is gaining momentum in the Kubernetes space as it attempts to change how users manage traffic. Both Flagger and Linkerd were able to standardize on the Gateway API to enable their users to simplify how they define traffic management within, and between, their clusters. Join Jason and Sanskar to discuss how each project independently implemented the Gateway API, how those implementations benefitted their respective projects, and how this allowed them to work together without any explicit configuration.
- 7 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
From Security Testing To Deployment In a Single PR - Sarah Khalife, GitHub & Grant Griffiths, Portworx
Speakers: Grant Griffiths, Sarah Khalife
Automating cloud native app development and incorporating security through a transparent and consistent process is key in building any production level applications. On a daily basis, think about how often you build your application and scan for vulnerabilities in the code. This is mostly an afterthought and not always considered as the easy part of developing any applications. However, the recent vulnerability exploits reinforced the need for a secure development lifecycle. Simplifying and automating the process all in a single pull request makes it much easier for any cloud app developer to add security! This talk will cover how to leverage available open source tooling to build and test a cloud native application, run security scans across it, and package it for shipping. For automation, we will have a step-by-step demonstration on how to set it up all within a PR to provide consistency and push the containerized application to a Kubernetes environment.
From Security Testing To Deployment In a Single PR - Sarah Khalife, GitHub & Grant Griffiths, Portworx
Speakers: Grant Griffiths, Sarah Khalife
Automating cloud native app development and incorporating security through a transparent and consistent process is key in building any production level applications. On a daily basis, think about how often you build your application and scan for vulnerabilities in the code. This is mostly an afterthought and not always considered as the easy part of developing any applications. However, the recent vulnerability exploits reinforced the need for a secure development lifecycle. Simplifying and automating the process all in a single pull request makes it much easier for any cloud app developer to add security! This talk will cover how to leverage available open source tooling to build and test a cloud native application, run security scans across it, and package it for shipping. For automation, we will have a step-by-step demonstration on how to set it up all within a PR to provide consistency and push the containerized application to a Kubernetes environment.
- 6 participants
- 38 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Fuzzing Session: Finding Bugs and Vulnerabilities Automatically - David Korczynski & Adam Korczynski, Ada Logics
Speakers: David Korczynski, Adam Korczynski
In this session Adam and David invites attendees to an in-depth look at fuzzing starting with the basics and moving on to advanced topics. The presentation will focus on fuzzing open source software and cover why it is important to fuzz your software by way of brief introductions followed by a series of case studies.
Fuzzing is a technique to automate testing software for bugs and vulnerabilities. Fuzzing is performed by writing a test harness that passes seemingly pseudo-random data to a target application with the goal of finding bugs and vulnerabilities. Adam and David have written fuzzers for more than 200 open source projects which have led to finding thousands of bugs of which many were security-critical.
The presentation will also cover important open-source projects related to fuzzing such as OSS-Fuzz and Fuzz Introspector.
This talk is aimed at a broad audience including those who are new to fuzzing as well as those with some fuzzing experience.
Fuzzing Session: Finding Bugs and Vulnerabilities Automatically - David Korczynski & Adam Korczynski, Ada Logics
Speakers: David Korczynski, Adam Korczynski
In this session Adam and David invites attendees to an in-depth look at fuzzing starting with the basics and moving on to advanced topics. The presentation will focus on fuzzing open source software and cover why it is important to fuzz your software by way of brief introductions followed by a series of case studies.
Fuzzing is a technique to automate testing software for bugs and vulnerabilities. Fuzzing is performed by writing a test harness that passes seemingly pseudo-random data to a target application with the goal of finding bugs and vulnerabilities. Adam and David have written fuzzers for more than 200 open source projects which have led to finding thousands of bugs of which many were security-critical.
The presentation will also cover important open-source projects related to fuzzing such as OSS-Fuzz and Fuzz Introspector.
This talk is aimed at a broad audience including those who are new to fuzzing as well as those with some fuzzing experience.
- 4 participants
- 39 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Hack Back; Let’s Learn Security With CTFs! - Lewis Denham-Parry, Chainguard & Natalia Reka Ivanko, Isovalent
Speakers: Lewis Denham-Parry, Natalia Reka Ivanko
Threat actors have always been looking to attack clusters. Do you have the right security in place to detect and defeat if they are targeting yours? Or they are already in? Kubernetes has become the de facto cloud operating system and production environments have increased in maturity. So have the threats. Security Teams don’t necessarily have the expertise to detect state-of-art attack scenarios specific to cloud-native environments, like Kubernetes. So, where do they get started? Capture-The-Flag (CTF) events are a great way to learn about the techniques of both attack (Red Team) and defence (Blue Team). This talk will give you a framework for your own internal CTF events, with Red and Blue Team assessments, as a best practice for improving security in your organisation. We'll give a hands-on, live walkthrough of the top 3 state-of-art attack scenarios as CTF exercises using common open source projects like Simulator and Tetragon. Remember, the best way to learn how to detect is to first know how to attack!
Hack Back; Let’s Learn Security With CTFs! - Lewis Denham-Parry, Chainguard & Natalia Reka Ivanko, Isovalent
Speakers: Lewis Denham-Parry, Natalia Reka Ivanko
Threat actors have always been looking to attack clusters. Do you have the right security in place to detect and defeat if they are targeting yours? Or they are already in? Kubernetes has become the de facto cloud operating system and production environments have increased in maturity. So have the threats. Security Teams don’t necessarily have the expertise to detect state-of-art attack scenarios specific to cloud-native environments, like Kubernetes. So, where do they get started? Capture-The-Flag (CTF) events are a great way to learn about the techniques of both attack (Red Team) and defence (Blue Team). This talk will give you a framework for your own internal CTF events, with Red and Blue Team assessments, as a best practice for improving security in your organisation. We'll give a hands-on, live walkthrough of the top 3 state-of-art attack scenarios as CTF exercises using common open source projects like Simulator and Tetragon. Remember, the best way to learn how to detect is to first know how to attack!
- 3 participants
- 33 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Hands-Off Features Releases With Keptn, OpenFeature, And OpenTelemetry - Michael Beemer & Johannes Bräuer, Dynatrace
Speakers: Johannes Bräuer, Michael Beemer
Releasing a new feature into production always comes with an inherent risk of introducing issues. The code may have been thoroughly tested in lower environments but differences like environment specific configurations can cause unexpected behaviour. Feature flagging helps reduce this risk by allowing a subset of users to verify a new feature in production before exposing it to all. But how can we achieve hands-off feature release automation? This session will demonstrate how feature flagging and life-cycle orchestration work together to automate feature releases. Keptn will be the orchestration layer to automate feature validation. It works with OpenFeature to control access to the feature itself, allowing automated tests to verify a feature before it's generally available to users. Keptn will then react on the test results by either progressively enabling the feature for all users or initiating a troubleshooting workflow using OpenTelemetry.
Hands-Off Features Releases With Keptn, OpenFeature, And OpenTelemetry - Michael Beemer & Johannes Bräuer, Dynatrace
Speakers: Johannes Bräuer, Michael Beemer
Releasing a new feature into production always comes with an inherent risk of introducing issues. The code may have been thoroughly tested in lower environments but differences like environment specific configurations can cause unexpected behaviour. Feature flagging helps reduce this risk by allowing a subset of users to verify a new feature in production before exposing it to all. But how can we achieve hands-off feature release automation? This session will demonstrate how feature flagging and life-cycle orchestration work together to automate feature releases. Keptn will be the orchestration layer to automate feature validation. It works with OpenFeature to control access to the feature itself, allowing automated tests to verify a feature before it's generally available to users. Keptn will then react on the test results by either progressively enabling the feature for all users or initiating a troubleshooting workflow using OpenTelemetry.
- 2 participants
- 27 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Adobe Planned For Scale With Argo CD, Cluster API, And VCluster - Joseph Sandoval, Adobe & Dan Garfield, Codefresh
Speakers: Dan Garfield, Joseph Sandoval
Adobe has thousands of developers working on over 120k namespaces handling billions of packets per second. When taking the decision to standardize on Argo CD we needed more than a standard implementation. We needed a plan for scale! Argo CD is incredibly powerful, both for its ease of use and for its scalability to manage applications across many target environments. At Adobe, Argo CD started at the grassroots and has grown into something more substantial, the time came to take a more strategic approach to make sure security, scalability, and management are done right. Leveraging Cluster API, VCluster, and a holistic approach to scaling we’ll cover performance benchmarks to help you plan out when you need to divide up instances, as well as security, access, and other considerations when planning for growth. We’ll also demonstrate the right techniques for RBAC, SSO, and other tools to help you scale more effectively. If your organization is starting to grow with Argo CD, you don’t want to miss this talk. There’s more to scaling Argo CD than deploying HA.
How Adobe Planned For Scale With Argo CD, Cluster API, And VCluster - Joseph Sandoval, Adobe & Dan Garfield, Codefresh
Speakers: Dan Garfield, Joseph Sandoval
Adobe has thousands of developers working on over 120k namespaces handling billions of packets per second. When taking the decision to standardize on Argo CD we needed more than a standard implementation. We needed a plan for scale! Argo CD is incredibly powerful, both for its ease of use and for its scalability to manage applications across many target environments. At Adobe, Argo CD started at the grassroots and has grown into something more substantial, the time came to take a more strategic approach to make sure security, scalability, and management are done right. Leveraging Cluster API, VCluster, and a holistic approach to scaling we’ll cover performance benchmarks to help you plan out when you need to divide up instances, as well as security, access, and other considerations when planning for growth. We’ll also demonstrate the right techniques for RBAC, SSO, and other tools to help you scale more effectively. If your organization is starting to grow with Argo CD, you don’t want to miss this talk. There’s more to scaling Argo CD than deploying HA.
- 2 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How Intuit Manages Cloud Resources Via GitOps - Jerome Kuptz & Ameen Radwan, Intuit
Speakers: Jerome Kuptz, Ameen Radwan
At Intuit, there are 1000 development teams consisting of 7500 developers given freedom to pick infrastructure as code (IAC) solutions that best fit their needs for the cloud. In addition to this autonomy, we support teams defining their own automation using different tools. While this freedom gives developers flexibility, creating a process that supports all teams across multiple cloud providers in a large, multi-platform organization with authorization & access controls was overwhelming. Intuit needed a solution for these challenges while keeping developer friction to a minimum. In response, we have created an open source project named Cello, which is a service for running IAC solutions via GitOps. By utilizing GitOps process with IAC, Cello improved developer velocity managing the lifecycle of cloud infrastructure, while maintaining flexibility & security standards. Come learn how Cello helps Intuit engineers unify management of cloud resources while retaining existing processes.
How Intuit Manages Cloud Resources Via GitOps - Jerome Kuptz & Ameen Radwan, Intuit
Speakers: Jerome Kuptz, Ameen Radwan
At Intuit, there are 1000 development teams consisting of 7500 developers given freedom to pick infrastructure as code (IAC) solutions that best fit their needs for the cloud. In addition to this autonomy, we support teams defining their own automation using different tools. While this freedom gives developers flexibility, creating a process that supports all teams across multiple cloud providers in a large, multi-platform organization with authorization & access controls was overwhelming. Intuit needed a solution for these challenges while keeping developer friction to a minimum. In response, we have created an open source project named Cello, which is a service for running IAC solutions via GitOps. By utilizing GitOps process with IAC, Cello improved developer velocity managing the lifecycle of cloud infrastructure, while maintaining flexibility & security standards. Come learn how Cello helps Intuit engineers unify management of cloud resources while retaining existing processes.
- 7 participants
- 33 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How To Build Production Grade DevOps Platform Using Argoproj - Alexander Matyushentsev, Akuity & Leonardo Luz Almeida, Intuit
Argo is an established CNCF project that helps hundreds of engineers to use Kubernetes. The project covers many use cases, from GitOps-based continuous deployment to event-based workflow automation, and can be used to create a powerful DevOps platform. However, it requires integration with various other systems and can be done in several ways. So what is the best way? We, maintainers of a project, spoke with dozens of users and learned the best patterns that worked really well and managed to scale to support large enterprise needs. In this session, we will demonstrate a production-grade Argo-based DevOps platform for Kubernetes. We will walk you through every key decision incorporated into the solution and highlight the pros and cons of every decision made. You can expect to learn a lot of useful tricks and well as enjoy an impressive demo and have fun!
How To Build Production Grade DevOps Platform Using Argoproj - Alexander Matyushentsev, Akuity & Leonardo Luz Almeida, Intuit
Argo is an established CNCF project that helps hundreds of engineers to use Kubernetes. The project covers many use cases, from GitOps-based continuous deployment to event-based workflow automation, and can be used to create a powerful DevOps platform. However, it requires integration with various other systems and can be done in several ways. So what is the best way? We, maintainers of a project, spoke with dozens of users and learned the best patterns that worked really well and managed to scale to support large enterprise needs. In this session, we will demonstrate a production-grade Argo-based DevOps platform for Kubernetes. We will walk you through every key decision incorporated into the solution and highlight the pros and cons of every decision made. You can expect to learn a lot of useful tricks and well as enjoy an impressive demo and have fun!
- 6 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How We Make TiKV - a Distributed Storage, More Cost-Effective On the Cloud - Sunny Bains & Yang Zhang, PingCAP
Speakers: Sunny Bains, Yang Zhang
As more and more online applications and data migrate to the cloud, cloud-native, low-latency distributed storage systems have played an important role in the growth of these companies. TiKV is one such storage system that has been used by hundreds of companies for their mission-critical systems. Although the infrastructure on the cloud has the advantages of elasticity and pay-as-you-go, all resources on the cloud are paid for, including computing resources, storage resources, gateway routing, and cross-AZ traffic. So when building a system on the cloud, you need to consider a variety of things that make the system cost-effective. First, I will briefly introduce some cloud infrastructure and its typical characteristics, local disk and cloud disk, layered elastic distributed file system, several types of computing resources, etc. Next, I will introduce how TiKV reduces data storage space, reduces write amplification, and reduces the amount of data transfer fee across availability zones, etc. Finally, we look forward to several potential ways that TiKV can improve cost performance on the cloud. I hope that some practices on cost-effective optimization in TiKV can give you some reference and inspiration.
How We Make TiKV - a Distributed Storage, More Cost-Effective On the Cloud - Sunny Bains & Yang Zhang, PingCAP
Speakers: Sunny Bains, Yang Zhang
As more and more online applications and data migrate to the cloud, cloud-native, low-latency distributed storage systems have played an important role in the growth of these companies. TiKV is one such storage system that has been used by hundreds of companies for their mission-critical systems. Although the infrastructure on the cloud has the advantages of elasticity and pay-as-you-go, all resources on the cloud are paid for, including computing resources, storage resources, gateway routing, and cross-AZ traffic. So when building a system on the cloud, you need to consider a variety of things that make the system cost-effective. First, I will briefly introduce some cloud infrastructure and its typical characteristics, local disk and cloud disk, layered elastic distributed file system, several types of computing resources, etc. Next, I will introduce how TiKV reduces data storage space, reduces write amplification, and reduces the amount of data transfer fee across availability zones, etc. Finally, we look forward to several potential ways that TiKV can improve cost performance on the cloud. I hope that some practices on cost-effective optimization in TiKV can give you some reference and inspiration.
- 5 participants
- 29 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
How the Argo Project Transitioned From Security Aware To Security First - Henrik Blixt & Michael Crenshaw, Intuit
Speakers: Henrik Blixt, Michael Crenshaw
When the Argo project applied for graduation, we believed we had a good handle on security. After all, we hadn't had any CVEs in a while, and we had 100s of companies using it in production. So everything must be great, right? This is the story of an incubating CNCF project learning: what we didn't know and how we dove headfirst into a mission to put security first. Attendees will learn about the project processes we put in place for reported vulnerabilities, how to work with external security companies, and the help we received from the CNCF. We’ll also dig into the engineering best practices we implemented as well as take a look at some concrete implementations around SBOMs and Fuzzing. The information in this talk will be especially beneficial to anyone from incubating or sandbox projects that are setting out to improve their security posture, but the learnings, stories and recommendations presented will be equally applicable to any software project or product.
How the Argo Project Transitioned From Security Aware To Security First - Henrik Blixt & Michael Crenshaw, Intuit
Speakers: Henrik Blixt, Michael Crenshaw
When the Argo project applied for graduation, we believed we had a good handle on security. After all, we hadn't had any CVEs in a while, and we had 100s of companies using it in production. So everything must be great, right? This is the story of an incubating CNCF project learning: what we didn't know and how we dove headfirst into a mission to put security first. Attendees will learn about the project processes we put in place for reported vulnerabilities, how to work with external security companies, and the help we received from the CNCF. We’ll also dig into the engineering best practices we implemented as well as take a look at some concrete implementations around SBOMs and Fuzzing. The information in this talk will be especially beneficial to anyone from incubating or sandbox projects that are setting out to improve their security posture, but the learnings, stories and recommendations presented will be equally applicable to any software project or product.
- 5 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Intro + Deep Dive: SIG Scalability - Marcel Zięba, Google
Speakers: Marcel Zięba
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
Intro + Deep Dive: SIG Scalability - Marcel Zięba, Google
Speakers: Marcel Zięba
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
- 7 participants
- 39 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Introduction to Cloud Custodian, simple rules for your Cloud, Cluster, and Terraform - Jorge Castro, Kapil Thangavelu, Sonny Shi & John Anderson, Stacklet.io
Speakers: Kapil Thangavelu, Sonny Shi, Jorge Castro, John Anderson
Cloud Custodian (c7n) is an easy to use declarative policy engine for solving governance as code use cases for Kubernetes, Azure, GCP, AWS, and Terraform. Simplify rule sets around your entire stack from the cloud to Kubernetes and everything in between. In this talk the maintainers will cover use cases for using Custodian, cluster policy best practices, event driven enforcement of policies, and everything you need to get started running a well managed cloud and cluster.
Introduction to Cloud Custodian, simple rules for your Cloud, Cluster, and Terraform - Jorge Castro, Kapil Thangavelu, Sonny Shi & John Anderson, Stacklet.io
Speakers: Kapil Thangavelu, Sonny Shi, Jorge Castro, John Anderson
Cloud Custodian (c7n) is an easy to use declarative policy engine for solving governance as code use cases for Kubernetes, Azure, GCP, AWS, and Terraform. Simplify rule sets around your entire stack from the cloud to Kubernetes and everything in between. In this talk the maintainers will cover use cases for using Custodian, cluster policy best practices, event driven enforcement of policies, and everything you need to get started running a well managed cloud and cluster.
- 9 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
It's Dangerous To SLSA Alone Out There! Take This Artifact Knowledge Graph! - Mihai Maruseac, Google & Michael Lieberman, Independent
Speakers: Mihai Maruseac, Michael Lieberman
By now, we’re getting bored of hearing the “am I affected by X vulnerability?” question. However, as supply chain attacks become more sophisticated, answering just this question is insufficient. Instead, we need to think about: “If TravisCI was compromised, which software is affected? With a bad actor in your supply chain, what's the blast radius?” There is a ton of information today in SBOMs, in-toto/SLSA attestations, etc. However, these documents observed individually provide limited information, but when put together and related, super-additively expand the knowledge base of our software supply chain. We built a supply chain knowledge graph tool to help better understand the relationships between artifacts and their metadata/identities. Through this high-fidelity graph, we not only answer the hard questions posed earlier, but also make new discoveries. For example, we found that most build-systems rely not only on obvious dependencies like gcc, but often overlooked projects like libpcre and sed.
It's Dangerous To SLSA Alone Out There! Take This Artifact Knowledge Graph! - Mihai Maruseac, Google & Michael Lieberman, Independent
Speakers: Mihai Maruseac, Michael Lieberman
By now, we’re getting bored of hearing the “am I affected by X vulnerability?” question. However, as supply chain attacks become more sophisticated, answering just this question is insufficient. Instead, we need to think about: “If TravisCI was compromised, which software is affected? With a bad actor in your supply chain, what's the blast radius?” There is a ton of information today in SBOMs, in-toto/SLSA attestations, etc. However, these documents observed individually provide limited information, but when put together and related, super-additively expand the knowledge base of our software supply chain. We built a supply chain knowledge graph tool to help better understand the relationships between artifacts and their metadata/identities. Through this high-fidelity graph, we not only answer the hard questions posed earlier, but also make new discoveries. For example, we found that most build-systems rely not only on obvious dependencies like gcc, but often overlooked projects like libpcre and sed.
- 8 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Jaeger: The Future with OpenTelemetry and Metrics - Jonah Kowall, Logz.io & Joe Elliott, Grafana Labs
In this session, we will start with an introduction to the Jaeger distributed tracing project and the basics of distributed tracing. Jaeger recently deprecated its native clients in favor of the clients maintained by the upcoming OpenTelemetry project. We will explain what this means to you as users and why we are changing the path forward. To help facilitate this transition, we will cover auto instrumentation of an application using an OpenTelemetry client and we will cover multiple best practices to build a scalable trace pipeline to deliver this data to a Jaeger backend. Moving Jaeger from a tracing system to a monitoring system has been the big push for the project in the last year. Made possible by OpenTelemetry and the processor layer which allows for the creation of metrics derived from traces in the pipeline. Operational monitoring is now possible using the new monitoring tab, which adds metrics capabilities to Jaeger UI via another graduated project, Prometheus. We are always seeking new collaborators, contributors, and users. We need your help, please join us!
Jaeger: The Future with OpenTelemetry and Metrics - Jonah Kowall, Logz.io & Joe Elliott, Grafana Labs
In this session, we will start with an introduction to the Jaeger distributed tracing project and the basics of distributed tracing. Jaeger recently deprecated its native clients in favor of the clients maintained by the upcoming OpenTelemetry project. We will explain what this means to you as users and why we are changing the path forward. To help facilitate this transition, we will cover auto instrumentation of an application using an OpenTelemetry client and we will cover multiple best practices to build a scalable trace pipeline to deliver this data to a Jaeger backend. Moving Jaeger from a tracing system to a monitoring system has been the big push for the project in the last year. Made possible by OpenTelemetry and the processor layer which allows for the creation of metrics derived from traces in the pipeline. Operational monitoring is now possible using the new monitoring tab, which adds metrics capabilities to Jaeger UI via another graduated project, Prometheus. We are always seeking new collaborators, contributors, and users. We need your help, please join us!
- 6 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keptn Beyond 1.0: Sailing into the Future - Thomas Schuetz & Andi Grabner, Dynatrace; Brad McCoy, Basiq; Ana Margarita Medina, Lightstep
Speakers: Ana Margarita Medina, Andreas Grabner, Thomas Schuetz, Brad McCoy
After reaching the incubating status, the Keptn community is looking towards the bright future of the project. What lands lie ahead in the Cloud Native seas? And how do we plan to help day 2 operations?
Keptn integrates with most of the great projects in the CNCF landscape (and beyond) that help teams to deliver and operate their cloud native workloads. The integration happens through open event standards (CloudEvents, CDEvents) which is why Keptn makes it easy to connect tools and orchestrate the application lifecycle regardless of your toolchains. What could make Keptn better? Upstreaming and generalizing the best of it!
In this talk we’ll talk about new initiatives in the project: standardizing deployment events and APIs on the Kubernetes level, Keptn Lifecycle Controller for pre- and post-deployment checks, making SLOs accessible through Keptn Lighthouse and OpenSLO, and new hot integrations with other tools from the cloud native landscape.
Keptn Beyond 1.0: Sailing into the Future - Thomas Schuetz & Andi Grabner, Dynatrace; Brad McCoy, Basiq; Ana Margarita Medina, Lightstep
Speakers: Ana Margarita Medina, Andreas Grabner, Thomas Schuetz, Brad McCoy
After reaching the incubating status, the Keptn community is looking towards the bright future of the project. What lands lie ahead in the Cloud Native seas? And how do we plan to help day 2 operations?
Keptn integrates with most of the great projects in the CNCF landscape (and beyond) that help teams to deliver and operate their cloud native workloads. The integration happens through open event standards (CloudEvents, CDEvents) which is why Keptn makes it easy to connect tools and orchestrate the application lifecycle regardless of your toolchains. What could make Keptn better? Upstreaming and generalizing the best of it!
In this talk we’ll talk about new initiatives in the project: standardizing deployment events and APIs on the Kubernetes level, Keptn Lifecycle Controller for pre- and post-deployment checks, making SLOs accessible through Keptn Lighthouse and OpenSLO, and new hot integrations with other tools from the cloud native landscape.
- 6 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: A Glimpse Into the Future of Cloud Native: Emergent Infrastructure - Frederick Kautz
Speakers: Frederick Kautz
We are at the edge of a new computing paradigm. Application developers and operators are replacing sysadmins as the primary focus for runtimes and tooling.
New runtime environments are entering the ecosystem, built on the lessons learned from this community, which will increase the total capabilities of developers to build, scale quickly, and deploy applications. These platforms are dropping support for APIs such as POSIX in favor of more straightforward and scalable approaches that focus on the application's needs rather than the kernel.
In this talk, we will explore the long-term future of Cloud Native applications, their implications on infrastructure, and how we can rise together to meet the demand.
Keynote: A Glimpse Into the Future of Cloud Native: Emergent Infrastructure - Frederick Kautz
Speakers: Frederick Kautz
We are at the edge of a new computing paradigm. Application developers and operators are replacing sysadmins as the primary focus for runtimes and tooling.
New runtime environments are entering the ecosystem, built on the lessons learned from this community, which will increase the total capabilities of developers to build, scale quickly, and deploy applications. These platforms are dropping support for APIs such as POSIX in favor of more straightforward and scalable approaches that focus on the application's needs rather than the kernel.
In this talk, we will explore the long-term future of Cloud Native applications, their implications on infrastructure, and how we can rise together to meet the demand.
- 1 participant
- 15 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: AWS ❤️ K8s - Nathan Taber, Head of Product for Kubernetes, AWS
Speakers: Nathan Taber
Nathan Taber, AWS Head of Product for Kubernetes, joins us to highlight what AWS is doing to support open source and contribute to Kubernetes.
Keynote: AWS ❤️ K8s - Nathan Taber, Head of Product for Kubernetes, AWS
Speakers: Nathan Taber
Nathan Taber, AWS Head of Product for Kubernetes, joins us to highlight what AWS is doing to support open source and contribute to Kubernetes.
- 1 participant
- 6 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Beyond Automation: Kubernetes Success Requires a GitOps Mindset - Shatarupa Nandi, Senior Director of Engineering, VMware Tanzu
Speakers: Shatarupa Nandi
As an industry we’ve come a long way to embrace automation. What once seemed like a scary proposition is now at the heart of a successful Kubernetes platform, and as we evolve as practitioners we’ve come to embrace GitOps to fully realize the value we can provide: value to the developer experience, security, and operations at scale across multiple environments.
In this talk, VMware's Shatarupa Nandi, will discuss how we can ship high quality software securely and repeatably on Kubernetes, and still keep developer experience simple. We'll discuss how the IT industry has embraced GitOps for applications, for 3rd party software, and for Kubernetes itself. We'll talk about how this mindset gives businesses a competitive edge and helps showcase IT’s strategic value and importance.
Keynote: Beyond Automation: Kubernetes Success Requires a GitOps Mindset - Shatarupa Nandi, Senior Director of Engineering, VMware Tanzu
Speakers: Shatarupa Nandi
As an industry we’ve come a long way to embrace automation. What once seemed like a scary proposition is now at the heart of a successful Kubernetes platform, and as we evolve as practitioners we’ve come to embrace GitOps to fully realize the value we can provide: value to the developer experience, security, and operations at scale across multiple environments.
In this talk, VMware's Shatarupa Nandi, will discuss how we can ship high quality software securely and repeatably on Kubernetes, and still keep developer experience simple. We'll discuss how the IT industry has embraced GitOps for applications, for 3rd party software, and for Kubernetes itself. We'll talk about how this mindset gives businesses a competitive edge and helps showcase IT’s strategic value and importance.
- 1 participant
- 6 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: CNCF Project Updates - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
Keynote: CNCF Project Updates - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
- 16 participants
- 18 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Cloud Native 101: Motor City Edition - Jeffrey Sica, Principal Developer Experience Engineer, Cloud Native Computing Foundation & Bob Killen, Program Manager, Google
Speakers: Bob Killen, Jeff Sica
The Cloud Native ecosystem is a complex topic. While most things start with Kubernetes as a foundation, a stack can vary wildly, even when sticking only to CNCF-accepted projects. In addition to the technical aspects, there’s also community, docs, and governance to be aware of when looking to contribute (and often even consume) these technologies. Never fear, for Bob Killen (Google) and Jeffrey Sica (CNCF) are here to provide attendees a map of the land(scape). Both have been active consumers of, and contributors to, CNCF projects for years. In this talk, Bob and Jeff will guide attendees through what a Cloud Native stack looks like, the common problems that different projects look to solve, and how Community plays a big part in this technology.
Coincidentally, both have also been residents of Southeastern Michigan for most of their lives! Therefore the talk will be chalked full of analogies to Detroit Style Pizza, Coney Dogs, and Automobiles to celebrate their home state and the wonderful city of Detroit.
Keynote: Cloud Native 101: Motor City Edition - Jeffrey Sica, Principal Developer Experience Engineer, Cloud Native Computing Foundation & Bob Killen, Program Manager, Google
Speakers: Bob Killen, Jeff Sica
The Cloud Native ecosystem is a complex topic. While most things start with Kubernetes as a foundation, a stack can vary wildly, even when sticking only to CNCF-accepted projects. In addition to the technical aspects, there’s also community, docs, and governance to be aware of when looking to contribute (and often even consume) these technologies. Never fear, for Bob Killen (Google) and Jeffrey Sica (CNCF) are here to provide attendees a map of the land(scape). Both have been active consumers of, and contributors to, CNCF projects for years. In this talk, Bob and Jeff will guide attendees through what a Cloud Native stack looks like, the common problems that different projects look to solve, and how Community plays a big part in this technology.
Coincidentally, both have also been residents of Southeastern Michigan for most of their lives! Therefore the talk will be chalked full of analogies to Detroit Style Pizza, Coney Dogs, and Automobiles to celebrate their home state and the wonderful city of Detroit.
- 2 participants
- 17 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Cloud Native Security Market Trends and Drivers - John Morello, Vice President, Product, Prisma Cloud
Speakers: John Morello
Securing your Code to Cloud journey is a daunting task. Applications are spread across multiple cloud platforms, they are highly portable and ephemeral. As the attack surface is increased and there are many attack vectors throughout the application’s lifecycle, tune into this keynote to hear about the latest market requirements and learn about the anatomy of a cloud native application security solution.
Keynote: Cloud Native Security Market Trends and Drivers - John Morello, Vice President, Product, Prisma Cloud
Speakers: John Morello
Securing your Code to Cloud journey is a daunting task. Applications are spread across multiple cloud platforms, they are highly portable and ephemeral. As the attack surface is increased and there are many attack vectors throughout the application’s lifecycle, tune into this keynote to hear about the latest market requirements and learn about the anatomy of a cloud native application security solution.
- 1 participant
- 7 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Fostering Kubernetes Community Growth Through Learning - Le Tran, Member of Technical Staff, Kasten by Veeam
Speakers: Le Tran
Growing the Kubernetes community is essential for ensuring its strong and prosperous future. But Kubernetes and cloud native ecosystems overall are a complex web of knowledge, and it’s critical to continue to create bridges into the community via open learning tools and platforms. In this way, we can eliminate the barriers of entrance and grow the community effectively. To that end, the team at Kasten by Veeam has been working on building a free Kubernetes training site, Learning.Kasten.io. Through the site, new and existing members of the Kubernetes community can access blog posts, videos, books and hands-on labs, in order to create a comprehensive environment for learning about Kubernetes – one that is engaging, diverse and welcoming.
During this session, Le Tran, a member of the technical staff from Kasten, will share her insights on the journey toward growing the Kubernetes community through learning tools, as well as her own story of becoming a member of the community.
Keynote: Fostering Kubernetes Community Growth Through Learning - Le Tran, Member of Technical Staff, Kasten by Veeam
Speakers: Le Tran
Growing the Kubernetes community is essential for ensuring its strong and prosperous future. But Kubernetes and cloud native ecosystems overall are a complex web of knowledge, and it’s critical to continue to create bridges into the community via open learning tools and platforms. In this way, we can eliminate the barriers of entrance and grow the community effectively. To that end, the team at Kasten by Veeam has been working on building a free Kubernetes training site, Learning.Kasten.io. Through the site, new and existing members of the Kubernetes community can access blog posts, videos, books and hands-on labs, in order to create a comprehensive environment for learning about Kubernetes – one that is engaging, diverse and welcoming.
During this session, Le Tran, a member of the technical staff from Kasten, will share her insights on the journey toward growing the Kubernetes community through learning tools, as well as her own story of becoming a member of the community.
- 1 participant
- 5 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: How to Become an Open Source Mechanic - Emily Fox, Security Engineer, Apple
Speakers: Emily Fox
As our cloud native family expands and matures, we often learn that we may need a vehicle to sustain our progress. The idea of our project or group crawled along until we gave it legs to walk and run. But we need them to go farther. So we need a vehicle to make that happen, and we’ll need to understand the basic mechanics of successful projects in order to become a mechanic of our vehicle. In this session, Emily shares her common learnings from engaging multiple projects, groups, and foundations that can assist our cloud native community, maintainers, contributors, and new comers on becoming great open source mechanics to build our vehicles for the road ahead.
Keynote: How to Become an Open Source Mechanic - Emily Fox, Security Engineer, Apple
Speakers: Emily Fox
As our cloud native family expands and matures, we often learn that we may need a vehicle to sustain our progress. The idea of our project or group crawled along until we gave it legs to walk and run. But we need them to go farther. So we need a vehicle to make that happen, and we’ll need to understand the basic mechanics of successful projects in order to become a mechanic of our vehicle. In this session, Emily shares her common learnings from engaging multiple projects, groups, and foundations that can assist our cloud native community, maintainers, contributors, and new comers on becoming great open source mechanics to build our vehicles for the road ahead.
- 1 participant
- 10 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: What It's Like to Bring DevOps to a Software Factory in Central America - Alvin Estrada, Cloud Architect, GuateGeeks
Speakers: Alvin Estrada
In 2020, lots of companies around the world realized that most of their technology and methodologies were already obsolete. 10 years ago, that started a race inside those companies to keep alive the business while designing, building, and improving online platforms.
This opened a big necessity of the misnamed "DevOps," a being that handles the knowledge to deploy anything to the Cloud with "Dockers" (or at least that's what most of the people think it is).
In this talk, Alvin will share his experience helping a Software Factory Company to reach the goal of a DevOps Culture.
Keynote: What It's Like to Bring DevOps to a Software Factory in Central America - Alvin Estrada, Cloud Architect, GuateGeeks
Speakers: Alvin Estrada
In 2020, lots of companies around the world realized that most of their technology and methodologies were already obsolete. 10 years ago, that started a race inside those companies to keep alive the business while designing, building, and improving online platforms.
This opened a big necessity of the misnamed "DevOps," a being that handles the knowledge to deploy anything to the Cloud with "Dockers" (or at least that's what most of the people think it is).
In this talk, Alvin will share his experience helping a Software Factory Company to reach the goal of a DevOps Culture.
- 1 participant
- 12 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: What We Learned Dissecting the World’s Most Popular Containers - Ayse Kaya, Head of Strategic Insights + Analytics, Slim.AI
Speakers: Ayse Kaya
Data scientist and container enthusiast Ayse Kaya and her team at Slim.AI analyzed more than 100 of the world’s most popular public container images using open source tools to better understand what developers encounter when running containers in Kubernetes. What they found was a vast, varied, and complex world that gives developers massive opportunities to scale, but also presents risks to both security and productivity. This talk shares the data, visualizations, and insights they generated from their research. Kaya shows the current paradox in software supply chain practices (i.e. taking advantage of abstraction vs. knowing what’s in the software you ship), and that even small, special purpose containers could have thousands of packages, libraries, and licenses, not to mention critical vulnerabilities. Finally, she’ll highlight the current trade-offs teams make between “developer experience” and “production readiness”, and open a discussion about how we can improve as an industry.
Keynote: What We Learned Dissecting the World’s Most Popular Containers - Ayse Kaya, Head of Strategic Insights + Analytics, Slim.AI
Speakers: Ayse Kaya
Data scientist and container enthusiast Ayse Kaya and her team at Slim.AI analyzed more than 100 of the world’s most popular public container images using open source tools to better understand what developers encounter when running containers in Kubernetes. What they found was a vast, varied, and complex world that gives developers massive opportunities to scale, but also presents risks to both security and productivity. This talk shares the data, visualizations, and insights they generated from their research. Kaya shows the current paradox in software supply chain practices (i.e. taking advantage of abstraction vs. knowing what’s in the software you ship), and that even small, special purpose containers could have thousands of packages, libraries, and licenses, not to mention critical vulnerabilities. Finally, she’ll highlight the current trade-offs teams make between “developer experience” and “production readiness”, and open a discussion about how we can improve as an industry.
- 1 participant
- 14 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes Networking Infrastructure Offload - Dan Daly & Nupur Jain, Intel; Nabil Bitar, Bloomberg; Moshe Levi, Nvidia; Vytautas (Valas) Valancius, Google
Speakers: Nabil Bitar, Dan Daly, Moshe Levi, Vytautas (Valas) Valancius, Nupur Jain
Networking is central to Kubernetes, as it enables secure and deterministic scale out. As the number of services, pods, and interconnections increases, the kernel overhead will use more compute cycles, thereby lowering throughput and increasing latencies. Infrastructure Offload moves the Kubernetes cluster network policy, routing, and load balancing rules off of the compute platform and into the infrastructure. The cloud provider can then optimize these operations in software or in programmable hardware, such as an IPU or DPU, without requiring any changes to the end user’s applications. In this panel, we discuss various approaches that share a common methodology based on existing Kubernetes APIs to improve performance, free up compute cycles, and preserve compatibility with existing cloud native applications.
Kubernetes Networking Infrastructure Offload - Dan Daly & Nupur Jain, Intel; Nabil Bitar, Bloomberg; Moshe Levi, Nvidia; Vytautas (Valas) Valancius, Google
Speakers: Nabil Bitar, Dan Daly, Moshe Levi, Vytautas (Valas) Valancius, Nupur Jain
Networking is central to Kubernetes, as it enables secure and deterministic scale out. As the number of services, pods, and interconnections increases, the kernel overhead will use more compute cycles, thereby lowering throughput and increasing latencies. Infrastructure Offload moves the Kubernetes cluster network policy, routing, and load balancing rules off of the compute platform and into the infrastructure. The cloud provider can then optimize these operations in software or in programmable hardware, such as an IPU or DPU, without requiring any changes to the end user’s applications. In this panel, we discuss various approaches that share a common methodology based on existing Kubernetes APIs to improve performance, free up compute cycles, and preserve compatibility with existing cloud native applications.
- 8 participants
- 38 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Kubernetes SIG Node Intro And Deep Dive - Sergey Kanzhelev & Dawn Chen, Google; Derek Carr, Red Hat
Speakers: Dawn Chen, Derek Carr, Sergey Kanzhelev
These are exciting times for Kubernetes SIG Node. Many deprecation and graduations happened and many new initiatives are starting now. Come to our maintainers track session to learn about the recent releases of Kubernetes, full of exciting improvements and get a glance into the SIG Node roadmap. SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with the various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! We will talk more about cgroup v2 adoption and exciting opportunities it brings, how we invest in small quality of life improvements and working on new exciting big features. Join this session to learn more about our SIG, and how you might get involved to make Node even better!
Kubernetes SIG Node Intro And Deep Dive - Sergey Kanzhelev & Dawn Chen, Google; Derek Carr, Red Hat
Speakers: Dawn Chen, Derek Carr, Sergey Kanzhelev
These are exciting times for Kubernetes SIG Node. Many deprecation and graduations happened and many new initiatives are starting now. Come to our maintainers track session to learn about the recent releases of Kubernetes, full of exciting improvements and get a glance into the SIG Node roadmap. SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with the various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! We will talk more about cgroup v2 adoption and exciting opportunities it brings, how we invest in small quality of life improvements and working on new exciting big features. Join this session to learn more about our SIG, and how you might get involved to make Node even better!
- 3 participants
- 28 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lessons From Scheduling 20 Million Windows Containers a Month - Julian Portillo, Relativity
Speakers: Julian Portillo
Relativity schedules almost a million Windows containers per day to a globally distributed set of Kubernetes clusters. Two years ago we started to break apart our enterprise .NET monolith into microservices hosted on Kubernetes. At that time our developers had a multi-month release cadence. Now we have automated vulnerability patching, can do zero downtime migrations of workloads between clusters, have automated failover for critical services in the event of regional failures, and have have happy developers who can test and push to production immediately. How did we get here? By covering a rocky road full of issues. Come learn from our mistakes so you don't have to repeat them. We will talk about application and orchestration design patterns that have been successful for our teams, custom operators for Windows node problem identification that we have have built and found useful, and monitoring patterns that have helped us stay ahead of issues.
Lessons From Scheduling 20 Million Windows Containers a Month - Julian Portillo, Relativity
Speakers: Julian Portillo
Relativity schedules almost a million Windows containers per day to a globally distributed set of Kubernetes clusters. Two years ago we started to break apart our enterprise .NET monolith into microservices hosted on Kubernetes. At that time our developers had a multi-month release cadence. Now we have automated vulnerability patching, can do zero downtime migrations of workloads between clusters, have automated failover for critical services in the event of regional failures, and have have happy developers who can test and push to production immediately. How did we get here? By covering a rocky road full of issues. Come learn from our mistakes so you don't have to repeat them. We will talk about application and orchestration design patterns that have been successful for our teams, custom operators for Windows node problem identification that we have have built and found useful, and monitoring patterns that have helped us stay ahead of issues.
- 2 participants
- 32 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: A Puzzling Solution. How To Be Better At Accepting Others Experiences. - Duffie Cooley, Isovalent
As we gain experience and expertise in an area of study we often find ourselves struggling to meet our colleagues where they are. In this session I am going to share an experience I've had that I think can help you bring a little objectivity to the problem. We can all do better at listening and raising others up. I've spent years at this and I still make mistakes all the time. If you are interested in seeing someone solve a rubiks cube live on stage come on over and join me for this lightning talk!
Lightning Talk: A Puzzling Solution. How To Be Better At Accepting Others Experiences. - Duffie Cooley, Isovalent
As we gain experience and expertise in an area of study we often find ourselves struggling to meet our colleagues where they are. In this session I am going to share an experience I've had that I think can help you bring a little objectivity to the problem. We can all do better at listening and raising others up. I've spent years at this and I still make mistakes all the time. If you are interested in seeing someone solve a rubiks cube live on stage come on over and join me for this lightning talk!
- 1 participant
- 7 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Back To Basics: How To Measure Etcd Performance And Not To Die Trying - David Perez Rodriguez, Gorilla Logic
Everybody either knows what Kubernetes is or has heard it. It’s a critical component to scalable, high availability and distributed design of most cloud based productions systems. Why would I bother understanding how it behaves outside the cloud provider I commonly use? Well, that was the case of this project, which aimed to build an IoT system that handles Terabytes of data, entirely on-prem due to business needs. As expected, things were not behaving the same as in the cloud provider: lots of kube-api errors, missed heartbeats, database operators started rolling restarting deployments because of it; but the main reason was well hidden from the sight: etcd performance was not great on prem. etcd has an extremely and sustained high performance that is based on two factors: latency and throughput. But in this on-prem environment, latency was affected by the hardware’s initial design. How do you measure etcd performance? Benchmarks to the rescue! Learn about this experience, what is benchmark, what is latency, what is throughput and how to effectively measure etcd performance through benchmarks to correctly test your infrastructure when a brand new kubernetes cluster is created, particularly on-prem, and take advantage of the full potential of the Kubernetes environment.
Lightning Talk: Back To Basics: How To Measure Etcd Performance And Not To Die Trying - David Perez Rodriguez, Gorilla Logic
Everybody either knows what Kubernetes is or has heard it. It’s a critical component to scalable, high availability and distributed design of most cloud based productions systems. Why would I bother understanding how it behaves outside the cloud provider I commonly use? Well, that was the case of this project, which aimed to build an IoT system that handles Terabytes of data, entirely on-prem due to business needs. As expected, things were not behaving the same as in the cloud provider: lots of kube-api errors, missed heartbeats, database operators started rolling restarting deployments because of it; but the main reason was well hidden from the sight: etcd performance was not great on prem. etcd has an extremely and sustained high performance that is based on two factors: latency and throughput. But in this on-prem environment, latency was affected by the hardware’s initial design. How do you measure etcd performance? Benchmarks to the rescue! Learn about this experience, what is benchmark, what is latency, what is throughput and how to effectively measure etcd performance through benchmarks to correctly test your infrastructure when a brand new kubernetes cluster is created, particularly on-prem, and take advantage of the full potential of the Kubernetes environment.
- 1 participant
- 6 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Build a Twitter Translation Bot In 5 Minutes With Knative Functions - Lance Ball, Red Hat
Come see how quickly and easily you can get started developing reactive Kubernetes apps with Knative Functions. In this quick 5 minute demonstration, you will see me develop a Twitter bot that translates Tweets into multiple languages using Google’s Translate API. With only a handful of commands to run and a simple API to learn, getting from zero to powerfully productive takes only minutes. Let me show you how - in only 5 minutes!
Lightning Talk: Build a Twitter Translation Bot In 5 Minutes With Knative Functions - Lance Ball, Red Hat
Come see how quickly and easily you can get started developing reactive Kubernetes apps with Knative Functions. In this quick 5 minute demonstration, you will see me develop a Twitter bot that translates Tweets into multiple languages using Google’s Translate API. With only a handful of commands to run and a simple API to learn, getting from zero to powerfully productive takes only minutes. Let me show you how - in only 5 minutes!
- 1 participant
- 5 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Metrics, How To Measure What Is Going On In Your Community - Peter O'Neill, Styra
The social structure of an Open Source project can be quite complex, and as the project grows it only becomes more complex over time. Understanding the reason members are joining your community, and why members choose to stick around is key to having the exponential growth your project deserves. Let's take some time to dive into some of the basic ways to start gathering the right metrics. To start how do you define a community member? With this definition, we can pinpoint the minimum requirements to be a community member and start to track this as part of the onboarding flow. As we follow the community journey, the next thing we want to measure is engagement. How has this user interacted with the other members and have they utilized any community resources? Do we know which of these activities result in the highest likelihood of them contributing in a meaningful way? You can probably tell by now, that just by having the right data you can start to nudge members on their way to being your community superstars, and catch some users before they fall out of the community funnel altogether. So join this talk to learn what is going on with your community and how you can make it even better.
Lightning Talk: Metrics, How To Measure What Is Going On In Your Community - Peter O'Neill, Styra
The social structure of an Open Source project can be quite complex, and as the project grows it only becomes more complex over time. Understanding the reason members are joining your community, and why members choose to stick around is key to having the exponential growth your project deserves. Let's take some time to dive into some of the basic ways to start gathering the right metrics. To start how do you define a community member? With this definition, we can pinpoint the minimum requirements to be a community member and start to track this as part of the onboarding flow. As we follow the community journey, the next thing we want to measure is engagement. How has this user interacted with the other members and have they utilized any community resources? Do we know which of these activities result in the highest likelihood of them contributing in a meaningful way? You can probably tell by now, that just by having the right data you can start to nudge members on their way to being your community superstars, and catch some users before they fall out of the community funnel altogether. So join this talk to learn what is going on with your community and how you can make it even better.
- 1 participant
- 6 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Open Source, Kubernetes, And CloudNative From the Eyes Of a High-Schooler - Rishit Dagli, Narayana Junior College; Incoming University of Toronto
Being a high-school student involved in the Kubernetes and CloudNative, I have had a quite non-conventional path in the open-source community. This talk is aimed at seeing open-source through my perspective and motivate not just high-schooler but have valuable content for everyone in the audience to start contributing to the CloudNative ecosystem and open-source software in general. Though, this talk is not about how to make a PR or file an issue or git. I start the talk by introducing why and how I found the motivation to go into open-source apart from the olympiads and school work in the first place and talk about how the audience could find their motivation to make their first step in open-source. I also highlight how one could request feedback, make lasting connections, what it means to contribute and how anyone could make a meaningful impact. Finally, I also highlight my experience with k8s and CNCF and why it might be a great avenue for the audience to grow themselves with open-source.
Lightning Talk: Open Source, Kubernetes, And CloudNative From the Eyes Of a High-Schooler - Rishit Dagli, Narayana Junior College; Incoming University of Toronto
Being a high-school student involved in the Kubernetes and CloudNative, I have had a quite non-conventional path in the open-source community. This talk is aimed at seeing open-source through my perspective and motivate not just high-schooler but have valuable content for everyone in the audience to start contributing to the CloudNative ecosystem and open-source software in general. Though, this talk is not about how to make a PR or file an issue or git. I start the talk by introducing why and how I found the motivation to go into open-source apart from the olympiads and school work in the first place and talk about how the audience could find their motivation to make their first step in open-source. I also highlight how one could request feedback, make lasting connections, what it means to contribute and how anyone could make a meaningful impact. Finally, I also highlight my experience with k8s and CNCF and why it might be a great avenue for the audience to grow themselves with open-source.
- 1 participant
- 5 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Paying Down Debt: Converting Kubernetes To Use Go "Workspaces" - Tim Hockin, Google
Kubernetes is one of the largest and most well known systems written in the Go programming language. Kubernetes is also a fairly complex codebase, which often pushes Go to its limits. To make it work, we sometimes have had to go outside of the "normal" usage of Go's tooling and ecosystem. Anyone familiar with the project will probably groan when they heard phrases like "staging repo" or "code generator". We have accrued a pretty significant amount of technical debt over the last few years. With Go 1.18 comes a powerful new feature - "workspaces". This is what happens when the language team looks at what their users are doing and as asks "how can we make this better?". We can wipe away a lot of that debt - "just use workspaces". But, sadly, it's not as easy as it might sound. This talk will introduce listeners to the problems we have, the gross workarounds we use, and how workspaces make it all better. We'll talk a bit about the work that is being done to make "just use workspaces" a reality.
Lightning Talk: Paying Down Debt: Converting Kubernetes To Use Go "Workspaces" - Tim Hockin, Google
Kubernetes is one of the largest and most well known systems written in the Go programming language. Kubernetes is also a fairly complex codebase, which often pushes Go to its limits. To make it work, we sometimes have had to go outside of the "normal" usage of Go's tooling and ecosystem. Anyone familiar with the project will probably groan when they heard phrases like "staging repo" or "code generator". We have accrued a pretty significant amount of technical debt over the last few years. With Go 1.18 comes a powerful new feature - "workspaces". This is what happens when the language team looks at what their users are doing and as asks "how can we make this better?". We can wipe away a lot of that debt - "just use workspaces". But, sadly, it's not as easy as it might sound. This talk will introduce listeners to the problems we have, the gross workarounds we use, and how workspaces make it all better. We'll talk a bit about the work that is being done to make "just use workspaces" a reality.
- 1 participant
- 6 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Lightning Talk: Where Did All My IPs Go? - Cynthia Thomas, Google
Kubernetes cluster planning requires quite a few things to get started. What about IPs? Common IP management hurdles with Kubernetes clusters include IP assignments when building a cluster and challenges faced when deploying in a multi-faceted environment. Kubernetes Admins often need to use IP addressing handed out by Network Admins juggling other non-k8s workload IP assignments and IP exhaustion. In this talk, Cynthia will discuss new and existing KEPs that SIG-network has implemented to help mitigate IP challenges. Such features include discontiguous cluster CIDRs and the journey to IPv6. Cynthia will also discuss how the best practices for Kubernetes IP management are changing with these new capabilities to help scale and grow instead of rebuild.
Lightning Talk: Where Did All My IPs Go? - Cynthia Thomas, Google
Kubernetes cluster planning requires quite a few things to get started. What about IPs? Common IP management hurdles with Kubernetes clusters include IP assignments when building a cluster and challenges faced when deploying in a multi-faceted environment. Kubernetes Admins often need to use IP addressing handed out by Network Admins juggling other non-k8s workload IP assignments and IP exhaustion. In this talk, Cynthia will discuss new and existing KEPs that SIG-network has implemented to help mitigate IP challenges. Such features include discontiguous cluster CIDRs and the journey to IPv6. Cynthia will also discuss how the best practices for Kubernetes IP management are changing with these new capabilities to help scale and grow instead of rebuild.
- 1 participant
- 5 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Machine Learning Using Various GPU Technology With Kubeflow. - Jihye Choi, SAMSUNG SDS
Speakers: Jihye Choi
Everyone who works in MLOps tends to have a perception that limited cost and GPU is crucial. Kubeflow is a great open source, but it provides very little elements to handle efficient distributed learning through coupling tightly with GPU or by maximizing GPU utilization. 1. A simplified model uses a relatively small amount of GPU, as using the entire GPU capacity is considered as waste of resources. The Multi-Instance GPU applied to the NVIDIA A100 provides a technology that splits one GPU into up to 7 instances, and this presentation shows how to combine this top-notch technology with Kubeflow. 2. As the size of the model increases, distributed training becomes more necessary when using multiple GPU servers for efficiency. GPUDirect RDMA is a high-performance networking technology that directly communicates and processes GPU memory without CPU and system memory intervention. As a result, you can get tried and true experience, which improves GPU utilization and performance in Kubeflow.
Machine Learning Using Various GPU Technology With Kubeflow. - Jihye Choi, SAMSUNG SDS
Speakers: Jihye Choi
Everyone who works in MLOps tends to have a perception that limited cost and GPU is crucial. Kubeflow is a great open source, but it provides very little elements to handle efficient distributed learning through coupling tightly with GPU or by maximizing GPU utilization. 1. A simplified model uses a relatively small amount of GPU, as using the entire GPU capacity is considered as waste of resources. The Multi-Instance GPU applied to the NVIDIA A100 provides a technology that splits one GPU into up to 7 instances, and this presentation shows how to combine this top-notch technology with Kubeflow. 2. As the size of the model increases, distributed training becomes more necessary when using multiple GPU servers for efficiency. GPUDirect RDMA is a high-performance networking technology that directly communicates and processes GPU memory without CPU and system memory intervention. As a result, you can get tried and true experience, which improves GPU utilization and performance in Kubeflow.
- 3 participants
- 32 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
MetaOps: Metadata Operations For End-To-End Data & Machine Learning Platforms - Alejandro Saucedo, The Institute for Ethical AI & Machine Learning
Speakers: Alejandro Saucedo
Organisations have been growingly adopting and integrating a non-trivial number of different frameworks at each stage of their machine learning lifecycle. Although this has helped reduce time-to-value for real-world AI use-cases, it has come at a cost of complexity and interoperability bottlenecks. Each stage in the end-to-end lifecycle involves different stakeholders that make decisions and perform actions that can modify data and/or ML components with use-case-specific but ever compoinding risks, resulting in a growing need to ensure a minimum-level of metadata is collected, tracked and managed. This becomes growingly important due to the need to ensure relevant overarching compliance requirements, as well as architectural requirements on lineage, auditability, accountability and reproducibility. In this session we will dive into the challenges present in the metadata layer of large-scale systems, as well as tooling, best practices and solutions that can be adopted to tackle these challenges. We will discuss the rise of the metadata management systems, the challenges they have been able solve, as well as critical shortcomings where ecosystem-wide collaboration will be key from tooling-level alignemnt to ensure long-term robustness of these heterogeneous end-to-end platform.
MetaOps: Metadata Operations For End-To-End Data & Machine Learning Platforms - Alejandro Saucedo, The Institute for Ethical AI & Machine Learning
Speakers: Alejandro Saucedo
Organisations have been growingly adopting and integrating a non-trivial number of different frameworks at each stage of their machine learning lifecycle. Although this has helped reduce time-to-value for real-world AI use-cases, it has come at a cost of complexity and interoperability bottlenecks. Each stage in the end-to-end lifecycle involves different stakeholders that make decisions and perform actions that can modify data and/or ML components with use-case-specific but ever compoinding risks, resulting in a growing need to ensure a minimum-level of metadata is collected, tracked and managed. This becomes growingly important due to the need to ensure relevant overarching compliance requirements, as well as architectural requirements on lineage, auditability, accountability and reproducibility. In this session we will dive into the challenges present in the metadata layer of large-scale systems, as well as tooling, best practices and solutions that can be adopted to tackle these challenges. We will discuss the rise of the metadata management systems, the challenges they have been able solve, as well as critical shortcomings where ecosystem-wide collaboration will be key from tooling-level alignemnt to ensure long-term robustness of these heterogeneous end-to-end platform.
- 2 participants
- 37 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Migrating From PodSecurityPolicy - Tim Allclair & Sam Stoelinga, Google
Speakers: Tim Allclair, Sam Stoelinga
Pod Security Policy (PSP) has been completely removed in Kubernetes v1.25, making it essential for users to migrate their clusters before upgrading to v1.25. The good news is that the Pod Security admission controller, designed as a simpler successor to PSP, just graduated to stable. The bad news is that the migration is not always straightforward. In this talk, you will see the quick-and-dirty migration path, and then dive deep into the nuances and challenges of migrating off PSP. We will also explore a couple of alternatives to the Pod Security admission controller, and when and why you might choose those alternatives instead. The goal of this talk is to empower you to confidently and safely begin upgrading your clusters, and bid farewell to PSP.
Migrating From PodSecurityPolicy - Tim Allclair & Sam Stoelinga, Google
Speakers: Tim Allclair, Sam Stoelinga
Pod Security Policy (PSP) has been completely removed in Kubernetes v1.25, making it essential for users to migrate their clusters before upgrading to v1.25. The good news is that the Pod Security admission controller, designed as a simpler successor to PSP, just graduated to stable. The bad news is that the migration is not always straightforward. In this talk, you will see the quick-and-dirty migration path, and then dive deep into the nuances and challenges of migrating off PSP. We will also explore a couple of alternatives to the Pod Security admission controller, and when and why you might choose those alternatives instead. The goal of this talk is to empower you to confidently and safely begin upgrading your clusters, and bid farewell to PSP.
- 5 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multi-Tenancy: Tips, Tricks, Tools And Tests - Adrian Ludwin, Google; Tasha Drew, VMware; Ryan Bezdicek, Twilio; Fei Guo, Alibaba
Speakers: Adrian Ludwin, Tasha Drew, Ryan Bezdicek, Fei Guo
Join the maintainers and leaders of the upstream Kubernetes working group for Multi-Tenancy for an overview of the tools, documentation, tests, and capabilities you can achieve to share Kubernetes clusters between teams and users. We'll also save time for audience questions, so bring your multi-tenancy hopes, dreams and woes!
Multi-Tenancy: Tips, Tricks, Tools And Tests - Adrian Ludwin, Google; Tasha Drew, VMware; Ryan Bezdicek, Twilio; Fei Guo, Alibaba
Speakers: Adrian Ludwin, Tasha Drew, Ryan Bezdicek, Fei Guo
Join the maintainers and leaders of the upstream Kubernetes working group for Multi-Tenancy for an overview of the tools, documentation, tests, and capabilities you can achieve to share Kubernetes clusters between teams and users. We'll also save time for audience questions, so bring your multi-tenancy hopes, dreams and woes!
- 5 participants
- 24 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Multicluster Kubernetes Management Made Easy With Open Cluster Management - Joshua Packer, Red Hat
Speakers: Joshua Packer
Now that many people are deploying Kubernetes in production, they all have the same question: how do you manage multiple Kubernetes clusters? In this session, we’ll chat about the new CNCF Sandbox project Open Cluster Management (https://open-cluster-management.io) and how it can help you simplify multicluster container orchestration. Open APIs are evolving within the project for cluster registration, work distribution, dynamic placement of policies and workloads, and much more. Attendees will learn how they can use Open Cluster Management to take control of their sprawling infrastructure.
Multicluster Kubernetes Management Made Easy With Open Cluster Management - Joshua Packer, Red Hat
Speakers: Joshua Packer
Now that many people are deploying Kubernetes in production, they all have the same question: how do you manage multiple Kubernetes clusters? In this session, we’ll chat about the new CNCF Sandbox project Open Cluster Management (https://open-cluster-management.io) and how it can help you simplify multicluster container orchestration. Open APIs are evolving within the project for cluster registration, work distribution, dynamic placement of policies and workloads, and much more. Attendees will learn how they can use Open Cluster Management to take control of their sprawling infrastructure.
- 1 participant
- 29 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Notary: State Of Development - Justin Cormack, Docker
Speakers: Justin Cormack
This talk gives an overview of the status of the Notary project, and the Notary v2 work, and the context in the broader ecosystem. Supply chain security is becoming increasingly critical and its importance has been recognised, but the ecosystem of tools around this is confusing. So this talk will cover the context of the key ideas, including the TUF and in-toto projects and how they relate to the security outcomes people want to achieve.
Notary: State Of Development - Justin Cormack, Docker
Speakers: Justin Cormack
This talk gives an overview of the status of the Notary project, and the Notary v2 work, and the context in the broader ecosystem. Supply chain security is becoming increasingly critical and its importance has been recognised, but the ecosystem of tools around this is confusing. So this talk will cover the context of the key ideas, including the TUF and in-toto projects and how they relate to the security outcomes people want to achieve.
- 5 participants
- 37 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
OPA - Peter O'Neill, Styra
Speakers: Peter O'Neill
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
OPA - Peter O'Neill, Styra
Speakers: Peter O'Neill
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
- 8 participants
- 39 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Overview Of Challenges And Solutions For Orchestrating Applications To Multiple DC And Edge Clusters - Ritu Sood & Cathy Zhang, Intel Corp
Speakers: Ritu Sood, Cathy Zhang
Deploying, monitoring, and managing complex applications across multiple clusters is a challenging task. A complex application is usually composed of multiple microservices that need to be deployed to different clusters based on the criteria like latency, bandwidth, local context, etc. Some microservices need to be replicated in multiple geo-locations. Some microservices have cross-cluster dependencies. Some of these microservices deployed across different clusters may also need to communicate with each other securely. Furthermore, various infrastructure-related configurations need to be done in order for some microservices to function properly. To reduce the operational cost of deploying and managing these complex applications, automation is a must, and the goal is to achieve zero-touch deployments. In this talk, we'll examine the landscape of available solutions such as Kubedge, ArgoCD, Karmada, EMCO, etc. and provide an in-depth analysis of each of them.
Overview Of Challenges And Solutions For Orchestrating Applications To Multiple DC And Edge Clusters - Ritu Sood & Cathy Zhang, Intel Corp
Speakers: Ritu Sood, Cathy Zhang
Deploying, monitoring, and managing complex applications across multiple clusters is a challenging task. A complex application is usually composed of multiple microservices that need to be deployed to different clusters based on the criteria like latency, bandwidth, local context, etc. Some microservices need to be replicated in multiple geo-locations. Some microservices have cross-cluster dependencies. Some of these microservices deployed across different clusters may also need to communicate with each other securely. Furthermore, various infrastructure-related configurations need to be done in order for some microservices to function properly. To reduce the operational cost of deploying and managing these complex applications, automation is a must, and the goal is to achieve zero-touch deployments. In this talk, we'll examine the landscape of available solutions such as Kubedge, ArgoCD, Karmada, EMCO, etc. and provide an in-depth analysis of each of them.
- 2 participants
- 28 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Preventing Controller Sprawl From Taking Down Your Cluster - When a Scalable Pattern Stops Being Scalable - Madhu C.S., Robinhood Markets
Speakers: Madhu C.S.
The vast majority of Kubernetes controllers make use of a WATCH and UPDATE pattern, which is a highly scalable client-pull based pattern. “Highly” does not mean “infinite”, and the spread of this pattern has led to a number of implicit design guarantees that operators build on. In this talk, the Container Orchestration team at Robinhood will cover the exploration of the boundaries of this pattern, how second order effects result in service degradation in production, and best practices for monitoring, detecting, debugging and addressing these issues. With examples drawn from real outages, the team will present lessons learned for organizations of all sizes.
Preventing Controller Sprawl From Taking Down Your Cluster - When a Scalable Pattern Stops Being Scalable - Madhu C.S., Robinhood Markets
Speakers: Madhu C.S.
The vast majority of Kubernetes controllers make use of a WATCH and UPDATE pattern, which is a highly scalable client-pull based pattern. “Highly” does not mean “infinite”, and the spread of this pattern has led to a number of implicit design guarantees that operators build on. In this talk, the Container Orchestration team at Robinhood will cover the exploration of the boundaries of this pattern, how second order effects result in service degradation in production, and best practices for monitoring, detecting, debugging and addressing these issues. With examples drawn from real outages, the team will present lessons learned for organizations of all sizes.
- 1 participant
- 44 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Production Practice For Large-Scale Financial Application Platform In China Merchants Bank - Jiahang Xu, China Merchants Bank & Jianbo Sun, Alibaba Cloud
Speakers: Jianbo Sun, Jiahang Xu
China Merchants Bank(CMB) is one of the biggest bank in China which adopts cloud native technology for its rapidly evolving business needs. The challenges we meet are quite different from the practices of the internet industry, banking demand higher stability and security, at the same time, more complex historical architecture. For example, we need to handle the migration for diverse workloads from bare metal to serverless to provide a consistent experience. We must provide progressive rollout with traffic management to keep the stability without breaking any business continuity. We need to have insight for the application delivery and management process to meet the business SLO by observability, further more, to reduce the cost of resources and improve utilization. In this talk, we'll share our practices on building a modern banking cloud native platform, that mainly leverages CNCF projects such as KubeVela, KubeVirt, Envoy, Opentelemetry and others, to serve diverse workloads and solve all the above chanllenges.
Production Practice For Large-Scale Financial Application Platform In China Merchants Bank - Jiahang Xu, China Merchants Bank & Jianbo Sun, Alibaba Cloud
Speakers: Jianbo Sun, Jiahang Xu
China Merchants Bank(CMB) is one of the biggest bank in China which adopts cloud native technology for its rapidly evolving business needs. The challenges we meet are quite different from the practices of the internet industry, banking demand higher stability and security, at the same time, more complex historical architecture. For example, we need to handle the migration for diverse workloads from bare metal to serverless to provide a consistent experience. We must provide progressive rollout with traffic management to keep the stability without breaking any business continuity. We need to have insight for the application delivery and management process to meet the business SLO by observability, further more, to reduce the cost of resources and improve utilization. In this talk, we'll share our practices on building a modern banking cloud native platform, that mainly leverages CNCF projects such as KubeVela, KubeVirt, Envoy, Opentelemetry and others, to serve diverse workloads and solve all the above chanllenges.
- 3 participants
- 30 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation
Speakers: Chris Aniszczyk
This session is a panel discussion moderated by Chris Aniszczyk with members of the Technical Oversight Committee. Feel free to come with questions, but we'll be doing an overview of the Technical Oversight Committee's governance structure, scope, mission and processes.
To learn more about the TOC, visit https://github.com/cncf/toc
Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation
Speakers: Chris Aniszczyk
This session is a panel discussion moderated by Chris Aniszczyk with members of the Technical Oversight Committee. Feel free to come with questions, but we'll be doing an overview of the Technical Oversight Committee's governance structure, scope, mission and processes.
To learn more about the TOC, visit https://github.com/cncf/toc
- 12 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Putting Hackers Breaching Your Cluster In Automatic Quarantine - Ziv Nevo, IBM
Speakers: Ziv Nevo
Engineers can’t really prevent hackers form eventually breaching Apps. It is not a question of IF but of WHEN. And unfortunately, a question of how much damage was done to our or our users’ resources, data and reputation. This does not happen only to small Apps and companies with small budgets and limited resources but to huge companies and government agencies (see SolarWinds attack). The solution - automatically isolating attackers when they breach one of the Apps in your cluster (or the App you develop), keeping the rest of the cluster’s components safe. This session will present a survey encompassing many commonly used cloud native apps, engineers all love and need (like Prometheus, Kafka, Jenkins, ClearML and much more) and demonstrate the built-in vulnerability most cluster deployments exercise and how to secure it. State of the art practices leave several, rather easily breached, back doors in many clusters. We will deep dive into several real-world scenarios and see the simple, yet very often missed, blueprint for making our cluster or our App-users’ clusters much more malicious-resistant.
Putting Hackers Breaching Your Cluster In Automatic Quarantine - Ziv Nevo, IBM
Speakers: Ziv Nevo
Engineers can’t really prevent hackers form eventually breaching Apps. It is not a question of IF but of WHEN. And unfortunately, a question of how much damage was done to our or our users’ resources, data and reputation. This does not happen only to small Apps and companies with small budgets and limited resources but to huge companies and government agencies (see SolarWinds attack). The solution - automatically isolating attackers when they breach one of the Apps in your cluster (or the App you develop), keeping the rest of the cluster’s components safe. This session will present a survey encompassing many commonly used cloud native apps, engineers all love and need (like Prometheus, Kafka, Jenkins, ClearML and much more) and demonstrate the built-in vulnerability most cluster deployments exercise and how to secure it. State of the art practices leave several, rather easily breached, back doors in many clusters. We will deep dive into several real-world scenarios and see the simple, yet very often missed, blueprint for making our cluster or our App-users’ clusters much more malicious-resistant.
- 1 participant
- 26 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Rook: Intro And Deep Dive With Ceph Storage - Travis Nielsen & Blaine Gardner, Red Hat; Alexander Trost, Koor Technologies; Satoru Takeuchi, Cybozu, Inc
Speakers: Alexander Trost, Travis Nielsen, Satoru Takeuchi, Blaine Gardner
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.10 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
Rook: Intro And Deep Dive With Ceph Storage - Travis Nielsen & Blaine Gardner, Red Hat; Alexander Trost, Koor Technologies; Satoru Takeuchi, Cybozu, Inc
Speakers: Alexander Trost, Travis Nielsen, Satoru Takeuchi, Blaine Gardner
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.10 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
- 2 participants
- 26 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Run As “Root”, Not Root: User Namespaces In K8s - Marga Manterola, Isovalent & Rodrigo Campos Catelin, Microsoft
Speakers: Rodrigo Campos Catelin, Marga Manterola
What if I told you that there's a bool you can set in your pod yaml that mitigates many CVEs out there? Not just any CVEs, but some HIGH and CRITICAL ones! This feature is coming to Kubernetes, thanks to user namespaces, and we'll tell you all about it.
User namespaces is a kernel feature that isolates the user in the container from the one in the host. A process running as root in a container can run as a different (non-root) user in the host. This is a HUGE improvement: if a process escapes the container, the privileges on the host are significantly reduced. Furthermore, some capabilities are void and others are only valid inside the user namespace.
Many container workloads that run as root today can benefit from this already: enable user namespace in their pod yaml and be more secure without additional changes.
This talk will explain how to use this feature in your cluster, how it is implemented, the current state of the KEP and future work and challenges in this area.
Run As “Root”, Not Root: User Namespaces In K8s - Marga Manterola, Isovalent & Rodrigo Campos Catelin, Microsoft
Speakers: Rodrigo Campos Catelin, Marga Manterola
What if I told you that there's a bool you can set in your pod yaml that mitigates many CVEs out there? Not just any CVEs, but some HIGH and CRITICAL ones! This feature is coming to Kubernetes, thanks to user namespaces, and we'll tell you all about it.
User namespaces is a kernel feature that isolates the user in the container from the one in the host. A process running as root in a container can run as a different (non-root) user in the host. This is a HUGE improvement: if a process escapes the container, the privileges on the host are significantly reduced. Furthermore, some capabilities are void and others are only valid inside the user namespace.
Many container workloads that run as root today can benefit from this already: enable user namespace in their pod yaml and be more secure without additional changes.
This talk will explain how to use this feature in your cluster, how it is implemented, the current state of the KEP and future work and challenges in this area.
- 4 participants
- 22 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SBOM X-Ray Superpowers: Making Better SBOMs, Using SBOMs - Brandon Lum, Google & Chris Phillips, Anchore
Creating SBOMs (Software Bill of Materials) for our software artifacts is very important in understanding our software and responding to security attacks/vulnerabilities. However, creating SBOMs is challenging. To be effective, SBOMs must be as accurate and complete as possible, but at the same time be usable. Today, Software Composition Analysis (SCA) based SBOM generation tools strike a great balance in this regard. There are several great SCA-based SBOM generator tools today, but all of them have blind spots, such as finding an executable file that has no metadata associated with it. What if there was a way for SBOM tools to reliably fill in these gaps in order to produce a more complete SBOM? Enter the SBOM X-ray vision! In this talk, we demonstrate a novel way to peek into these opaque files through SBOM discovery and look-up. Through the use of the Rekor transparency log and In-toto attestations, we’ll show how easy it is for existing projects to share SBOM information with other projects using native CI integrations. We will then show our new superpowers in action through the Syft tool to generate more complete SBOMs!
SBOM X-Ray Superpowers: Making Better SBOMs, Using SBOMs - Brandon Lum, Google & Chris Phillips, Anchore
Creating SBOMs (Software Bill of Materials) for our software artifacts is very important in understanding our software and responding to security attacks/vulnerabilities. However, creating SBOMs is challenging. To be effective, SBOMs must be as accurate and complete as possible, but at the same time be usable. Today, Software Composition Analysis (SCA) based SBOM generation tools strike a great balance in this regard. There are several great SCA-based SBOM generator tools today, but all of them have blind spots, such as finding an executable file that has no metadata associated with it. What if there was a way for SBOM tools to reliably fill in these gaps in order to produce a more complete SBOM? Enter the SBOM X-ray vision! In this talk, we demonstrate a novel way to peek into these opaque files through SBOM discovery and look-up. Through the use of the Rekor transparency log and In-toto attestations, we’ll show how easy it is for existing projects to share SBOM information with other projects using native CI integrations. We will then show our new superpowers in action through the Syft tool to generate more complete SBOMs!
- 3 participants
- 26 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Autoscaling Updates And Feature Highlights - Marcin Wielgus & Jayant Jain, Google; Diego Bonfigli, Sysdig
Speakers: Jayant Jain, Marcin Wielgus, Diego Bonfigli
Come hear about the latest updates and features from the Kubernetes Autoscaling community. In this talk, we will cover the status and future plans for the SIG owned projects - Cluster Autoscaler, Horizontal Pod Autoscaler, Vertical Pod Autoscaler. We will show all of their new features, performance improvements and describe the newly added gRPC extension points of Cluster Autoscaler. If you are curious about autoscaling in Kubernetes or would like to learn more about how to get involved with this community, don’t hesitate to join us!
SIG Autoscaling Updates And Feature Highlights - Marcin Wielgus & Jayant Jain, Google; Diego Bonfigli, Sysdig
Speakers: Jayant Jain, Marcin Wielgus, Diego Bonfigli
Come hear about the latest updates and features from the Kubernetes Autoscaling community. In this talk, we will cover the status and future plans for the SIG owned projects - Cluster Autoscaler, Horizontal Pod Autoscaler, Vertical Pod Autoscaler. We will show all of their new features, performance improvements and describe the newly added gRPC extension points of Cluster Autoscaler. If you are curious about autoscaling in Kubernetes or would like to learn more about how to get involved with this community, don’t hesitate to join us!
- 8 participants
- 45 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Instrumentation Introduction And Deep Dive - Damien Grisonnet, Red Hat; Han Kang & David Ashpole, Google
Speakers: Han Kang, David Ashpole, Damien Grisonnet
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!
SIG Instrumentation Introduction And Deep Dive - Damien Grisonnet, Red Hat; Han Kang & David Ashpole, Google
Speakers: Han Kang, David Ashpole, Damien Grisonnet
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!
- 6 participants
- 40 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG Security: Empowerment Through Autonomy - Ala Dewberry, VMware; Savitha Raghunathan, Red Hat; Tabitha Sable, Datadog
Speakers: Savitha Raghunathan, Tabitha Sable, Ala Dewberry
SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join organizers Ala, Rey, Savitha, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our documentation, third-party audit, and tooling subprojects. Security self-assessments will be a special focus, with a deep-dive on this new service offered to Kubernetes by our newest subproject! The Self-Assessments subproject in SIG Security is here to make security introspection accessible to any and all SIGs and subprojects. We aim to give SIGs and subprojects a repeatable and rigorous way to think about their own security, making Kubernetes safer to use as more workloads find their way to it. You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there!
SIG Security: Empowerment Through Autonomy - Ala Dewberry, VMware; Savitha Raghunathan, Red Hat; Tabitha Sable, Datadog
Speakers: Savitha Raghunathan, Tabitha Sable, Ala Dewberry
SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join organizers Ala, Rey, Savitha, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our documentation, third-party audit, and tooling subprojects. Security self-assessments will be a special focus, with a deep-dive on this new service offered to Kubernetes by our newest subproject! The Self-Assessments subproject in SIG Security is here to make security introspection accessible to any and all SIGs and subprojects. We aim to give SIGs and subprojects a repeatable and rigorous way to think about their own security, making Kubernetes safer to use as more workloads find their way to it. You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there!
- 6 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-Multicluster Intro And Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Paul Morie, Apple
Speakers: Jeremy Olmsted-Thompson, Laura Lorenz, Paul Morie
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.
SIG-Multicluster Intro And Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Paul Morie, Apple
Speakers: Jeremy Olmsted-Thompson, Laura Lorenz, Paul Morie
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.
- 3 participants
- 23 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SIG-Network: Intro & Deep-Dive - Rob Scott & Bowei Du, Google; Surya Seetharaman & Andrew Stoycos, Red Hat
Speakers: Bowei Du, Rob Scott, Andrew Stoycos, Surya Seetharaman
Networking is hard! This talk will start with some background on Kubernetes networking. Attendees who are not already comfortable with the "hows and whys" of basic networking in Kubernetes can get a bit of a primer before we dive deep on a few of the more recent developments and efforts in the networking space.
SIG-Network: Intro & Deep-Dive - Rob Scott & Bowei Du, Google; Surya Seetharaman & Andrew Stoycos, Red Hat
Speakers: Bowei Du, Rob Scott, Andrew Stoycos, Surya Seetharaman
Networking is hard! This talk will start with some background on Kubernetes networking. Attendees who are not already comfortable with the "hows and whys" of basic networking in Kubernetes can get a bit of a primer before we dive deep on a few of the more recent developments and efforts in the networking space.
- 16 participants
- 42 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Securing Edge Workloads With Cert-Manager And SPIFFE - Sitaram IYER & Riaz Mohamed, Jetstack Ltd
Speakers: Sitaram Iyer, Riaz Mohamed
Workloads are moving from data centers to the edge more than ever. As workloads migrate to the cloud many enterprise IT firms are seeing compute resources moving closer to where the data is created. Edge computing models have become far more attractive to many industries like telecom, farming, public safety, retail, medical, etc., because of the ability to minimize network latency and to put essential functions closer to the technology consumer. The rate at which Kubernetes has been adopted to run these workloads have been exponentially increasing as is seen with 5G network deployments. How do we secure these workloads? Be it ingress, pod to pod (mTLS) security, and trust domains. How do we manage certificates and renewals at scale? How do we enable security policies and postures on edge locations? The talk will go through how to manage security at the edge using cert-manager and utilizing SPIFFE as a way to manage and distribute trust. We will run cert-manager on a raspberry pi and look at provisioning and renewing certificates for both ingress and mTLS use cases.
Securing Edge Workloads With Cert-Manager And SPIFFE - Sitaram IYER & Riaz Mohamed, Jetstack Ltd
Speakers: Sitaram Iyer, Riaz Mohamed
Workloads are moving from data centers to the edge more than ever. As workloads migrate to the cloud many enterprise IT firms are seeing compute resources moving closer to where the data is created. Edge computing models have become far more attractive to many industries like telecom, farming, public safety, retail, medical, etc., because of the ability to minimize network latency and to put essential functions closer to the technology consumer. The rate at which Kubernetes has been adopted to run these workloads have been exponentially increasing as is seen with 5G network deployments. How do we secure these workloads? Be it ingress, pod to pod (mTLS) security, and trust domains. How do we manage certificates and renewals at scale? How do we enable security policies and postures on edge locations? The talk will go through how to manage security at the edge using cert-manager and utilizing SPIFFE as a way to manage and distribute trust. We will run cert-manager on a raspberry pi and look at provisioning and renewing certificates for both ingress and mTLS use cases.
- 4 participants
- 38 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Security In the Cloud With Falco: Overview And Project Updates - Jason Dellaluce & Luca Guerra, Sysdig
Speakers: Jason Dellaluce, Luca Guerra
Falco is the Cloud-Native Runtime Security project and the de facto Kubernetes threat detection engine. Join us to discover Falco and its ecosystem, hear the hottest news, and get up to speed as a contributor. In this session, Jason and Luca will dive into the most exciting recent developments and the upcoming project roadmap. You will learn about the recent support to ARM and gVisor, the next-generation eBPF probe, the growing adoption of the Falco libraries, the novel Cloud Security use cases, and much more.
Security In the Cloud With Falco: Overview And Project Updates - Jason Dellaluce & Luca Guerra, Sysdig
Speakers: Jason Dellaluce, Luca Guerra
Falco is the Cloud-Native Runtime Security project and the de facto Kubernetes threat detection engine. Join us to discover Falco and its ecosystem, hear the hottest news, and get up to speed as a contributor. In this session, Jason and Luca will dive into the most exciting recent developments and the upcoming project roadmap. You will learn about the recent support to ARM and gVisor, the next-generation eBPF probe, the growing adoption of the Falco libraries, the novel Cloud Security use cases, and much more.
- 1 participant
- 28 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sig Auth Deep Dive - Rita Zhang & Mo Khan, Microsoft; Tim Allclair, Google
Speakers: Tim Allclair, Rita Zhang, Mo Khan
In this presentation, we will talk about all the major enhancements the SIG is working on. These include the ongoing Pod Security effort, KMS encryption at rest observability and performance enhancements, structured configuration for authentication and authorization, reduction of legacy service account token attack surface area, certificate signing request duration control, etc. We will also discuss ways you can get involved with the SIG: https://docs.google.com/document/d/1sY8fRyRtk4eG9R439z5ao5i9bFuuxilS03XaNlqoni0
Sig Auth Deep Dive - Rita Zhang & Mo Khan, Microsoft; Tim Allclair, Google
Speakers: Tim Allclair, Rita Zhang, Mo Khan
In this presentation, we will talk about all the major enhancements the SIG is working on. These include the ongoing Pod Security effort, KMS encryption at rest observability and performance enhancements, structured configuration for authentication and authorization, reduction of legacy service account token attack surface area, certificate signing request duration control, etc. We will also discuss ways you can get involved with the SIG: https://docs.google.com/document/d/1sY8fRyRtk4eG9R439z5ao5i9bFuuxilS03XaNlqoni0
- 7 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Smart Green Computing Cloud Native Operations - William Caban & Federico Rossi, Red Hat
Speakers: Federico Rossi, William Caban
The European Union and the United States have set up a target of at least 50% - 55% net reduction in greenhouse gas emissions by 2030. But, with the sprawling of the cloud-native workloads and the increased demand for resources: are we doing enough?
Many community efforts and open source projects enable the observability of the power consumption from software resources to hardware resources. How can we combine the visibility provided by these tools to achieve the organization's sustainability goals?
In this talk, we combine CNCF projects and other open source communities tools to create and continuously improve Machine Learning models for cluster operations. These ML models consider a holistic view of a system: from application runtimes, node metrics, cluster metrics, and network metrics to the tracing of the interactions among the distributed components. These ML models are used for the "smart operations" of the distributed systems aligning to the organization's carbon and power optimization goals.
Smart Green Computing Cloud Native Operations - William Caban & Federico Rossi, Red Hat
Speakers: Federico Rossi, William Caban
The European Union and the United States have set up a target of at least 50% - 55% net reduction in greenhouse gas emissions by 2030. But, with the sprawling of the cloud-native workloads and the increased demand for resources: are we doing enough?
Many community efforts and open source projects enable the observability of the power consumption from software resources to hardware resources. How can we combine the visibility provided by these tools to achieve the organization's sustainability goals?
In this talk, we combine CNCF projects and other open source communities tools to create and continuously improve Machine Learning models for cluster operations. These ML models consider a holistic view of a system: from application runtimes, node metrics, cluster metrics, and network metrics to the tracing of the interactions among the distributed components. These ML models are used for the "smart operations" of the distributed systems aligning to the organization's carbon and power optimization goals.
- 3 participants
- 33 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SneakOps – Getting Users To Use GitOps Without Them Even Knowing About It! - Éamon Ryan & Hedley Simons, Grafana Labs
Speakers: Éamon Ryan, Hedley Simons
Most people are well-aware of the benefits of GitOps for various workflows especially as it relates to Kubernetes deployments - it allows easy integration of approvals, verifiable change history and automation hooks. However, getting users to adopt a different way of working can be challenging - especially if it involves tools and methods that would be convenient for you, the administrator, but inconvenient for the end-user. So, what do you do when your end-users are not directly using Git in their day-to-day work, but you still want to add the benefits of GitOps to your deployments without slowing them down? Simple - you implement GitOps but hide the entire process from them! In this session, Éamon and Heds will take you through how they took an internal Grafana environment that had grown increasingly messy and unreliable due to usage by a rapidly expanding internal team - and transformed it into a repeatable, promotable, process-driven well-oiled machine fueled by GitOps, Kubernetes, Terraform and more - all without the end-users having to learn or interact with Git at all!
SneakOps – Getting Users To Use GitOps Without Them Even Knowing About It! - Éamon Ryan & Hedley Simons, Grafana Labs
Speakers: Éamon Ryan, Hedley Simons
Most people are well-aware of the benefits of GitOps for various workflows especially as it relates to Kubernetes deployments - it allows easy integration of approvals, verifiable change history and automation hooks. However, getting users to adopt a different way of working can be challenging - especially if it involves tools and methods that would be convenient for you, the administrator, but inconvenient for the end-user. So, what do you do when your end-users are not directly using Git in their day-to-day work, but you still want to add the benefits of GitOps to your deployments without slowing them down? Simple - you implement GitOps but hide the entire process from them! In this session, Éamon and Heds will take you through how they took an internal Grafana environment that had grown increasingly messy and unreliable due to usage by a rapidly expanding internal team - and transformed it into a repeatable, promotable, process-driven well-oiled machine fueled by GitOps, Kubernetes, Terraform and more - all without the end-users having to learn or interact with Git at all!
- 7 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
So, SBOMs Matter…Now What? - Sophie Wigmore & Frankie Gallina-Jones, VMware
Speakers: Sophie Wigmore, Frankie Gallina-Jones
Lately, the main conversation in the software bill of materials space has largely been around why you need a SBOM to solve your security concerns, and what it can add to your secure software supply chain. At this point, community buy-in is strong, but critical questions remain undecided: How is this technology best employed in a Kubernetes setting? Which of the options in this space is right for each use case? In an emerging space within the cloud native community, there is a lot to learn, and it seems as though the best practices are changing all the time. In this session, attendees will be walked through the pros/cons of different SBOM approaches by people who have spent over a year exploring this topic, defining best practices, and building open source solutions with SBOMs. Additionally, attendees will get a demonstration of how Paketo Buildpacks-generated application images already contain an embedded SBOM, by leveraging Syft.
So, SBOMs Matter…Now What? - Sophie Wigmore & Frankie Gallina-Jones, VMware
Speakers: Sophie Wigmore, Frankie Gallina-Jones
Lately, the main conversation in the software bill of materials space has largely been around why you need a SBOM to solve your security concerns, and what it can add to your secure software supply chain. At this point, community buy-in is strong, but critical questions remain undecided: How is this technology best employed in a Kubernetes setting? Which of the options in this space is right for each use case? In an emerging space within the cloud native community, there is a lot to learn, and it seems as though the best practices are changing all the time. In this session, attendees will be walked through the pros/cons of different SBOM approaches by people who have spent over a year exploring this topic, defining best practices, and building open source solutions with SBOMs. Additionally, attendees will get a demonstration of how Paketo Buildpacks-generated application images already contain an embedded SBOM, by leveraging Syft.
- 4 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Stateless Collectors For Stateful Data: Scaling Prometheus As a Node Agent - Danny Clark, Google
Speakers: Danny Clark
prometheus-operator is the de facto standard for running Prometheus on Kubernetes. Yet, its configuration can be complicated and baroque, making it hard to know what is being scraped, or to properly enforce RBAC. Scaling also requires careful thought. However, there are an increasing number of ways to run Prometheus as “stateless”. How can we adopt this to solve these problems? This talk introduces an alternative, operator-based approach for running stateless Prometheus instances on Kubernetes by leveraging Prometheus as a node agent. This prompted rethinking how Prometheus configuration is done today, and led to new, simpler, and more opinionated CRDs. We will discuss trade-offs in the new configuration model and the challenges of running a fleet of node-agent Prometheuses at scale. The hope is this lowers the barrier to entry of managing Prometheus infrastructure, while still supporting features and access controls for enterprise users.
Stateless Collectors For Stateful Data: Scaling Prometheus As a Node Agent - Danny Clark, Google
Speakers: Danny Clark
prometheus-operator is the de facto standard for running Prometheus on Kubernetes. Yet, its configuration can be complicated and baroque, making it hard to know what is being scraped, or to properly enforce RBAC. Scaling also requires careful thought. However, there are an increasing number of ways to run Prometheus as “stateless”. How can we adopt this to solve these problems? This talk introduces an alternative, operator-based approach for running stateless Prometheus instances on Kubernetes by leveraging Prometheus as a node agent. This prompted rethinking how Prometheus configuration is done today, and led to new, simpler, and more opinionated CRDs. We will discuss trade-offs in the new configuration model and the challenges of running a fleet of node-agent Prometheuses at scale. The hope is this lowers the barrier to entry of managing Prometheus infrastructure, while still supporting features and access controls for enterprise users.
- 8 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tamland: How GitLab.Com Uses Long-Term Monitoring Data For Capacity Forecasting. - Andrew Newdigate, GitLab, Inc.
Speakers: Andrew Newdigate
Tamland is a capacity planning tool built by GitLab to provide long-term forecasts of potential capacity issues across the services running GitLab.com. It's built on top of the long-term metric storage capabilities of Thanos, which provides utilization and saturation metric data stretching back over a 1 year period. From this, a predictive forecast model is constructed and used to predict future growth trends across hundreds of saturation points over the coming months. This practical talk demonstrates how we capture long-term metrics data in a scalable way using Thanos, how we use Facebook's Prophet library for building forecast models, and how we integrate this with Jupyter to generate a report complete with visualizations. It discusses the benefits of switching to a data-driven and repeatable approach to capacity planning, as well as some of the practical challenges of building the tool. Tamland is an open-source project and attendees have access to the project source if they're interested in digging deeper into our implementation.
Tamland: How GitLab.Com Uses Long-Term Monitoring Data For Capacity Forecasting. - Andrew Newdigate, GitLab, Inc.
Speakers: Andrew Newdigate
Tamland is a capacity planning tool built by GitLab to provide long-term forecasts of potential capacity issues across the services running GitLab.com. It's built on top of the long-term metric storage capabilities of Thanos, which provides utilization and saturation metric data stretching back over a 1 year period. From this, a predictive forecast model is constructed and used to predict future growth trends across hundreds of saturation points over the coming months. This practical talk demonstrates how we capture long-term metrics data in a scalable way using Thanos, how we use Facebook's Prophet library for building forecast models, and how we integrate this with Jupyter to generate a report complete with visualizations. It discusses the benefits of switching to a data-driven and repeatable approach to capacity planning, as well as some of the practical challenges of building the tool. Tamland is an open-source project and attendees have access to the project source if they're interested in digging deeper into our implementation.
- 1 participant
- 33 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The DEF Con Code of Conduct Lawsuit - Lessons learned and Tips for Managing Legal Risk when Enforcing Codes of Conduct" - Joanna Lee, Partner, GesmerUpdegrove LLP
Speakers: Joanna Lee
Are Codes of Conduct risky business? The pending lawsuit against the organizers of DEF CON hacker conference arising from Code of Conduct enforcement decision suggests so. In this session, we'll discuss:
The factual background, legal claims, and status of the DEF CON lawsuit (to the extent publicly known),
What Code of Conduct responders can learn from the lawsuit,
Legal risks associated with Code of Conduct enforcement, and
Tips and best practices for managing legal risk and minimizing the threat of litigation.
The DEF Con Code of Conduct Lawsuit - Lessons learned and Tips for Managing Legal Risk when Enforcing Codes of Conduct" - Joanna Lee, Partner, GesmerUpdegrove LLP
Speakers: Joanna Lee
Are Codes of Conduct risky business? The pending lawsuit against the organizers of DEF CON hacker conference arising from Code of Conduct enforcement decision suggests so. In this session, we'll discuss:
The factual background, legal claims, and status of the DEF CON lawsuit (to the extent publicly known),
What Code of Conduct responders can learn from the lawsuit,
Legal risks associated with Code of Conduct enforcement, and
Tips and best practices for managing legal risk and minimizing the threat of litigation.
- 1 participant
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Evolution and Innovation of CubeFS - Leon Chang, Oppo
Speakers: Leon Chang
CubeFS is a cloud native distributed storage solution for big data processing, machine learning,data sharing and protection, etc. CubeFS is compatible with three access protocols(S3/POSIX/HDFS), it provides multiple data redundancy strategies ,such as replication and erasure-coding, it aslo support hybrid-cloud acceleration。 In this talk, there will be several parts to have an introduction of Cubefs and deep-dive discussions to talk about the technical details, the recent release, and future plans. CubeFS was accepted as an incubating project by the Cloud Native Computing Foundation in July 2022
The Evolution and Innovation of CubeFS - Leon Chang, Oppo
Speakers: Leon Chang
CubeFS is a cloud native distributed storage solution for big data processing, machine learning,data sharing and protection, etc. CubeFS is compatible with three access protocols(S3/POSIX/HDFS), it provides multiple data redundancy strategies ,such as replication and erasure-coding, it aslo support hybrid-cloud acceleration。 In this talk, there will be several parts to have an introduction of Cubefs and deep-dive discussions to talk about the technical details, the recent release, and future plans. CubeFS was accepted as an incubating project by the Cloud Native Computing Foundation in July 2022
- 1 participant
- 33 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Insider Threat: Third-Party Applications In Your Cluster - Dagan Henderson, Raft, LLC & Will Kline, Dark Wolf Solutions
Speakers: Dagan Henderson, Will Kline
As powerful as Kubernetes is out-of-the-box, it’s a reasonable bet that your organization’s baseline cluster includes more than just the core Kubernetes components. Service meshes, CSI drivers, admission controllers, and database engines are nearly ubiquitous additions to production-ready clusters. Crucially, these applications allow your organization’s development teams to focus on solving the organization’s unique challenges by building on top of robust third-party solutions that solve common industry problems, but vulnerabilities in third-party code can put the security of your clusters at risk. In this talk, the speakers will briefly review a few examples of real-world vulnerabilities in third-party applications commonly found in large Kubernetes clusters and describe just how they were discovered; demonstrate how critical some vulnerabilities can be; and then review clear, actionable steps your organization can take to help prevent third-party vulnerabilities from being the weak link in your clusters’ security.
The Insider Threat: Third-Party Applications In Your Cluster - Dagan Henderson, Raft, LLC & Will Kline, Dark Wolf Solutions
Speakers: Dagan Henderson, Will Kline
As powerful as Kubernetes is out-of-the-box, it’s a reasonable bet that your organization’s baseline cluster includes more than just the core Kubernetes components. Service meshes, CSI drivers, admission controllers, and database engines are nearly ubiquitous additions to production-ready clusters. Crucially, these applications allow your organization’s development teams to focus on solving the organization’s unique challenges by building on top of robust third-party solutions that solve common industry problems, but vulnerabilities in third-party code can put the security of your clusters at risk. In this talk, the speakers will briefly review a few examples of real-world vulnerabilities in third-party applications commonly found in large Kubernetes clusters and describe just how they were discovered; demonstrate how critical some vulnerabilities can be; and then review clear, actionable steps your organization can take to help prevent third-party vulnerabilities from being the weak link in your clusters’ security.
- 2 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Thriving With Kubernetes On-Call: Best Practices & Lessons Learned - Sunil Shah & Ramya Krishnan, Airbnb; Ashley Cutalo, Lyft; Madhu C.S., Robinhood; Fabio Kung, Netflix
Speakers: Sunil Shah, Ramya Krishnan, Ashley Cutalo, Madhu C.S., Fabio Kung
Kubernetes clusters are critical infrastructure at large, public companies, with large amounts of traffic, complex dependencies on 3rd party services, and constant change as developers release features and traffic scales up and down. In this panel discussion, engineers from Airbnb, Lyft, Netflix and Robinhood share their challenges, experiences and learnings when it comes to managing a sustainable on-call rotation that meets the needs of their internal users whilst maintaining a high uptime to serve business critical workloads. Topics covered will include: +Keeping on-call engineers happy + Balancing rapid response with alert fatigue + Strategies to proactively deal with production issues + Preparing engineers for on-call
Thriving With Kubernetes On-Call: Best Practices & Lessons Learned - Sunil Shah & Ramya Krishnan, Airbnb; Ashley Cutalo, Lyft; Madhu C.S., Robinhood; Fabio Kung, Netflix
Speakers: Sunil Shah, Ramya Krishnan, Ashley Cutalo, Madhu C.S., Fabio Kung
Kubernetes clusters are critical infrastructure at large, public companies, with large amounts of traffic, complex dependencies on 3rd party services, and constant change as developers release features and traffic scales up and down. In this panel discussion, engineers from Airbnb, Lyft, Netflix and Robinhood share their challenges, experiences and learnings when it comes to managing a sustainable on-call rotation that meets the needs of their internal users whilst maintaining a high uptime to serve business critical workloads. Topics covered will include: +Keeping on-call engineers happy + Balancing rapid response with alert fatigue + Strategies to proactively deal with production issues + Preparing engineers for on-call
- 5 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Training AI To Code Using the Largest Code Dataset - Tommy Li & Animesh Singh, IBM
Speakers: Animesh Singh, Tommy Li
Project CodeNet is a large dataset of 14 million code samples totaling 500 million lines of code in 55 programming languages. It enables machine learning for code, like finding code similarity, extracting semantic context, and even translating between different programming languages. Using the Machine Learning Exchange (MLX), a Linux Foundation for AI & Data Sandbox Project, we demonstrate how Project CodeNet can be leveraged to classify code and analyze code complexity in three steps. Using DataShim we turn domain specific subsets of the data into Kubernetes Custom Resources. Running Jupyter notebooks on Kubernetes we use the datasets to train deep learning models. The models are then served for inferencing as Kubernetes Custom Resources using KServe. For each of these steps, MLX generates Kubeflow Pipelines on Tekton so data scientists are not required to write Kubernetes specific code.
Training AI To Code Using the Largest Code Dataset - Tommy Li & Animesh Singh, IBM
Speakers: Animesh Singh, Tommy Li
Project CodeNet is a large dataset of 14 million code samples totaling 500 million lines of code in 55 programming languages. It enables machine learning for code, like finding code similarity, extracting semantic context, and even translating between different programming languages. Using the Machine Learning Exchange (MLX), a Linux Foundation for AI & Data Sandbox Project, we demonstrate how Project CodeNet can be leveraged to classify code and analyze code complexity in three steps. Using DataShim we turn domain specific subsets of the data into Kubernetes Custom Resources. Running Jupyter notebooks on Kubernetes we use the datasets to train deep learning models. The models are then served for inferencing as Kubernetes Custom Resources using KServe. For each of these steps, MLX generates Kubeflow Pipelines on Tekton so data scientists are not required to write Kubernetes specific code.
- 4 participants
- 37 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Turn Me On With Cloud-Native Feature Flags! - Alex Jones, Canonical
Speakers: Alex Jones
Feature flags have long been loved for the ease of turning on or off components running in production. They are fantastic for everything from chaos testing to market research. Open Feature, a new project in the CNCF sandbox, is dedicated to creating a ubiquitous specification for feature flags and enabling them across the entire cloud-native stack. In this talk, we look specifically at the Kubernetes native implementation of Open Feature and illustrate how multiple types of pod workloads can now leverage feature flags. Whether they are web servers, C processes or serverless functions, all can use either Kubeneters native primitives or remote configuration to enable experimentation in a new way. The speaker will walk through key project components such as FlagD and explain the design choices and usage of these services, including an overview of how this enables a complete feature flagging system; with further anecdotes of how multiple communities have collaborated on this project. This first-hand information from one of the project team maintainers will aim to excite and get people thinking about how they can implement feature flags in their own workloads.
Turn Me On With Cloud-Native Feature Flags! - Alex Jones, Canonical
Speakers: Alex Jones
Feature flags have long been loved for the ease of turning on or off components running in production. They are fantastic for everything from chaos testing to market research. Open Feature, a new project in the CNCF sandbox, is dedicated to creating a ubiquitous specification for feature flags and enabling them across the entire cloud-native stack. In this talk, we look specifically at the Kubernetes native implementation of Open Feature and illustrate how multiple types of pod workloads can now leverage feature flags. Whether they are web servers, C processes or serverless functions, all can use either Kubeneters native primitives or remote configuration to enable experimentation in a new way. The speaker will walk through key project components such as FlagD and explain the design choices and usage of these services, including an overview of how this enables a complete feature flagging system; with further anecdotes of how multiple communities have collaborated on this project. This first-hand information from one of the project team maintainers will aim to excite and get people thinking about how they can implement feature flags in their own workloads.
- 2 participants
- 31 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: Reducing the Sticker Price Of Kubernetes Security - Pushkar Joglekar, VMware
Speakers: Pushkar Joglekar
NOTE: To have the best experience during the tutorial, please download the tools in this section of the README: https://github.com/PushkarJ/kccncna-22-tutorial#pre-requisites prior to the session.
Further Reading is on Slide 52 of the attached slide deck PDF.
“Securing Kubernetes is full of landmines with Dragons lurking everywhere you see _yaml_.” Sounds familiar? This statement captures the general feeling of many years of many End User admins who are tasked with managing Kubernetes clusters. In the last couple of years, however, the community has worked on several incremental changes that have improved the security posture of Kubernetes significantly. Good news is that they are simple and do not require weeks to get them right! In this tutorial, Pushkar Joglekar will take you on a journey of learning hands-on techniques, open source tools, and newer security enhancements that will make deploying a secure kubernetes cluster faster and a little bit easier. We will start with verifying signed kubernetes release images for any version of your choice, applying Pod Security Standards at cluster or namespace level and configuring Runtime SecComp Profile by default for all workloads in a cluster running on your own system. At the end we will tie all these security features to real world vulnerabilities and known attacks to get that fuzzy and warm feeling, on a cold October day in Detroit, of being able to prevent vulnerability exploits in your clusters because you applied what you learnt in this tutorial. Happy Honking Defensively !!!
Tutorial: Reducing the Sticker Price Of Kubernetes Security - Pushkar Joglekar, VMware
Speakers: Pushkar Joglekar
NOTE: To have the best experience during the tutorial, please download the tools in this section of the README: https://github.com/PushkarJ/kccncna-22-tutorial#pre-requisites prior to the session.
Further Reading is on Slide 52 of the attached slide deck PDF.
“Securing Kubernetes is full of landmines with Dragons lurking everywhere you see _yaml_.” Sounds familiar? This statement captures the general feeling of many years of many End User admins who are tasked with managing Kubernetes clusters. In the last couple of years, however, the community has worked on several incremental changes that have improved the security posture of Kubernetes significantly. Good news is that they are simple and do not require weeks to get them right! In this tutorial, Pushkar Joglekar will take you on a journey of learning hands-on techniques, open source tools, and newer security enhancements that will make deploying a secure kubernetes cluster faster and a little bit easier. We will start with verifying signed kubernetes release images for any version of your choice, applying Pod Security Standards at cluster or namespace level and configuring Runtime SecComp Profile by default for all workloads in a cluster running on your own system. At the end we will tie all these security features to real world vulnerabilities and known attacks to get that fuzzy and warm feeling, on a cold October day in Detroit, of being able to prevent vulnerability exploits in your clusters because you applied what you learnt in this tutorial. Happy Honking Defensively !!!
- 3 participants
- 1:29 hours
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Tutorial: kubectl Create Cluster: Production-ready Kubernetes with Cluster API 1.0 - Killian Muldoon, Shivani Singhal, Yuvaraj Balaji Rao Kakaraparthi & Stefan Büringer, VMware; Jack Francis, Microsoft
Speakers: Yuvaraj Balaji Rao Kakaraparthi, Stefan Büringer, Shivani Singhal, Killian Muldoon, Jack Francis
Attention: Please note this tutorial requires that some tools like Docker are already locally installed. To provide a smooth experience during the tutorial, please install the preqrequistes already before the session. Detailed instructions can be found under Prerequisites. MacOS and Linux are fully supported, but Windows support is best-effort only. Minimum Resources: 4 CPU, 16 GB RAM and 32 GB free disk space.
Did you know you can create and manage a fleet of Kubernetes clusters just as easily as deploying Pods? Learn how to leverage Cluster API to create, update and manage your infrastructure, whether in the cloud or on-premises. Cluster API brings declarative management of entire clusters to the infrastructure provider of your choice.
Using your local machine you will learn how to create a fleet of clusters with Cluster API, scale up and down the number of nodes, and run a one-touch upgrade of entire clusters, all in just a few minutes.
This tutorial is designed for people who have some experience managing Kubernetes, and are interested in a new approach to solving the problem of operating clusters. You will leave this tutorial with the skills to automate fleets of clusters running production-grade Kubernetes.
Please note, this tutorial focuses on showcasing Cluster API features with the Docker provider which is using Docker on the local machine.
Tutorial: kubectl Create Cluster: Production-ready Kubernetes with Cluster API 1.0 - Killian Muldoon, Shivani Singhal, Yuvaraj Balaji Rao Kakaraparthi & Stefan Büringer, VMware; Jack Francis, Microsoft
Speakers: Yuvaraj Balaji Rao Kakaraparthi, Stefan Büringer, Shivani Singhal, Killian Muldoon, Jack Francis
Attention: Please note this tutorial requires that some tools like Docker are already locally installed. To provide a smooth experience during the tutorial, please install the preqrequistes already before the session. Detailed instructions can be found under Prerequisites. MacOS and Linux are fully supported, but Windows support is best-effort only. Minimum Resources: 4 CPU, 16 GB RAM and 32 GB free disk space.
Did you know you can create and manage a fleet of Kubernetes clusters just as easily as deploying Pods? Learn how to leverage Cluster API to create, update and manage your infrastructure, whether in the cloud or on-premises. Cluster API brings declarative management of entire clusters to the infrastructure provider of your choice.
Using your local machine you will learn how to create a fleet of clusters with Cluster API, scale up and down the number of nodes, and run a one-touch upgrade of entire clusters, all in just a few minutes.
This tutorial is designed for people who have some experience managing Kubernetes, and are interested in a new approach to solving the problem of operating clusters. You will leave this tutorial with the skills to automate fleets of clusters running production-grade Kubernetes.
Please note, this tutorial focuses on showcasing Cluster API features with the Docker provider which is using Docker on the local machine.
- 8 participants
- 1:30 hours
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Understanding the Future of Ingress-nginx - James Strong, Chainguard & Ricardo Katz, VMware
Speakers: Ricardo Katz, James Strong
In this talk, we will present the survey results from our Ingress-nginx community survey. The survey's goal was to know what we should be doing for future releases and how to prioritize features, bugs, or other issues important to the community. The ingress-nginx project is undergoing a stabilization project as well. This stabilization project has worked to increase the security, review and deprecate older features, and fix long-standing issues with the project. We will examine the current status of the stabilization project and invite community members and users to join us to discuss the future of the ingress-nginx project.
Understanding the Future of Ingress-nginx - James Strong, Chainguard & Ricardo Katz, VMware
Speakers: Ricardo Katz, James Strong
In this talk, we will present the survey results from our Ingress-nginx community survey. The survey's goal was to know what we should be doing for future releases and how to prioritize features, bugs, or other issues important to the community. The ingress-nginx project is undergoing a stabilization project as well. This stabilization project has worked to increase the security, review and deprecate older features, and fix long-standing issues with the project. We will examine the current status of the stabilization project and invite community members and users to join us to discuss the future of the ingress-nginx project.
- 6 participants
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Unsung Hero Of the Cloud Native Revolution: Container Linux Then And Now - Vincent Batts, Microsoft Azure
Speakers: Vincent Batts
Back in 2013, Alex Polvi and Brandon Philips had a vision for a minimal Linux distribution: a kernel, systemd and just enough additional packages to run containers. This “CoreOS” was as much a part of the early cloud native revolution as Docker and Kubernetes, and has spawned or inspired many subsequent container-optimized Linux distributions each with its own unique place in the ecosystem. In this talk, I review what defines a container-optimized Linux and how it changes the experience of running software like Kubernetes compared with a traditional enterprise Linux. I also share a “family tree” landscape of container Linuxes widely used in the community today, compare/contrast their philosophies, and consider some of the current active areas of development and innovation in the space.
Unsung Hero Of the Cloud Native Revolution: Container Linux Then And Now - Vincent Batts, Microsoft Azure
Speakers: Vincent Batts
Back in 2013, Alex Polvi and Brandon Philips had a vision for a minimal Linux distribution: a kernel, systemd and just enough additional packages to run containers. This “CoreOS” was as much a part of the early cloud native revolution as Docker and Kubernetes, and has spawned or inspired many subsequent container-optimized Linux distributions each with its own unique place in the ecosystem. In this talk, I review what defines a container-optimized Linux and how it changes the experience of running software like Kubernetes compared with a traditional enterprise Linux. I also share a “family tree” landscape of container Linuxes widely used in the community today, compare/contrast their philosophies, and consider some of the current active areas of development and innovation in the space.
- 1 participant
- 31 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Vitess: Introduction And New Features - Deepthi Sigireddi, Matt Lord & Rohit Nayak, PlanetScale
Speakers: Deepthi Sigireddi, Rohit Nayak, Matt Lord
Vitess is a cloud-native database solution that enables virtually unlimited scaling of MySQL. In this session we’ll first cover a high level overview of Vitess features, the architecture, and what database workloads are a good fit. We’ll then dive deeper into VReplication — the Vitess subsystem that enables seamless migrations, resharding, materialized views, CDC, job queues, and other data workflows. This is a big part of the value Vitess offers in empowering infrastructure teams to manage a fleet of MySQL servers as a single logical database. We’ll conclude with demos of key VReplication workflows to illustrate how they make it easy to perform common data management tasks.
Vitess: Introduction And New Features - Deepthi Sigireddi, Matt Lord & Rohit Nayak, PlanetScale
Speakers: Deepthi Sigireddi, Rohit Nayak, Matt Lord
Vitess is a cloud-native database solution that enables virtually unlimited scaling of MySQL. In this session we’ll first cover a high level overview of Vitess features, the architecture, and what database workloads are a good fit. We’ll then dive deeper into VReplication — the Vitess subsystem that enables seamless migrations, resharding, materialized views, CDC, job queues, and other data workflows. This is a big part of the value Vitess offers in empowering infrastructure teams to manage a fleet of MySQL servers as a single logical database. We’ll conclude with demos of key VReplication workflows to illustrate how they make it easy to perform common data management tasks.
- 5 participants
- 40 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What Container Runtime Do I Need? - Abubakar Siddiq Ango, GitLab
Speakers: Abubakar Siddiq Ango
Docker made container technology approachable and easy to adopt, but the recent need to replace Docker has opened up several options and complexity, which can be daunting to someone new to Container technologies. Knowing what runtime engine is suited for what type of use case is crucial in making the right choice when reaching for a replacement. In this talk, Abubakar will start with a brief primer about what the Container runtime does, the common ones available, what they have in common and what sets them apart. We will also see different use cases applicable to different container runtime engines. At the end of the talk, the listener will be better informed in choosing the most preferred runtime engine for their workload.
What Container Runtime Do I Need? - Abubakar Siddiq Ango, GitLab
Speakers: Abubakar Siddiq Ango
Docker made container technology approachable and easy to adopt, but the recent need to replace Docker has opened up several options and complexity, which can be daunting to someone new to Container technologies. Knowing what runtime engine is suited for what type of use case is crucial in making the right choice when reaching for a replacement. In this talk, Abubakar will start with a brief primer about what the Container runtime does, the common ones available, what they have in common and what sets them apart. We will also see different use cases applicable to different container runtime engines. At the end of the talk, the listener will be better informed in choosing the most preferred runtime engine for their workload.
- 1 participant
- 35 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What Data Tells Us About Software Supply Chain Security & What To Do About It - Josh Bressers, Anchore; Tracy Miranda, Chainguard; John Yeoh, Cloud Security Alliance; Eric Tice, Wipro
Speakers: Eric Tice, Josh Bressers, Tracy Miranda, John Yeoh
Getting real-world data can help you decide where to focus and when to pivot. And there is plenty of eye-opening data from surveys and reports on the security of cloud-native and open source software, as well as the security of the software supply chain as a whole. Often we read these headlines and move on to the next task on our list. But this critical data can help identify the most important actions we should take to improve the security of our open source project or software application. In this session, a panel of experts will examine a number of key data points from recent surveys and reports and provide immediate, actionable steps organizations and projects can take to improve the security of their software. Session attendees will gain insights that can be used to make a business case or to implement critical projects to secure their software supply chain.
What Data Tells Us About Software Supply Chain Security & What To Do About It - Josh Bressers, Anchore; Tracy Miranda, Chainguard; John Yeoh, Cloud Security Alliance; Eric Tice, Wipro
Speakers: Eric Tice, Josh Bressers, Tracy Miranda, John Yeoh
Getting real-world data can help you decide where to focus and when to pivot. And there is plenty of eye-opening data from surveys and reports on the security of cloud-native and open source software, as well as the security of the software supply chain as a whole. Often we read these headlines and move on to the next task on our list. But this critical data can help identify the most important actions we should take to improve the security of our open source project or software application. In this session, a panel of experts will examine a number of key data points from recent surveys and reports and provide immediate, actionable steps organizations and projects can take to improve the security of their software. Session attendees will gain insights that can be used to make a business case or to implement critical projects to secure their software supply chain.
- 9 participants
- 32 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What We Learned From the Gateway API: Designing Linkerd’s New Policy CRD - Matei David, Buoyant, Inc
Speakers: Matei David
Since the introduction of the new Gateway APIs, created by the SIG Network community, Linkerd maintainers have been working on leveraging a new pattern known as policy attachment in Linkerd’s authorization mechanism. In this talk, Matei, a Linkerd maintainer, will briefly cover the collection of Gateway APIs, what policy attachment represents, and how it works in practice, and uncover how Linkerd’s authorization policies have been revised with the policy attachment pattern in mind. Policy attachment, as outlined by the SIG Network community, allows platform-level policies, such as timeouts, retries, and custom health checks, to attach to any arbitrary Kubernetes type. This enables users to create custom policies that extend, and plug into the API instead of being a concrete part of it.
What We Learned From the Gateway API: Designing Linkerd’s New Policy CRD - Matei David, Buoyant, Inc
Speakers: Matei David
Since the introduction of the new Gateway APIs, created by the SIG Network community, Linkerd maintainers have been working on leveraging a new pattern known as policy attachment in Linkerd’s authorization mechanism. In this talk, Matei, a Linkerd maintainer, will briefly cover the collection of Gateway APIs, what policy attachment represents, and how it works in practice, and uncover how Linkerd’s authorization policies have been revised with the policy attachment pattern in mind. Policy attachment, as outlined by the SIG Network community, allows platform-level policies, such as timeouts, retries, and custom health checks, to attach to any arbitrary Kubernetes type. This enables users to create custom policies that extend, and plug into the API instead of being a concrete part of it.
- 3 participants
- 24 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
What's New In Operator Framework? - Alexander Greene, Austin Macdonald & Varsha Prasad Narsing, Red Hat; Jonathan Berkhahn, IBM
Speakers: Austin Macdonald, Alexander Greene, Varsha Prasad Narsing, Jonathan Berkhahn
Operator Framework is an open source project for scaffolding, deploying, and managing Kubernetes Operators and includes Operator SDK and Operator Lifecycle Manager. Come learn about recent developments in Operators, including RukPak and Deppy, two of the new-and-improved components of Operator Lifecycle Manager.
What's New In Operator Framework? - Alexander Greene, Austin Macdonald & Varsha Prasad Narsing, Red Hat; Jonathan Berkhahn, IBM
Speakers: Austin Macdonald, Alexander Greene, Varsha Prasad Narsing, Jonathan Berkhahn
Operator Framework is an open source project for scaffolding, deploying, and managing Kubernetes Operators and includes Operator SDK and Operator Lifecycle Manager. Come learn about recent developments in Operators, including RukPak and Deppy, two of the new-and-improved components of Operator Lifecycle Manager.
- 9 participants
- 34 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
When the Logs Just Don’t Cut It: Root-Causing Incidents Without Re-Deploying Prod - Phillip Kuznetsov, New Relic
Speakers: Phillip Kuznetsov
We’ve all been there: your pod is crash-looping, you check the logs and you realize you forgot to log something important - now you’re unable to figure out what went wrong. You try to reproduce the problem locally with no luck: it only seems to happen in production. What do you do? Do you re-deploy to production with more print statements? You could burn hours doing that while you risk more problems. What if you could instead get that same data without the headache of restarting prod? In this talk, I’ll show you how to magically collect this data using bpftrace. Bpftrace lets you capture lots of useful data (function arguments, return values, latencies of individual functions - just to name a few) without re-deploying pods. Bpftrace is very powerful, but can be complex to work with, especially in multi-node environments like a Kubernetes cluster. I’ll show you how to cut past these problems by walking through a demo incident. I’ll show you some tips and tricks for working with bpftrace on Kubernetes, including how to leverage Pixie to easily deploy and collect data from bpftrace scripts.
When the Logs Just Don’t Cut It: Root-Causing Incidents Without Re-Deploying Prod - Phillip Kuznetsov, New Relic
Speakers: Phillip Kuznetsov
We’ve all been there: your pod is crash-looping, you check the logs and you realize you forgot to log something important - now you’re unable to figure out what went wrong. You try to reproduce the problem locally with no luck: it only seems to happen in production. What do you do? Do you re-deploy to production with more print statements? You could burn hours doing that while you risk more problems. What if you could instead get that same data without the headache of restarting prod? In this talk, I’ll show you how to magically collect this data using bpftrace. Bpftrace lets you capture lots of useful data (function arguments, return values, latencies of individual functions - just to name a few) without re-deploying pods. Bpftrace is very powerful, but can be complex to work with, especially in multi-node environments like a Kubernetes cluster. I’ll show you how to cut past these problems by walking through a demo incident. I’ll show you some tips and tricks for working with bpftrace on Kubernetes, including how to leverage Pixie to easily deploy and collect data from bpftrace scripts.
- 11 participants
- 30 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Who Knew Dogfood Could Taste This Good? A WebAssembly In Production Story - Taylor Thomas & Brooks Townsend, Cosmonic
One of the most common refrains we hear when we talk to people about WebAssembly (Wasm) is "well...I've seen tons of examples but it seems like it is just a toy and not ready for production." In this talk, we hope to prove the opposite! We will discuss how Cosmonic built almost its entire platform using Wasm and wasmCloud. To start, we will review what Wasm and wasmCloud are and how they work. Then, using what we built at Cosmonic as context, we will dive into concrete details of real databases, message queues, event sourcing, key-value stores, infrastructure provisioning, tracing, metrics, and security controls – all leveraging Wasm! With that knowledge, we will review the pros and cons of using Wasm, the gaps that need to be filled, the lessons we learned, and how it helped influence the Wasm community.
Who Knew Dogfood Could Taste This Good? A WebAssembly In Production Story - Taylor Thomas & Brooks Townsend, Cosmonic
One of the most common refrains we hear when we talk to people about WebAssembly (Wasm) is "well...I've seen tons of examples but it seems like it is just a toy and not ready for production." In this talk, we hope to prove the opposite! We will discuss how Cosmonic built almost its entire platform using Wasm and wasmCloud. To start, we will review what Wasm and wasmCloud are and how they work. Then, using what we built at Cosmonic as context, we will dive into concrete details of real databases, message queues, event sourcing, key-value stores, infrastructure provisioning, tracing, metrics, and security controls – all leveraging Wasm! With that knowledge, we will review the pros and cons of using Wasm, the gaps that need to be filled, the lessons we learned, and how it helped influence the Wasm community.
- 4 participants
- 36 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Whose Packet Is It Anyway? Life of a Packet Through a Service Mesh - Kevin Leimkuhler, Buoyant & Doug Jordan, Airbnb
In this talk, Kevin and Doug will trace a packet through its journey between a meshed client and server. They'll explore how the path of a packet changes after installing a service mesh, the additional hops it introduces, and which networking changes ensure the application's behavior isn't affected. First they'll observe the networking rule changes that allow for a proxy to intercept traffic. Once we understand what changes about how a packet travels through the kernel, we'll better understand how to observe it in the following steps. Next, in order to observe this packet on its journey they'll take a dive into the Kubernetes networking debugging space. How do you properly use debug containers to observe traffic between other containers? Once you have debugging capabilities, what tools can we use to observe the traffic? Using these tools, attendees will understand what is happening behind the scenes of a service mesh and how a packet travels within it.
Whose Packet Is It Anyway? Life of a Packet Through a Service Mesh - Kevin Leimkuhler, Buoyant & Doug Jordan, Airbnb
In this talk, Kevin and Doug will trace a packet through its journey between a meshed client and server. They'll explore how the path of a packet changes after installing a service mesh, the additional hops it introduces, and which networking changes ensure the application's behavior isn't affected. First they'll observe the networking rule changes that allow for a proxy to intercept traffic. Once we understand what changes about how a packet travels through the kernel, we'll better understand how to observe it in the following steps. Next, in order to observe this packet on its journey they'll take a dive into the Kubernetes networking debugging space. How do you properly use debug containers to observe traffic between other containers? Once you have debugging capabilities, what tools can we use to observe the traffic? Using these tools, attendees will understand what is happening behind the scenes of a service mesh and how a packet travels within it.
- 2 participants
- 33 minutes
11 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
You Like It Or Not; You Need It! - PKI And Certificate Management - Shweta Vohra, IBM
Speakers: Shweta Vohra
PKI (Primary Key Infrastructure) and Certificate management are must to have feature in production as they provide critical security measure while communicating over network within or outside your Infrastructure (VMs or Clusters). Production environments are increasingly dynamic and heterogeneous with micro-services, service mesh, container orchestrators, and cloud computing. When you use Certificates for Kubernetes clusters it’s still a simple problem. However, when you design and implement it for microservices and service mesh that's where the real fun begins. I disliked this topic so much, avoided it for long and then after messing it up, learnt it the hard way. All this to discover it can be understood with little patience. In this session I will be presenting basics about certificates infrastructure, demo, followed by 5 must know about certificate management for every software application creator/owner/maintainer and how to handle it wisely with open-source tool like Spiffe/Spire without getting intimidated with the complexity it brings.
You Like It Or Not; You Need It! - PKI And Certificate Management - Shweta Vohra, IBM
Speakers: Shweta Vohra
PKI (Primary Key Infrastructure) and Certificate management are must to have feature in production as they provide critical security measure while communicating over network within or outside your Infrastructure (VMs or Clusters). Production environments are increasingly dynamic and heterogeneous with micro-services, service mesh, container orchestrators, and cloud computing. When you use Certificates for Kubernetes clusters it’s still a simple problem. However, when you design and implement it for microservices and service mesh that's where the real fun begins. I disliked this topic so much, avoided it for long and then after messing it up, learnt it the hard way. All this to discover it can be understood with little patience. In this session I will be presenting basics about certificates infrastructure, demo, followed by 5 must know about certificate management for every software application creator/owner/maintainer and how to handle it wisely with open-source tool like Spiffe/Spire without getting intimidated with the complexity it brings.
- 1 participant
- 36 minutes
10 Nov 2022
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Contributing To the Kubernetes Website: A Guide For Everyone - Divya Mohan & Rey Lejano, SUSE; Tim Bannister, The Scale Factory; Natali Vlatko, Wayfair; Arsh Sharma, Okteto
Are you curious about how a large project like Kubernetes maintains its documentation? Whether it be guides, reference documentation, or the official blog, SIG Docs is responsible for maintaining all the content you see on the Kubernetes website. Yes, even the localized versions! This session gives you a behind-the-scenes glimpse of how we do it with a quick tour through the tech stack, the people powering it, and some of the things we’ve worked on in the past. We will then dive deep into some of the ongoing efforts of the SIG as well as some targeted initiatives with a particular focus on how you (yes, YOU!) can get involved. This talk is for total newcomers, experienced Kubernetes contributors who want to document their new features, web developers, localization team members, people who would like to help a localization team, and anyone else interested in improving the main Kubernetes website.
Contributing To the Kubernetes Website: A Guide For Everyone - Divya Mohan & Rey Lejano, SUSE; Tim Bannister, The Scale Factory; Natali Vlatko, Wayfair; Arsh Sharma, Okteto
Are you curious about how a large project like Kubernetes maintains its documentation? Whether it be guides, reference documentation, or the official blog, SIG Docs is responsible for maintaining all the content you see on the Kubernetes website. Yes, even the localized versions! This session gives you a behind-the-scenes glimpse of how we do it with a quick tour through the tech stack, the people powering it, and some of the things we’ve worked on in the past. We will then dive deep into some of the ongoing efforts of the SIG as well as some targeted initiatives with a particular focus on how you (yes, YOU!) can get involved. This talk is for total newcomers, experienced Kubernetes contributors who want to document their new features, web developers, localization team members, people who would like to help a localization team, and anyone else interested in improving the main Kubernetes website.
- 2 participants
- 8 minutes
