KubeCon + CloudNativeCon North America 2020
Talks
App Testing at Scale: How Bitnami Tests Thousands of Releases Per Month
Bitnami publishes a collection of over 180 open source applications and components on over twenty platforms, resulting in thousands of unique image builds and releases every month. Every single one of those releases is automatically tested in the ...
Juan Jose Martos Castro
Kubernetes
A Flight Over the Cloud Native Landscape
The Cloud Native Computing Landscape is big! And it's just getting bigger all the time. There are already 12 graduated and 21 incubating projects in the foundation! Most of us have heard of a few of these projects. But who really knows what they a...
Carson Anderson
What is the Kubernetes Code of Conduct Committee and What is it Working On
The Kubernetes community has its own elected Code of Conduct Committee (CoCC) but what exactly does this group do? In this session, we will cover the purpose and scope of the CoCC, introduce the current committee members, and share our progress on...
Karen Chu, Aeva Black
A Walk Through the Kubernetes UI Landscape
Working with Kubernetes clusters and workloads can be overwhelming, both for operators, as well as application developers. While kubectl is the de-facto standard interface to interact with Kubernetes' API, a graphical user interface can provide a ...
Joaquim Rocha, Henning Jacobs
Kubernetes
SIG Multicluster Intro
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud) and applications deployed across many clusters. In the introduction, we'll giv...
Jeremy Olmsted-Thompson, Paul Morie
Scalable and Multitenant Networking in XDP and Kubernetes Operators
Enabling multi-tenant and extensible networking in Kubernetes is of paramount importance for cloud providers requires traffic isolation across tenants. By introducing a new data-plane built using XDP and inter-working custom resource operators, we...
Ying Xiong, Sherif Abdelwahab
Kubernetes
How the OOM-Killer Deleted My Namespace, and Other Kubernetes Tales
Running Kubernetes at scale is challenging and you can often end up in situations where you have to debug complex and unexpected issues. This requires understanding in detail how the different components work and interact with each other. Over the...
Laurent Bernaille
Kubernetes
Intro & Deep Dive: Kubernetes Data Protection WG
Data Protection WG in Kubernetes was formed following discussions at KubeCon in San Diego. This is a Working Group dedicated to promoting data protection support in Kubernetes, identifying missing functionality and working together across multiple...
Xiangqian Yu, Xing Yang
Kubernetes
Whatever Can Go Wrong, Will Go Wrong – Rook/Ceph and Storage Failures
Imagine running a 200-node Kubernetes cluster, and suddenly you lost a node or even a ToR switch. What is the state of your persistent storage that your application relies on? How can you make sure your storage is always available? How can you tim...
Sagy Volkov
Multi-Cluster is Easier Than You Think with Linkerd and Ambassador
Multicluster is becoming the new norm; practically everyone runs multiple dev and staging clusters, and running multiple cross-AZ/DC production clusters is a best practice for high availability. However, connecting multiple clusters is often seen ...
Daniel Bryant, Thomas Rampelberg
Sponsored Keynote: Everyone is a Cloud Engineer Now
Ada develops software engineers who are skilled, confident, and work-tested; our graduates are experienced in practical, team-based software development and learning new technology rapidly. Diverse teams create more effective work cultures and inn...
Guinevere Saenger, Leah Petersen
Panel: Tales from the Edge: Is the Edge More Important Than the Service Mesh?
The service mesh hype cycle is well and truly in effect, and almost everyone believes their organization needs a service mesh, even if some don’t fully understand the use case this technology covers. But what about the edge? Practically every Inte...
Bjorn Freeman-Benson, Lin Sun, Alyssa Wilk, Matt Klein
Serverless Workflow – New Approach to Container Orchestration
With the rise of Serverless Architectures, Workflows have gained a renewed interest and usefulness. Typically thought of as centralized and monolithic, they now play a key role in service and events orchestration and coordination. With many differ...
Tihomir Surdilovic, Ricardo Zanini Fernandes
Serverless
Observability Brings Clarity in 5G World
Kubernetes has become the de-facto standard for running 5G core virtual network functions (VNFs) - a set of standards defined applications, each implemented as dozens of microservices and often run across multiple K8s clusters. Centralized monitor...
Yamini Sridaran, Praveen George
Kubernetes
Tutorial: Migration 101: From VMs to Kubernetes
In this hands-on tutorial, you will learn how to progressively adopt Kubernetes by migrating one of your apps from VMs onto Kubernetes. You will perform the full migration process: from preparing your app for running in Kubernetes, to configuring ...
Luke Kysow
Kubernetes
Uniform Workload Identity Everywhere: SPIRE Integrations and Extensibility
Distributing strong identity securely throughout a production environment often requires integrations with a number of platforms. Learn how SPIRE can be adapted to support production workload identity in heterogeneous infrastructure across a varie...
Ryan Turner
Elastic Scheduling with TiKV
In the world of cloud computing, it is well-known that Elastic Scheduling can automatically balance the cost and load of stateless applications, but it is rare to see distributed database systems have the elastic scheduling feature as scaling is a...
Song Gao, Yutong Liang
Collaborative Leadership: Governance Beyond Company Affiliation
The unbridled success of Kubernetes can be attributed in part to being in the CNCF. Putting Kubernetes under a neutral foundation provided a level playing field where each of us could contribute, collaborate and innovate as equals to create a wide...
Dawn Foster
Kubelet Deep Dive: Writing a Kubelet in Rust
Kubelet is a critical part of the Kubernetes project. Kubernetes deployments can vary a great deal in terms of container runtime, self-hosted or static control plane, CNI provider, etc., but they must all have Kubelet running on each node host. Ma...
Kevin Flansburg
Kubernetes
Sponsored Lightning Talk: Why You Need Observability to Adopt Kubernetes at Scale
By accessing this sponsored session, the third party sponsor will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, Standard Demographics Questions (I.e. Company Size, Job Functi...
Shreyans Parekh
Kubernetes
Project Tye: Building Developer Focused Tooling for Kubernetes and .NET
As Kubernetes and Docker become more prevalent, we have made some hypotheses about the current state of microservices: • Container orchestrators were made for operations teams, not developers. • Kubernetes popularized patterns that are now promine...
David Fowler, Justin Kotalik
.NET
Kubernetes
Kata Containers Performance Evaluation and Optimization on Arm64
Kata Containers builds extremely lightweight virtual machines that seamlessly plug into the containers ecosystem. It is a multi-architecture project which has been supported on X86, aarch64, ppc, s390. Jia He will introduce current status of kata ...
Jia He
CNCF End User Tech Radar, November 2020
The CNCF End User Community present the next edition of the CNCF End User Tech Radar (http://radar.cncf.io/), the quarterly report that shows what end users really use and recommend. Cheryl Hung, CNCF VP Ecosystem, will lead a panel discussion wit...
Smaïne Kahlouch, Cheryl Hung, Jackie Fong, Mya Pitzeruse
Cluster API Deep Dive
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate for...
Katie Gamanji, Carlos Panato
Intro + Deep Dive - Provider IBM Cloud
In this session, the project leads will provide an overview of the IBM Cloud Provider subproject, its open source activities, and learning resources. It will be followed by a discussion on the recent developments as well as future work in the IBM ...
Richard Theis, Brad Topol, Sahdev Zala
Rook: Intro and Ceph Deep Dive
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to native...
Travis Nielsen, Blaine Gardner, Alexander Trost, Sébastien Han
Eating Your Vegetables: How to Manage 2.5 Million Lines of YAML
Configuration management, while overlooked and underappreciated, is a necessary component of a healthy Kubernetes diet. With over 200 clusters, 2500 git repositories, and 9000 namespaces, Intuit manages and deploys 2.5 million lines of Kubernetes ...
Jesse Suen, Daniel Thomson
Kubernetes
Helm: Past, Present, Future
What will Helm 4 look like? To get there, we need to go back to the beginning. In this talk, we cover the history of the Helm project from its early hackathon days through the tumultuous refactorings as Helm worked its way to becoming a graduated ...
Matt Farina, Bridget Kromhout, Matt Butcher
Kubernetes SIG-Network: Intro and Deep-Dive
This session will be an introductory session to various Kubernetes networking topics (mostly aimed at relative newcomers to Kubernetes). This will include fundamental topics like pod networking, Services, and Ingress. Attendees will get a glimpse ...
Rich Renner, Tim Hockin, Bowei Du
Kubernetes
KubeEdge: Kubernetes Native Edge Computing Framework
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. It provides edge autonomy, application management and service communication across cloud and edge sites, device management for mul...
Zefeng Wang
Kubernetes
10 More Weird Ways to Blow Up Your Kubernetes
Over the past couple of years, Airbnb has standardized microservices, containerization, Kubernetes, and service mesh in our ecosystem, and have built tools around it to make our workloads more robust. We’ve seen great results with thousands of ser...
Joseph Kim, Jian Cheung
Kubernetes
Vitess: Introduction and New Features
Vitess is a cloud-native storage solution that can scale indefinitely. In this session, we will first cover a high level overview of Vitess features, the architecture, and what database workloads are a good fit. This will be followed by demos of t...
Sugu Sougoumarane, Deepthi Sigireddi
Diversity + Inclusion Workshop: Removing Barriers to Innovation in Becoming...
As we find ourselves at a pivotal time in history where racial equality has never been more important, join national and international speaker Christopher Lafayette as he shares best practices toward removing barriers to innovation. Join us fo...
Christopher Lafayette
Extending Service Mesh to the Edge
The advent of edge computing has led to the trend of splitting applications into edge and cloud components, which makes service mesh a great fit to enable unified application network policies for inter-container communications, regardless of where...
Stephen Wong
Machine Learning on Kubernetes at Shell: A Kubeflow Journey
In this session, Shell describes the lessons learned from working with multiple Machine Learning platforms and tools, the challenges of different systems, why we chose Kubeflow, and how we are now delivering successful models faster and at scale. ...
Alex Iankoulski, Vangelis Koukis
Kubernetes
Machine Learning
Sponsored Session: AppDynamics - Path to Kubernetes Observability
By accessing this sponsored session, the third party sponsor will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, Standard Demographics Questions (I.e. Company Size, Job Functi...
Jeffrey Holmes
Kubernetes
CNCF Serverless WG: CloudEvents and Serverless Workflow
In this session the Serverless WG will update the community on the CloudEvents and Serverless Workflow specifications. In this talk we will look into the importance of using workflows in event-driven, distributed applications. Then we will look at...
Tihomir Surdilovic, Doug Davis
Serverless
Taking Envoy Beyond C++ with WebAssembly
Envoy is the leading proxy for handling cloud-native application traffic at the edge and in the service mesh for its performance, speed and extensibility. The extensibility is in the form of filters that are configured in the proxy that shape, sec...
Idit Levine, Yuval Kohavi
WebAssembly
Tutorial: DevOps Tooling for Java Developers in a Cloud Native World
With the rise of DevOps, low-cost Cloud Computing, and emerging Container technologies, the landscape for how you approach development has dramatically changed. This tutorial is focused on helping Java developers to adapt to this new landscape and...
Stephen Chin, Melissa McKay
DevOps
Java
The Open Source Revolution: How Kubernetes is Changing the Games Industry
Traditional multiplayer game development involves dozens if not hundreds of engineers over several years building custom made backends - often from scratch. Companies have recently moved to GCP or AWS but most games infrastructure runs on metal - ...
Dominic Green
Kubernetes
End User Panel: GITOPS in the Enterprise - Real World Experiences
This panel brings together engineers from the CNCF End User Community to provide their insights on the journey their respective companies have undergone in their transformation to Cloud Native. Each End User member company will discuss their Cloud...
Cheryl Hung, Matt Young, Amr Abdelhalem, Fabio Giannetti
PID 1, SIG Handling, Hooks & Probes: Managing Container Lifecycle Correctly
The lifecycle of an application should be tightly linked to the container hosting it. In an environment like Kubernetes where the Pods get created and deleted left, right, and centre, if an application hasn't implemented signal handling correctly,...
Anmol Krishan Sachdeva
Leveraging Service Meshes for Accelerating Serverless Workflows
Serverless platforms increasingly provide support for function composition (e.g., Knative Eventing, Fission, KNIX). To reduce function interaction overhead within a workflow, platforms may choose to co-locate multiple functions inside a single con...
Paarijaat Aditya, Manuel Stein
Serverless
Kubernetes Operators: Safety First Through Model Checkers
Today's Kubernetes Operators aren't just a fancy toy, but utilities managing critical infrastructure. Many best practices are already applied, increasing their safety: unit/e2e testing, code reviews and post mortem analysis. This talk introduces s...
Neven Miculinic
Kubernetes
API Priority and Fairness: Kube-APIServer Flow-control Protection
Currently the API Server has no concept of priority or fairness for requests. This means that a buggy webhook or bad actor can potentially DOS an API Server by sending lots of requests. This also means that currently the API Server cannot prioriti...
Min Jin
How to Multiply the Power of Argo Projects By Using Them Together
The Argo Project contains three big software components: a GitOps continuous application delivery platform, a cloud-native workflow engine and an advanced deployment controller. All projects are evolving rapidly and have received a lot of new feat...
Alexander Matyushentsev, Hong Wang
Safely Deploying a 100K line Envoy YAML Configuration to Production
Have you ever caused a production incident due to an Envoy misconfiguration? You’re not alone! This talk is about how Lyft has built guardrails to prevent such failures. The presenters will share their experience operating Envoy configurations at ...
Jyoti Mahapatra, Lisa Lu
PKI the Wrong Way: Simple TLS Mistakes and Surprising Consequences
Effective management of TLS certificates and keys is a serious challenge when running Kubernetes at scale. TLS mutual authentication secures all the Kubernetes control plane components, but there are many details that must be right. This talk look...
Tabitha Sable
Kubernetes
Security
Owned by Statistics: Using Kubeflow to Defend vs Attacks on Your ML Models
Machine learning continues its spread across the tech world and is now in use by more than 80% of enterprises world wide. However, with the increased reliance on this technology, the spectre of additional security attack surface areas rises up. Ma...
David Aronchick
Machine Learning
Security
Case Study: Integrating Azure IPv6 PrivateLink with Kubernetes
Databricks offers a multi-cloud SaaS platform to enable data teams to solve the world’s toughest problems, using best in class technology and providing an open ecosystem. We run an infrastructure footprint consisting of 2M+ VMs across 40+ Cloud en...
Michael Wiederhold, Meixing Le
Azure
Kubernetes
Introduction to SIG Cluster Lifecycle
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Si...
Justin Santa Barbara, Lubomir I. Ivanov
Stop Writing Operators
Since the introduction of the operator pattern by CoreOS in 2016, operators and even operator coding frameworks have proliferated seemingly without limit. But *should* you write an operator? If not, what should you be doing instead? In this sessio...
Joe Thompson
Making the Business Case for Contributing to Open Source
Today, pretty much all companies have embraced open source. But while they’re all keen to use open source, at lot fewer actually contribute to it. And yet, there’s real value in doing so. Companies use their contribution to open source to boost re...
Tobie Langel
Into the Deep Waters of API Machinery
We'll cover 3 common icebergs with lightning talks: 1) My namespace won't delete, help! Why does Kubernetes sometimes refuse to delete a namespace? How to diagnose and resolve the root cause. 2) What is REST mappinp? Ever wonder how you're suppose...
Daniel Smith, David Eads, Federico Bongiovanni
Keynote: More Power, Less Pain: Building an Internal Platform with CNCF Tools
Last year GoSpotCheck migrated from a PaaS to Kubernetes, and devs asked "Does it have to be this hard?" The engineering organization's major initiative this year was to be able to say "no," by building an internal Platform-as-a-Service...with no ...
David Sudia
Public Technical Oversight Committee (TOC) Meeting
The Technical Oversight Committee (TOC) provides technical leadership to the cloud-native community. The CNCF will host a public TOC meeting, inviting the community to discuss various agenda items along with holding an open Q&A for the community w...
Michelle Noorali, Katie Gamanji, Xiang Li, Liz Rice, Alena Prokharchyk, Sheng Liang, Justin Cormack, Matt Klein, Chris Aniszczyk, Brendan Burns, Dave Zolotusky, Saad Ali
A Special Interest in Cloud Native Security
Wonder about the security of CNCF projects? What about the state of security in cloud native? Security is not binary, it’s a practice of reducing risk. With fast-changing infrastructure and emerging best practices, there’s no simple, cookie-cutter...
Emily Fox, Brandon Lum
Security
Secure Policy Distribution With OPA
OPA can download bundles of policy and data from remote HTTP servers. Once the policies and data have been loaded, they are enforced immediately. But how does OPA know that these bundles are coming from a trusted source ? How does OPA verify the a...
Ash Narkar
Optimizing Storage Assignment via Pod Scheduling Under Disturbance Factors
For distributed storage systems like Ceph, it is essential to allocate node-local storage devices evenly among racks or regions. This talk introduces how to automate this allocation by using the "WaitForFirstConsumer" volume binding mode and tunin...
Kenji Morimoto
Kubernetes
Progressive Delivery Techniques with Flagger
You might have heard about progressive delivery - it’s an umbrella term for various deployment techniques (eg. Canary releases, Dark launches, A/B testing, Blue-Green mirroring) meant to reduce the risk of introducing new software versions in prod...
Stefan Prodan
Kubernetes IoT Edge Working Group: Using Event Driven Architecture at Edge
Many use cases at edge face resource limits which challenge the deployment of full K8s clusters, or even single nodes, at the edge “leaf” nodes. We will introduce some techniques that can be used to process edge generated data and commands using K...
Steven Wong, Dejan Bosana
Kubernetes
Cloud Native & SD-WAN: Improving K8s Application Experience Over SD-WAN
Access to Kubernetes-hosted applications across Wide Area Networks (WANs) is a standard pattern for Enterprise apps. Software-Defined WAN (SD-WAN) technologies have democratized access patterns across the Internet through latency reduction, throug...
Alberto Rodriguez-Natal, Mark Church
Kubernetes
Build Your Own Envoy Control Plane
Envoy is a building block of many different solutions from Ingress controllers, Service mesh implementations, as well as functions as a service application frameworks. Any solution utilizing Envoy as its data path component most likely implements ...
Steve Sloka
Empowering Cloud Native Networking with Arm Ecosystem
Arm ecosystem is becoming much more popular in cloud native applications than ever before with its increasing wide use. Arm devotes to be a cloud native vendor and puts much resources to enable related projects on its platform. In the presentation...
HanYu Ding, Trevor Tao
Service Mesh Specifications and Why They Matter in Your Deployment
As the ubiquity of service meshes unfolds so does the need for vendor and technology-agnostic interfaces to interact with them. The Service Mesh Interface (SMI), the Service Mesh Performance Specification (SMPS), and Multi-Vendor Service Mesh Inte...
Lee Calcote, Kush Trivedi
Keynote: The Cloud Native Journey @Apple
If you want to evolve your applications, services and user experience around Cloud Native technologies, then adaptability is key. Apple identified the ecosystem’s potential early on, and worked hard to adopt the technologies to support the scale a...
Alena Prokharchyk
The Cloud Native Journey at Adobe
We will share our journey migrating one of Adobe's enterprise products to Kubernetes, running multiple clusters across regions, as well as the processes and technologies that made this possible, including Envoy, Helm or Prometheus. Adopting DevOps...
Carlos Sanchez
Dragonfly: Make Image Distribution Efficiently and Safely in Cloud Native
With the increasing scale of cloud native services in industry, how to distribute images efficiently is a new challenge for enterprises. Dragonfly is an intelligent P2P based container image distribution system which provides a native image distri...
Yuxing Liu, Tao Peng
Intro to CNCF’s Telecom Initiatives
Dedicated to the memory of Dan Kohn. CNCF is helping Telcos navigate the cloud native and open source landscape to obtain the benefits touted by cloud native technologies. Guided by cloud native principles, CNCF hosts three main initiatives for T...
Taylor Carpenter
Evolution of Metric Monitoring and Alerting: Upgrade Your Prometheus Today
Infrastructure metric monitoring is constantly evolving. Similarly, Prometheus, the most adopted observability tool in the CNCF ecosystem, is under active development and constantly growing. Every release brings something new or improves existing ...
Bartlomiej Płotka, Björn Rabenstein, Julius Volz, Richard Hartmann
Prometheus
Keynote: Kubernetes and etcd Features That Unlocked 15k Node Clusters
In this presentation you will learn about improvements made to Kubernetes and etcd that unlocked running massive clusters with 15,000 nodes. We will show how we tackled this challenge from different angles focusing on its technical aspect. You wil...
Wojciech Tyczyński
Kubernetes
All You Can Eat Networking. Kubernetes Goodness for the Hungriest Workloads
There are classes of workloads that are notoriously hungry when it comes to networking. Think big data, storage, analytics, 5G, virtual network functions, then encrypt it all at 40Gbps line rates. Kubernetes and the Kubernetes network model are in...
Casey Davenport, Aloys Augustin
Kubernetes
Observing Cloud Native Observables with the New SIG Observability
This year we founded a brand new SIG to take cloud-native observability forward: Welcome SIG Observability! Consisting of open source project maintainers, standards authors, end-users, and more, we cover a wide range of experience and invite you t...
Bartlomiej Płotka, Richard Hartmann
EmpowerUs: Uniting to Drive Tech Sector Growth through Diversity + Inclusion
Concerted efforts to build diversity and inclusion into the tech sector are essential. Different experiences, outlooks and perspectives make your entire workforce better at solving complex problems, managing risks and spotting opportunities. This ...
Dean Nelson, Parastoo Amin, Ali Fenn, Amber Caramella
Being a Good Citizen of the Multi-operator World
DevOps teams are increasingly using multiple Kubernetes Operators in their clusters. What does it take to develop an Operator that is a good citizen of the multi-Operator world? The talk focuses on this question. To develop an Operator that plays ...
Devdatta Kulkarni
A High-Schooler’s Guide to Kubernetes Network Observability
The Kubernetes ecosystem provides fine attention to the use cases of almost all projects. At the same time, to a novice developer trying to break into distributed systems, Kubernetes can also be incredibly daunting at times. Kube-netc was a projec...
Drew Ripberger
Kubernetes
Logging: Fluentd & Fluent Bit
In this presentation, we will cover the basics, internals and best practices of Logging applied to distributed systems, we will do this through the CNCF projects Fluentd and Fluent Bit. We will introduce the pipeline of data collection, filtering,...
Masahiro Nakagawa, Eduardo Silva
Improving Network Efficiency with Topology Aware Routing
As Kubernetes clusters grew to span multiple zones and regions, it became clear that we needed to improve network routing. The initial kube-proxy implementation meant that all requests were equally likely to go to any endpoint, regardless of how f...
Rob Scott
Kubernetes
Having Cloud Native Fun with HonkCTL
In the last year, geese have come to symbolize a harbinger of chaos in the technical community. Many have taken this opportunity to post many GIFs and make many jokes. One of the jokes, is a Kubernetes-based CTF game called honkCTL. This talk will...
Jeffrey Sica
Kubernetes CronJobs - Does Anyone Actually Use This [in Production]?
Considering CronJob? Think again! CronJobs sound great on paper–a higher-order API built on the bread and butter of K8s that automates fault tolerance, orchestration, etc., for distributed, repetitive tasks. On top of that, you benefit from effici...
Kevin Yang
Kubernetes
Enhancing the Kubernetes Scheduler for Diverse Workloads in Large Clusters
As a wide diversity of workloads are being deployed in Kubernetes, the default scheduler has become insufficient in the light of scheduling performance and functionality. In this talk, Yuan Chen and Yan Xu will present their experience and results...
Yan Xu, Yuan Chen
Kubernetes
Analyzing Operational Data at Scale Using ML at Intuit
Intuit is running ~2000 services in preprod and prod on Kubernetes which needs a fast and easy way to detect and isolate problems via automated analysis of operational data. In this talk, we will present how we collect, analyze and present real-ti...
Vigith Maurice, Amit Kalamkar
Kubernetes
Machine Learning
Using Open Policy Agent to Meet Evolving Policy Requirements
Our team runs a Kubernetes platform for 30+ teams in a variety of commercial and government environments. Each of these environments has different security and compliance requirements, such as PCI and FedRAMP. We must deal with evolving requiremen...
Jeremy Rickard
Intro to Kubernetes Docs
This session introduces the Kubernetes website repo. SIG Docs chairs and tech leads cover how to add and update docs for Kubernetes features, docs in the release cycle, how to localize your content, and where to get help when you need it. We'll wa...
Celeste Horgan, Irvi Aini, Tim Bannister, Brad Topol
Kubernetes
Keynote: Moving Cloud Native Beyond HTTP: Adding Protocols to Unlock New Use Cases
Kubernetes and related projects have first-class support for serving and managing HTTP traffic. This makes sense since the most common protocol used by web servers is HTTP. However, there are many popular protocols in the world that are *not* HTTP...
Jonathan Beri
Tune It Up! Enabling Low Latency in Kubernetes Clusters
Now that Kubernetes has conquered the cloud it’s time for it to move on other domains, like CNF (Cloud-native Network Functions), the cornerstone of 5G deployments! However, to make that happen, we need to address an important limitation: ensuring...
Francesco Romani, Yanir Quinn
Kubernetes
The Stateful Landscape: The Then and Now and the Future
This talk will discuss how the CNCF storage SIG in the CNCF operates, identifies projects for Cloud Native admission and where we see the future of storage in the Cloud Native Ecosystem heading. During this session we will cover: - Overview of t...
Erin Boyd, Alex Chircop, Quinton Hoole
Hands-On Stateful Serverless Applications with K8s and Stateful Functions
Stateful Functions (https://statefun.io/) is a framework that makes it simple to build consistent stateful serverless applications. StateFun is designed to work with popular event-driven FaaS platforms like AWS Lambda, KNative, etc., and provides ...
Seth Wiesman
Kubernetes
Serverless
Clean Up Your Room! What Does It Mean to Delete Something in K8s
While issuing a `kubectl delete` and hoping for the best might work for day-to-day operations, having the knowledge of how Kubernetes effects deletes allows you to understand why some objects linger after deletion. This talk will cover how to dele...
Aaron Alpar
Kubernetes
Seccomp: What Can It Do For You?
Seccomp is a system call filtering tool built into Linux. It has been used as a security layer in Docker for coming up to five years, and is working through a long path to become on by default in Kubernetes. We look at what seccomp can usefully do...
Justin Cormack
Docker
Kubernetes
Building a Global Supercomputer with Virtual Kubelet
Nautilus is a global Kubernetes cluster, product of the Pacific Research Platform (PRP) project at The University of California San Diego (UCSD) and many collaborating campuses. It aggregates compute resources from around the world. While that's i...
Adrien Trouillaud, Dmitry Mishin
Improved TiKV Observability: How We Trace Events under Nanoseconds Latency
Observability is beneficial but often comes with a price. When adding tracing to low latency services (e.g. < 1ms), engineers might find notable performance degradation. Besides, trade-off solutions have inherent limitations. For example, sampl...
Zhenchi Zhong, Wish Shi
Static Analysis of Kubernetes Manifests
Planning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configuratio...
Barak Schoster
Kubernetes
NATS Streams and Services: From Zero to Hero
NATS is high performance cloud native messaging system that allows you to build globally available and secure applications based on streams and services that are both fast and simple to operate. In this talk you will learn: how to get started with...
Jaime Piña, Waldemar Quevedo Salinas
Tutorial: Building an Enterprise Infrastructure Control Plane on Kubernetes
Enterprise infrastructure is diverse, complex, and difficult to automate. What if you could standardize on a single infrastructure control plane using the Kubernetes API? In this tutorial we will cover how to build Kubernetes controllers to manage...
Daniel Mangum
Kubernetes
Declarative Testing Clusters with KUTTL
The facts are the Kuttling releases a cocktail of hormones in our brains including dopamine, serotonin and oxytocin. It can lower your blood pressure and heart rate. Nothing raises your blood pressure more than software written for Kubernetes that...
Ken Sipe
Cluster Reconciliation: Managing Resources Across Multiple Clusters
Suppose your organization runs multiple Kubernetes clusters, as failure domains or distinct POPs. You have a service that you wish to run on some (or all) of the clusters. How will you run it on all (applicable) clusters? How will you roll updates...
Vallery Lancey
Kubernetes
High Performance KubeVirt in Action
This talk details a real world solution design of a high performance KubeVirt for running mission critical enterprise workload. KubeVirt brings Cloud Native Virtual Machine management to Kubernetes. It unifies workload orchestration across Contain...
Huamin Chen, Marcin Franczyk
Kubernetes
Serverless for ML Inference on Kubernetes: Panacea or Folly?
As providers of an end-to-end MLOps platform, we find that autoscaling ML inference is a frequent customer ask. Recently, serverless computing has been touted as the panacea for elastic compute that can provide flexibility and lower operating cost...
Manasi Vartak
Kubernetes
Machine Learning
Serverless
CloudEvents - v1.0 and Beyond - Discovery/Subscriptions
With the release of CloudEvents v1.0 the project has now expanded its scope to consider other potential pain points for the community. To that end, the group is focusing on Event Discovery and Subscriptions APIs in the hopes of reducing the fricti...
Doug Davis, Clemens Vasters
containerd: Rootless Containers 2020
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential cont...
Akihiro Suda
Design Patterns for Extendable, Scalable K8s Extensions
OPA Gatekeeper is a customizable Kubernetes admission webhook that helps enforce policies and strengthen governance. The Gatekeeper project is capable of dynamically creating, managing and destroying new custom resources which are used to customiz...
Rita Zhang, Max Smythe
Kubernetes
Production CI/CD w/CNBs: Tekton, Gitlab & CircleCI(plus), Oh My!
You may have heard of Cloud Native Buildpacks (https://buildpacks.io/), a set of tools for transforming application source code to OCI images that can run on any cloud. In this session, we’ll delve into some new functionality of Cloud Native Build...
David Freilich, Natalie Arellano
Harbor - Enterprise Cloud Native Artifact Registry
Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving the management and distribution challenges of container image, Helm Chart, CNAB or other OCI compatible artifacts...
Steven Ren, Daniel Jiang, Alex Xu, Steven Zou
Customizing OPA for a "Perfect Fit" Authorization Sidecar
The Open Policy Agent (OPA) has become widely used in the CNCF ecosystem and is a go-to option for application developers as the standardized decision engine for authorization. Many users rely on the existing integrations with Envoy/Istio, or the ...
Patrick East
High Performance Networking for Distributed DL Training in Production K8s
Distributed DL training requires high performance networks connecting tens, hundreds, or for certain natural language processing models, even thousands of GPUs. Running these workloads on Kubernetes clusters of GPU enhanced servers requires carefu...
Vatsan Kasturi, Nivedita Viswanath
Kubernetes
Kubernetes Working Group for Multi-Tenancy Project Overview
In this session, the leaders of the Kubernetes Working Group for Multi-Tenancy will quickly go over how you can join the multi-tenancy group, and also do a quick overview of each of the projects we are incubating: the Virtual Cluster Project, the ...
Tasha Drew, Adrian Ludwin, Fei Guo, Jim Bugwadia
Kubernetes
Kubernetes and Logging: Do It Right
Logging in distributed systems is not as simple as it sounds. The nature of having distributed applications comes with challenges for data processing such as parsing and unstructured/structured data handling, metadata correlation (labels/annotatio...
Eduardo Silva
Kubernetes
Proxyless Service Mesh with gRPC
gRPC is a popular choice for building microservices. A service mesh is a dedicated infrastructure layer for communications between microservices, with features such as service discovery, load balancing, application security and observability. A s...
Menghan Li
gRPC
SIG CLI Intro and Updates
Maintainers from SIG CLI will introduce the audience to the projects hosted under the SIG and the SIG CLI community. They will provide a brief overview for each of these projects, including giving on update on the current state of the kubectl and ...
Maciej Szulik, Sean Sullivan, Eddie Zaneski, Phillip Wittrock
Tutorial: From Notebook to Kubeflow Pipelines to KFServing: the Data Science Odyssey
A hands-on lab driven tutorial to show Data Scientists and ML Engineers alike how to turbocharge your Kubeflow efforts. In this session you will learn how to quickly build, tune, and execute complex Kubeflow workflows - as well as how to work fast...
Karl Weinmeister, Stefano Fioravanzo
Machine Learning
Jaeger Deep Dive
This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo of the recently added features, talk about various topics including the architecture, deployment models, configuration, different types of samp...
Pavol Loffay, Annanay Agarwal, Yuri Shkuro
Image-Builder Deep Dive
Image-builder is a subproject of SIG Cluster Lifecycle that was created with idea to host a number of different utilities for creating virtual machine images. It has the following goals: 1) To build images for Kubernetes-conformant clusters in a c...
Moshe Immerman, Tushar Aggarwal
Kubernetes
Enhancing K8s Networking with SmartNICs
As more workloads like IoT, big data and machine learning move towards the edge, it becomes critical that networks continue to advance. Low latency, performance and higher throughput become prerequisites to ensure that the edge is a viable locatio...
Dave Cremins
Kubernetes
CNCF Project Paperwork Working Session
At each stage from Sandbox to Graduated, you’ll need to add community and process documentation – and there’s even more that’s good to have even if it’s not required. Let us help you create this “project paperwork” now instead of waiting for a dea...
Josh Berkus, Carolyn Van Slyck, Dawn Foster
Kubernetes: Putting the Focus on Upstream Usability with SIG Usability
SIG Usability is the Kubernetes’ community’s newest special interest group. In this presentation we will go over our user research project to better understand end users of Kubernetes and how the upstream project can better serve them. We will als...
Tasha Drew, Gabby Moreno Cesar
Kubernetes
SIG Architecture Intro and Update
SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API defini...
John Belamaric, Derek Carr
Building Better Communication for Kubernetes Contributors with Marketing
The Upstream Marketing Working Group began as a vision to connect contributors. It's grown into a set of practices, channels, and bots that unite us all across the Kubernetes community. We will show our theory of multichannel communication (and th...
Kaslin Fields, Matthew Broberg, Rajula Vineet Reddy
Kubernetes
Standardizing Cloud Native Application Delivery Across Different Clouds
At its heart, Kubernetes is an infrastructure platform: It abstracts at the infrastructure layer, but does little to resolve application layer dependencies. Today, a Kubernetes application cannot be defined and deployed uniformly across multiple p...
Hongchao Deng
Kubernetes
What’s in a Name? A WG Naming Deep Dive
WG Naming was formed in June 2020 as a direct response to the Black Lives Matter protests occurring across America. Its goal is to remove harmful and unclear language in the Kubernetes project as completely as possible, and to do so in a way that ...
Celeste Horgan
Selecting the Right Identity Provider for Kubernetes: A Comparative Survey
This is intended to be a comparative view of common identity providers available to Kubernetes. I'll compare all of the details ranging from authentication (Authn), authorization (Authz), user management, mapping, federation and so on. We will dis...
Cameron Seader
Kubernetes
Contributing to Kubernetes Conformance Coverage
In this session we'll walk through the Certified Kubernetes program followed by a deep-dive into the tooling developed for identification, removal and prevention of gaps in certification test coverage. In the intro, we will cover the steps requir...
Caleb Woodbine, Hippie Hacker
Kubernetes
In Search Of A `kubectl blame` Command
Developers want understandable tools. Their tools should tell them, “This change here broke that pod there.” But control loops drive the Kubernetes worldview. In a control loop, Kubernetes updates the cluster to make the actual state match desired...
Nick Santos
Kubernetes
Introduction and Deep Dive into containerd
Join containerd maintainers in a combined introduction and deep dive discussion. This talk will include a brief introduction to the design and architecture of containerd along with the latest updates to the project. After that, maintainers will de...
Wei Fu, Michael Crosby, Derek McGowan
The Great "k8s.gcr.io" Vanity Domain Flip
VDF or the Vanity Domain Flip, represents a milestone in empowering the community with full ownership of their container image infrastructure. This presentation will cover the history of the VDF project, which spanned roughly 2 years (from late 20...
Stephen Augustus, Linus Arver
Kubernetes
Scaling to Millions of ML Models to Solve the Problems of SRE and Security
This talk describes how to scale to millions of ML models operating on petabytes of operational and user data that is used to improve the efficacy of SRE teams and security of end users’ application services. These models are used to improve zero ...
Sandeep Pombra, Jakub Pavlik
Machine Learning
Security
Building, Managing and Automating Clusters at Scale With Prow
Whether building your first or 100th Kubernetes cluster, it eventually becomes clear- this must be automated. These days, building and customizing a cluster is pretty straight forward based on your required workloads, infrastructure and tooling. T...
Michael Splain
Kubernetes
Automatically Making Dashboards Load 100X Faster
High cardinality metrics often cause alerts and dashboards to time out when they try to fetch too much data. Prometheus provides recording rules to speed up queries by pre-generating the queries, however, they have to be configured manually and re...
Shreyas Srivatsan
Virtual Application Networks for Cloud Native Applications
The Internet is built for client-server architectures. Cloud-native software needs better abstractions for service interconnect. Learn about Virtual Application Networks (VANs) and how they advance the capabilities of cloud-native applications. Id...
Ted Ross
The Past, Present, and Future of Kubernetes on Raspberry Pi
By now, you’ve surely heard that Kubernetes can be run on a 35 USD credit-card sized computer, but do you know how we got there, where we are today and what’s coming next? Alex has been building clusters with Docker and Raspberry Pis since 2015 an...
Alex Ellis
Kubernetes
Sponsored Session: AWS - Say goodbye to YAML engineering with the CDK for Kubernetes
The CDK for Kubernetes (cdk8s) is a new open-source software development framework for defining Kubernetes applications and resources using familiar programming languages. In this session, we will show you how to define your first cdk8s applicati...
Eli Polonski
AWS
Kubernetes
Five Hundred Twenty-five Thousand Six Hundred K8s CLI’s
With the success of the Kubernetes ecosystem, users now have a many choices when it comes to Kubernetes tools. While it's great for users to have options, lots of choices can make it difficult for Kubernetes users to make decisions or know where t...
Gabbi Fisher, Phillip Wittrock
Kubernetes
Sponsored Keynote: Scaling Machine Learning Without Compromising Privacy
No matter what kind of machine learning (ML) applications you are building for your business, securing your end-to-end ML pipeline is essential yet complicated. ML pipelines become more powerful by distributing a complex network of stages across ...
Nanda Vijaydev
Machine Learning
Security Kill Chain Stages in a 100k+ Daily Container Environment with Falco
Security is a vital aspect of a Cloud Native infrastructure. In this talk, Eric and Natch will show how they set up monitoring to identify anomalous system calls and abnormal Kubernetes API events in MathWorks cloud infrastructure hosting 100K+ da...
Natch Ruengsakulrach, Eric Hollis
Security
Managing Cloud Native Artifacts for Large Scale Kubernetes Cluster
When managing artifacts like container images and Helm charts for cloud native apps, users often face challenges such as efficiently publishing applications to Kubernetes cluster at scale, enforcing access control, identifying image vulnerabilitie...
Henry Zhang, Mingming Pei
Kubernetes
gRPC Communication Patterns – A Deep Dive
Real-World microservices implementations often use a variety of communication protocols and standards to build different services. gRPC has emerged as an efficient, reliable, and robust way to build inter-microservice communication owing to its ri...
Kasun Indrasiri, Danesh Kuruppu
gRPC
Sponsored Keynote: Marvin, Where is My Secure API?
Modern cloud native developers use APIs and services from a variety of organic, public cloud and SaaS offers to build their apps and drive velocity. Unfortunately, this implies that the developer, security teams, infrastructure teams, the responsi...
Vijoy Pandey
Beyond File and Block Storage in Kubernetes
Kubernetes graduated Container Storage Interface (CSI) to GA status in v1.13. It has since evolved to support a large number of vendors and storage formats. It has brought the industry together in consensus about the best practices in storage. CSI...
Sidhartha Mani
Kubernetes
Building a Cloud Native Feature Store with Feast on Kubeflow
Features are at the heart of what makes machine learning systems effective. However, many challenges still exist in the feature engineering life-cycle. Developing features from big data is often an engineering heavy task, with challenges in both t...
Oleksii Moskalenko, Willem Pienaar
How to Effectively Manage Kubernetes in a Regulated Environment
Kubernetes plays an important role when scaling containerized applications in a highly regulated environment. Capital One understands this first hand, as they will complete a multi-year journey to exit on-prem data centers this year and move to th...
Darien Ford
Kubernetes
Sponsored Keynote: Kubernetes Everywhere
Building, deploying, and running apps in heterogenous environments can impact performance and user experience. Kubernetes can solve this pain, by acting as a common infrastructure layer across on-prem, edge, and public cloud. Learn how Kubernetes ...
Briana Frank
Kubernetes
A New Approach to Logging as a Stack: Fluent Bit + PostgreSQL (FPS)
Logging at scale is a very interesting challenge, and having the right open source stack is mandatory. There are many ways to solve the log collection, processing and aggregation problem, but when it comes to perform data analysis once the data ha...
Jonathan Gonzalez
Managing Developer Workflows with the Kubernetes API
Write your own Kubernetes client to keep application teams from breaking their products. Kubernetes is incredibly powerful. It's extensibility allows for limitless varieties of architecture. But how do you get hundreds of engineers to follow the s...
Colin Murphy
Kubernetes
SIG Scheduling Deep Dive
Kube-Scheduler is the component of Kubernetes that assigns pods to nodes based on the configured scheduling requirements. These requirements can be high availability, resource efficiency and other policies and heuristics. This talk will provide an...
Abdullah Gharaibeh, Wei Huang
Kubernetes
Envoy Q&A
Come meet the Envoy maintainers for a small intro to Envoy as well as an open Q&A!
Harvey Tuch, Matt Klein
MLOps at Snapchat: Continuous Machine Learning with Kubeflow & Spinnaker
Training a machine learning model to support your use case can be difficult, but in actuality model creation is only the beginning. ML systems are complex and differ from traditional software systems; as such unique challenges arise when engineers...
Kevin Dela Rosa
DevOps
Kubernetes
Machine Learning
DevOps All the Things: Creating a Pipeline to Validate Your OPA Policies
Open Policy Agent is quickly becoming the de facto tool for applying configuration governance as code to your Kubernetes clusters. It can be challenging to understand how to optimize your workflows after finishing the getting started guide. This t...
Goran Osim, Karpagam Balan
DevOps
A Future Journey: How to Migrate 100 Clusters Between Clouds Without Downtime?
Have you ever thought about migrating your Kubernetes clusters to another cloud provider to save costs? Yes? We too! Join us on an interactive journey to discover the main challenges of live migration at scale of etcd’s, traffic routing and applic...
Tobias Schneck
Kubernetes
Absorbing Thanos Infinite Powers for Multi-Cluster Telemetry
Thanos is an open-source, CNCF’s Incubated project that horizontally scales Prometheus to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by hund...
Bartlomiej Płotka, Kemal Akkoyun, Frederic Branczyk
Stress and Mental Health in Technology
Jennifer (psychologist and founder of GCI) will deep dive into the impact of industry stress and burnout. Research suggests the prevalence of diagnosed mental health conditions in tech professionals ranges between 20-50%. While this is notably hig...
Jennifer Akullian
Cloud Native Machine Learning Systems at Day Two and Beyond
You’re probably already convinced that Kubernetes is the right infrastructure for your next machine learning initiative, but you may not be ready for some of the speedbumps that await you on the way. This talk will introduce some of the challenges...
Sophie Watson, William Benton
Kubernetes
Machine Learning
Keynote: Predictions from the Technical Oversight Committee (TOC)
2020 has been quite the year of change in many ways. While terrible things happened in the world around us, the cloud native community has nevertheless been able to make progress on many fronts. This talk gives an update on that progress, and whe...
Liz Rice
Speeding Up Analysis Pipelines with Remote Container Images
Containers have taken a key role in the daily life of physicists at CERN, helping with packaging and sharing code as well as ensuring analysis reproducibility. This session will describe how processes have been adapted to containerize software rel...
Ricardo Rocha, Spyridon Trigazis
A Different Kind of Kubernetes Artifact
Kubernetes most well known artifacts are in forms of manifest files (we’re no stranger to yaml), container images, and its objects among other things. What about it’s cultural artifacts? What are they? Throughout history, we’ve leaned on cultura...
Paris Pittman
Kubernetes
Building Linux Distributions for Fun and Profit
Should we aim to have one Linux distro to rule them all? Or should we have a specialized one for each need? When does it make sense to go for one or the other? When running software on K8s, does the distro running on the nodes make a difference? W...
Margarita Manterola
Linux
GitOps Is Likely More Than You Think It Is
While the term “GitOps” has achieved almost mainstream use, confusion remains around what it is and the benefits it can bring. True, it involves continuous delivery (CD), but the way delivery is achieved as well as how CD interacts with workload o...
Cornelia Davis
CNCF SIG Network Intro & Deep-Dive
“It’s the network!” is the cry of every system administrator, every developer. With the increased prevalence of microservice-based distributed systems, it’s true - networking as a discipline has never been more critical in the efficient operation ...
Lee Calcote
TiFlash: Make TiKV 10x Faster and HTAP-able
HTAP is a term introduced by Gartner, describing the capability processing both transactional and analytical workload. It is hard to deal with both workload seamlessly in one platform since the storage format of the two is totally different and wo...
Liquan Pei, Xiaoyu Ma
Kubernetes-native Security with Starboard
Starboard is an open source project that gathers security information from various different tools into Kubernetes CRDs, so users can manage & access security reports through familiar Kubernetes interfaces, like kubectl or Octant. This talk uses p...
Liz Rice, Daniel Pacak
Kubernetes
Security
The Building Blocks of DX: K8s Evolution From CLI to GitOps
In the past years, Kubernetes has become the default container orchestrator framework, setting the standards for application deployment in a distributed architecture. Wider adaptability of the tool prompted the diversification of the end-user base...
Katie Gamanji
Kubernetes
Serverless or Servicefull
While containers and container orchestration has taken the world by storm over the last five years, serverless offering that hides the complexity of the underlying infrastructure and the application management mechanisms are becoming the norm with...
Sebastien Goasguen
Serverless
Kubernetes VMware User Group Intro: Best Practices for Running on VMware
This will be a presentation by organizers and members of the Kubernetes VMware User Group. This group addresses running all forms of Kubernetes on VMware infrastructure. The group exists to serve users, along with those who develop, test and suppo...
Steven Wong, Myles Gray
Codename VIFL - How to Migrate MySQL Database Clusters to Vitess
Have you ever considered migrating a database system at scale with no downtime? Many of us that have tried, often find it an insurmountable challenge for both developers and database engineers. Most of the time, companies start these kinds of migr...
Guido Iaquinti, Rafael Chacon
Overview and State of Linkerd
In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They'll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality ar...
Tarun Pothulapati, William Morgan
Tutorial: Say Goodbye to YAML Engineering with the CDK for K8s
Applications running on Kubernetes are composed of dozens of resources maintained through an intricate collection of carefully maintained YAML files. As applications evolve and teams grow, these files become hard to manage and reuse — copying & pa...
Elad Ben-Israel, Nathan Taber
Kubernetes
Everything You Should Be Doing, But Aren’t: DevSecOps for K8s Workflows
Steven and Pop will describe a defense-in-depth approach to secure production workloads running on Kubernetes. We’ll show a live demonstration of using CNCF projects like Helm, OPA, Falco, and Argo to secure Kubernetes clusters. With a secure clus...
Steven Terrana, Dan Papandrea, Booz Allen Hamilton
DevOps
DevSecOps
Kubernetes
Security
Panel: Introduction to the Container Orchestrated Device (COD) Working Group
The Container Orchestrated Device (COD) Working Group, is a small group formed by passionate Container Runtime Maintainers and Device Vendors looking to solve many of the challenges Devices face in the cloud native space. Custom Devices are used i...
Alexander Kanevskiy, Urvashi Mohnani, Renaud Gaubert, Mike Brown, Mrunal Patel
Service Discovery with CoreDNS Plugins in Golang
Best known as the default cluster DNS server for Kubernetes, CoreDNS is a flexible and extensible DNS server with a focus on service discovery. The extensibility of CoreDNS comes from its plugin-based architecture: new features can be added as plu...
Yong Tang, John Belamaric
Kubernetes
Intro: CNCF SIG-Runtime
The CNCF SIG Runtime (https://github.com/cncf/sig-runtime) collaborates to explore how different runtime infrastructure technologies make it possible to run cloud-native workloads. Discussions are about generalized orchestration, autoscaling, sche...
Rakuten, Ricardo Aravena, Renaud Gaubert
Intro and Deep Dive: Kubernetes SIG Instrumentation
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and ...
Elana Hashman, Han Kang, David Ashpole, Frederic Branczyk
Kubernetes
How to Build a Cloud Native Image Recognition Solution
Fn Project is an open source project for serverless functions. We want to share how we used Fn, AutoML Natural Language Processing, and K8s to improve older Optical Character Recognition (OCR) technology. The resulting image recognition applicatio...
Rolando Carrasco, Akshai Parthasarathy
Sponsored Keynote: Online Learning—Advancing Your Knowledge of Kubernetes
Kubernetes will soon be everywhere and used by everyone. The challenge for our growing community is how to properly onboard new users to our community as it's often viewed as a complex ecosystem. In this keynote, we'll highlight how the community ...
Grant Shipley, Marissa Bosche
Kubernetes
Accelerate and Autoscale Deep Learning Inference on GPUs with KFServing
Large-scale language models, such as BERT and GPT-2, have brought exciting leaps in state-of-the-art accuracy for many NLP tasks. BERT requires significant compute during inference, which poses challenges for real-time application performance. KFS...
David Goodwin, Dan Sun
DevOps Performance From a Different Dataset: What 30M Workflows Reveal
What can we learn about DevOps best practices by looking at data from a SaaS with 900K dev users, 25K orgs and 30m+ builds a month, particularly when compared with surveys where users opt-in? Join CircleCI's VP of Platform, Mike Stahnke, to unders...
Michael Stahnke
DevOps
Intro & Deep Dive: Kubernetes SIG-Storage
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing ...
Michelle Au, Xing Yang
Kubernetes
How H-E-B Curbside Adopted Linkerd During a Pandemic
In early 2020 HEB was rated as the #1 grocery retailer in the country in a consumer survey run by Dunnnhumby. As shelter in place orders were implemented as COVID-19 spread across the world, H-E-B Curbside & Delivery became a critical resource for...
Garrett Griffin, Justin Turner
Kubernetes
Notary v2: Redesigning the Secure Supply Chain for Containers
The Notary v2 project was launched at Kubecon North America in 2019, as a joint community effort to resolve issues with the first generation Notary, which was launched five years ago. Since then we have learned a lot about how containers are used ...
Omar Paul, Justin Cormack, Steve Lasker
Panel: Linux in the Kubernetes Era: Does The OS Still Matter?
With the end of life of the original “Container Linux” (CoreOS), what is the future for the key underlying component of any Kubernetes deployment: the operating system? While many are opting for general-purpose distributions like Ubuntu or CentOS,...
Vincent Batts, Dusty Mabe, Kiko Reis, Tasha Drew, Darren Shepherd
Kubernetes
Lives On the Line. Learning Disaster Response From the Coronavirus Pandemic
Join us for an exciting session where two worlds collide to bring a deep look at disaster response in cloud-native from the lense of a global viral pandemic. Two unsuspecting women will grace the stage to share a powerful lesson. Join a practicing...
Rachel Beda, Kris Nova
Navigating the App Delivery Landscape While Solving Everyday Problems
Recently there was a lot of buzz around the CNCF landscape getting overly complex. There are more and more options to choose from which is good to see a growing ecosystem. However, this can sometimes also become overwhelming. In this session we wa...
Alois Reitbauer, Lei Zhang
Constructing Chaos Workflows with Argo and LitmusChaos
LitmusChaos is an open-source cloud-native Chaos Engineering framework for Kubernetes. It provides custom APIs (via CRDs) to orchestrate Chaos on your clusters while providing readily usable, off-the-shelf Chaos experiments via the ChaosHub. Howev...
Sumit Nagal, Umasankar Mukkara
Contour, A High Performance Multitenant Ingress Controller for Kubernetes
Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providi...
Steve Sloka, James Peach, Michael Michael, Nick Young
Kubernetes
Sponsored Keynote: The Rise of the End Users
Today, end users are not just “using” open source software, they are active and valuable participants in the communities and are helping to drive innovation into the upstream projects, driving projects out into the open from behind the firewall fo...
Diane Mueller
An SLO-Driven Approach to Enhance Kubernetes Cluster Reliability
How to define reliability of a Kubernetes cluster? What are the SLOs? How many 9s is enough to ensure end-users are happy for a Kubernetes cluster with thousands of nodes? Service-level-objective (SLO) is the key to run large-scale production clus...
Cong Chen, Qian Ding
Kubernetes
Inside Kubernetes Ingress
Kubernetes Ingress is a core abstraction of Kubernetes: K8s Ingress grants access to K8s HTTP Services from outside the K8s Cluster. In effect, K8s Ingress exposes your HTTP application to the outside world. However, even experienced K8s users str...
Dominik Tornow
Kubernetes
Getting Started with Jaeger
Jaeger is the most popular open source distributed tracing system in the world and, as such, often comes with people asking how to bootstrap their first cluster. If you are interested in getting started with Jaeger join us in this lightning talk ...
Joe Elliott
Keynote: SIG-Honk AMA Panel: Hacking and Hardening in the Cloud Native Garden
Have you ever wondered how hackers think? What do attackers look for when they approach a cluster, and what security hardening steps can stop them in their tracks? Join Ian Coldwater, Brad Geesaman, Rory McCune, and Duffie Cooley for an AMA panel ...
Brad Geesaman, Rory McCune, Ian Coldwater, Duffie Cooley
Hacking
Security
Practice of Fine-grained Cgroups Resources Scheduling in Kubernetes
Alibaba supports resource scheduling for hundreds of thousands of nodes, millions of containers, and tens of thousands of applications. Many online services need to dynamically increase the resource limit during operation, and cannot accept the im...
Xianlu Chen, Qingcan Wang
Kubernetes
Open Policy Agent Intro
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA mai...
Max Smythe, Patrick East
Simplifying Windows Runtime and Deployment in Kubernetes
The leaders of SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This session will concentrate on presenting new features and capabilities as well as focus on advanced capabilities like ContainerD integration, CSI, ...
Muzz Imam, Deep Debroy, Michael Michael, Mark Rossetti
Kubernetes
Bypass Falco
The main goal of Falco is to detect malicious behaviors at runtime and alert you about anything undesirable happening inside your machines. Maybe you trust it as your last line of defense in today’s cloud-native environments, and as a consequence,...
Leonardo Di Donato
Beyond the Buzzword: BPF’s Unexpected Role in Kubernetes
Increasingly, cloud native tools are leveraging the Linux kernel’s Berkeley Packet Filter (BPF) capabilities for a range of applications, such as networking, security, observability, and troubleshooting. In recent Linux kernel releases, BPF has be...
Alban Crequy, Andrew Randall
Kubernetes
Intro to Scaling Prometheus with Cortex
Have many, disparate Prometheus instances scattered around your organisation? Want a single, centralised place to store and query all your metrics? Don’t want to manually shard your metrics across instance? Want faster queries and indefinite reten...
Ken Haines, Tom Wilkie
Prometheus
Simplify Application Deployment at the Edge with Harbor
Harbor offers a lot of capabilities as a registry in the datacenter. Recently, we have focused our energy on better image distribution and Edge scenarios. You can't operate Kubernetes at the Edge without a registry and Harbor is making it easier a...
Michael Michael
Tutorial: Introduction to Using the Container Storage Interface (CSI) Primitives
The Container Storage Interface (CSI) does not only allow dynamic provisioning of Persistent Volumes from various vendors. It’s a wealth of new API objects that can perform various data management tasks through kubectl. In this end user focused se...
Michael Mattsson
Persistent Memory in Kubernetes
The term persistent memory (PMEM) is used to describe technologies which allow programs to access data as memory, directly byte-addressable, while the contents are non-volatile, preserved across power cycles. It has aspects that are like memory, a...
Patrick Ohly
Kubernetes
CRI-O: The Runtime Control Room
There are many ways to customize the underlying container runtime in Kubernetes. Where Kubernetes API offers many knobs for tuning your workloads, using CRI-O gives you access to even more. CRI-O is a container runtime that provides an incubation ...
Sascha Grunert, Urvashi Mohnani, Peter Hunt, Mrunal Patel
Introduction to Autoscaling
Come and see how to reduce the cost of your cluster and make your workloads more robust by dynamically adjusting them to their current load. During this talk members of SIG-Autoscaling will explain why you should be autoscaling both applications a...
Guy Templeton, Joe Burnett
Prescriptively Benchmarking Kubernetes System and Application Using K-Bench
This session gives an introduction of K-Bench, a framework designed to benchmark Kubernetes infrastructure from various dimensions in a highly configurable manner. K-Bench accepts a rich set of configuration options and yaml specifications, and pa...
Yong Li, Karthik Ganesan
Kubernetes