KubeCon + CloudNativeCon North America 2020


App Testing at Scale: How Bitnami Tests Thousands of Releases Per Month

Bitnami publishes a collection of over 180 open source applications and components on over twenty platforms, resulting in thousands of unique image builds and releases every month. Every single one of those releases is automatically tested in the ...

Juan Jose Martos Castro


A Flight Over the Cloud Native Landscape

The Cloud Native Computing Landscape is big! And it's just getting bigger all the time. There are already 12 graduated and 21 incubating projects in the foundation! Most of us have heard of a few of these projects. But who really knows what they a...

Carson Anderson

What is the Kubernetes Code of Conduct Committee and What is it Working On

The Kubernetes community has its own elected Code of Conduct Committee (CoCC) but what exactly does this group do? In this session, we will cover the purpose and scope of the CoCC, introduce the current committee members, and share our progress on...

Karen Chu, Aeva Black

A Walk Through the Kubernetes UI Landscape

Working with Kubernetes clusters and workloads can be overwhelming, both for operators, as well as application developers. While kubectl is the de-facto standard interface to interact with Kubernetes' API, a graphical user interface can provide a ...

Joaquim Rocha, Henning Jacobs


SIG Multicluster Intro

SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud) and applications deployed across many clusters. In the introduction, we'll giv...

Jeremy Olmsted-Thompson, Paul Morie

Scalable and Multitenant Networking in XDP and Kubernetes Operators

Enabling multi-tenant and extensible networking in Kubernetes is of paramount importance for cloud providers requires traffic isolation across tenants. By introducing a new data-plane built using XDP and inter-working custom resource operators, we...

Ying Xiong, Sherif Abdelwahab


How the OOM-Killer Deleted My Namespace, and Other Kubernetes Tales

Running Kubernetes at scale is challenging and you can often end up in situations where you have to debug complex and unexpected issues. This requires understanding in detail how the different components work and interact with each other. Over the...

Laurent Bernaille


Intro & Deep Dive: Kubernetes Data Protection WG

Data Protection WG in Kubernetes was formed following discussions at KubeCon in San Diego. This is a Working Group dedicated to promoting data protection support in Kubernetes, identifying missing functionality and working together across multiple...

Xiangqian Yu, Xing Yang


Whatever Can Go Wrong, Will Go Wrong – Rook/Ceph and Storage Failures

Imagine running a 200-node Kubernetes cluster, and suddenly you lost a node or even a ToR switch. What is the state of your persistent storage that your application relies on? How can you make sure your storage is always available? How can you tim...

Sagy Volkov

Multi-Cluster is Easier Than You Think with Linkerd and Ambassador

Multicluster is becoming the new norm; practically everyone runs multiple dev and staging clusters, and running multiple cross-AZ/DC production clusters is a best practice for high availability. However, connecting multiple clusters is often seen ...

Daniel Bryant, Thomas Rampelberg

Sponsored Keynote: Everyone is a Cloud Engineer Now

Ada develops software engineers who are skilled, confident, and work-tested; our graduates are experienced in practical, team-based software development and learning new technology rapidly. Diverse teams create more effective work cultures and inn...

Guinevere Saenger, Leah Petersen

Panel: Tales from the Edge: Is the Edge More Important Than the Service Mesh?

The service mesh hype cycle is well and truly in effect, and almost everyone believes their organization needs a service mesh, even if some don’t fully understand the use case this technology covers. But what about the edge? Practically every Inte...

Bjorn Freeman-Benson, Lin Sun, Alyssa Wilk, Matt Klein

Serverless Workflow – New Approach to Container Orchestration

With the rise of Serverless Architectures, Workflows have gained a renewed interest and usefulness. Typically thought of as centralized and monolithic, they now play a key role in service and events orchestration and coordination. With many differ...

Tihomir Surdilovic, Ricardo Zanini Fernandes


Keynote: Kubernetes Project Update

Stephen Augustus


Observability Brings Clarity in 5G World

Kubernetes has become the de-facto standard for running 5G core virtual network functions (VNFs) - a set of standards defined applications, each implemented as dozens of microservices and often run across multiple K8s clusters. Centralized monitor...

Yamini Sridaran, Praveen George


Tutorial: Migration 101: From VMs to Kubernetes

In this hands-on tutorial, you will learn how to progressively adopt Kubernetes by migrating one of your apps from VMs onto Kubernetes. You will perform the full migration process: from preparing your app for running in Kubernetes, to configuring ...

Luke Kysow


Uniform Workload Identity Everywhere: SPIRE Integrations and Extensibility

Distributing strong identity securely throughout a production environment often requires integrations with a number of platforms. Learn how SPIRE can be adapted to support production workload identity in heterogeneous infrastructure across a varie...

Ryan Turner

Elastic Scheduling with TiKV

In the world of cloud computing, it is well-known that Elastic Scheduling can automatically balance the cost and load of stateless applications, but it is rare to see distributed database systems have the elastic scheduling feature as scaling is a...

Song Gao, Yutong Liang

Collaborative Leadership: Governance Beyond Company Affiliation

The unbridled success of Kubernetes can be attributed in part to being in the CNCF. Putting Kubernetes under a neutral foundation provided a level playing field where each of us could contribute, collaborate and innovate as equals to create a wide...

Dawn Foster

Kubelet Deep Dive: Writing a Kubelet in Rust

Kubelet is a critical part of the Kubernetes project. Kubernetes deployments can vary a great deal in terms of container runtime, self-hosted or static control plane, CNI provider, etc., but they must all have Kubelet running on each node host. Ma...

Kevin Flansburg


Sponsored Lightning Talk: Why You Need Observability to Adopt Kubernetes at Scale

By accessing this sponsored session, the third party sponsor will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, Standard Demographics Questions (I.e. Company Size, Job Functi...

Shreyans Parekh


Project Tye: Building Developer Focused Tooling for Kubernetes and .NET

As Kubernetes and Docker become more prevalent, we have made some hypotheses about the current state of microservices: • Container orchestrators were made for operations teams, not developers. • Kubernetes popularized patterns that are now promine...

David Fowler, Justin Kotalik



Kata Containers Performance Evaluation and Optimization on Arm64

Kata Containers builds extremely lightweight virtual machines that seamlessly plug into the containers ecosystem. It is a multi-architecture project which has been supported on X86, aarch64, ppc, s390. Jia He will introduce current status of kata ...

Jia He

CNCF End User Tech Radar, November 2020

The CNCF End User Community present the next edition of the CNCF End User Tech Radar (, the quarterly report that shows what end users really use and recommend. Cheryl Hung, CNCF VP Ecosystem, will lead a panel discussion wit...

Smaïne Kahlouch, Cheryl Hung, Jackie Fong, Mya Pitzeruse

Cluster API Deep Dive

The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate for...

Katie Gamanji, Carlos Panato

Intro + Deep Dive - Provider IBM Cloud

In this session, the project leads will provide an overview of the IBM Cloud Provider subproject, its open source activities, and learning resources. It will be followed by a discussion on the recent developments as well as future work in the IBM ...

Richard Theis, Brad Topol, Sahdev Zala

Rook: Intro and Ceph Deep Dive

The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to native...

Travis Nielsen, Blaine Gardner, Alexander Trost, Sébastien Han

Eating Your Vegetables: How to Manage 2.5 Million Lines of YAML

Configuration management, while overlooked and underappreciated, is a necessary component of a healthy Kubernetes diet. With over 200 clusters, 2500 git repositories, and 9000 namespaces, Intuit manages and deploys 2.5 million lines of Kubernetes ...

Jesse Suen, Daniel Thomson


Helm: Past, Present, Future

What will Helm 4 look like? To get there, we need to go back to the beginning. In this talk, we cover the history of the Helm project from its early hackathon days through the tumultuous refactorings as Helm worked its way to becoming a graduated ...

Matt Farina, Bridget Kromhout, Matt Butcher

Kubernetes SIG-Network: Intro and Deep-Dive

This session will be an introductory session to various Kubernetes networking topics (mostly aimed at relative newcomers to Kubernetes). This will include fundamental topics like pod networking, Services, and Ingress. Attendees will get a glimpse ...

Rich Renner, Tim Hockin, Bowei Du


KubeEdge: Kubernetes Native Edge Computing Framework

KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. It provides edge autonomy, application management and service communication across cloud and edge sites, device management for mul...

Zefeng Wang


10 More Weird Ways to Blow Up Your Kubernetes

Over the past couple of years, Airbnb has standardized microservices, containerization, Kubernetes, and service mesh in our ecosystem, and have built tools around it to make our workloads more robust. We’ve seen great results with thousands of ser...

Joseph Kim, Jian Cheung


Vitess: Introduction and New Features

Vitess is a cloud-native storage solution that can scale indefinitely. In this session, we will first cover a high level overview of Vitess features, the architecture, and what database workloads are a good fit. This will be followed by demos of t...

Sugu Sougoumarane, Deepthi Sigireddi

Diversity + Inclusion Workshop: Removing Barriers to Innovation in Becoming...

As we find ourselves at a pivotal time in history where racial equality has never been more important, join national and international speaker Christopher Lafayette as he shares best practices toward removing barriers to innovation. Join us fo...

Christopher Lafayette

Extending Service Mesh to the Edge

The advent of edge computing has led to the trend of splitting applications into edge and cloud components, which makes service mesh a great fit to enable unified application network policies for inter-container communications, regardless of where...

Stephen Wong

Machine Learning on Kubernetes at Shell: A Kubeflow Journey

In this session, Shell describes the lessons learned from working with multiple Machine Learning platforms and tools, the challenges of different systems, why we chose Kubeflow, and how we are now delivering successful models faster and at scale. ...

Alex Iankoulski, Vangelis Koukis


Machine Learning

Sponsored Session: AppDynamics - Path to Kubernetes Observability

By accessing this sponsored session, the third party sponsor will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, Standard Demographics Questions (I.e. Company Size, Job Functi...

Jeffrey Holmes


CNCF Serverless WG: CloudEvents and Serverless Workflow

In this session the Serverless WG will update the community on the CloudEvents and Serverless Workflow specifications. In this talk we will look into the importance of using workflows in event-driven, distributed applications. Then we will look at...

Tihomir Surdilovic, Doug Davis


Taking Envoy Beyond C++ with WebAssembly

Envoy is the leading proxy for handling cloud-native application traffic at the edge and in the service mesh for its performance, speed and extensibility. The extensibility is in the form of filters that are configured in the proxy that shape, sec...

Idit Levine, Yuval Kohavi


Tutorial: DevOps Tooling for Java Developers in a Cloud Native World

With the rise of DevOps, low-cost Cloud Computing, and emerging Container technologies, the landscape for how you approach development has dramatically changed. This tutorial is focused on helping Java developers to adapt to this new landscape and...

Stephen Chin, Melissa McKay



The Open Source Revolution: How Kubernetes is Changing the Games Industry

Traditional multiplayer game development involves dozens if not hundreds of engineers over several years building custom made backends - often from scratch. Companies have recently moved to GCP or AWS but most games infrastructure runs on metal - ...

Dominic Green


End User Panel: GITOPS in the Enterprise - Real World Experiences

This panel brings together engineers from the CNCF End User Community to provide their insights on the journey their respective companies have undergone in their transformation to Cloud Native. Each End User member company will discuss their Cloud...

Cheryl Hung, Matt Young, Amr Abdelhalem, Fabio Giannetti

PID 1, SIG Handling, Hooks & Probes: Managing Container Lifecycle Correctly

The lifecycle of an application should be tightly linked to the container hosting it. In an environment like Kubernetes where the Pods get created and deleted left, right, and centre, if an application hasn't implemented signal handling correctly,...

Anmol Krishan Sachdeva

Leveraging Service Meshes for Accelerating Serverless Workflows

Serverless platforms increasingly provide support for function composition (e.g., Knative Eventing, Fission, KNIX). To reduce function interaction overhead within a workflow, platforms may choose to co-locate multiple functions inside a single con...

Paarijaat Aditya, Manuel Stein


Kubernetes Operators: Safety First Through Model Checkers

Today's Kubernetes Operators aren't just a fancy toy, but utilities managing critical infrastructure. Many best practices are already applied, increasing their safety: unit/e2e testing, code reviews and post mortem analysis. This talk introduces s...

Neven Miculinic


API Priority and Fairness: Kube-APIServer Flow-control Protection

Currently the API Server has no concept of priority or fairness for requests. This means that a buggy webhook or bad actor can potentially DOS an API Server by sending lots of requests. This also means that currently the API Server cannot prioriti...

Min Jin

How to Multiply the Power of Argo Projects By Using Them Together

The Argo Project contains three big software components: a GitOps continuous application delivery platform, a cloud-native workflow engine and an advanced deployment controller. All projects are evolving rapidly and have received a lot of new feat...

Alexander Matyushentsev, Hong Wang

Safely Deploying a 100K line Envoy YAML Configuration to Production

Have you ever caused a production incident due to an Envoy misconfiguration? You’re not alone! This talk is about how Lyft has built guardrails to prevent such failures. The presenters will share their experience operating Envoy configurations at ...

Jyoti Mahapatra, Lisa Lu

PKI the Wrong Way: Simple TLS Mistakes and Surprising Consequences

Effective management of TLS certificates and keys is a serious challenge when running Kubernetes at scale. TLS mutual authentication secures all the Kubernetes control plane components, but there are many details that must be right. This talk look...

Tabitha Sable



Owned by Statistics: Using Kubeflow to Defend vs Attacks on Your ML Models

Machine learning continues its spread across the tech world and is now in use by more than 80% of enterprises world wide. However, with the increased reliance on this technology, the spectre of additional security attack surface areas rises up. Ma...

David Aronchick

Machine Learning


Case Study: Integrating Azure IPv6 PrivateLink with Kubernetes

Databricks offers a multi-cloud SaaS platform to enable data teams to solve the world’s toughest problems, using best in class technology and providing an open ecosystem. We run an infrastructure footprint consisting of 2M+ VMs across 40+ Cloud en...

Michael Wiederhold, Meixing Le



Introduction to SIG Cluster Lifecycle

The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Si...

Justin Santa Barbara, Lubomir I. Ivanov

Stop Writing Operators

Since the introduction of the operator pattern by CoreOS in 2016, operators and even operator coding frameworks have proliferated seemingly without limit. But *should* you write an operator? If not, what should you be doing instead? In this sessio...

Joe Thompson

Making the Business Case for Contributing to Open Source

Today, pretty much all companies have embraced open source. But while they’re all keen to use open source, at lot fewer actually contribute to it. And yet, there’s real value in doing so. Companies use their contribution to open source to boost re...

Tobie Langel

Into the Deep Waters of API Machinery

We'll cover 3 common icebergs with lightning talks: 1) My namespace won't delete, help! Why does Kubernetes sometimes refuse to delete a namespace? How to diagnose and resolve the root cause. 2) What is REST mappinp? Ever wonder how you're suppose...

Daniel Smith, David Eads, Federico Bongiovanni

Keynote: More Power, Less Pain: Building an Internal Platform with CNCF Tools

Last year GoSpotCheck migrated from a PaaS to Kubernetes, and devs asked "Does it have to be this hard?" The engineering organization's major initiative this year was to be able to say "no," by building an internal Platform-as-a-Service...with no ...

David Sudia

Public Technical Oversight Committee (TOC) Meeting

The Technical Oversight Committee (TOC) provides technical leadership to the cloud-native community. The CNCF will host a public TOC meeting, inviting the community to discuss various agenda items along with holding an open Q&A for the community w...

Michelle Noorali, Katie Gamanji, Xiang Li, Liz Rice, Alena Prokharchyk, Sheng Liang, Justin Cormack, Matt Klein, Chris Aniszczyk, Brendan Burns, Dave Zolotusky, Saad Ali

A Special Interest in Cloud Native Security

Wonder about the security of CNCF projects? What about the state of security in cloud native? Security is not binary, it’s a practice of reducing risk. With fast-changing infrastructure and emerging best practices, there’s no simple, cookie-cutter...

Emily Fox, Brandon Lum


Secure Policy Distribution With OPA

OPA can download bundles of policy and data from remote HTTP servers. Once the policies and data have been loaded, they are enforced immediately. But how does OPA know that these bundles are coming from a trusted source ? How does OPA verify the a...

Ash Narkar

Optimizing Storage Assignment via Pod Scheduling Under Disturbance Factors

For distributed storage systems like Ceph, it is essential to allocate node-local storage devices evenly among racks or regions. This talk introduces how to automate this allocation by using the "WaitForFirstConsumer" volume binding mode and tunin...

Kenji Morimoto


Progressive Delivery Techniques with Flagger

You might have heard about progressive delivery - it’s an umbrella term for various deployment techniques (eg. Canary releases, Dark launches, A/B testing, Blue-Green mirroring) meant to reduce the risk of introducing new software versions in prod...

Stefan Prodan

Kubernetes IoT Edge Working Group: Using Event Driven Architecture at Edge

Many use cases at edge face resource limits which challenge the deployment of full K8s clusters, or even single nodes, at the edge “leaf” nodes. We will introduce some techniques that can be used to process edge generated data and commands using K...

Steven Wong, Dejan Bosana


Cloud Native & SD-WAN: Improving K8s Application Experience Over SD-WAN

Access to Kubernetes-hosted applications across Wide Area Networks (WANs) is a standard pattern for Enterprise apps. Software-Defined WAN (SD-WAN) technologies have democratized access patterns across the Internet through latency reduction, throug...

Alberto Rodriguez-Natal, Mark Church


Build Your Own Envoy Control Plane

Envoy is a building block of many different solutions from Ingress controllers, Service mesh implementations, as well as functions as a service application frameworks. Any solution utilizing Envoy as its data path component most likely implements ...

Steve Sloka

Empowering Cloud Native Networking with Arm Ecosystem

Arm ecosystem is becoming much more popular in cloud native applications than ever before with its increasing wide use. Arm devotes to be a cloud native vendor and puts much resources to enable related projects on its platform. In the presentation...

HanYu Ding, Trevor Tao

Service Mesh Specifications and Why They Matter in Your Deployment

As the ubiquity of service meshes unfolds so does the need for vendor and technology-agnostic interfaces to interact with them. The Service Mesh Interface (SMI), the Service Mesh Performance Specification (SMPS), and Multi-Vendor Service Mesh Inte...

Lee Calcote, Kush Trivedi

Keynote: The Cloud Native Journey @Apple

If you want to evolve your applications, services and user experience around Cloud Native technologies, then adaptability is key. Apple identified the ecosystem’s potential early on, and worked hard to adopt the technologies to support the scale a...

Alena Prokharchyk

The Cloud Native Journey at Adobe

We will share our journey migrating one of Adobe's enterprise products to Kubernetes, running multiple clusters across regions, as well as the processes and technologies that made this possible, including Envoy, Helm or Prometheus. Adopting DevOps...

Carlos Sanchez

Dragonfly: Make Image Distribution Efficiently and Safely in Cloud Native

With the increasing scale of cloud native services in industry, how to distribute images efficiently is a new challenge for enterprises. Dragonfly is an intelligent P2P based container image distribution system which provides a native image distri...

Yuxing Liu, Tao Peng

Intro to CNCF’s Telecom Initiatives

Dedicated to the memory of Dan Kohn. CNCF is helping Telcos navigate the cloud native and open source landscape to obtain the benefits touted by cloud native technologies. Guided by cloud native principles, CNCF hosts three main initiatives for T...

Taylor Carpenter

Evolution of Metric Monitoring and Alerting: Upgrade Your Prometheus Today

Infrastructure metric monitoring is constantly evolving. Similarly, Prometheus, the most adopted observability tool in the CNCF ecosystem, is under active development and constantly growing. Every release brings something new or improves existing ...

Bartlomiej Płotka, Björn Rabenstein, Julius Volz, Richard Hartmann


Keynote: Kubernetes and etcd Features That Unlocked 15k Node Clusters

In this presentation you will learn about improvements made to Kubernetes and etcd that unlocked running massive clusters with 15,000 nodes. We will show how we tackled this challenge from different angles focusing on its technical aspect. You wil...

Wojciech Tyczyński


All You Can Eat Networking. Kubernetes Goodness for the Hungriest Workloads

There are classes of workloads that are notoriously hungry when it comes to networking. Think big data, storage, analytics, 5G, virtual network functions, then encrypt it all at 40Gbps line rates. Kubernetes and the Kubernetes network model are in...

Casey Davenport, Aloys Augustin


Observing Cloud Native Observables with the New SIG Observability

This year we founded a brand new SIG to take cloud-native observability forward: Welcome SIG Observability! Consisting of open source project maintainers, standards authors, end-users, and more, we cover a wide range of experience and invite you t...

Bartlomiej Płotka, Richard Hartmann

EmpowerUs: Uniting to Drive Tech Sector Growth through Diversity + Inclusion

Concerted efforts to build diversity and inclusion into the tech sector are essential. Different experiences, outlooks and perspectives make your entire workforce better at solving complex problems, managing risks and spotting opportunities. This ...

Dean Nelson, Parastoo Amin, Ali Fenn, Amber Caramella

Being a Good Citizen of the Multi-operator World

DevOps teams are increasingly using multiple Kubernetes Operators in their clusters. What does it take to develop an Operator that is a good citizen of the multi-Operator world? The talk focuses on this question. To develop an Operator that plays ...

Devdatta Kulkarni

A High-Schooler’s Guide to Kubernetes Network Observability

The Kubernetes ecosystem provides fine attention to the use cases of almost all projects. At the same time, to a novice developer trying to break into distributed systems, Kubernetes can also be incredibly daunting at times. Kube-netc was a projec...

Drew Ripberger


Logging: Fluentd & Fluent Bit

In this presentation, we will cover the basics, internals and best practices of Logging applied to distributed systems, we will do this through the CNCF projects Fluentd and Fluent Bit. We will introduce the pipeline of data collection, filtering,...

Masahiro Nakagawa, Eduardo Silva

Improving Network Efficiency with Topology Aware Routing

As Kubernetes clusters grew to span multiple zones and regions, it became clear that we needed to improve network routing. The initial kube-proxy implementation meant that all requests were equally likely to go to any endpoint, regardless of how f...

Rob Scott


Having Cloud Native Fun with HonkCTL

In the last year, geese have come to symbolize a harbinger of chaos in the technical community. Many have taken this opportunity to post many GIFs and make many jokes. One of the jokes, is a Kubernetes-based CTF game called honkCTL. This talk will...

Jeffrey Sica

Kubernetes CronJobs - Does Anyone Actually Use This [in Production]?

Considering CronJob? Think again! CronJobs sound great on paper–a higher-order API built on the bread and butter of K8s that automates fault tolerance, orchestration, etc., for distributed, repetitive tasks. On top of that, you benefit from effici...

Kevin Yang


Enhancing the Kubernetes Scheduler for Diverse Workloads in Large Clusters

As a wide diversity of workloads are being deployed in Kubernetes, the default scheduler has become insufficient in the light of scheduling performance and functionality. In this talk, Yuan Chen and Yan Xu will present their experience and results...

Yan Xu, Yuan Chen


Analyzing Operational Data at Scale Using ML at Intuit

Intuit is running ~2000 services in preprod and prod on Kubernetes which needs a fast and easy way to detect and isolate problems via automated analysis of operational data. In this talk, we will present how we collect, analyze and present real-ti...

Vigith Maurice, Amit Kalamkar


Machine Learning

Using Open Policy Agent to Meet Evolving Policy Requirements

Our team runs a Kubernetes platform for 30+ teams in a variety of commercial and government environments. Each of these environments has different security and compliance requirements, such as PCI and FedRAMP. We must deal with evolving requiremen...

Jeremy Rickard

Intro to Kubernetes Docs

This session introduces the Kubernetes website repo. SIG Docs chairs and tech leads cover how to add and update docs for Kubernetes features, docs in the release cycle, how to localize your content, and where to get help when you need it. We'll wa...

Celeste Horgan, Irvi Aini, Tim Bannister, Brad Topol


Keynote: Moving Cloud Native Beyond HTTP: Adding Protocols to Unlock New Use Cases

Kubernetes and related projects have first-class support for serving and managing HTTP traffic. This makes sense since the most common protocol used by web servers is HTTP. However, there are many popular protocols in the world that are *not* HTTP...

Jonathan Beri

Tune It Up! Enabling Low Latency in Kubernetes Clusters

Now that Kubernetes has conquered the cloud it’s time for it to move on other domains, like CNF (Cloud-native Network Functions), the cornerstone of 5G deployments! However, to make that happen, we need to address an important limitation: ensuring...

Francesco Romani, Yanir Quinn


The Stateful Landscape: The Then and Now and the Future

This talk will discuss how the CNCF storage SIG in the CNCF operates, identifies projects for Cloud Native admission and where we see the future of storage in the Cloud Native Ecosystem heading. During this session we will cover: - Overview of t...

Erin Boyd, Alex Chircop, Quinton Hoole

Hands-On Stateful Serverless Applications with K8s and Stateful Functions

Stateful Functions ( is a framework that makes it simple to build consistent stateful serverless applications. StateFun is designed to work with popular event-driven FaaS platforms like AWS Lambda, KNative, etc., and provides ...

Seth Wiesman



Clean Up Your Room! What Does It Mean to Delete Something in K8s

While issuing a `kubectl delete` and hoping for the best might work for day-to-day operations, having the knowledge of how Kubernetes effects deletes allows you to understand why some objects linger after deletion. This talk will cover how to dele...

Aaron Alpar


Seccomp: What Can It Do For You?

Seccomp is a system call filtering tool built into Linux. It has been used as a security layer in Docker for coming up to five years, and is working through a long path to become on by default in Kubernetes. We look at what seccomp can usefully do...

Justin Cormack



Building a Global Supercomputer with Virtual Kubelet

Nautilus is a global Kubernetes cluster, product of the Pacific Research Platform (PRP) project at The University of California San Diego (UCSD) and many collaborating campuses. It aggregates compute resources from around the world. While that's i...

Adrien Trouillaud, Dmitry Mishin

Improved TiKV Observability: How We Trace Events under Nanoseconds Latency

Observability is beneficial but often comes with a price. When adding tracing to low latency services (e.g. < 1ms), engineers might find notable performance degradation. Besides, trade-off solutions have inherent limitations. For example, sampl...

Zhenchi Zhong, Wish Shi

Static Analysis of Kubernetes Manifests

Planning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configuratio...

Barak Schoster


NATS Streams and Services: From Zero to Hero

NATS is high performance cloud native messaging system that allows you to build globally available and secure applications based on streams and services that are both fast and simple to operate. In this talk you will learn: how to get started with...

Jaime Piña, Waldemar Quevedo Salinas

Tutorial: Building an Enterprise Infrastructure Control Plane on Kubernetes

Enterprise infrastructure is diverse, complex, and difficult to automate. What if you could standardize on a single infrastructure control plane using the Kubernetes API? In this tutorial we will cover how to build Kubernetes controllers to manage...

Daniel Mangum


Declarative Testing Clusters with KUTTL

The facts are the Kuttling releases a cocktail of hormones in our brains including dopamine, serotonin and oxytocin. It can lower your blood pressure and heart rate. Nothing raises your blood pressure more than software written for Kubernetes that...

Ken Sipe

Cluster Reconciliation: Managing Resources Across Multiple Clusters

Suppose your organization runs multiple Kubernetes clusters, as failure domains or distinct POPs. You have a service that you wish to run on some (or all) of the clusters. How will you run it on all (applicable) clusters? How will you roll updates...

Vallery Lancey


High Performance KubeVirt in Action

This talk details a real world solution design of a high performance KubeVirt for running mission critical enterprise workload. KubeVirt brings Cloud Native Virtual Machine management to Kubernetes. It unifies workload orchestration across Contain...

Huamin Chen, Marcin Franczyk


Serverless for ML Inference on Kubernetes: Panacea or Folly?

As providers of an end-to-end MLOps platform, we find that autoscaling ML inference is a frequent customer ask. Recently, serverless computing has been touted as the panacea for elastic compute that can provide flexibility and lower operating cost...

Manasi Vartak


Machine Learning


CloudEvents - v1.0 and Beyond - Discovery/Subscriptions

With the release of CloudEvents v1.0 the project has now expanded its scope to consider other potential pain points for the community. To that end, the group is focusing on Event Discovery and Subscriptions APIs in the hopes of reducing the fricti...

Doug Davis, Clemens Vasters

containerd: Rootless Containers 2020

Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential cont...

Akihiro Suda

Design Patterns for Extendable, Scalable K8s Extensions

OPA Gatekeeper is a customizable Kubernetes admission webhook that helps enforce policies and strengthen governance. The Gatekeeper project is capable of dynamically creating, managing and destroying new custom resources which are used to customiz...

Rita Zhang, Max Smythe


Production CI/CD w/CNBs: Tekton, Gitlab & CircleCI(plus), Oh My!

You may have heard of Cloud Native Buildpacks (, a set of tools for transforming application source code to OCI images that can run on any cloud. In this session, we’ll delve into some new functionality of Cloud Native Build...

David Freilich, Natalie Arellano

Harbor - Enterprise Cloud Native Artifact Registry

Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving the management and distribution challenges of container image, Helm Chart, CNAB or other OCI compatible artifacts...

Steven Ren, Daniel Jiang, Alex Xu, Steven Zou

Customizing OPA for a "Perfect Fit" Authorization Sidecar

The Open Policy Agent (OPA) has become widely used in the CNCF ecosystem and is a go-to option for application developers as the standardized decision engine for authorization. Many users rely on the existing integrations with Envoy/Istio, or the ...

Patrick East

High Performance Networking for Distributed DL Training in Production K8s

Distributed DL training requires high performance networks connecting tens, hundreds, or for certain natural language processing models, even thousands of GPUs. Running these workloads on Kubernetes clusters of GPU enhanced servers requires carefu...

Vatsan Kasturi, Nivedita Viswanath


Kubernetes Working Group for Multi-Tenancy Project Overview

In this session, the leaders of the Kubernetes Working Group for Multi-Tenancy will quickly go over how you can join the multi-tenancy group, and also do a quick overview of each of the projects we are incubating: the Virtual Cluster Project, the ...

Tasha Drew, Adrian Ludwin, Fei Guo, Jim Bugwadia


Kubernetes and Logging: Do It Right

Logging in distributed systems is not as simple as it sounds. The nature of having distributed applications comes with challenges for data processing such as parsing and unstructured/structured data handling, metadata correlation (labels/annotatio...

Eduardo Silva


Proxyless Service Mesh with gRPC

gRPC is a popular choice for building microservices. A service mesh is a dedicated infrastructure layer for communications between microservices, with features such as service discovery, load balancing, application security and observability. A s...

Menghan Li


SIG CLI Intro and Updates

Maintainers from SIG CLI will introduce the audience to the projects hosted under the SIG and the SIG CLI community. They will provide a brief overview for each of these projects, including giving on update on the current state of the kubectl and ...

Maciej Szulik, Sean Sullivan, Eddie Zaneski, Phillip Wittrock

Tutorial: From Notebook to Kubeflow Pipelines to KFServing: the Data Science Odyssey

A hands-on lab driven tutorial to show Data Scientists and ML Engineers alike how to turbocharge your Kubeflow efforts. In this session you will learn how to quickly build, tune, and execute complex Kubeflow workflows - as well as how to work fast...

Karl Weinmeister, Stefano Fioravanzo

Machine Learning

Jaeger Deep Dive

This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo of the recently added features, talk about various topics including the architecture, deployment models, configuration, different types of samp...

Pavol Loffay, Annanay Agarwal, Yuri Shkuro

Image-Builder Deep Dive

Image-builder is a subproject of SIG Cluster Lifecycle that was created with idea to host a number of different utilities for creating virtual machine images. It has the following goals: 1) To build images for Kubernetes-conformant clusters in a c...

Moshe Immerman, Tushar Aggarwal


Enhancing K8s Networking with SmartNICs

As more workloads like IoT, big data and machine learning move towards the edge, it becomes critical that networks continue to advance. Low latency, performance and higher throughput become prerequisites to ensure that the edge is a viable locatio...

Dave Cremins


CNCF Project Paperwork Working Session

At each stage from Sandbox to Graduated, you’ll need to add community and process documentation – and there’s even more that’s good to have even if it’s not required. Let us help you create this “project paperwork” now instead of waiting for a dea...

Josh Berkus, Carolyn Van Slyck, Dawn Foster

Kubernetes: Putting the Focus on Upstream Usability with SIG Usability

SIG Usability is the Kubernetes’ community’s newest special interest group. In this presentation we will go over our user research project to better understand end users of Kubernetes and how the upstream project can better serve them. We will als...

Tasha Drew, Gabby Moreno Cesar


SIG Architecture Intro and Update

SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API defini...

John Belamaric, Derek Carr

Building Better Communication for Kubernetes Contributors with Marketing

The Upstream Marketing Working Group began as a vision to connect contributors. It's grown into a set of practices, channels, and bots that unite us all across the Kubernetes community. We will show our theory of multichannel communication (and th...

Kaslin Fields, Matthew Broberg, Rajula Vineet Reddy


Standardizing Cloud Native Application Delivery Across Different Clouds

At its heart, Kubernetes is an infrastructure platform: It abstracts at the infrastructure layer, but does little to resolve application layer dependencies. Today, a Kubernetes application cannot be defined and deployed uniformly across multiple p...

Hongchao Deng


What’s in a Name? A WG Naming Deep Dive

WG Naming was formed in June 2020 as a direct response to the Black Lives Matter protests occurring across America. Its goal is to remove harmful and unclear language in the Kubernetes project as completely as possible, and to do so in a way that ...

Celeste Horgan

Selecting the Right Identity Provider for Kubernetes: A Comparative Survey

This is intended to be a comparative view of common identity providers available to Kubernetes. I'll compare all of the details ranging from authentication (Authn), authorization (Authz), user management, mapping, federation and so on. We will dis...

Cameron Seader


Contributing to Kubernetes Conformance Coverage

In this session we'll walk through the Certified Kubernetes program followed by a deep-dive into the tooling developed for identification, removal and prevention of gaps in certification test coverage. In the intro, we will cover the steps requir...

Caleb Woodbine, Hippie Hacker


In Search Of A `kubectl blame` Command

Developers want understandable tools. Their tools should tell them, “This change here broke that pod there.” But control loops drive the Kubernetes worldview. In a control loop, Kubernetes updates the cluster to make the actual state match desired...

Nick Santos


Introduction and Deep Dive into containerd

Join containerd maintainers in a combined introduction and deep dive discussion. This talk will include a brief introduction to the design and architecture of containerd along with the latest updates to the project. After that, maintainers will de...

Wei Fu, Michael Crosby, Derek McGowan

The Great "" Vanity Domain Flip

VDF or the Vanity Domain Flip, represents a milestone in empowering the community with full ownership of their container image infrastructure. This presentation will cover the history of the VDF project, which spanned roughly 2 years (from late 20...

Stephen Augustus, Linus Arver


Scaling to Millions of ML Models to Solve the Problems of SRE and Security

This talk describes how to scale to millions of ML models operating on petabytes of operational and user data that is used to improve the efficacy of SRE teams and security of end users’ application services. These models are used to improve zero ...

Sandeep Pombra, Jakub Pavlik

Machine Learning


Building, Managing and Automating Clusters at Scale With Prow

Whether building your first or 100th Kubernetes cluster, it eventually becomes clear- this must be automated. These days, building and customizing a cluster is pretty straight forward based on your required workloads, infrastructure and tooling. T...

Michael Splain


Automatically Making Dashboards Load 100X Faster

High cardinality metrics often cause alerts and dashboards to time out when they try to fetch too much data. Prometheus provides recording rules to speed up queries by pre-generating the queries, however, they have to be configured manually and re...

Shreyas Srivatsan

Virtual Application Networks for Cloud Native Applications

The Internet is built for client-server architectures. Cloud-native software needs better abstractions for service interconnect. Learn about Virtual Application Networks (VANs) and how they advance the capabilities of cloud-native applications. Id...

Ted Ross

The Past, Present, and Future of Kubernetes on Raspberry Pi

By now, you’ve surely heard that Kubernetes can be run on a 35 USD credit-card sized computer, but do you know how we got there, where we are today and what’s coming next? Alex has been building clusters with Docker and Raspberry Pis since 2015 an...

Alex Ellis


Sponsored Session: AWS - Say goodbye to YAML engineering with the CDK for Kubernetes

The CDK for Kubernetes (cdk8s) is a new open-source software development framework for defining Kubernetes applications and resources using familiar programming languages. In this session, we will show you how to define your first cdk8s applicati...

Eli Polonski



Five Hundred Twenty-five Thousand Six Hundred K8s CLI’s

With the success of the Kubernetes ecosystem, users now have a many choices when it comes to Kubernetes tools. While it's great for users to have options, lots of choices can make it difficult for Kubernetes users to make decisions or know where t...

Gabbi Fisher, Phillip Wittrock


Sponsored Keynote: Scaling Machine Learning Without Compromising Privacy

No matter what kind of machine learning (ML) applications you are building for your business, securing your end-to-end ML pipeline is essential yet complicated. ML pipelines become more powerful by distributing a complex network of stages across ...

Nanda Vijaydev

Machine Learning

Security Kill Chain Stages in a 100k+ Daily Container Environment with Falco

Security is a vital aspect of a Cloud Native infrastructure. In this talk, Eric and Natch will show how they set up monitoring to identify anomalous system calls and abnormal Kubernetes API events in MathWorks cloud infrastructure hosting 100K+ da...

Natch Ruengsakulrach, Eric Hollis


Managing Cloud Native Artifacts for Large Scale Kubernetes Cluster

When managing artifacts like container images and Helm charts for cloud native apps, users often face challenges such as efficiently publishing applications to Kubernetes cluster at scale, enforcing access control, identifying image vulnerabilitie...

Henry Zhang, Mingming Pei


gRPC Communication Patterns – A Deep Dive

Real-World microservices implementations often use a variety of communication protocols and standards to build different services. gRPC has emerged as an efficient, reliable, and robust way to build inter-microservice communication owing to its ri...

Kasun Indrasiri, Danesh Kuruppu


Sponsored Keynote: Marvin, Where is My Secure API?

Modern cloud native developers use APIs and services from a variety of organic, public cloud and SaaS offers to build their apps and drive velocity. Unfortunately, this implies that the developer, security teams, infrastructure teams, the responsi...

Vijoy Pandey

Beyond File and Block Storage in Kubernetes

Kubernetes graduated Container Storage Interface (CSI) to GA status in v1.13. It has since evolved to support a large number of vendors and storage formats. It has brought the industry together in consensus about the best practices in storage. CSI...

Sidhartha Mani


Building a Cloud Native Feature Store with Feast on Kubeflow

Features are at the heart of what makes machine learning systems effective. However, many challenges still exist in the feature engineering life-cycle. Developing features from big data is often an engineering heavy task, with challenges in both t...

Oleksii Moskalenko, Willem Pienaar

How to Effectively Manage Kubernetes in a Regulated Environment

Kubernetes plays an important role when scaling containerized applications in a highly regulated environment. Capital One understands this first hand, as they will complete a multi-year journey to exit on-prem data centers this year and move to th...

Darien Ford


Sponsored Keynote: Kubernetes Everywhere

Building, deploying, and running apps in heterogenous environments can impact performance and user experience. Kubernetes can solve this pain, by acting as a common infrastructure layer across on-prem, edge, and public cloud. Learn how Kubernetes ...

Briana Frank


A New Approach to Logging as a Stack: Fluent Bit + PostgreSQL (FPS)

Logging at scale is a very interesting challenge, and having the right open source stack is mandatory. There are many ways to solve the log collection, processing and aggregation problem, but when it comes to perform data analysis once the data ha...

Jonathan Gonzalez

Managing Developer Workflows with the Kubernetes API

Write your own Kubernetes client to keep application teams from breaking their products. Kubernetes is incredibly powerful. It's extensibility allows for limitless varieties of architecture. But how do you get hundreds of engineers to follow the s...

Colin Murphy


SIG Scheduling Deep Dive

Kube-Scheduler is the component of Kubernetes that assigns pods to nodes based on the configured scheduling requirements. These requirements can be high availability, resource efficiency and other policies and heuristics. This talk will provide an...

Abdullah Gharaibeh, Wei Huang


Envoy Q&A

Come meet the Envoy maintainers for a small intro to Envoy as well as an open Q&A!

Harvey Tuch, Matt Klein

MLOps at Snapchat: Continuous Machine Learning with Kubeflow & Spinnaker

Training a machine learning model to support your use case can be difficult, but in actuality model creation is only the beginning. ML systems are complex and differ from traditional software systems; as such unique challenges arise when engineers...

Kevin Dela Rosa



Machine Learning

DevOps All the Things: Creating a Pipeline to Validate Your OPA Policies

Open Policy Agent is quickly becoming the de facto tool for applying configuration governance as code to your Kubernetes clusters. It can be challenging to understand how to optimize your workflows after finishing the getting started guide. This t...

Goran Osim, Karpagam Balan


A Future Journey: How to Migrate 100 Clusters Between Clouds Without Downtime?

Have you ever thought about migrating your Kubernetes clusters to another cloud provider to save costs? Yes? We too! Join us on an interactive journey to discover the main challenges of live migration at scale of etcd’s, traffic routing and applic...

Tobias Schneck


Absorbing Thanos Infinite Powers for Multi-Cluster Telemetry

Thanos is an open-source, CNCF’s Incubated project that horizontally scales Prometheus to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by hund...

Bartlomiej Płotka, Kemal Akkoyun, Frederic Branczyk

Stress and Mental Health in Technology

Jennifer (psychologist and founder of GCI) will deep dive into the impact of industry stress and burnout. Research suggests the prevalence of diagnosed mental health conditions in tech professionals ranges between 20-50%. While this is notably hig...

Jennifer Akullian

Cloud Native Machine Learning Systems at Day Two and Beyond

You’re probably already convinced that Kubernetes is the right infrastructure for your next machine learning initiative, but you may not be ready for some of the speedbumps that await you on the way. This talk will introduce some of the challenges...

Sophie Watson, William Benton


Machine Learning

Keynote: Predictions from the Technical Oversight Committee (TOC)

2020 has been quite the year of change in many ways. While terrible things happened in the world around us, the cloud native community has nevertheless been able to make progress on many fronts. This talk gives an update on that progress, and whe...

Liz Rice

Speeding Up Analysis Pipelines with Remote Container Images

Containers have taken a key role in the daily life of physicists at CERN, helping with packaging and sharing code as well as ensuring analysis reproducibility. This session will describe how processes have been adapted to containerize software rel...

Ricardo Rocha, Spyridon Trigazis

A Different Kind of Kubernetes Artifact

Kubernetes most well known artifacts are in forms of manifest files (we’re no stranger to yaml), container images, and its objects among other things. What about it’s cultural artifacts? What are they? Throughout history, we’ve leaned on cultura...

Paris Pittman


Building Linux Distributions for Fun and Profit

Should we aim to have one Linux distro to rule them all? Or should we have a specialized one for each need? When does it make sense to go for one or the other? When running software on K8s, does the distro running on the nodes make a difference? W...

Margarita Manterola


GitOps Is Likely More Than You Think It Is

While the term “GitOps” has achieved almost mainstream use, confusion remains around what it is and the benefits it can bring. True, it involves continuous delivery (CD), but the way delivery is achieved as well as how CD interacts with workload o...

Cornelia Davis

CNCF SIG Network Intro & Deep-Dive

“It’s the network!” is the cry of every system administrator, every developer. With the increased prevalence of microservice-based distributed systems, it’s true - networking as a discipline has never been more critical in the efficient operation ...

Lee Calcote

TiFlash: Make TiKV 10x Faster and HTAP-able

HTAP is a term introduced by Gartner, describing the capability processing both transactional and analytical workload. It is hard to deal with both workload seamlessly in one platform since the storage format of the two is totally different and wo...

Liquan Pei, Xiaoyu Ma

Kubernetes-native Security with Starboard

Starboard is an open source project that gathers security information from various different tools into Kubernetes CRDs, so users can manage & access security reports through familiar Kubernetes interfaces, like kubectl or Octant. This talk uses p...

Liz Rice, Daniel Pacak



The Building Blocks of DX: K8s Evolution From CLI to GitOps

In the past years, Kubernetes has become the default container orchestrator framework, setting the standards for application deployment in a distributed architecture. Wider adaptability of the tool prompted the diversification of the end-user base...

Katie Gamanji


Serverless or Servicefull

While containers and container orchestration has taken the world by storm over the last five years, serverless offering that hides the complexity of the underlying infrastructure and the application management mechanisms are becoming the norm with...

Sebastien Goasguen


Kubernetes VMware User Group Intro: Best Practices for Running on VMware

This will be a presentation by organizers and members of the Kubernetes VMware User Group. This group addresses running all forms of Kubernetes on VMware infrastructure. The group exists to serve users, along with those who develop, test and suppo...

Steven Wong, Myles Gray

Codename VIFL - How to Migrate MySQL Database Clusters to Vitess

Have you ever considered migrating a database system at scale with no downtime? Many of us that have tried, often find it an insurmountable challenge for both developers and database engineers. Most of the time, companies start these kinds of migr...

Guido Iaquinti, Rafael Chacon

Overview and State of Linkerd

In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They'll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality ar...

Tarun Pothulapati, William Morgan

Tutorial: Say Goodbye to YAML Engineering with the CDK for K8s

Applications running on Kubernetes are composed of dozens of resources maintained through an intricate collection of carefully maintained YAML files. As applications evolve and teams grow, these files become hard to manage and reuse — copying & pa...

Elad Ben-Israel, Nathan Taber


Everything You Should Be Doing, But Aren’t: DevSecOps for K8s Workflows

Steven and Pop will describe a defense-in-depth approach to secure production workloads running on Kubernetes. We’ll show a live demonstration of using CNCF projects like Helm, OPA, Falco, and Argo to secure Kubernetes clusters. With a secure clus...

Steven Terrana, Dan Papandrea, Booz Allen Hamilton





Panel: Introduction to the Container Orchestrated Device (COD) Working Group

The Container Orchestrated Device (COD) Working Group, is a small group formed by passionate Container Runtime Maintainers and Device Vendors looking to solve many of the challenges Devices face in the cloud native space. Custom Devices are used i...

Alexander Kanevskiy, Urvashi Mohnani, Renaud Gaubert, Mike Brown, Mrunal Patel

Service Discovery with CoreDNS Plugins in Golang

Best known as the default cluster DNS server for Kubernetes, CoreDNS is a flexible and extensible DNS server with a focus on service discovery. The extensibility of CoreDNS comes from its plugin-based architecture: new features can be added as plu...

Yong Tang, John Belamaric


Intro: CNCF SIG-Runtime

The CNCF SIG Runtime ( collaborates to explore how different runtime infrastructure technologies make it possible to run cloud-native workloads. Discussions are about generalized orchestration, autoscaling, sche...

Rakuten, Ricardo Aravena, Renaud Gaubert

Intro and Deep Dive: Kubernetes SIG Instrumentation

Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and ...

Elana Hashman, Han Kang, David Ashpole, Frederic Branczyk


How to Build a Cloud Native Image Recognition Solution

Fn Project is an open source project for serverless functions. We want to share how we used Fn, AutoML Natural Language Processing, and K8s to improve older Optical Character Recognition (OCR) technology. The resulting image recognition applicatio...

Rolando Carrasco, Akshai Parthasarathy

Sponsored Keynote: Online Learning—Advancing Your Knowledge of Kubernetes

Kubernetes will soon be everywhere and used by everyone. The challenge for our growing community is how to properly onboard new users to our community as it's often viewed as a complex ecosystem. In this keynote, we'll highlight how the community ...

Grant Shipley, Marissa Bosche


Accelerate and Autoscale Deep Learning Inference on GPUs with KFServing

Large-scale language models, such as BERT and GPT-2, have brought exciting leaps in state-of-the-art accuracy for many NLP tasks. BERT requires significant compute during inference, which poses challenges for real-time application performance. KFS...

David Goodwin, Dan Sun

DevOps Performance From a Different Dataset: What 30M Workflows Reveal

What can we learn about DevOps best practices by looking at data from a SaaS with 900K dev users, 25K orgs and 30m+ builds a month, particularly when compared with surveys where users opt-in? Join CircleCI's VP of Platform, Mike Stahnke, to unders...

Michael Stahnke


Intro & Deep Dive: Kubernetes SIG-Storage

Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing ...

Michelle Au, Xing Yang


How H-E-B Curbside Adopted Linkerd During a Pandemic

In early 2020 HEB was rated as the #1 grocery retailer in the country in a consumer survey run by Dunnnhumby. As shelter in place orders were implemented as COVID-19 spread across the world, H-E-B Curbside & Delivery became a critical resource for...

Garrett Griffin, Justin Turner


Notary v2: Redesigning the Secure Supply Chain for Containers

The Notary v2 project was launched at Kubecon North America in 2019, as a joint community effort to resolve issues with the first generation Notary, which was launched five years ago. Since then we have learned a lot about how containers are used ...

Omar Paul, Justin Cormack, Steve Lasker

Panel: Linux in the Kubernetes Era: Does The OS Still Matter?

With the end of life of the original “Container Linux” (CoreOS), what is the future for the key underlying component of any Kubernetes deployment: the operating system? While many are opting for general-purpose distributions like Ubuntu or CentOS,...

Vincent Batts, Dusty Mabe, Kiko Reis, Tasha Drew, Darren Shepherd


Lives On the Line. Learning Disaster Response From the Coronavirus Pandemic

Join us for an exciting session where two worlds collide to bring a deep look at disaster response in cloud-native from the lense of a global viral pandemic. Two unsuspecting women will grace the stage to share a powerful lesson. Join a practicing...

Rachel Beda, Kris Nova

Navigating the App Delivery Landscape While Solving Everyday Problems

Recently there was a lot of buzz around the CNCF landscape getting overly complex. There are more and more options to choose from which is good to see a growing ecosystem. However, this can sometimes also become overwhelming. In this session we wa...

Alois Reitbauer, Lei Zhang

Constructing Chaos Workflows with Argo and LitmusChaos

LitmusChaos is an open-source cloud-native Chaos Engineering framework for Kubernetes. It provides custom APIs (via CRDs) to orchestrate Chaos on your clusters while providing readily usable, off-the-shelf Chaos experiments via the ChaosHub. Howev...

Sumit Nagal, Umasankar Mukkara

Contour, A High Performance Multitenant Ingress Controller for Kubernetes

Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providi...

Steve Sloka, James Peach, Michael Michael, Nick Young


Sponsored Keynote: The Rise of the End Users

Today, end users are not just “using” open source software, they are active and valuable participants in the communities and are helping to drive innovation into the upstream projects, driving projects out into the open from behind the firewall fo...

Diane Mueller

An SLO-Driven Approach to Enhance Kubernetes Cluster Reliability

How to define reliability of a Kubernetes cluster? What are the SLOs? How many 9s is enough to ensure end-users are happy for a Kubernetes cluster with thousands of nodes? Service-level-objective (SLO) is the key to run large-scale production clus...

Cong Chen, Qian Ding


Inside Kubernetes Ingress

Kubernetes Ingress is a core abstraction of Kubernetes: K8s Ingress grants access to K8s HTTP Services from outside the K8s Cluster. In effect, K8s Ingress exposes your HTTP application to the outside world. However, even experienced K8s users str...

Dominik Tornow


Getting Started with Jaeger

Jaeger is the most popular open source distributed tracing system in the world and, as such, often comes with people asking how to bootstrap their first cluster. If you are interested in getting started with Jaeger join us in this lightning talk ...

Joe Elliott

Keynote: SIG-Honk AMA Panel: Hacking and Hardening in the Cloud Native Garden

Have you ever wondered how hackers think? What do attackers look for when they approach a cluster, and what security hardening steps can stop them in their tracks? Join Ian Coldwater, Brad Geesaman, Rory McCune, and Duffie Cooley for an AMA panel ...

Brad Geesaman, Rory McCune, Ian Coldwater, Duffie Cooley



Practice of Fine-grained Cgroups Resources Scheduling in Kubernetes

Alibaba supports resource scheduling for hundreds of thousands of nodes, millions of containers, and tens of thousands of applications. Many online services need to dynamically increase the resource limit during operation, and cannot accept the im...

Xianlu Chen, Qingcan Wang


Open Policy Agent Intro

Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA mai...

Max Smythe, Patrick East

Simplifying Windows Runtime and Deployment in Kubernetes

The leaders of SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This session will concentrate on presenting new features and capabilities as well as focus on advanced capabilities like ContainerD integration, CSI, ...

Muzz Imam, Deep Debroy, Michael Michael, Mark Rossetti


Bypass Falco

The main goal of Falco is to detect malicious behaviors at runtime and alert you about anything undesirable happening inside your machines. Maybe you trust it as your last line of defense in today’s cloud-native environments, and as a consequence,...

Leonardo Di Donato

Beyond the Buzzword: BPF’s Unexpected Role in Kubernetes

Increasingly, cloud native tools are leveraging the Linux kernel’s Berkeley Packet Filter (BPF) capabilities for a range of applications, such as networking, security, observability, and troubleshooting. In recent Linux kernel releases, BPF has be...

Alban Crequy, Andrew Randall


Intro to Scaling Prometheus with Cortex

Have many, disparate Prometheus instances scattered around your organisation? Want a single, centralised place to store and query all your metrics? Don’t want to manually shard your metrics across instance? Want faster queries and indefinite reten...

Ken Haines, Tom Wilkie


Simplify Application Deployment at the Edge with Harbor

Harbor offers a lot of capabilities as a registry in the datacenter. Recently, we have focused our energy on better image distribution and Edge scenarios. You can't operate Kubernetes at the Edge without a registry and Harbor is making it easier a...

Michael Michael

Tutorial: Introduction to Using the Container Storage Interface (CSI) Primitives

The Container Storage Interface (CSI) does not only allow dynamic provisioning of Persistent Volumes from various vendors. It’s a wealth of new API objects that can perform various data management tasks through kubectl. In this end user focused se...

Michael Mattsson

Persistent Memory in Kubernetes

The term persistent memory (PMEM) is used to describe technologies which allow programs to access data as memory, directly byte-addressable, while the contents are non-volatile, preserved across power cycles. It has aspects that are like memory, a...

Patrick Ohly


CRI-O: The Runtime Control Room

There are many ways to customize the underlying container runtime in Kubernetes. Where Kubernetes API offers many knobs for tuning your workloads, using CRI-O gives you access to even more. CRI-O is a container runtime that provides an incubation ...

Sascha Grunert, Urvashi Mohnani, Peter Hunt, Mrunal Patel

Introduction to Autoscaling

Come and see how to reduce the cost of your cluster and make your workloads more robust by dynamically adjusting them to their current load. During this talk members of SIG-Autoscaling will explain why you should be autoscaling both applications a...

Guy Templeton, Joe Burnett

Prescriptively Benchmarking Kubernetes System and Application Using K-Bench

This session gives an introduction of K-Bench, a framework designed to benchmark Kubernetes infrastructure from various dimensions in a highly configurable manner. K-Bench accepts a rich set of configuration options and yaml specifications, and pa...

Yong Li, Karthik Ganesan