Cloud Native Computing Foundation / Kubernetes Forum Seoul 2019

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Advanced Network Capability for NFV on Kubernetes - Ashish Billore, Samsung Electronics & 박종한, Samsung

Kubernetes is becoming the choice of platform for containerized applications.
Applications benefit from the built in capabilities of managing and orchestrating container lifecycle at scale.
Telco and NFV usecases, especially for 5G, too are looking to benefit from these capability of kubernetes.

However, usecases for Telco and NFV containerized applications require advanced networking capabilities for user-plane or the data path.
In this session we’ll cover some of these advanced networking requirements and how some of these are fulfilled using various kubernetes capabilities while others are being adopted from some of the existing options such as Neutron (OpenStack networking project).
Session also goes over the challenges and future directions.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Adventures in Production with GitOps, Secure Pipelines and Compliance - Brandon Lum, IBM & Ricardo Aravena, Rakuten

In the last two years, Kubernetes GitOps has become more common in many organizations helping them enhance their software CI/CD by removing manual commands and keeping release versions consistent. However, there are still some gaps when it comes to security and compliance technologies.

We will go over some of the most popular open-source tools for GitOps, container images scanning, encryption and signing tools and how they work together. Among them, Flux, Scaffold, Ignite, Aqua scanner, in-toto, and Grafeas. In addition, we will talk about incorporating compliance into DevSecOps pipelines and explore the importance of application specifications such as CNAB.

In the end, the audience will understand how to create a container software pipeline in a fully automated, encrypted and secure way with Kubernetes in production environments, with compliance built-in.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Filling the Gaps in Kubernetes Test Coverage - Hippie Hacker, ii.coop

Are the Kubernetes behaviors your applications actually require well tested and guaranteed to be available on all cloud providers?

In this session, you will learn how to ensure your Kubernetes API surface area usage is exercised by tests all Kubernetes Certified Service Providers must pass.

We will cover:
- the e2e test suite
- automation that runs the suite before code is merged into Kubernetes.
- the API surface area covered by these tests
- the API surface area required by several popular applications.
- Identifying the untested API surface area your applications require
- Contributing tests that increase API surface coverage
- Promoting tests to Conformance

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Getting Involved in Kubernetes SIG Docs and Korean Localization - Seokho Son, Electronics and Telecommunications Research Institute (ETRI) & Ian Choi, Microsoft

Kubernetes documentation and localization are vital parts of Kubernetes community. High-quality documentation helps people start to use Kubernetes and keep using it properly, and localization is an essential activity to spread Kubernetes to people who are not familiar with English. Kubernetes SIG Docs (Docs Special Interest Group) supports localization for various languages, and Korean localization team is one of the active localization teams in SIG Docs.
In this presentation, Seokho Son and Ian Choi will introduce Kubernetes SIG Docs and remark the importance of documentation and localization in the community, introduce the Korean localization team with the current status and progress, and show you the contribution procedure and a way to get involved in. Anyone is welcome to file issues about content and to open a pull request. You may also become a member, reviewer, or approver.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

How to Debug the Pod Which is Hard to Debug - Eohyung Lee, Kakao Enterprise

When using Kubernetes, users face a variety of problems. The most diverse of these problems occurs in pods. So users need to know how to debug pods.

Of course, the start of debugging a pod is taking a look at it's status and logs and events. But, in most case, this is not enough. So the users want to get the shell from a pod and test it by reproducing the same situation as the problem. But there are pods that are impossible to get the shell such as scratch image.
So this session will introduce various techniques for debugging pods with minimal or no modification workloads.
In particular, the following cases will be explained.

* debugging docker, containerd pod
* debugging pod using host informations, tools
* debugging pod in crashloopback status
* debugging pod based scratch image
* debugging readonly disk pods

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Improving Monitoring Systems Interoperability with Prometheus & OpenMetrics - Chan Shik Lim, NexCloud

Prometheus is the top-listed monitoring technology in use for container clusters whilst enterprises are taking their legacy IT infrastructure the cloud native environments such as Kubernetes. Prometheus collects and stores the metrics that are preset in exposition formats that it makes the container cluster monitoring feasible by exporting the metrics data in exposition format regardless of OS and programming languages.

The OpenMetrics Project is in progress in an effort to further extend the Prometheus exposition format by determining a standard for exposing metrics data, and is aimed at allowing heterogeneous monitoring systems to share data effortlessly as a means to improving interoperability. In this presentation, ChanShik will cover the methodology of improving Prometheus-based monitoring systems by taking advantage of OpenMetrics-based standard metrics protocol.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Keynote: Getting to Know Helm 3 - Matt Farina, Senior Staff Engineer, Samsung SDS

Helm version 3 was recently released with new features and a new architecture to support those features. The changes to Helm and charts were based on feedback, changes to Kubernetes, and lessons learned in the past couple years. In this session you will learn:

• New features you can leverage in charts
• The new Helm client security model
• How using the command line has changed
• Where the architecture has changed to support new features going forward
• Some insight into upcoming features including an experimental feature available today

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Keynote: Hiding in the Dark - Dan Kohn, Executive Director, Cloud Native Computing Foundation

What can Minecraft teach us about the adoption of cloud native technologies?

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Keynote: Kubeflow Endoscopy - Hong Seok Hwan, CEO, Dudaji, Inc.

They are a medical AI team. It consists of doctor and S/W engineer. They are actively working on AI projects, including publishing the topic ""Reading gastric endoscopic gastric cancer"" in the journal Endoscopy. This group is interested in doing AI research efficiently. The group is doing AI research with Kubeflow and Katib this year and seeing great results. They share their experiences in this session and cover the following:

(1) Basic knowledge of Hyper parameter tuning
(2) Kubeflow and Katib basic knowledge
(3) Pros and Cons of Hyperparameter Tuning Library
(4) Kubernetes and Kubeflow at the Medical AI Center
(5) Kubeflow and Katib use cases

In this session, the audience will learn how Kubeflow and Katib have been applied to real-world research. If an institute that is doing AI projects inefficiently is looking for an efficient platform, it can be the best starting point.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Keynote: Kubernetes and Cloud Native: The Past, Present, and Future - Cheryl Hung, Director of Ecosystem, Linux Foundation

Google started using Borg as its internal workload manager in 2003. In 2014, Google introduced Kubernetes as an open source container orchestration platform that leveraged what it had learned from Borg. Now it is one of the world’s most popular open source projects, used by more than 71% of Fortune 100 companies.

Cheryl Hung, Director of Ecosystem at the Cloud Native Computing Foundation, will present how and why the Kubernetes community has grown to its present state, the role of the CNCF as a neutral home, and where we might go next.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Keynote: Multicluster Strategies to “Kubernetify” Legacy Apps - Sai Vennam, Developer Advocate, IBM

Container-based application architectures powered by Kubernetes have seen large-scale adoption and have become the industry standard for developing new cloud-native applications. However, the overwhelming majority have existing legacy applications they need to modernize, while also innovating with the latest and greatest cloud-native technologies.

A standard pattern for modernization is to leverage a hybrid or multi-cluster approach, easing the path to the cloud by integrating your apps running anywhere: on-prem, private and public clouds. In this talk, I’ll outline key modernization strategies using multi-cluster Kubernetes, and service mesh capabilities with Istio. Then we’ll dive into a real-world demo, where we'll “kubernetify” a sample legacy application and integrate it with services across multiple clusters, all while maintaining a stack based on open-source technologies.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Keynote: Security and the OODA Loop - Liz Rice, Technology Evangelist, Aqua Security

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Kubernetes Scalability: Federation & Cluster API - Katie Gamanji, Condé Nast International

In the past years, Kubernetes has been the nucleus of container orchestration frameworks. With the growing number of microservices in a cluster, scalability is one of the core pillars for a fault-tolerant application. Additionally, from a technological landscape standpoint, the cloud platform teams are highly focused on delivering scalable, reliable and highly available platforms. Scalability on the Kubernetes clusters can be approached on the application level and cluster level. While the application level scaling techniques (e.g. HPA and VPA) are widely used, Federation v2 and Cluster API are emerging tools that still prove their worth in a production setup.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Kubernetes Security Best Practices - Ian Lewis, Google

Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different that security isolation. How do we make applications deployed in containers more secure? What tools can be we apply to our containers running in Kubernetes to make them more secure? How can we apply policy to our network and services to make sure applications only have access to what they need and nothing more?

In this talk, attendees will learn about the risks and attack surfaces of a Kubernetes cluster. s-We'll look at tools like PodSecurityPolicy, SELinux, AppArmor, seccomp, and sandboxed containers in action to improve the security of containers. We’ll then go up the stack and learn how to apply network policy to containers to further improve security.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

OCI, CRI, ??: Making Sense of the Container Runtime Landscape in Kubernetes - Phil Estes, IBM

You've probably heard about the OCI—a standardization effort to share a common definition for container runtime, image, and image distribution. Add to that the CRI (container runtime interface) in Kubernetes—designed to abstract the container runtime from the kubelet—and you may start to wonder what all these standards and interfaces mean for you in a Kubernetes world.

As of this year, a long list of runtimes, including CNCF projects containerd and cri-o, all implement the CRI. But did you know there are quite a few others? The unique number of CRI combinations is growing, all of which use the common OCI definitions for runtime and image interoperability.

But how would you decide which container runtime is right for you? Clearly each one has tradeoffs. This talk will help describe the current landscape and give you details on the why and how of each CRI implementation available today.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Policing Your Kubernetes Clusters with Open Policy Agent (OPA) - Mark Puddick & Amith Nambiar, Pivotal

Open Policy Agent (CNCF project) is a full-featured policy engine that offloads policy decisions from your Kubernetes cluster to an external service.

Policies are essential to the long-term success of an organization, because they encode important knowledge about how to comply with legal requirements, avoid repeating mistakes, and so on.

For example, a custom policy could be that developers are ONLY allowed to reference container images in their Deployments from your own Private registry. Other could be , Developers must have certain labels be present in all deployment definitions identifying the business unit to chargeback to.

Join us as we take you through configuring and deploying custom policies using the Open Policy Agent. We will cover some common policies used in enterprises and walk you through how to implement them in OPA using Rego. Rego is OPA’s native query language.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Re-architecting Data Platform with Spark on Kubernetes - SeungYong Oh, Devsisters

Since last year, many data platform projects including Apache Spark began to support the Kubernetes environment. What differentiates the Kubernetes environment and motivates engineers to use it over the existing environments? Should we move to Kubernetes environment while everything works well even now?

The talk will discuss Devsisters' journey of migrating its internal data platform including Spark to Kubernetes. During the process, we found out that migrating to the Kubernetes environment actually involved re-architecting our data platform, which lead to huge benefits including enhancing user experiences and collaboration workflows. The process and outcome of our journey will be shared in detail, along with an overview of the current technology status and its details.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Running gRPC Services for Serving Legacy RESTful API on Kubernetes - Sungwon Lee & Hoseong Hwang, Buzzvil

gRPC is best suited for microservice communication. gRPC is fast, clear and powerful. It is an excellent alternative to address the verbose client problem when architecting a microservice infrastructure.

But the legacy environment is always a big hurdle for changes. You must support existing clients that only understand RESTful HTTP API. In other cases, you need to provide RESTful APIs to the outside world. This session suggests solutions to resolve these problems.

The session covers:
- Why the team chose gRPC as the inter-service communication protocol while moving from a monolith to microservices and the challenges they faced.
- How they leveraged Istio to support RESTful APIs using gRPC servers without additional development.
- How they set up CI/CD to deliver API changes (including legacy API) using Helm and Spinnaker.
- What they have learned through it and future improvements.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Smooth Operator - A Rough Guide to Kubernetes Operators - Olive Power, VMware

Kubernetes Operators are key to the automation of complex containerised applications. They facilitate the encoding of post deployment configuration information into Kubernetes primitives. This means operational tasks like installation and configuration (day 1), update, reconfiguration and failover (day 2), can exist as software inside Kubernetes, with integration into the Kubernetes API. This integration makes these applications Kubernetes-native. In this talk we will discuss the genesis and evolution of Kubernetes Operators. In addition, we will discuss their use in some common complex applications being orchestrated by Kubernetes today. Finally, we will touch on the process of building an Operator and how that process pathway looks. Kubernetes Operators take the rough edges off a complex application, enabling smooth automation!

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

The Secret Recipe of etcd - Junho Son, Line Plus

etcd is the heart of a kubernetes cluster.
However, most kubernetes endusers don't care much until the problem occurs.
And as the cluster grows, etcd sends small signals for changing configuration.
In order to detect the signal in advance and configure etcd for the state of the cluster, it is necessary to understand etcd.
In this session, He will talk about how etcd works and monitors, etcd tunning points for cluster conditions, and what user need to do to ensure stable operation.

Presenter Son Junho studied kubernetes at NCSOFT and built and operated a large cluster for web services.
Currently, He is developing and operating a cloud native app deployment service on a kubernetes cluster called Nucleo at Line Plus. He is studying the knowledge of what is needed to run a large kubernetes cluster.

Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects

Understanding the Cluster-API Structure Through the Openstack Provider - Jaesang Lee & Esther Kim, SK Telecom

The Cluster API is a Kubernetes project to bring declarative, Kubernetes-style APIs to cluster creation, configuration, and management. It provides optional, additive functionality on top of core Kubernetes. The Cluster API allows us to automate the deployment of Kubernetes
in a more advanced way. In this session, we'll use the CAPO(Cluster-API Provider OpenStack) to build Kubernetes on OpenStack VMs and learn about how Cluster-API works and how to implement it.