Loading…
Attending this event?
In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, April 17
 

09:00 CEST

Application Networking Day with Istio, Ambient, eBPF, and Cilium - Hosted by Solo.io
This event is currently at capacity. To be placed on the waitlist, please click HERE to provide your information and you will be notified if a seat at the event becomes available.

Start with equal parts API gateway, Kubernetes ingress and service mesh, then throw in security, observability, and multi-tenancy. The world of application networking is changing fast. Join us at this off-site co-located event to learn about what’s new with open source application networking technologies including Istio, Ambient, Cilium and eBPF, and how to use them together to better power your applications.


This event includes one full day of technical sessions presented by end users and industry leaders from across the cloud native ecosystem concurrent with live, hands-on workshops so you can try out the technologies as you learn.

Please note, this is an off-site Sponsor Hosted Co-located Event
For questions regarding this event, please contact: events@solo.io
For details and location information, please visit: https://www.solo.io/events/kubecon/application-networking-day/


Monday April 17, 2023 09:00 - 18:00 CEST
Amstel Boathouse Amsteldijk 223 1079 LK Amsterdam Netherlands
  Sponsor Hosted Co-Located Event

13:00 CEST

Operator Day Hosted by Canonical
What are Software Operators?
Software operators are crucial in the Kubernetes landscape; They help human operators and administrators run their applications efficiently and effectively. At Canonical, we redefined how to operate applications through an OSS-based platform and framework for building and running operators with Juju, the Charmed Operator Framework.
 
Although a software operator is often associated with Kubernetes, operators can cover applications for many substrates: bare metal servers, private clouds, public clouds, and Kubernetes clusters. Juju offers a mature, consistent, intuitive user interface for integrating applications for all substrates.
 
Why attend operator day?
We launched Operator Day at the KubeCon + CloudNativeCon North America conference in 2020. Since then, we have proudly hosted 5 Operator Day events with various sessions presenting industry leaders redefining the operators' landscape.
 
The 6th Operator Day is a must-attend virtual event; it will cover the basics behind software operators, what they are, how to use them, how to create them, and how your team can benefit from them. You can dial in from anywhere and watch use case presentations where software operators have been applied successfully across the entire stack: on VMs, private clouds, public clouds, or in a multi-cloud scenario.

Please note that this is a virtual Sponsor-hosted Co-located event.
For questions regarding this event, please contact: julia.obraztsova@canonical.com
For details please visit: https://app.myonvent.com/event/operator-day

Monday April 17, 2023 13:00 - 18:00 CEST
Virtual
  Sponsor Hosted Co-Located Event

14:00 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Monday April 17, 2023 14:00 - 18:00 CEST
Entrance C
  Badge Pick-up

14:00 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Monday April 17, 2023 14:00 - 18:00 CEST
Entrance K
  Badge Pick-up

18:00 CEST

SKYY Bar Happy Hour Hosted by Harness
Let's kick off the week of KubeCon + CloudNativeCon in style! Join Harness for an evening of drinks and networking on Monday, April 17th from 18:00 - 21:00 at the SKYY Bar, located on the rooftop of the Westcord Fashion Hotel Amsterdam!

Registration for this event is currently sold out. However, a waitlist has been implemented when adding to your KubeCon + CloudNativeCon registration.

Please note that this is an off-site Sponsor-hosted Co-located event.
For questions regarding this event, please contact: events@harness.io
Monday April 17, 2023 18:00 - 21:00 CEST
SKYY Bar Rooftop of the Westcord Fashion Hotel, Hendrikje Stoffelsstraat 1, 1058 GC
  Sponsor Hosted Co-Located Event
 
Tuesday, April 18
 

07:30 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Tuesday April 18, 2023 07:30 - 18:30 CEST
Entrance C
  Badge Pick-up

07:30 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Tuesday April 18, 2023 07:30 - 18:30 CEST
Entrance K
  Badge Pick-up

08:00 CEST

Dapr Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Dapr Project Meeting
Tuesday, April 18 | 8:00 - 10:00 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 08:00 - 10:00 CEST
Congress Center | D303
  Project Meeting

08:00 CEST

Knative Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Knative Project Meeting
Tuesday, April 18 | 8:00 - 10:00 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 08:00 - 10:00 CEST
Congress Center | D304
  Project Meeting

08:00 CEST

Fluent Bit Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Fluent Bit Project Meeting
Tuesday, April 18 | 8:00 - 12:00 CEST
Room G111, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 08:00 - 12:00 CEST
Auditorium Center | G111
  Project Meeting

08:00 CEST

OpenGitOps Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenGitOpsProject Meeting
Tuesday, April 18 | 8:00 - 12:00 CEST
Auditorium Center | Amsterdam Suite

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 08:00 - 12:00 CEST
Auditorium Center | Amsterdam Suite
  Project Meeting

08:00 CEST

TAG Environmental Sustainability Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TAG Environmental Sustainability Project Meeting
Tuesday, April 18 | 8:00 - 12:00 CEST
Room G108, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 08:00 - 12:00 CEST
Auditorium Center | G108
  Project Meeting

09:00 CEST

Cloud Native Telco Day Hosted by CNCF - Half Day Event | SOLD OUT
Adopting cloud native best practices and principles are critical to the success and growth of Service Providers as they scale to meet new demands for 5G and beyond. Cloud Native Telco Day brings together Service Providers and Vendors across the Telco ecosystem to collaborate with the cloud native community to share lessons learned in their cloud native journey.Anyone involved with the digital transformation of Telco applications and/or infrastructures should join our third Cloud Native Telco Day. Please visit the event's webpage more details.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 18, 2023 09:00 - 12:30 CEST
Hall 7 | Room A
  CNCF-hosted Co-located Events

09:00 CEST

Linkerd Day Hosted by CNCF - Half Day Event | SOLD OUT
The Linkerd maintainers are thrilled to announce the first ever Linkerd Day, a practitioner-driven community conference that emphasizes end-user case studies as well as deep technical talks. Come join us for an exciting day of technical content, networking, and learning.
Linkerd was the first service mesh, the only service mesh to achieve graduation, and the project to coin the term “service mesh.” Today, Linkerd powers the production infrastructure of organizations around the world. Linkerd’s focus on simplicity and performance makes it unique int the service mesh space, and its community of enthusiastic adopters and contributors continue taking the project to new heights. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 09:00 - 12:30 CEST
Hall 7 | Room D
  CNCF-hosted Co-located Events

09:00 CEST

[Livestream Sponsored by Isovalent] CiliumCon Hosted by CNCF - Half Day Event | SOLD OUT
CiliumCon will be livestreamed* in our virtual platform Thank you to our live stream sponsor, Isovalent.

*Must be registered for for KubeCon + CloudNativeCon Europe to view livestream. Session recordings will be available 24-48 hours after event on CNCF YouTube channel.​​​

CiliumCon is a half-day co-located event for Cilium users, contributors, and new community members. You’ll hear from end users who will share their experiences, and from contributors who will teach you about Cilium’s technology, and its use of eBPF to provide high-performance networking, observability, and security features. In addition, following the success of the Cilium Project Meeting held at Detroit, we will set aside time and space for a meet-the-maintainers session where attendees can discuss proposals, PRs, and issues. This includes support for new contributors who need help. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 09:00 - 12:30 CEST
Hall 7 | Room B
  CNCF-hosted Co-located Events

09:00 CEST

AWS Container Day featuring Kubernetes Hosted by AWS
AWS Container Day co-located alongside KubeCon + CloudNativeCon Europe 2023 is a day-long virtual event dedicated to helping Kubernetes practitioners optimize their workloads and reduce their Ops burden. AWS and guest speakers will dive deep into the latest trends, techniques, and best practices for deploying, managing, securing, and scaling with Kubernetes. The day will feature new solution demos and interactive challenges designed to provide hands-on experience and practical insights. Attendees will walk away with new tools, mental models, and resources to innovate, optimize, and scale their applications.

Please note that this is a virtual Sponsor-hosted Co-located event. Additional registration is required.
For questions regarding this event, please contact: aws-container-day@amazon.com
For details, please visit: https://aws-kubecon-eu.splashthat.com/
Tuesday April 18, 2023 09:00 - 16:00 CEST
Virtual
  Sponsor Hosted Co-Located Event

09:00 CEST

ArgoCon Hosted by CNCF - Full Day Event | SOLD OUT
Celebrate Argo’s recent CNCF graduation by joining us for ArgoCon in Amsterdam. This is our first ArgoCon in Europe after very high demand from Argo users!
ArgoCon (#ArgoCon) is designed to foster collaboration, discussion, and knowledge sharing on the Argo Project, which consists of four projects: Argo CD, Argo Workflows, Argo Rollouts and Argo Events.
The Argo Project is a suite of open source tools for deploying and running applications and workloads on Kubernetes. It extends the Kubernetes APIs and unlocks new and powerful capabilities in application deployment, container orchestration, event automation, progressive delivery, and more.
Connect with others that are passionate about Argo and interact with project maintainers. Learn from practitioners about pitfalls to avoid and best practices on how to adopt Argo in your cloud-native environment. Get inspired by and provide input to Argo leads on project roadmaps.
The event is vendor-neutral and is being organized by the CNCF Argo Community. Topics in the past have included getting started with Argo, scaling and managing Argo, lessons learned from production deployments, technical sessions, and thought leadership.Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.




Tuesday April 18, 2023 09:00 - 17:00 CEST
Elicium Building | Elicium Ballroom 1 + 2
  CNCF-hosted Co-located Events

09:00 CEST

Cloud Native Wasm Day Hosted by CNCF - Full Day Event | SOLD OUT
Cloud Native Wasm Day highlights the growing importance and ubiquity of WebAssembly throughout the cloud-native ecosystem. As an application host, an application plugin, or an application platform, WebAssembly is a technology that is compatible with containers and Kubernetes but not dependent upon them. Along with devices, virtual machines, containers, and kubernetes, WebAssembly is an additional deployment method for workloads everywhere. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.



Tuesday April 18, 2023 09:00 - 17:00 CEST
Hall 7 | Room C
  CNCF-hosted Co-located Events

09:00 CEST

[Livestream Sponsored by Lightstep from ServiceNow] Observability Day Hosted by CNCF - Full Day Event | SOLD OUT
Observability Day will be livestreamed* in our virtual platform Thank you to our live stream sponsor, Lightstep from ServiceNow.

*Must be registered for for KubeCon + CloudNativeCon Europe to view livestream. Session recordings will be available 24-48 hours after event on CNCF YouTube channel.

Observability Day fosters collaboration, discussion, and knowledge sharing of cloud-native observability projects (including but not necessarily limited to Prometheus, Fluentd, Fluent Bit, OpenTelemetry, and OpenMetrics), as well as vendor-neutral best practices for addressing observability challenges. Sessions include a keynote, panel discussions, workshops, lightning talks, and individual presentations. This event is intended both for audiences that are new to observability as well as for seasoned practitioners. Observability Day will enable you to spend a day peeking under the hood of major Cloud Native Computing Foundation observability-related projects and broadening your knowledge of observability. The event is vendor-neutral and organized by members of the community. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.



Tuesday April 18, 2023 09:00 - 17:00 CEST
Hall 7 | Room E
  CNCF-hosted Co-located Events

09:00 CEST

Azure Day with Kubernetes Hosted by Microsoft Azure
Join Microsoft experts to learn best practices for building cloud-native apps with Kubernetes on Azure. In this full-day session, you will:
  • Learn how to build modern apps using Azure Kubernetes Service (AKS) and integrated development tools.
  • Understand best practices for managing your Kubernetes footprint, securely and at scale. 
  • Gain a clear understanding of how to manage and optimize cost of your Kubernetes footprint. 
  • Learn how to scale and optimize your workloads for energy efficiency and reduced carbon emissions. 
  • Get a preview into new and upcoming Kubernetes on Azure product updates. 
  • Learn how customers are using Kubernetes on Azure to drive business outcomes. 
Please note that this is an off-site Sponsor-hosted Co-located event.
For event details, please visit: http://azuredaywithkubernetes2023.com
For questions regarding this event, please contact: v-nimcginty@microsoft.com, v-lpalmer@microsoft.com
Tuesday April 18, 2023 09:00 - 17:00 CEST
Hotel Casa Eerste Ringdijkstraat 4, 1097 BC, Amsterdam
  Sponsor Hosted Co-Located Event

09:00 CEST

Data Workshop on Kubernetes Hosted by Portworx by Pure Storage
The Data Workshop on Kubernetes brought to you by Portworx by Pure Storage is back for another year! In this one-day workshop, you will be led through a number of labs that highlight how to enhance your Kubernetes application deployments with Kubernetes-native container storage, data management, data protection, and even database services.

You’ll also learn how you can cut down on cloud spend and drive better developer productivity. No matter where you are in your Kubernetes journey, our data workshop will arm you with the tools you need to easily manage secure, resilient, and scalable applications and databases. As part of the workshop, attendees will receive training and experience with the Portworx portfolio of products. Join us for an action-packed day of learning followed by a happy hour where you can network with other industry professionals.

We reserve the right to restrict attendance of any competitors at our event. We appreciate your understanding.

Please note that this is an off-site Sponsor-hosted Co-located event and requires to be added to your KubeCon + CloudNativeCon registration.
For questions regarding this event, please contact: jwi@purestorage.com


Tuesday April 18, 2023 09:00 - 17:00 CEST
A’DAM LOOKOUT Overhoeksplein 5 1031 KS Amsterdam
  Sponsor Hosted Co-Located Event

09:00 CEST

Distributed SQL Summit - Hosted by YugabyteDB
Distributed SQL is a revolutionary category of databases for building mission-critical, cloud native applications.

Join YugabyteDB at Distributed SQL Summit Europe co-located (off-site) with KubeCon + CloudNativeCon – an open destination for you to discuss, collaborate, share ideas, and learn with your fellow app developers and database practitioners.

Distributed SQL Summit will feature a wide range of thought-provoking technical demos, presentations, networking, and live discussions - all focused on distributed SQL

Please note, this is an off-site Sponsor Hosted Co-located Event
For questions regarding this event, please contact: events@yugabyte.com
For location and event information please visit: https://info.yugabyte.com/2023-dss-amsterdam

How to Register: 
Pre-registration is required. To register for Distributed SQL Summit Hosted by YugabyteDB, add it on during your KubeCon + CloudNativeCon registration. (Morning or Afternoon session allocated after registration)

Tuesday April 18, 2023 09:00 - 17:00 CEST
nHow Amsterdam RAI Hotel, 23rd Floor, Ginger Room Europaboulevard 2b, 1078 RV Amsterdam
  Sponsor Hosted Co-Located Event

09:00 CEST

OpenShift Commons Gathering Hosted by Red Hat
This Hybrid OpenShift Commons Gathering will be held in-person and all talks will be delivered live and streamed live via Hopin to attendees around the globe. As always, our focus is on creating a welcoming and inclusive space for peer-to-peer interactions online. This Gathering will focus on talks from and by Cloud Native practitioners with production deployments sharing their use cases, insights into their workloads and lessons learned along the way.

Please note that the in-person OpenShift Commons Gathering is an off-site Sponsor-hosted Co-located event. The virtual event will be streamed via Hopin
For questions regarding this event, please contact: npazmino@redhat.com
Tuesday April 18, 2023 09:00 - 17:00 CEST
Amstel Boathouse Amsteldijk 223 1079 LK Amsterdam Netherlands
  Sponsor Hosted Co-Located Event

09:30 CEST

Armada Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Armada Project Meeting
Tuesday, April 18 | 9:30 - 10:30 CEST
Room D408, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 09:30 - 10:30 CEST
Congress Center | D408
  Project Meeting

09:30 CEST

OpenFeature Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenFeature Project Meeting
Tuesday, April 18 | 9:30 - 10:30 CEST
Room D407, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 09:30 - 10:30 CEST
Congress Center | D407
  Project Meeting

09:30 CEST

OpenFGA Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenFGA Project Meeting
Tuesday, April 18 | 9:30 - 10:30 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 09:30 - 10:30 CEST
Congress Center | D406
  Project Meeting

10:30 CEST

Buildpacks.io Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Buildpacks.io Project Meeting
Tuesday, April 18 | 8:00 - 10:00 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 10:30 - 12:30 CEST
Congress Center | D303
  Project Meeting

10:30 CEST

Falco Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Falco Project Meeting
Tuesday, April 18 | 10:30 - 12:30 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 10:30 - 12:30 CEST
Congress Center | D304
  Project Meeting

10:30 CEST

KubeVirt Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
KubeVirt Project Meeting
Tuesday, April 18 | 10:30 - 12:30 CEST
Room D402, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 10:30 - 12:30 CEST
Congress Center | D402
  Project Meeting

11:00 CEST

Kubescape Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Kubescape Project Meeting
Tuesday, April 18 | 11:00 - 12:00 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 11:00 - 12:00 CEST
Congress Center | D406
  Project Meeting

11:00 CEST

Open Cluster Management Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Open Cluster Management Project Meeting
Tuesday, April 18 | 11:00 - 12:00 CEST
Room D407, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 11:00 - 12:00 CEST
Congress Center | D407
  Project Meeting

11:00 CEST

Pixie Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Pixie Project Meeting
Tuesday, April 18 | 11:00 - 12:00 CEST
Room D408, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 11:00 - 12:00 CEST
Congress Center | D407
  Project Meeting

12:00 CEST

Learning Day Featuring Kubernetes Hosted by KubeCampus
KubeCampus Rookie Lab: 12:00 - 14:00 (Kubernetes beginners!)
KubeCampus Pro Lab: 14:00 - 16:00 (Kubernetes skills!)

Back by popular demand! Kasten by Veeam invites you to take your Kubernetes knowledge to the next level at Learning Day Featuring Kubernetes, hosted by KubeCampus, a community-focused, independent learning resource for Kubernetes users. This no cost, in-person Kubernetes learning session is designed for all levels!

At this event, you’ll have the opportunity to expand your Kubernetes skill set during one of two, 2-hour hands-on labs, where you’ll learn real-world cloud native skills from thought leaders and experts. Choose from two tracks: The Rookie Track (12:00-14:00) offers an intro to Kubernetes, and the Pro Track (14:00-16:00) is a deep dive for those with some Kubernetes experience.

During the labs, you will:

Gain valuable knowledge about Kubernetes, a highly in-demand skill

Build your resume and share your lab completion badge on LinkedIn

Make valuable contacts with industry experts and community members

KubeCampus consistently earns high scores for its informative, hands-on labs – and Learning Day Featuring Kubernetes is another way to ensure the community can benefit from them.

In addition to the labs, you’ll receive your official pin and certificate once you complete each lab. Whether you’re a Kubernetes Rookie or a seasoned Pro, this event will provide ample opportunities to grow your Kubernetes skills and knowledge.
Please note that this is an off-site Sponsor-hosted Co-located event.
For questions regarding this event, please contact: cassandra.faris@veeam.com
 
Tuesday April 18, 2023 12:00 - 16:00 CEST
Hilton Amsterdam Apollolaan 138, 1077 BG Amsterdam
  Sponsor Hosted Co-Located Event

13:00 CEST

Backstage Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Backstage Project Meeting
Tuesday, April 18 | 13:00- 15:00 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 15:00 CEST
Congress Center | D304
  Project Meeting

13:00 CEST

LitmusChaos Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
LitmusChaos Project Meeting
Tuesday, April 18 | 13:00 - 15:00 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 15:00 CEST
Congress Center | D303
  Project Meeting

13:00 CEST

OpenTelemetry Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenTelemetry Project Meeting
Tuesday, April 18 | 13:00 - 15:00 CEST
Room D402, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 13:00 - 15:00 CEST
Congress Center | D402
  Project Meeting

13:00 CEST

Etcd Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Etcd Project Meeting
Tuesday, April 18 | 813:00 - 17:00 CEST
Room D408, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 13:00 - 17:00 CEST
Congress Center | D408
  Project Meeting

13:00 CEST

Flux Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Flux Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room G108, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 17:00 CEST
Auditorium Center | G108
  Project Meeting

13:00 CEST

Harbor Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
HarborProject Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room G111, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 17:00 CEST
Auditorium Center | G111
  Project Meeting

13:00 CEST

TAG App Delivery Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TAG App Delivery Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room D301, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 17:00 CEST
Congress Center | D302
  Project Meeting

13:00 CEST

TAG-Runtime Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TAG-Runtime Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room D301, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 17:00 CEST
Congress Center | D301
  Project Meeting

13:00 CEST

TUF Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TUF Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Amsterdam Suite, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 17:00 CEST
Auditorium Center | Amsterdam Suite
  Project Meeting

13:30 CEST

Istio Day Hosted by CNCF - Half Day Event | SOLD OUT
Istio Day community event for the industry’s most popular service mesh, where you will find lessons learned from running Istio in production, hands-on experiences, and featuring maintainers from across the Istio ecosystem. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 13:30 - 17:00 CEST
Hall 7 | Room D
  CNCF-hosted Co-located Events

13:30 CEST

Kubernetes Batch + HPC Day Hosted by CNCF - Half Day Event | SOLD OUT
An event for contributors and users working on making Kubernetes the best tool to build platforms for mathematical computations – advanced HPC, ML training, data and analytics. We will discuss the latest developments in core Kubernetes around these use cases and what’s happening in the ecosystem and where it should go. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 18, 2023 13:30 - 17:00 CEST
Hall 7 | Room E
  CNCF-hosted Co-located Events

13:30 CEST

Kubernetes on Edge Day Hosted by CNCF - Half Day Event | SOLD OUT
Kubernetes on Edge Day brings together developers and adopters across the entire cloud native ecosystem to share their lessons learned in building, breaking, and bettering their edge infrastructure. Any developer interested in learning how to deploy Kubernetes and cloud native projects at the edge should attend.
Edge Computing will be 4x larger than cloud and will generate 75% of data worldwide by 2025. With hardware and software spread across hundreds or thousands of locations, the only feasible way to manage these distributed systems are the simple paradigms around observability, loosely coupled systems, declarative APIs, and robust automation, that have made cloud native technologies so successful in the cloud. Kubernetes is already becoming a key part of the edge ecosystem, driving integrations and operations. Join Kubernetes on the Edge Day at KubeCon + CloudNativeCon to get in on the ground floor and shape the future intersection of cloud native and edge computing. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

How to register: The In-Person All-Access pass, which includes access to all CNCF-hosted co-located events, is no longer available and the waitlist has been closed for this pass type. If you're currently on the waitlist, you will receive an email notification regarding the status by Wednesday, March 29.KubeCon + CloudNativeCon Europe 2023 has SOLD OUT for in-person tickets. We have enabled a waitlist for the KubeCon + CloudNativeCon ONLY pass type. Join the waitlist. 

If space opens, and you’re next on the list, you’ll receive an email and will have 72 hours to register. If you have not registered in that timeframe, we will provide your spot to the next person on the list. Everyone on the waitlist will receive notification regarding their status by Tuesday, April 4.

The virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home! *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 18, 2023 13:30 - 17:00 CEST
Hall 7 | Room B
  CNCF-hosted Co-located Events

14:00 CEST

Marketing Lounge Office Hours
Tuesday April 18, 2023 14:00 - 16:00 CEST
Congress Center | D506
  Experiences

14:00 CEST

TOC + TAG Chairs Meeting
Tuesday April 18, 2023 14:00 - 16:00 CEST
Elicium Building | D203-204
  Maintainer Track

14:30 CEST

Carvel Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Carvel Project Meeting
Tuesday, April 18 | 14:30 - 15:30 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 14:30 - 15:30 CEST
Congress Center | D406
  Project Meeting

14:30 CEST

KubeArmor Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
LitmusChaos Project Meeting
Tuesday, April 18 | 14:30 - 15:30 CEST
Room D407, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 14:30 - 15:30 CEST
Congress Center | D407
  Project Meeting

14:30 CEST

Snyk + HashiCorp Workshop: Securing Your Infrastructure as Code Hosted by Snyk
Join this virtual AWS workshop to learn how to scan and deploy an infrastructure-as-code (IaC) project to AWS using Snyk and HashiCorp Terraform. Experts from Snyk and HashiCorp will then show you how to use the CLI and web interfaces for these solutions to identify and fix issues.

Be sure to sign up for a FREE Snyk and Hashicorp Terraform Cloud account to participate in this session.

1. Snyk Account: https://snyk.co/kubeconfreeaccount
2. HashiCorp Terraform Cloud Account: https://app.terraform.io/public/signup/account

Please note that this is a virtual Sponsor-hosted Co-located event.
For questions regarding this event, please contact: madison.rocha@snyk.io
Tuesday April 18, 2023 14:30 - 16:30 CEST
Virtual
  Sponsor Hosted Co-Located Event

15:30 CEST

cert-manager Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
cert-manager Project Meeting
Tuesday, April 18 | 15:30 - 17:30 CEST
Room D402, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 15:30 - 17:30 CEST
Congress Center | D402
  Project Meeting

15:30 CEST

Cilium Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Cilium Project Meeting
Tuesday, April 18 | 15:30 - 17:30 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 15:30 - 17:30 CEST
Congress Center | D304
  Project Meeting

15:30 CEST

Keptn Project Meetiing
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Keptn Project Meeting
Tuesday, April 18 | 15:30 - 17:30 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.
Tuesday April 18, 2023 15:30 - 17:30 CEST
Congress Center | D303
  Project Meeting

16:00 CEST

wasmCloud Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting.

Details
wasmCloud Project Meeting
Tuesday, April 18 | 8:00 - 10:00 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 16:00 - 17:00 CEST
Congress Center | D406
  Project Meeting

17:30 CEST

⚡ Lightning Talk: Debugging Kubernetes E2E Tests with Delve - Mauricio Poppe, Google
When Mauricio started working on Kubernetes one of his first tasks was to run the Kubernetes storage e2e tests with a CSI Driver, e2e tests run by compiling the e2e test codebase onto a binary called e2e.test, while running tests Mauricio wanted to stop at some specific part of the test to check the status of the cluster which previously required adding sleep statements in the test and recompiling the e2e.test binary, as Mauricio was learning go tooling he found Delve which enables setting breakpoints on go programs but saw that it wasn't integrated with the way Kubernetes run e2e tests. Mauricio added a way to debug the e2e tests with Delve, in this talk Mauricio will talk about how Delve works and how it's used with the e2e.test binary to debug tests. This talk is for people that want to contribute to Kubernetes but don't know where to start, in Mauricio's opinion you can start from the e2e tests and by setting breakpoints and analyzing the cluster state based on what the test does you'll understand how Kubernetes works.
Speakers
avatar for Mauricio Poppe

Mauricio Poppe

Software Engineer, Google
Mauricio is a Software Engineer in the Anthos Storage team making sure that block and file storage are available wherever a Pod can be scheduled. In upstream Kubernetes Mauricio is a member of sig-storage and kubernetes-csi. Mauricio also leads the development of CSI in Windows.

Tuesday April 18, 2023 17:30 - 17:35 CEST
Auditorium
  ⚡ Lightning Talks, 101 Track

17:35 CEST

⚡ Lightning Talk: FAQs for CFPs: A Beginners Guide to Conference Speaking - Paula Kennedy, Syntasso
Have you ever attended a conference like KubeCon and wished you could be one of the speakers presenting? Maybe you think that you don't have anything to say or that you'd never have the courage to present in public. In this short talk, Paula will answer some frequently asked questions (FAQs) on what a "Call for Proposals" (CFP) actually is, how to go about finding one that is the right fit for you and how you should approach it. She'll share some of her experiences and provide some simple advice that will help guide the audience through the process. Following this talk, the audience should have a better understanding of where to start and the encouragement they need to submit to a Call for Proposal, perhaps even to the next KubeCon!
Speakers
avatar for Paula Kennedy

Paula Kennedy

Chief Operating Officer, Syntasso
Paula is Co-Founder and Chief Operating Officer of Syntasso; her previous roles include Senior Director of Tanzu Global Education at VMware, Senior Director of Platform Services EMEA at Pivotal and Co-Founder & Chief Operating Officer of CloudCredo. Working in the IT industry for... Read More →

Tuesday April 18, 2023 17:35 - 17:40 CEST
Auditorium
  ⚡ Lightning Talks, 101 Track

17:40 CEST

⚡ Lightning Talk: Power-Aware Scheduling in Kubernetes - Yuan Chen, Apple Inc.
The Vanilla Kubernetes scheduler does not take power into account when placing pods on nodes and racks. As a result, the power usage of servers and racks in a data center can exceed the allocated power envelope and lead to service outages and costly downtime. In this short talk, Yuan Chen from Apple will give an overview of a new scheduler feature to support power-aware scheduling in Kubernetes. The proposed power-aware scheduling can protect power supply infrastructures and improve workload stability in large scale Kubernetes clusters by (1) enforcing power cap at both the server and rack levels, and (2) by optimizing pod placement to more evenly distribute workloads and power demand across servers and racks. The enhanced scheduling strategy is implemented by extending the default Kubernetes scheduler via scheduler plugins using the standard Kubernetes scheduling framework API. Specifically, power capping is implemented using the scheduler Filter plugin, and workload and power distribution optimization is achieved via the scheduler Scoring plugin. The improved scheduler can help safely increase server hardware and data center infrastructure size, and improve resource utilization and workload reliability for Kubernetes clusters.
Speakers
avatar for Yuan Chen

Yuan Chen

Software Engineer, Apple Inc.
Yuan Chen is a Software Engineer with Apple Cloud Services. His current work focuses on Kubernetes scheduling and cluster management. He has been working on building Apple's internal Kubernetes infrastructure and platform since he joined Apple in 2019. As a Kubernetes community member... Read More →

Tuesday April 18, 2023 17:40 - 17:45 CEST
Auditorium
  ⚡ Lightning Talks, Customizing + Extending Kubernetes

17:45 CEST

⚡ Lightning Talk: Airflow and Armada - Airflow Meets Multi-Cluster Kubernetes with Armada - Kevin Patrick Hannon, G Research
As Kubernetes matures, many users are exploring how and if they should run multi-cluster workloads. Armada is a Sandbox project in the CNCF and its main focus is enabling batch processing across multiple kubernetes clusters. Armada defines APIs for integration and has released a python API. A primary goal of these APIs is to enable integrations with other open source projects. The users at G-Research wanted to use orchestration software to enable the scheduling of multiple tasks on Armada. The open source decided to build an Airflow Operator that allows G-Research users to take advantage of Airflow’s integrations. In this talk, we will briefly introduce Armada and our integration with Airflow. With this integration, Airflow is now able to schedule jobs on multiple Kubernetes.
Speakers
KP

Kevin Patrick Hannon

Open Source Software Engineer, G Research
Kevin Hannon started his career as a computational chemist where he learned programming in the scientific computing space. He went on to a masters in Chemistry learning how to apply parallel computing to speed up chemistry simulations. In his latest roles, he is focused on improving... Read More →

Tuesday April 18, 2023 17:45 - 17:50 CEST
Auditorium
  ⚡ Lightning Talks, Machine Learning + Data

17:50 CEST

⚡ Lightning Talk: GreenCourier: Towards Sustainable Serverless Computing - Mohak Chadha, Technical University of Munich
This talk will describe GreenCourier in detail, present experimental results, and motivate the development of other carbon-aware solutions in the cloud ecosystem. GreenCourier targets a new cloud computing paradigm called Serverless Computing aka Function-as-a-Service, in which users are only responsible for writing small pieces of code called functions while all infrastructure management is handled by the cloud service provider. To reduce carbon emissions on function invocations, GreenCourier incorporates an intelligent scheduling policy for Kubernetes that schedules serverless functions across geographically interconnected Kubernetes clusters depending on their carbon-efficiency. To this end, GreenCourier implements a scheduling plugin for Kubernetes based on the Scheduler API that obtains periodic information from the carbon-aware sdk to determine the carbon-efficiency of a geographical region. As the FaaS platform, GreenCourier utilizes the serving component of Knative. On function invocation, GreenCourier listens for the creation of Knative objects and automatically schedules them on the most carbon-efficient region. For seamlessly establishing geographically distributed Kubernetes multi-cluster topologies, GreenCourier utilizes Liqo based on the Virtual Kubelet.
Speakers
avatar for Mohak Chadha

Mohak Chadha

Research Associate, Technical University of Munich
Mohak Chadha is a third-year Ph.D. student at the Chair of Computer Architecture and Parallel Systems at the Technical University of Munich. He is working in the broad domain of cloud computing, particularly focusing on several challenges in serverless computing such as performance... Read More →

Tuesday April 18, 2023 17:50 - 17:55 CEST
Auditorium
  ⚡ Lightning Talks, Research + Academia + HPC + Advanced Concepts

17:55 CEST

⚡ Lightning Talk: The CNCF Board Game Rules Explained - Peter O'Neill, Styra
Let's abstract the world of the CNCF and imagine it as an RPG board game. You will encounter level 99 developers, speakers, and content creators. Don't fear; these are not your enemies but rather a living example showing what it takes to reach the same level. Being level 1 at anything is hard, but you can quickly gain experience and level up with a simple shift in how you're already working. If you're already writing code to help you solve a problem, can you push it upstream? If you're teaching your friends the latest tech tips, can you expand your audience? If you're analyzing security trends on your internal systems, can you apply your learnings to an open-source project? With these small shifts, you are now ready to start leveling up. Not only can you level up your character, but you can level up projects. Looking at the project status will let you know the storyline difficulty. Kubernetes (main storyline mmorpg+irl) Graduated (standard) Incubating (hard) Sandbox (challenging) When you choose to work together, every XP you gain for the project earns double XP for the players in the party. So build your team, find your quests, smash some PRs, and level-up. Join me in this talk to learn how to get your player card and level up in the CNCF today!
Speakers
avatar for Peter O'Neill

Peter O'Neill

Community Advocate, Styra
Peter ONeill is a community advocate working for Styra, Inc on the Open Policy Agent project. He is dedicated to helping developers understand how the intricate pieces of the Cloud Native landscape connect together and how to build resilient systems. Connect with Peter on LinkedIn... Read More →

Tuesday April 18, 2023 17:55 - 18:00 CEST
Auditorium
  ⚡ Lightning Talks, Business Value

18:00 CEST

⚡ Lightning Talk: Be the Main Character of Your Story: The Cloud Native Way of Technical Writing - Karuna Tata, Aurora's Degree and PG College
When it comes to Cloud Native, everyone's story is unique. Some may feel like a supporting character while observing code contributors, while others may believe that Cloud Native is the villain in their story and that they will never be able to contribute. Not everyone is a main character from the start of their Cloud Native story, but this talk will help you become one. Technical writing is one such field where you can learn about Cloud Native concepts and present them to users ranging from novice to experienced developers. Technical writing will also assist you in getting started with your code contributions. In this lightning talk, Karuna will discuss how to get started with documentation contributions, technical writing principles, and opportunities to get their hands dirty by contributing to documentation of various CNCF projects. This talk is intended for students who are just getting started with Cloud Native and are looking for ways to put their knowledge to use by contributing to CNCF.
Speakers
avatar for Karuna Tata

Karuna Tata

Student, Aurora's Degree and PG college
I am a B.Sc data science undergraduate student at Aurora's Degree and PG College, Hyderabad, India. I worked as a technical writing intern at AsyncAPI as part of the Google Season of Docs program. I also worked as a hackathon Coach at Major League Hacking. I create content for a beginner-friendly... Read More →

Tuesday April 18, 2023 18:00 - 18:05 CEST
Auditorium
  ⚡ Lightning Talks, Student

18:05 CEST

⚡ Lightning Talk: Tricks for Enforcing Conventions for Your Kubernetes Cluster Using Only YAML - Joe Betz, Google
Have you ever operated a Kubernetes cluster for multiple developers? If you have, you probably realized quickly that things are going to be a lot smoother if you could just enforce some basic conventions. Maybe all your services have a well defined endpoint for the liveness probe but developers sometimes forget to set it up. Or maybe developers should always use a semantic version tag on their containers and avoid :latest. Or maybe there is a deprecated Kubernetes API field and you'd like to ensure it is never used in your cluster. In this talk we will run through a series of easy solutions to help enforce conventions using only YAML. You have a lot more control that you might realize. Learn from a Kubernetes contributor involved in the development of numerous extensibility features including CRDs, admission webhooks and admission policies. We will show you some handy tricks and leveraging new features including new features like Validating Admission Policies alpha API introduced in 1.26.
Speakers
avatar for Joe Betz

Joe Betz

Staff Software Engineer, Google
Joe Betz is a contributor to Kubernetes with a focus on extensibility features including custom resources, admission webhooks, and CEL. Joe has also contributed to etcd as a project maintainer.

Tuesday April 18, 2023 18:05 - 18:10 CEST
Auditorium
  ⚡ Lightning Talks, Customizing + Extending Kubernetes

18:10 CEST

⚡ Lightning Talk: Why Localization Matters: The Urdu Cloud Native Glossary, A Case Study - Saim Safdar, Rafay Systems
During this lighting talk, Saim will discuss how the Cloud Native Glossary is starting to break down the language barrier for Urdu speakers and how it could do the same in your community. As the founder of Cloud Native Islamabad, Saim talks to many Pakistani engineers. He quickly realized how his community struggled to follow KubeCon talks, webinars, or even conversations on Slack and Twitter — there are just so many terms they aren't familiar with! But this changed dramatically for contributors to the Urdu Cloud Native Glossary. Once they started localizing terms into their native languages, everything made more sense. Saim saw a real transformation and recognized the importance of having good cloud-native content in their native language. To his knowledge, no other glossary is as reliable or authoritative as the CNCF Glossary. With 70 million Urdu native speakers, having introductory Urdu content suddenly seemed much more urgent. Join this session to learn how localization is helping Pakistanis today and how it could help you.
Speakers
avatar for Saim Safdar

Saim Safdar

Developer Relations Manager, Rafay Systems
As a DevOps engineer, Saim Safdar has had a lot of practical experience with cloud-native technologies. Throughout his career, he has supported SaaS web solutions based on Windows, UNIX, and Linux platforms in Azure, AWS, and on-premise. He's helped organizations with infrastructure... Read More →

Tuesday April 18, 2023 18:10 - 18:15 CEST
Auditorium
  ⚡ Lightning Talks, Community

18:15 CEST

⚡ Lightning Talk: Talking to Kubernetes with Rust - James Laverack, Jetstack
The Kubernetes API provides a gateway to manage cloud native resources, and there exist client libraries to interact with Kubernetes in many languages. Rust is uniquely positioned to write software for Kubernetes. With a powerful type system, fast binaries, excellent documentation, and unparalleled memory safety it is well positioned for critical tooling and infrastructure. This talk will be a crash course on how to interact with Kubernetes in Rust, and will cover the basics you need to know to write your next tool targeting Kubernetes with Rust.
Speakers
avatar for James Laverack

James Laverack

Staff Solutions Engineer, Jetstack
James is a software engineer specialising in cloud native software and distributed systems. At Jetstack he consults with organisations of all sizes on their use of cloud native technology. He’s also an contributor to the Kubernetes project and has previously served as Release Team... Read More →

Tuesday April 18, 2023 18:15 - 18:20 CEST
Auditorium
  ⚡ Lightning Talks, 101 Track

19:00 CEST

House of Kube Hosted by Humanitec
Can't wait to meet you in person and burn up the dance floor at the House Of Kube a.k.a. the hottest party in cloud native. Join fellow platform engineers and cloud pioneers by the platform engineering community this time in Amsterdam.

Where engineering meets Berlin techno. Your golden ticket to the darkroom of DevOps.

Please note this is an off-site Sponsor-hosted Co-located event. “Secret Location” TBA. Additional registration is required, and can be added to your KubeCon + CloudNativeCon registration.
For questions regarding this event, please contact: mariya.skalka@humanitec.com
Tuesday April 18, 2023 19:00 - 23:30 CEST
Iso Amsterdam Isolatorweg 17 1014 AS Amsterdam
  Sponsor Hosted Co-Located Event
 
Wednesday, April 19
 

07:30 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Wednesday April 19, 2023 07:30 - 19:00 CEST
Entrance C
  Badge Pick-up

07:30 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Wednesday April 19, 2023 07:30 - 19:00 CEST
Entrance K
  Badge Pick-up

08:00 CEST

EmpowerUs sponsored by Intel
Attendees who identify as women, non-binary individuals, or allies at KubeCon + CloudNativeCon are invited to join this special event and program for an open discussion about challenge, leadership innovation, and empowerment in our fast-growing ecosystem.
Wednesday April 19, 2023 08:00 - 09:00 CEST
TBA
  Diversity + Equity + Inclusion

09:00 CEST

Keynote: Welcome + Opening Remarks
Wednesday April 19, 2023 09:00 - 09:20 CEST
Hall 12
  Keynote Sessions

09:20 CEST

Keynote: Tulips, Terabytes, and Transformations: Blooming Innovations in the Cloud Native Garden - Taylor Dolezal, Head of Ecosystem, Cloud Native Computing Foundation
Whether you are an end user who is utilizing and adopting cloud-native technologies or a vendor who is providing cloud native solutions, Taylor will provide you with a comprehensive update on the latest news and trends in the CNCF End User Ecosystem. Join us to learn more about the exciting developments in cloud-native technologies and how they are transforming the way we build and operate modern applications.
Speakers
avatar for Taylor Dolezal

Taylor Dolezal

Head of Ecosystem, Cloud Native Computing Foundation
I work on infrastructure tools that enable innovation. I specialize in Kubernetes, Terraform, public clouds, and distributed systems. You can also find me buried deep in a book, preparing a technical talk, or running with my partner, Hannabeth, and our two dogs.

Wednesday April 19, 2023 09:20 - 09:30 CEST
Hall 12
  Keynote Sessions

09:30 CEST

Keynote: Cappucci-Know: Percolating EU End User Insights in the Cloud Native Café - Moderated by Taylor Dolezal
Join us for an engaging fireside chat, where leading end users across the European Union will share their insights, experiences, and success stories with cloud native technologies. This session will dive into overcoming challenges, navigating regulations, and fostering collaboration within the EU’s cloud native ecosystem.
Speakers
avatar for Taylor Dolezal

Taylor Dolezal

Head of Ecosystem, Cloud Native Computing Foundation
I work on infrastructure tools that enable innovation. I specialize in Kubernetes, Terraform, public clouds, and distributed systems. You can also find me buried deep in a book, preparing a technical talk, or running with my partner, Hannabeth, and our two dogs.

Wednesday April 19, 2023 09:30 - 09:40 CEST
Hall 12
  Keynote Sessions

09:40 CEST

Sponsored Keynote: Accelerate Sustainable Computing with Community Collaboration - Cara Delia, Principal Community Architect Financial Services and Sustainability, Red Hat & Huamin Chen, Senior Principal Software Engineer, Red Hat
Open source allows for a shift toward collaboration and co-creation as a problem-solving solution. Through leveraging the power of open source, this collaboration can accelerate creative, scientific and technological advancements in addressing the climate crisis.

Learn how sustainable computing, the cloud native way, can impact energy efficient technology and how upstreaming communities can enable the acceleration of these efforts.
Speakers
avatar for Huamin Chen

Huamin Chen

Sr. Principal Software Engineer, RedHat
Dr. Huamin Chen is a passionate developer at Red Hat' CTO office. He is one of the founding members of Kubernetes SIG Storage, member of Ceph, Knative, and Rook. He previously spoke at KubeCon, OpenStack Summits, and other technical conferences.
avatar for Cara Delia

Cara Delia

Principal Community Architect Financial Services and Sustainability, Red Hat
Advocates open source principles and practices by contributing to external open source communities focused on Financial Services and Climate Sustainability at Red Hat.

Wednesday April 19, 2023 09:40 - 09:45 CEST
Hall 12
  Keynote Sessions

09:45 CEST

Keynote: CNCF Graduated Project Updates
Wednesday April 19, 2023 09:45 - 10:00 CEST
Hall 12
  Keynote Sessions

10:00 CEST

Sponsored Keynote: Building a Sustainable, Carbon-Aware Cloud: Scale Workloads and Reduce Emissions - Jorge Palma, Principal PM Lead, Microsoft Azure
When we think about sustainability in the technology space, we know that reducing emissions is essential, even as we face greater demand to build scalable applications. Choosing efficient hardware is only part of the answer. Let's look at carbon awareness from the perspective of building sustainable cloud-native apps.
Using the CNCF open-source project KEDA and making it carbon-aware, we can leverage proactive scaling to reduce carbon emissions for k8s workloads - without requiring changes to your code or your workloads. We’ll look at relevant business scenarios and workload categories where innovating in this space helps us all build a more sustainable open-source future (while also helping manage energy costs).
Speakers
avatar for Jorge Palma

Jorge Palma

Principal PM Lead, Microsoft Azure
Jorge is the Principal PM Lead for AKS (Azure Kubernetes Service) where he serves thousands of customers and mission critical application and helped lead the service to become the fastest growing service in Azure’s history. Formerly he was the Technical Lead for App Dev and DevOps... Read More →

Wednesday April 19, 2023 10:00 - 10:05 CEST
Hall 12
  Keynote Sessions

10:05 CEST

Keynote: Building a Sustainable CNCF Project Contributor Base - Dawn Foster, Director Open Source Community Strategy, VMware
Maintaining an open source project is hard work that often extends out over several years, and maintainer burnout is common within open source projects. It can be hard for already overworked maintainers to balance the day to day work required to keep the project running while also investing in additional activity to increase future sustainability. The good news is that the CNCF has best practices, resources, guides, and templates available to make it easier for you to build a contributor strategy that leads to becoming a sustainable CNCF project over the long term. This talk will help you apply those resources in your project. This talk will include:

  1. Major factors that impact project sustainability. 
  2. Developing and executing on a sustainable contributor growth strategy, including governance, new contributor onboarding, and mentoring. 
  3. Using contributor ladders to promote contributors into leadership positions as more maintainers to share the workload can reduce maintainer burnout over time.

The audience will walk away with a better understanding of how to grow their contributor base and build a sustainable community around their CNCF project.
Speakers
avatar for Dawn Foster

Dawn Foster

Director Open Source Community Strategy, VMware
Dawn is Director of Open Source Community Strategy within VMware’s OSPO. She is an OpenUK board member, Governing Board member / maintainer for CHAOSS, and co-chair of the CNCF Contributor Strategy TAG. She has 20+ years of experience at companies like Intel and Puppet with expertise... Read More →

Wednesday April 19, 2023 10:05 - 10:20 CEST
Hall 12
  Keynote Sessions

10:20 CEST

Keynote: Closing Remarks
Wednesday April 19, 2023 10:20 - 10:25 CEST
Hall 12
  Keynote Sessions

10:30 CEST

Coffee Break ☕
Wednesday April 19, 2023 10:30 - 11:00 CEST
Halls 1 + 5
  Breaks

10:30 CEST

Solutions Showcase
Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.
Wednesday April 19, 2023 10:30 - 21:00 CEST
Halls 1 + 5
  Solutions Showcase

11:00 CEST

Kubernetes from Scratch for Neuroscientific Research - Carolina Lindqvist & Daniel Fernández, EPFL
The Blue Brain Project (BBP) is a research initiative at the École polytechnique fédérale de Lausanne (EPFL) in Switzerland aiming to build the world’s first biologically detailed digital reconstructions and simulations of the mouse brain. This talk presents BBP's journey into the vast Kubernetes ecosystem. It started two years ago with a plan to transition to Kubernetes and various prototypes for an on-premise cluster. During this time we gradually discovered the main components of Kubernetes and carved out the main use cases as well as the specific needs of a scientific organization. The work was done in close collaboration between developers and infrastructure maintainers. The presentation aims to lower the barriers for entry into the Kubernetes ecosystem by presenting an example of a full cluster setup that leverages automation and provides an easy-to-understand experience for end users. The goal is to have a blueprint that can be built upon and tailored for any small organization or research institute.
Speakers
avatar for Carolina Lindqvist

Carolina Lindqvist

Site Reliability Engineer, EPFL
Carolina Lindqvist is the Site Reliability Engineer in the Neuroinformatics Software Engineering (NISE) team. Carolina works on the Kubernetes infrastructure for the Blue Brain Nexus platform. It is an application for storing, accessing and linking neuroscientific data. She is responsible... Read More →
avatar for Daniel Fernández

Daniel Fernández

Site Reliability Engineer, EPFL
Daniel Fernández is a software engineer working as a Site Reliability Engineer in the Computing Division at EPFL Blue Brain Project. He has extensive experience deploying and running services in production. He is an open-source enthusiast and tries to participate in the open-source... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7 | Room A
  101 Track

11:00 CEST

A CI/CD Platform in the Palm of Your Hand - Claudia Beresford, Weaveworks
In a strange way CI infra is treated as something of an afterthought by many orgs who would call themselves "cloud native". The providers we have to choose from tend to use legacy infrastructure, creating bottlenecks when teams need to incrementally build, test, and release. And for those which promise containerised builds, we then have to worry about the security of privileged docker-in-docker runs. That's our choice: slow spin up times, or a compromise on security. And this is before we even talk about the overhead, both cost and environmental, of maintaining a hot pool of nodes, which is what you would need to provide either solution with any decent degree of usability. Stranger still is that a solution may lie in the Old School: I'm talking bare-metal. Sort of. What's hot and new in this space are MicroVMs. Exactly as it sounds, MicroVMs are teeny VMs, giving the speed and flexibility of containers, with the security of regular VMs. The promise that MicroVMs can be a more performant and cost-effective CI model is catching on, and one such project making exciting progress is Liquid Metal. In this talk Claudia will present a case study of an experimental system combining Kubernetes with on-demand MicroVMs... and she will demo it all live on a Raspberry Pi cluster.
Speakers
avatar for Claudia Beresford

Claudia Beresford

Senior Software Engineer, Weaveworks
Claudia is an Engineer at Weaveworks building hot new things for bare-metal. Before this she was a major contributor to the OSS Cloud Foundry PaaS container runtime solution. In “the before times” she spoke at many conferences including Container Camp, Paris Container Day and... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Elicium Building | D201-202
  CI/CD

11:00 CEST

How to Cultivate Belonging in Your Open Source Community - Jennifer Riggins, The New Stack
Open source maintainers are, overall, overworked and underpaid, yet they are trying to recruit mostly voluntary contributors. And the OSS world is dramatically less diverse than the tech industry as a whole. Like this abstract, this is one of those talks that kicks off a bit downer with the problem statements, but ends really actionably.   DEI in open source is a sociotechnical problem that begs for sociotechnical solutions. This talk will reflect on lessons learned from dozens of interviews Jennifer has had with open source leadership and contributors, looking to build a guide to increase diversity, equity, inclusion and belonging in the OSS world – which by result also increases overall community participation. This talk will be a mix of stories from open source community members and actionable ways – some manual, some technical – to build a truly inclusive community of repeat contributors and the next generation of OSS leadership.   Bring Your Own Ideas: We'll include a whiteboard where you can share your tactics, too!   We all much constantly consider: If tech is the future, and open source is the backbone of the future, who is participating in creating that future?
Speakers
avatar for Jennifer Riggins

Jennifer Riggins

Freelance Journalist, The New Stack
Jennifer Riggins is a London-based tech culture storyteller, tech journalist and host, helping to share the stories where culture and technology collide and to translate the impact of the tech we are building. She has been a working writer since 2003. Jennifer is the tech culture... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Auditorium Center | G106-107
  Community

11:00 CEST

Distributing Pod Disruption Budgets Across Multiple Clusters - Illya Chekrygin, Apple
Over the last few years, Kubernetes made incredible strives to offer a computing platform for deploying and operating highly available applications. The platform combines the need for infrastructure administrators to perform automated cluster actions of upgrading and autoscaling clusters with the application owner's workload protection against workload disruptions in the form of PodDisruptionBudget(PDB) policies. To further advance service availability, it is increasingly common for organizations to operate and deploy workloads that transcend Kubernetes Cluster boundaries addressing the requirement for a failure domain that spawns across multiple regions. The Kubernetes PDB policy protection is limited to a single namespace scope and cannot protect workloads distributed across multiple namespaces or clusters. In this talk, we will review the intricacies of Kubernetes PDB and Eviction API. We will also introduce and demo a Distributed PodDisruptionBudget - a decentralized and fully compatible Kubernetes PDB alternative with multi-cluster support.
Speakers
avatar for Illya Chekrygin

Illya Chekrygin

Field Engineer, Apple
Illya is a Kubernetes Field Engineer at Apple. Before Apple, Illya was working on advancing cloud-native computing by “freeing the cloud” at Upbound, and he is an (emeritus) maintainer of the open-source Crossplane (https://crossplane.io (https://crossplane.io/)) project. Illya... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

11:00 CEST

Building High-Throughput Applications with Bulk Messaging in Dapr - Shubham Sharma, Microsoft
Pub/Sub is a core building block of Dapr that enables developers to create event-driven applications. With the v1.10 release, Dapr has introduced a new set of capabilities to the pub/sub building block - Bulk Publish and Bulk Subscribe. This presentation will include an introduction to the pub/sub building block, different messaging patterns supported by Dapr, and strategies for achieving high throughput in applications using the Bulk APIs, along with performance benchmarks.
Speakers
avatar for Shubham Sharma

Shubham Sharma

Software Engineer 2, Microsoft
Shubham is a software engineer at Microsoft's Developer Division, and a maintainer of the JavaScript SDK for Dapr, a CNCF incubating project. Prior to his work with Dapr, Shubham was a member of the team responsible for building modern authentication for Dynamics 365. He is an alumnus... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Forum Center | E103-104
  Maintainer Track, Dapr

11:00 CEST

Gateway API Project Update - Nick Young, Isovalent & Rob Scott, Google
The Gateway API subproject of Kubernetes SIG-Network is making great strides towards the goal of being the description language for inbound traffic that’s portable, extensible, expressive, and role-oriented. With nearly 20 implementations in progress, interest is high. This session is about what’s happening now and next. We’ll update on: The state of the API, and when we’re planning to move to GA and 1.0 Our plans for conformance testing and certification What’s happening with the GAMMA initiative and how the efforts work together Maintainer Q+A And a lot more!
Speakers
avatar for Nick Young

Nick Young

Senior Systems Engineer, Isovalent
Nick has been working to prevent the entropic downfall of systems for 20 years, across Windows and Linux, datacenters and clouds, networking, storage and compute. Currently he's a Senior Software Engineer at Isovalent, and a maintainer on the Kubernetes Gateway API project, where... Read More →
avatar for Rob Scott

Rob Scott

Software Engineer, Google

Wednesday April 19, 2023 11:00 - 11:35 CEST
Auditorium Center | G001-G002
  Maintainer Track, Gateway API subproject of Kubernetes SIG Network

11:00 CEST

Intro + Deep Dive: Kubernetes SIG Scalability - Wojciech Tyczynski, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Cooperation with other SIGs is an important aspect of the presentation as many improvements driven from the SIG are in fact owned by other SIGs. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
Speakers
avatar for Wojciech Tyczyński

Wojciech Tyczyński

Senior Staff Software Engineer, Google
Wojciech is working on Google Technical Infrastructure & Cloud since 2012. Since February 2015 he works on Kubernetes and Google Kubernetes Engine. With the main focus on scalability, performance and reliability, he gained experience and contributed to many Kubernetes features and... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Forum Center | E107-108
  Maintainer Track, Kubernetes SIG Scalability

11:00 CEST

Learn the Helm Code Base and PR Review Process - Scott Rigby, Independent; Andrew Block & Karena Angell, Red Hat
Helm is the best way to package, find, share, and use software on Kubernetes. It's ease of use and ability to be integrated into a wider ecosystem of projects, products and solutions make Helm one of the most popular tools in the cloud native community. But, in addition to the features you know and love, there are even more exciting contributions waiting to be added to the project. In this session, Helm maintainers will highlight several exciting pending enhancements, and show you how you can help speed up the process of getting them landed upstream. This includes an introduction to the Helm codebase as well as demystifying the community Pull Request review process including how to choose an open PR to review, and reproduce and test the original issues and proposed fixes. Opportunities are abound for community members to step up the contributor ladder to join the Helm team to become a 'Triage Maintainer' and more!
Speakers
avatar for Andrew Block

Andrew Block

Distinguished Architect, Red Hat
Andrew Block is a Distinguished Architect at Red Hat who works with organizations throughout the world to design and implement solutions leveraging cloud native technologies. He specializes in embracing security at every phase of the Software Development Lifecycle and delivering software... Read More →
avatar for Karena Angell

Karena Angell

Principal Product Manager, Technical, Red Hat
Karena Angell is a Principal Product Manager at Red Hat focusing on cloud native application workloads for Kubernetes as well as solutions for the 'open' hybrid cloud.
avatar for Scott Rigby

Scott Rigby

Developer Experience Engineer, Weaveworks

Wednesday April 19, 2023 11:00 - 11:35 CEST
Forum Center | Forum
  Maintainer Track, Helm

11:00 CEST

Policy Matters! A Policy Working Group Introduction and Deep Dive - Jim Bugwadia, Nirmata & Frank Jogeleit, LOVOO
Kubernetes policies are configuration objects that control other configuration and runtime behaviors. The Kubernetes Policy Working Group (WG) is charted with researching and developing policy implementations, architectures, and best practices for Kubernetes. In this session Jim and Frank will provide an overview of the Policy WG projects, deliverables, and activities, and then deep dive into the Policy Report API which is being proposed as a standard by the Policy WG to unify policy observability across different areas of Kubernetes security and automation. They will demonstrate how different engines and scanners utilize this API, and show how a common policy admiration point can leverage the API to provide visibility across the continuous delivery pipeline. They will also detail how to get involved with the working group activity tracks to learn, contribute, and share in the areas of policy, governance, and compliance!
Speakers
avatar for Jim Bugwadia

Jim Bugwadia

Co-founder and CEO, Nirmata
Jim Bugwadia is a co-founder and the CEO of Nirmata, the Kubernetes policy and governance company. Jim is an active contributor in the cloud native community and currently serves as co-chair of the Kubernetes Policy and Multi-Tenancy Working Groups. Jim is also a co-creator and maintainer... Read More →
avatar for Frank Jogeleit

Frank Jogeleit

Senior Software Engineer, LOVOO
Frank Jogeleit is a Senior Software Engineer at LOVOO. He is also the creator and maintainer of Policy Reporter an open-source solution for unified policy result observability and compliance, that uses the Policy WG Policy Report API specification. Frank is a Certified Kubernetes... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Auditorium Center | G109
  Maintainer Track, Policy Working Group

11:00 CEST

Updates and Best-Practices in Kubebuilder and Controller-Tools - Varsha Prasad Narsing, Bryce Palmer & Rashmi Gottipati, Red Hat; Tony Jin, Boston University; Camila Macedo, Replicated
If you have ever developed an Operator or controller you may have heard of the Kubebuilder and controller-tools projects. During this talk, we will cover some of the new features in recent releases of both Kubebuilder and controller-tools that aid in accelerating the development of Operators while adhering to best practices. A brief summary of the features we will be covering for Kubebuilder is creating/consuming external plugins, a new default scaffold layout, and two new built-in plugins. For controller-tools, we will cover how controller-tools can be leveraged to create custom generators.
Speakers
avatar for Rashmi Gottipati

Rashmi Gottipati

Senior Software Engineer, Red Hat
Rashmi Gottipati is a Senior Software Engineer at RedHat working on the Operator SDK team at Red Hat focussing on integration with Operator Lifecycle Manager and tooling for SDK and Kubebuilder to make them easily extensible for operator developers and authors. Rashmi is an open source... Read More →
avatar for Varsha Prasad Narsing

Varsha Prasad Narsing

Senior Software Engineer, Red Hat
Varsha is a software engineer at Red Hat. She is passionate about solving problems by developing and leveraging various software technologies. She currently works with the Portfolio Enablement team (Operator Framework) and is an active contributor to Kubernetes SIGs projects like... Read More →
avatar for Tony J

Tony J

Student, Individual
Tony is a CS master student at Boston University. He has worked as a software engineer in the area of cloud infra for 3 years. He started his journey in open source contribution through Google Summer of Code 2022 participated with CNCF. Currently, he is actively working in the Kubernetes... Read More →
BP

Bryce Palmer

Software Engineer, Red Hat
Bryce is a Software Engineer working for the OpenShift Container Platform at Red Hat with a focus on contributing to the Operator Framework. Bryce is passionate about making developers’ lives easier. Bryce is a maintainer of both Operator SDK and Kubebuilder and is focused on making... Read More →
avatar for Camila Macedo

Camila Macedo

Senior Software Engineer, Replicated
Camila Macedo is a Senior Software Engineer at Replicated. Previously, she worked at Red Hat and was responsible for maintaining Operator-SDK and other projects under Operator Framework. She has over 20+ years of experience working with back-end solutions and is passionate about open-source... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
In Virtual Platform
  Maintainer Track, Kubernetes

11:00 CEST

Walk, Jog and Run with Cloud Native and the CNCF TAG-Runtime - Ricardo Aravena, TruEra & Nikhita Raghunath, VMware
Learn about the CNCF open-source projects that allow users to run cloud-native workloads, with a particular focus on Edge and Batch use cases! In this session, we will cover the following: 1) Overview of TAG Runtime, how to join and get involved 2) Overview of CNCF open source projects around workload management 3) Update on working groups, including topics like: a. Whitepaper on edge native application principles b. Interactive jobs in Kubernetes c. What is the latest in CDI (Container Device Interface) 4) Future trends for cloud-native technologies in the TAG scope (such as containers, VMs, WebAssembly and MlOps) After this session, the audience will take away an understanding of the CNCF landscape in the workloads and runtime space, along with what’s new and how to contribute back to open source and the CNCF.
Speakers
avatar for Ricardo Aravena

Ricardo Aravena

Cloud Infrastructure Lead, TruEra
Ricardo currently works at TruEra as a Cloud Infrastructure Lead helping automate everything with cloud native technologies. He's an open source enthusiast and co-chair of the CNCF TAG-Runtime. He has been working in tech for more than 20 years and comes from a diverse professional... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Staff Engineer, VMware
Nikhita is a staff software engineer at VMware and a maintainer of the Kubernetes project. She is a CNCF Ambassador and has won the CNCF Top Committer Award in 2021 for her technical contributions. She is currently the technical lead for k8s SIG Contributor Experience and was al... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Forum Center | E105-106
  Maintainer Track, TAG-Runtime

11:00 CEST

The Power of Self-Managing Clusters - Sahithi Ayloo & Arun Krishnakumar, VMware
As we all know, Kubernetes cluster life cycle management is challenging. Imagine the herculean job of managing 1000s or more clusters on your clouds. Adopting Cluster API solves this problem to an extent by out-sourcing the burden to "management cluster(s)", which are expected to manage their children-workload clusters. However, it raises many new questions, like a) who manages these 100s of "management clusters" on gigantic clouds? b) scale issues on the management clusters c) how to enable multitenancy on the management clusters d) how to prevent management cluster admin from seeing workload cluster secrets e) HA, RBAC, Backup of the management clusters f) K8s version skew between management and workload clusters and so on. Can we get away with this overhead of "Management clusters" but still leverage all the richness of Cluster API? Yes, that is possible by transforming workload clusters into "Self Managing" clusters. Come to our talk and learn more about our journey on how we have productized the concept of "Self-Managing" clusters in our Multi-tenant cloud platform and our success story.
Speakers
avatar for Arun M. Krishnakumar

Arun M. Krishnakumar

Cloud Architect, VMware Inc
Arun has been working with Kubernetes since 2016 initially building Data Science and ML platforms at a time when Docker would not always play well with Kubernetes and GPU support was new. Recently Arun has been at VMware working on a KaaS engine for their Multi-Tenant provider named... Read More →
avatar for Sahithi Ayloo

Sahithi Ayloo

Staff Engineer, VMware
Sahithi Ayloo is the technical lead for Kubernetes-as-a-Service platform for a multi-tenant cloud provider platform at VMware. She holds a strong track record of engineering customer-centric, distributed system-based solutions stacked on top of complex software-defined datacenters... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7 | Room B
  Multi-tenancy

11:00 CEST

It Is More Than Just Correlation - A Debug Journey - Simon Pasuqier & Vanessa Martini, Red Hat
Workloads running on Kubernetes can break in many different and subtle ways, which are often hard to diagnose. Ideally, we would have many observability signals at our disposal to understand what happens and how to fix it: alerts, metrics, logs, and traces. Besides these traditional observability signals, the Kubernetes API also provides useful information such as resources’ metadata, status, and events. With so many different data sources available, the main challenge is making sense of this firehose of data and correlating the different signals in a meaningful way. The talk will focus on korrel8, a new open source tool, which aims - through the correlation of observability signals - at reducing the cognitive load of engineers when attempting to debug issues.
Speakers
avatar for Simon Pasquier

Simon Pasquier

Principal Software Engineer, Red Hat
Simon is a Principal Software Engineer at Red Hat working on the OpenShift monitoring stack. He is a member of the Prometheus team as well as a maintainer of Alertmanager and Prometheus operator. He is interested in all things related to observability.
avatar for Vanessa Martini

Vanessa Martini

Senior Product Manager, Red Hat
Vanessa is a Senior Product Manager in the Observability group at Red Hat, focusing on both OpenShift Analytics and Observability UI. She is particularly interested in turning observability signals into answers. She loves to combine her passions: data and languages.

Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7 | Room C
  Observability

11:00 CEST

Be the Change Our Planet Seeks: How YOU Can Contribute to Running Environment-Friendly Workloads on Kubernetes - Kristina Devochko, Admincontrol
Climate change affects us all and it’s impact can be seen throughout all aspects of our life, including software engineering. Reducing carbon footprint and following sustainable software engineering principles is now a part of every software company’s goal, but do you know that YOU, as a developer or a platform engineer, have all the power to contribute to making your technical platform and this world a better, greener place? Kubernetes is one of the technologies that comes in multiple flavors, but it’s up to YOU to utilize it in a way that will lessen harmful impacts of global warming. During this session Kristina will shed light on how sustainable software engineering principles can be applied to Kubernetes and it’s workloads, as well as which eye-opening insights she has gained during her Kubernetes journey and what concrete actions you can take with you and apply further in your projects after the conference in order to make your Kubernetes workloads more eco-friendly.
Speakers
avatar for Kristina Devochko

Kristina Devochko

Software Architect, Admincontrol
I'm Kris, I live in Norway, love coding and spreading love for cats in presentations. Currently I am working as a Software Architect and driving several exciting tech projects that support digitalization journey in public and private sector, minimizing bureaucracy and making citizens... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

11:00 CEST

Node Resource Management: The Big Picture - Sascha Grunert & Swati Sehgal, Red Hat; Alexander Kanevskiy, Intel; Evan Lezar, NVIDIA; David Porter, Google
Resource management is a fundamental area in Kubernetes that focuses on how to properly reserve, allocate, and isolate finite resources on nodes such as CPU, memory, disk, network, accelerators, etc. Resource Management is a hot topic, with multiple proposals raised recently on how to improve things both in Kubernetes and container runtimes: Dynamic Resource Allocation, QoS class resources, improvements to CPU Management, to container lifecycle management and statistics, support in CRI-enabled container runtimes for advanced low-level runtimes such as Kata containers, Firecracker, gVisor, and Confidential Containers and many more. In this presentation, speakers will present the “big picture” for these proposals, how they are interconnected, how they are different, which problems they are targeting to solve, and what they mean for Kubernetes users. This presentation will be helpful for cluster administrators and users to understand the future direction in their resource management area and give a framework for them to provide feedback that can help shape these future efforts. We will also describe opportunities for folks who are more interested to get involved with the open source SIG-Node and runtime communities to drive these efforts forward.
Speakers
avatar for Alexander Kanevskiy

Alexander Kanevskiy

Principal Engineer, Cloud Orchestration Software, Intel
Alexander is currently employed by Intel as Principal Engineer, Cloud Software, focusing on various aspects in Kubernetes: Resource Management, Device plugins for hardware accelerators, Cluster Lifecycle and Cluster APIs. Alexander has over 25+ years of experience in areas of Linux... Read More →
avatar for Swati Sehgal

Swati Sehgal

Principal Software Engineer, Red Hat
Swati Sehgal is a Principal Software Engineer in the Ecosystem Engineering Group at Red Hat. She works to enhance OpenShift and its platform to deliver best-in-class networking applications, leading edge solutions and innovative enhancements across the stack. Her work includes working... Read More →
DP

David Porter

Senior Software Engineer, Google
David Porter is a Senior Software Engineer at Google on Kubernetes GKE node team. David’s focus is on the kubelet node agent and the resource management area. He is primary maintainer of cAdvisor, a resource monitoring library widely used in kubernetes, reviewer of a SIG Node, and... Read More →
avatar for Sascha Grunert

Sascha Grunert

Senior Software Engineer, Red Hat
Sascha is a Senior Software Engineer at Red Hat, where he works on many different container related open-source projects like Kubernetes and CRI-O. He joined the open-source community in November 2018, having gained container experience before. Sascha's passions include contributing... Read More →
avatar for Evan Lezar

Evan Lezar

Senior Systems Software Engineer, NVIDIA
Evan Lezar is a senior software engineer on the Cloud Native team at NVIDIA. His focus is making GPUs and other NVIDIA devices easily accessible from containerized environments. Prior to joining NVIDIA, Evan worked as a software engineer at Amazon and Mesosphere, a research engineer... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Auditorium Center | G104-105
  Runtime Performance + Constrained Environments

11:00 CEST

Cert-Manager Can Do SPIFFE? Solving Multi-Cloud Workload Identity Using a De Facto Standard Tool - Thomas Meadows, Jetstack & Joshua Van Leeuwen, Diagrid
If you’re like me, your Kubernetes journey started well. Booting up a cluster and deploying a demo application, only to find the dreaded “Your connection is not private” message in your web browser. Attackers could be stealing your information, credit cards and passwords? Frankly, your sock shopping addiction should be nobody's business. Luckily I found the cert-manager project. As if by magic, this clever controller made my security woes fold away. What about secrets? API and service account keys. This highly sensitive data must be bolted to your pod to ensure it can access databases, api-servers and more. After accidentally committing raw secrets to Github (nobody got time for that), I grew tired. I crawled away into the wonders of Google Cloud Workload Identity. But wait? Haven't I given up on the wonder of multi-cloud Kubernetes? If only identity could come batteries included. As an encore in the machine identity space, cert-manager now leverages SPIFFE to solve this problem. Pods are empowered to enter the VIP lounge of their choice in whatever cloud, provided they are on the guest list. Don't believe me? Call me on my bluff. Join me as I explore how this industry problem has been solved using the same magic that gave us TLS on Kubernetes only a few short years ago.
Speakers
avatar for Josh Van Leeuwen

Josh Van Leeuwen

Senior Software Engineer, Diagrid
I am a software engineer working at Diagrid. For the past 5 years I have worked on open source software in the Kubernetes ecosystem, including cert-manager and more recently Dapr. I’m most interested in securing distributed systems and workload identities.
avatar for Thomas Meadows

Thomas Meadows

Solutions Engineer, Jetstack
Tom is an engineer who works for Jetstack as a Kubernetes and Cloud Native consultant. After becoming intrigued by the space, he decided to dive into the world of supply-chain security (mostly software, but also some strange food analogies). By being enabled by initiatives like the... Read More →

Wednesday April 19, 2023 11:00 - 11:35 CEST
Auditorium Center | Emerald Room
  Security + Identity

11:00 CEST

Zero Privilege Architectures - Thijs Ebbers & Diana Iordan, ING
In this talk we'll start out with a bit of Dutch folkore (Hey, we're in Amsterdam :-)), we'll explain what is wrong with typical "Least Privilege" & "Zero Trust" implementations and ask the confronting question: "Are we playing for a Draw or are we playing to Win against our IT security adversaries...? Next we'll use some "classical" laws of war/diplomacy, biology/business and engineering to develop a modern IT architecture suitable for todays challenges. This architecture is based on desired state infrastructure, built using CI/CD and Infra/Policy-as-code. It stores its data in Data Services. It uses Events, Observability and IAM to operate securely. (In summary: we cover quite a lot of the CNCF landscape...) We'll explain this architecture and show different views of this architecture for: - Architects/Developers/Engineers - C-level Managers - CISO/Auditors And answer some questions like: - Can it be build ? (spoiler : Yes, ING is running it today, details in previous talks we gave at OpenShift Commons Detroit & San Diego) - My workloads won't fit - We're not a bank, we cannot afford this - Doesn't this collide with current views/implementations of established entities in the security(/compliancy) industry ? To conclude answer any other question the audience asks
Speakers
avatar for Thijs Ebbers

Thijs Ebbers

Cloud Native Architect, ING
Architecting Cloud Native @ING since 2016 (employee since 2001) Architecture Lead for the Runtime Domain (“VM & Container Hosting”), for ING Private & Public Clouds Speaker at OpenShift Commons San Diego & Detroit Interviewed by TheCUBE during KubeCon Detroit Living together with... Read More →
avatar for Diana Iordan

Diana Iordan

Engineer, ING
 I am an engineer in ING's CI/CD squad, building container deployment capabilities for DevOps application deployment pipelines. Working and living in Bucharest.

Wednesday April 19, 2023 11:00 - 11:35 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

11:00 CEST

Tutorial: Measure Twice, Cut Once: Dive Into Network Foundations the Right Way! - Marino Wijay & Jason Skrzypek, Solo.io
Networking is the foundation of distributed computing, especially in cloud-native ecosystems. Your awareness of how data moves between applications is critical for understanding their performance, security, and efficiency. As many microservices are built and deployed onto container systems like Kubernetes, it’s key to understand where traffic goes, how to communicate with your applications, how to decipher network protocols, and the various transactions that could be present. CoreDNS, Envoy, Istio, CNI, and Cilium and cloud-native networking tools offer many advantages, but in failure conditions, they require a deep understanding of the Linux networking stack. This workshop will prepare you to navigate networks and develop expertise in the networking technologies found throughout KubeCon + CloudNativeCon. Taking this workshop will help you to answer the questions: - What does a packet look like? - How does it flow into your microservices? - How do you track network communications? - Why do you need DNS? - How does a service mesh enhance your microservices network? - What does the shift away from IPtables toward eBPF mean for network performance?
Speakers
avatar for Jason Skrzypek

Jason Skrzypek

Field Engineer, Solo.io
The taxonomy of the cloud native landscape has consumed Jason Skrzypek for more than half a decade now. His home office in Lancaster NY has taken him from Application Developer to Infrastructure Admin to Network Engineer and beyond. While exploring this ecosystem a few common threads... Read More →
avatar for Marino Wijay

Marino Wijay

Developer Advocate, Solo.io
Marino is a Developer & Platform Advocate at Solo.io, EddieHub Ambassador, and KubeHuddle Organizer. He is passionate about technology and modern distributed systems that involve heavy networking. He will always fall back to the patterns of Networking and the ways of the OSI. Community... Read More →

Wednesday April 19, 2023 11:00 - 12:30 CEST
Elicium Building | Elicium Ballroom 1 + 2
  Tutorials, I/O: Networking + Storage

11:00 CEST

🚨 ContribFest: NATS - Help Design and Build the Future of the NATS Go Client! (Limited Availability; First-Come, First-Served)
In this session attendees will have a chance to work together with NATS maintainers on the initial design and first pass implementation of the v2 version of nats.go.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Speakers
avatar for Wally Quevedo

Wally Quevedo

Software Engineer, Synadia
Waldemar Quevedo is a core maintainer of the NATS.io project and author of "Practical NATS". He currently works at Synadia Communications, Inc., developing a global communications network based on NATS.io called NGS.Before joining Synadia, he worked on a container orchestration system... Read More →
PP

Wednesday April 19, 2023 11:00 - 12:30 CEST
K101-102
  🚨 ContribFest

11:55 CEST

Silly Gooses, Let's Make Sense of the Security Supply Chain, Together - Grace Nguyen, University of Waterloo
When Grace started her job in security and open-source, she didn’t get the joke about honking geese folks in security would throw around and there was never a good time to ask. The same thing is happening for supply chain security. The landscape is evolving rapidly with high adoption but comprehensive documentations and talks, especially for beginners, are still lagging behind. Starting with why we care about supply chain security, the talk will provide an overview of the landscape and how tools like Fulcio, Rekor and cosign come together. Unlike geese, we won’t hiss at you!
Speakers
avatar for Grace Nguyen

Grace Nguyen

Student, University of Waterloo
An undergrad at uWaterloo, Grace Nguyen has interned in VC, the government, research, startups and big tech. Having built in various verticals with a focus on using technology to help underserved communities, she spends most of her day hacking software, reading about the anthropology... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7 | Room A
  101 Track

11:55 CEST

An Introduction to Cloud Native Capture The Flag - Andrew Martin & James Cleverley-Prance, ControlPlane
The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon Europe attendees. In preparation for getting started with the activity, you are invited to attend an introductory session.

This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together.  Want to know more about the CTF? Review the details here.
Speakers
avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. He spends his days focusing on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and security architecture. He has reviewed the security posture of numerous... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, Control Plane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium Centre | G102-103
  Capture The Flag
  • Content Experience Level Any

11:55 CEST

Kubernetes Prow Jobs - Day 2 Aspects and How to Navigate, Read & Write Them - Priyanka Saggu, SUSE & Mario Jason Braganza, Independent
Are you curious to know how projects in the Kubernetes ecosystem test code changes using Prow CI/CD? And how those tests are automated using Prow jobs? Do you want to learn how to read and navigate the source code of hundreds of existing Prow jobs, that help ensure the latest Kubernetes releases meet quality standards, and work across cloud providers, container engines, and networking plugins? If any of this interests you, this talk is for you! There are many resources available today that cover Day 0 & Day 1 aspects of deploying and using Prow as a testing tool, but something that covers reading & understanding existing Kubernetes Prow jobs is still needed. This talk aims to fill in these gaps, to cover the Day 2 aspects of using Prow as a testing tool, i.e. to help users gain better insight by reading & navigating through existing Prow jobs written for various Kubernetes projects, (and eventually to write new ones.) To that end, this talk will address the following: * What Prow Jobs are, their different types & the anatomy of a prow job * Dive into the code of existing Prow jobs running Kubernetes tests and learn how to locally replicate, build and diagnose them * Introduction to Spyglass & Testgrid, and how to use them to read test statistics & generate useful CI signals
Speakers
avatar for Priyanka Saggu

Priyanka Saggu

Kubernetes Integration Engineer, SUSE
Priyanka Saggu is a Kubernetes Integration Engineer at SUSE, with contributions to many parts of the upstream Kubernetes project through SIGs such as Release, Testing, ContribEx, and CLI. She is one of the Release Leads for Kubernetes v1.27 and v1.26 release cycles, served as the... Read More →
avatar for Mario Jason Braganza

Mario Jason Braganza

IT consultant
Before pivoting careers Jason Braganza, was a successful and experienced IT consultant, architecting solutions to the varied needs of small and medium businesses. He now is on the path to learning and sharing all he can about free and open source software, specially Linux. He mentors... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Elicium Building | D201-202
  CI/CD

11:55 CEST

Grow Your Own Community! Lessons Learned from Running Kubernetes Community Days Across Europe - Matt Jarvis, Snyk; Annalisa Gennaro, SparkFabrik; Max Korbacher, Liquid Reply; Alessandro Vozza, Solo.io; Paula Kennedy, Syntasso
Kubernetes Community Days are community organized events that gather adopters and technologists from open source and cloud native communities to learn, collaborate, and network to further advancement in Kubernetes. They also are a lot of fun and a great way to meet new people and build community. Organizing KCDs is highly rewarding, but can also be a big undertaking, with lots of potential challenges and pitfalls. In this panel discussion, organizers from some of the biggest Kubernetes Community Days in Europe will come together to share their experiences and best practices for how to get going, along with dos and don’ts for organizing community events. We’ll talk about building your team, ensuring diversity, managing logistics, raising sponsorship, handling finances and more. If you’re new to community organizing or a seasoned veteran, you’ll be sure to gain some insights into how you can organize better events !
Speakers
avatar for Matt Jarvis

Matt Jarvis

Director, Developer Relations, Snyk
Matt Jarvis is a Director of Developer Relations at Snyk. Matt has spent more than 15 years building products and services around open source software, on everything from embedded devices to large scale distributed systems. Most recently he has been focused on the open cloud infrastructure... Read More →
avatar for Paula Kennedy

Paula Kennedy

Chief Operating Officer, Syntasso
Paula is Co-Founder and Chief Operating Officer of Syntasso; her previous roles include Senior Director of Tanzu Global Education at VMware, Senior Director of Platform Services EMEA at Pivotal and Co-Founder & Chief Operating Officer of CloudCredo. Working in the IT industry for... Read More →
avatar for Max Körbächer

Max Körbächer

Co-Founder, Liquid Reply
Max is Co-Founder and Cloud Native Advocate at Liquid Reply. He is Co-Chair of the CNCF Environmental Sustainability Technical Advisory Group and served 3 years at the Kubernetes release team. Besides, he is part of different OSS Advisory Boards. His focus is on designing and building... Read More →
avatar for Annalisa Gennaro

Annalisa Gennaro

Head of Marketing and Communication, SparkFabrik
After working as Digital Marketer in a fairly different industry for over 20 years, Annalisa steered towards the tech world as Head of Marketing and Communication at SparkFabrik in January 2021. Always and forever in love with communication, she recently grew a passion for the Cloud... Read More →
avatar for Alessandro Vozza

Alessandro Vozza

Developer Advocate, Solo.io
Community leader and CNCF ambassador, Alessandro has spent the last few years building cloud native infrastructures for Microsoft customers, animating the Dutch community, and training others to pass the CKx exams. He has passion for all things cloud native, he's been around open... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium Center | G106-107
  Community

11:55 CEST

What Happened to the Service Catalog? - Adam Wolfe Gordon, DigitalOcean
Imagine you provide a hosted cloud service - for example, a SaaS metrics platform or a managed database. Your customers use Kubernetes and you want to let them easily consume your service in their Kubernetes workloads. Today, you would build an operator or perhaps a Crossplane provider. But not so long ago there was a Kubernetes project specifically for this use-case: the Service Catalog. The Service Catalog worked with the Open Service Broker API to allow management of hosted services via Kubernetes resources. It provided a standardized, vendor-neutral way to manage and connect to external services from Kubernetes workloads. It never really took off. Operators won the day, and the Service Catalog project was shut down in 2022. This talk explores both the limitations and the advantages of the Service Catalog model. We'll compare and contrast the Service Catalog with operators and Crossplane, and explore where each approach could learn lessons from the others. With that context in mind, we'll think about the future. Kubernetes users will continue to consume cloud services in their applications; what's the best way to facilitate that?
Speakers
avatar for Adam Wolfe Gordon

Adam Wolfe Gordon

Senior Engineer II, DigitalOcean
Adam Wolfe Gordon is a senior engineer focused on product strategy at DigitalOcean. Among other things, he previously worked as the tech lead for DigitalOcean's Kubernetes and container registry products. Adam is interested in infrastructure products, and likes to spend as much time... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

11:55 CEST

Best Practices for Accelerated Image Distribution Using Dragonfly - Wenbo Qi, Ant Group & Yiyang Huang, ByteDance
This sharing introduces dragonfly, which is a P2P-based image and file distribution system. Introduce the system architecture of dragonfly and how to select the technology in the design. Provides best practices for image acceleration using dragonfly in company. Finally, describe how dragonfly can be combined and used with other systems in the ecosystem, such as Harbor, Nydus, eStargz, etc.
Speakers
avatar for Wenbo Qi

Wenbo Qi

Software Engineer, Ant Group
Wenbo Qi is a software engineer at Ant Group working on Dragonfly. He is a maintainer of the Dragonfly. He hopes to do some positive contributions to open source software and believe that fear springs from ignorance.
avatar for Yiyang Huang

Yiyang Huang

Software Engineer, ByteDance
Yiyang Huang is a software engine at BytaDance working on artifact registry. He is a contributer of Dragonfly, Harbor etc.

Best Practices for Accelerated Image Distribution Using Dragonfly pptx
Wednesday April 19, 2023 11:55 - 12:30 CEST
In Virtual Platform
  Maintainer Track, Dragonfly

11:55 CEST

Emissary-Ingress: Self-Service APIs and the Kubernetes Gateway API - Lance Austin, Ambassador Labs & Flynn, Buoyant
Emissary-ingress, a CNCF Incubating project, is a self-service Kubernetes-native open-source API gateway and ingress controller built on the Envoy Proxy -- but really, what does that mean? In this session, we'll give attendees an overview of why ingress controllers are necessary, how self-service developer workflows work for developers and for operations, and how Emissary-ingress can make all of this easier. We'll also look at current best practices around designing, managing, and evolving self-service APIs. We'll continue with a deeper dive into Emissary-ingress' evolution and future, notably, the plans for supporting the Kubernetes Gateway API, and our excitement about that emerging standard. You can also learn how to get involved as a contributor or as a user who wants to offer feedback. This is a great opportunity to interact directly with the Emissary-ingress maintainers and make sure your voice is heard!
Speakers
avatar for Flynn

Flynn

Technical Evangelist, Buoyant
Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering from the kernel up through distributed applications... Read More →
avatar for Lance Austin

Lance Austin

Principal Engineer, Ambassador Labs
Lance Austin is an Engineer at Ambassador Labs that enjoys spending my day making it easier for users to adopt Kubernetes by empowering self-service API Gateway functionalities through Emissary-ingress. When I'm not coding I'm spending my time raising my three children and running... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium Center | G001-G002
  Maintainer Track, Emissary-ingress

11:55 CEST

Flux Beyond Git: Harnessing the Power of OCI - Stefan Prodan & Hidde Beydals, Weaveworks
In this session, Stefan and Hidde will talk about the latest developments of Flux around the Open Container Initiative (OCI). The focus will be on how OCI can serve as the single source of truth for both application code (container images) and configuration (OCI artifacts). We will start by explaining how Flux can be used as a package manager for distributing Kubernetes configs and Terraform modules as OCI artifacts. Afterwards, we will demonstrate how to build a secure delivery pipeline that leverages Flux integrations with GitHub Actions and keyless signatures from Sigstore Cosign. Lastly, we will touch upon the upcoming plans for 2023 and the significance of OCI in the future of continuous delivery with Flux.
Speakers
avatar for Stefan Prodan

Stefan Prodan

Principal Engineer, Weaveworks
Stefan is a Principal Engineer at Weaveworks and an open source contributor to cloud-native projects. He is the creator of Flagger the progressive delivery operator for Kubernetes, and a core maintainer of the CNCF's Flux project. He worked as a software architect and a DevOps consultant... Read More →
avatar for Hidde Beydals

Hidde Beydals

Senior Software Engineer, Weaveworks
Hidde is a Senior Software Engineer at Weaveworks, and a seasoned maintainer of the CNCF Flux project. With over 15 years of experience in software development, he has been a significant contributor to the project since 2018, developing and maintaining key features such as the Helm... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Forum Center | E103-104
  Maintainer Track, Flux

11:55 CEST

Jaeger: The Future with OpenTelemetry and Metrics - Pavol Loffay, Red Hat & Jonah Kowall, Aiven
In this session, we will start with an introduction to the Jaeger distributed tracing project and the basics of distributed tracing. Jaeger recently deprecated its native clients in favor of the OpenTelemetry SDKs. We will explain what this means to you as users and why we are changing the path forward. To help facilitate this transition, we will cover OpenTelemetry auto-instrumentation best practices to build a scalable trace pipeline to deliver this data to a Jaeger backend. Moving Jaeger from a tracing system to a monitoring system has been a big push for the project in the last year. Made possible by OpenTelemetry and the processor layer which allows for the creation of metrics derived from traces in the pipeline. Operational monitoring is now possible using the new monitoring tab, which adds metrics capabilities to Jaeger UI via another graduated project, Prometheus. We are always seeking new collaborators, contributors, and users. We need your help, please join us!
Speakers
avatar for Pavol Loffay

Pavol Loffay

Principal Software Engineer, Red Hat
Pavol Loffay is a principal software engineer at Red Hat working on open-source observability technology for modern cloud-native applications. Pavol contributes and maintains Cloud Native Computing Foundation (CNCF) projects OpenTelemetry and Jaeger. In his free time, Pavol likes... Read More →
avatar for Jonah Kowall

Jonah Kowall

VP Product Management, Aiven
Jonah Kowall trained in computer science focused on scaling security and performance engineering teams. In 2011 changing careers, joining Gartner as a research VP speaking and writing research for IT leaders, leading two Magic Quadrants yearly.  Along with this change, he moved to... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Forum Center | Forum
  Maintainer Track, Jaeger

11:55 CEST

Nurturing Security Permaculture: Kubernetes SIG Security Update - Tabitha Sable, Datadog; Mahé Tardy, Isovalent; Savitha Raghunathan, Red Hat; Ala Dewberry, VMware
SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join contributors Savitha, Ala, Mahé, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our documentation, third-party audit, self-assessments, and tooling subprojects. You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there!
Speakers
avatar for Savitha Raghunathan

Savitha Raghunathan

Senior Software Engineer, Red Hat
Savitha is a Senior Software Engineer at Red Hat, working on Data Protection, Container Migration and Application Modernization technologies. She led the release cycle for Kubernetes v1.22. Currently, she is leading the SIG Security Documentation sub-project. She is passionate about... Read More →
avatar for Tabitha Sable

Tabitha Sable

Staff Engineer, Datadog
Tabitha Sable never met a system she didn't want to take apart. She serves the Kubernetes community as co-chair of SIG Security and a member of the Security Response Committee. At work, Tabitha leads Runtime Infrastructure Security at Datadog. She writes exploits, hardens infrastructure... Read More →
avatar for Mahé Tardy

Mahé Tardy

Security Engineer, Isovalent
Mahé is a security engineer at Isovalent and an active contributor to Kubernetes SIG Security. He was previously working as a security researcher and loves working with Linux, security, and Kubernetes!
AD

Ala Dewberry

Senior Product Manager, VMware
Ala is a Senior Product Manager in the Office of the CTO at VMware, working at the intersection of edge computing, security, and modern applications. She has worked in a variety of roles and industries. Before joining VMware, she headed up engineering operations and program management... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Forum Center | E105-106
  Maintainer Track, Kubernetes

11:55 CEST

Prometheus Updates and Deep Dive - Kemal Akkoyun, Polar Signals & Josue Abreu, Grafana Labs
As the 2nd oldest project in the CNCF, you have probably heard about Prometheus before. Prometheus is the de facto standard in cloud-native metrics monitoring and beyond, mainly because Kubernetes is designing its custom metrics engine for Prometheus. Nevertheless, the project maintainers will introduce you from the very beginning, followed by a deep dive into its internal and a list of the exciting new features that have been released recently or are in the pipeline. You will learn about many opportunities to use Prometheus, and we will cover a mix of introduction content, a deeper dive into current developments, and open Q&A at the end. We can even tempt you to contribute to the project yourself.
Speakers
avatar for Kemal Akkoyun

Kemal Akkoyun

Software Engineer, Polar Signals
Kemal Akkoyun is a Senior Software Engineer at Polar Signals. He is one of the maintainers of Thanos and Prometheus. He is heavily invested in observability, profiling, and performance engineering. Kemal is interested in tools like Go, eBPF, Kubernetes, Prometheus, and Rust. He likes... Read More →
avatar for Josue Abreu

Josue Abreu

Software Engineer, Grafana Labs
Josue is the Alerting Lead at Grafana Labs and is a Prometheus Maintainer. Over a 10-year career in software development, he’s been involved on the whole spectrum, from founding and successfully exiting a company to working on digital payment systems that move millions a day. Now... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium Center | G109
  Maintainer Track, Prometheus

11:55 CEST

Sig Scheduling Deep Dive - Aldo Culquicondor, Google & Kante Yin, DaoCloud
In this talk, Aldo and Kante will present the latest enhancements that SIG Scheduling recently promoted in Kubernetes, and the opportunities under discussion, to better support both services and batch type workloads in Kubernetes. We will discuss the recent improvements to scheduler performance that are allowing it to reach new scheduling throughput highs, better support for rolling updates in deployments while maintaining high availability, the new spec. SchedulingGates knob and how it allows external integrators, like dynamic quota managers, to control when pods should be considered for scheduling. We will also discuss the recent developments in sponsored projects, such as Kueue, scheduling plugins and the descheduler.
Speakers
avatar for Aldo Culquicondor

Aldo Culquicondor

Senior Software Engineer, Google
Aldo is a Senior Software Engineer at Google. He works on Kubernetes and Google Kubernetes Engine, where he contributes to kube-scheduler, the Job API and other features to support batch workloads. He is currently a TL at SIG Scheduling and a member of WG Batch. He is also a maintainer... Read More →
avatar for Kante Yin

Kante Yin

Senior Software Engineer, DaoCloud
Kante Yin is a senior software engineer and an open source enthusiast. He is currently working at the Kubernetes platform team at DaoCloud, based in Shanghai, he also works on upstream Kubernetes as SIG-Scheduling reviewer and Kueue reviewer... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Forum Center | E107-108
  Maintainer Track, Kubernetes SIG Scheduling

11:55 CEST

How We Securely Scaled Multi-Tenancy with VCluster, Crossplane, and Argo CD - Ilia Medvedev & Kostis Kapelonis, Codefresh
What do you do when RBAC with namespaces aren’t enough to meet your multi-tenancy needs? Namespaces are easy to implement but they generally do not provide the level of isolation that is needed when working with external users. Instead of running multiple clusters, which are complex to manage, hard to scale and often costly, we turned to vCluster. vCluster is an open source project that allows you to create virtual clusters in any Kubernetes cluster. Virtual clusters enjoy higher isolation than simple namespaces and can also be used for cluster level resources like CRDs without any versioning conflicts. Using virtual clusters in the Codefresh’s hosted GitOps platform that is powered by thousands of Argo instances we enabled high isolation between tenants while lowering the cost of application multi-tenancy. For most companies, multi-tenancy means supporting multiple teams within an organization, or perhaps a partner. For us, multi-tenancy means providing access to the general public. We needed to go deeper than RBAC, namespaces, and auditing. In this end-user talk, we’ll share how we leveraged vCluster, Crossplane, and Argo CD to approach multi-tenancy, scale, and security in a totally GitOps fashion. You’ve never seen vCluster scale like this before!
Speakers
avatar for Konstantinos Kapelonis

Konstantinos Kapelonis

Developer Advocate, Codefresh
Kostis is a software engineer/technical-writer dual class character. He lives and breathes automation, good testing practices and stress-free deployments with GitOps.
avatar for Ilia Medvedev

Ilia Medvedev

DevOps Engineer, Codefresh
DevOps Engineer at Codefresh. Kubernetes, container driven development and CI/CD enthusiast, with a strong passion for GitOps and Argo. Working with the amazing team at Codefresh to optimize the GitOps methodology for software delivery at scale.

Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7 | Room B
  Multi-tenancy

11:55 CEST

Past, Present, and Future of eBPF in Cloud Native Observability - Frederic Branczyk, Polar Signals & Natalie Serrino, New Relic
eBPF has long been promising in the cloud native ecosystem but has evolved significantly over the years. Frederic will start by first giving a brief history of the past and how eBPF has developed to be what it is today. This leads us to the current state of things in the present space of observability. Here Frederic will outline how eBPF is safely used in a variety of open source, apache2 licensed, projects from Cilium Hubble, Pixie, to Parca, and others. Here we will also take a look at a simple demo on eBPF and how this can be run on a Kubernetes cluster and what we can find about that cluster just by using eBPF data. The last portion of the talk will discuss the future of observability using eBPF and where Frederic thinks it will develop, which among other things will include how eBPF will enable correlation between different signals such as connecting distributed tracing with profiling data.
Speakers
avatar for Natalie Serrino

Natalie Serrino

Principal Engineer, New Relic
Natalie Serrino is a Principal Engineer at New Relic working on the Pixie open source project. She focuses on Pixie’s data layer, more specifically, the PxL language, the PxL compiler, and Pixie’s edge query engine for analytics.
FB

Frederic Branczyk

Software Engineer & Founder, Polar Signals
Frederic is the founder of Polar Signals. Before founding Polar Signals he was a senior principal engineer and the main architect for all things Observability at Red Hat, which he joined through the CoreOS acquisition. Frederic is a Prometheus and Thanos maintainer and tenured as... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7 | Room C
  Observability

11:55 CEST

Colocate Hadoop YARN with Kubernetes to Save Massive Costs on Big Data - Irvin Lim & Hailin Xiang, Shopee
Although containerization enables flexibility for workloads and has better resource utilization than virtual machines. But the resource utilization of a production Kubernetes cluster is still quite low if accumulates by 24 hours, while Big Data workloads stabilize at a high resource utilization level. To address the low resource utilization issue on Kubernetes clusters, the industry would colocate online services and offline jobs in the same cluster usually. But how to ensure offline jobs don't affect the normal running of online services is very tricky. Offline jobs may occupy a lot of L3 caches, consume memory bandwidth, hold critical kernel lock and then affect the error rate and the latency of colocated online services. In this talk, we would share how we customize and extend Linux Kernel, Container Runtime, Kubernetes Scheduler, and Kubelet to improve resource utilization significantly while ensuring online services are running as normal. We would share why default cgroup CFS and memory limits are insufficient in complicated real-world scenarios and how to overcome them. We also would share Kubernetes restrictions on offline job scheduling and how we workaround it to save costs on purchasing computing resources for Big Data.
Speakers
avatar for Irvin Lim

Irvin Lim

Expert Engineer, Shopee
Irvin is an Expert Engineer in Shopee, under the Engineering Infrastructure organization. As one of the earlier engineers to adopt Kubernetes in Shopee, he designed and implemented several significant Cloud Native platforms in Shopee from scratch to mature in past years, such as Shopee... Read More →
HX

Hailin Xiang

Senior Engineer, Shopee
Hailin Xiang is a Senior Engineer at Shopee. He evolves Shopee infrastructure via Cloud Native tech stack with other colleagues in past years, e.g. he implemented the Shopee Colocation Platform from scratch and verify its power with big campaign traffics. Besides Kubernetes, he is... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

11:55 CEST

Device Plugins 2.0: How to Build a Driver for Dynamic Resource Allocation - Kevin Klues, NVIDIA & Alexey Fomenko, Intel
Dynamic Resource Allocation (DRA) is a new Kubernetes feature that puts resource scheduling in the hands of 3rd-party developers. From an end-users perspective, it moves away from the limited "countable" interface for requesting access to resources (e.g. "nvidia.com/gpu: 2"), providing an API more akin to that of persistent volumes. Using GPUs as an example, DRA unlocks a host of new features without the need for awkward solutions shoehorned on top of the existing device plugin API. These features include: * Controlled GPU Sharing (both within a pod and across pods) * Multiple GPU models per node (e.g. T4 and A100) * Specifying arbitrary constraints for a GPU (min/max memory, device model, etc.) * Dynamic allocation of MIG devices * Dynamic repurposing of a GPU from full to MIG mode * Dynamic repurposing of a GPU for use as Passthrough vs. vGPU * ... the list goes on ... In this talk, you will learn how to build your own resource driver for DRA. This includes details of how to use Kubernetes's in-tree helper libraries for DRA, where to find an example driver to get you started, as well as best-practices for architecting the driver itself. Throughout this talk, we will use our existing NVIDIA and Intel GPU drivers as a guide, concluding with a demo of these drivers in action.
Speakers
avatar for Kevin Klues

Kevin Klues

Principal Software Engineer, NVIDIA
Kevin Klues is a Principal Software Engineer on the Cloud Native team at NVIDIA. Since joining NVIDIA, Kevin has been involved in the design and implementation of a number of Kubernetes related technologies, including the TopologyManager and NVIDIA's Kubernetes device plugin. Kevin... Read More →
avatar for Alexey Fomenko

Alexey Fomenko

Cloud Software Developer, Intel
Started using computers at the age of 7, hacking at 10, programming at 14. Been using Linux-based OS for last 20 years. Working 15 years by now, with quite many different fields: a bit of Linux OS core components maintenance for mobile phones, a bit of B2B consulting, a little Big... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium Center | G104-105
  Runtime Performance + Constrained Environments

11:55 CEST

Confidential Containers Made Easy - Fabiano Fidencio, Intel & Jens Freimann, Red Hat
Join us as we expose the steps that make Confidential Containers (CoCo) easy to provision and run your first workload! CoCo is an open source community working to enable cloud native confidential computing by leveraging trusted execution environments (TEE) to protect containers and data. CoCo integrates multiple features from many open source projects that need to need to securely and efficiently work together on many distinct hardware technologies, supporting several CRI runtimes, and more that can appear to be complex to get started. We will share how the project's front-end is an operator responsible for such deployment in a Kubernetes cluster, how to declare your setup via a Custom Resource and simply let the Operator take care of everything else for you.
Speakers
avatar for Jens Freimann

Jens Freimann

Software Engineer Manager, Red Hat
Jens started his career working on firmware for I/O chipsets in IBM's mainframes but soon transferred to work on a full-system simulator based on KVM. This led him to work on core KVM in the IBM Linux Technology Center before he jumped over to Red Hat to continue working in virtualization... Read More →
FF

Fabiano Fidencio

Cloud Orchestration Software Engineer, Intel
Fabiano Fidêncio is a Software Engineer with a strong passion for easing the usability of the projects he works on. He's been serving as an Architecture Committee member of the Kata Containers project for the past 2 years, and has been involved with Confidential Containers since... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium Center | Emerald Room
  Security + Identity

11:55 CEST

Using OpenTelemetry for Application Security, with a Real Life Example - Ron Vider, Oxeye
The composition of application vulnerabilities has changed as a result of the shift from monolithic applications to cloud native applications, but application security testing hasn't kept up, and the security of cloud native applications is at risk. In this presentation, we’ll explore how vulnerabilities have evolved in the shift from monolithic to cloud native and microservices. We’ll see how cloud native vulnerabilities are executed, and how they look like vulnerable flows rather than just a static bug. Starting with an overview of OpenTelemetry, we’ll explore what observability is, why it’s needed in modern software development, and how it works. We’ll then dive into a real life example of a ‘cloud native vulnerability’, and how OpenTelemetry helps us detect it. We will: • Demonstrate a Kubernetes application with two microservices, and a message queue in between them. One microservice exposes an API to the internet, and a payload continues through the MQ up to the internal microservice. • Deploy the application & show the attack • Install OpenTelemetry manually on the environment, and show a vulnerable flow in Jaeger We will also look at the challenges: • Additional security related instrumentation • Test coverage - you don’t know what you don’t know • Installation process
Speakers
avatar for Ron Vider

Ron Vider

CTO, Oxeye
Ron Vider is the CTO and co-founder of Oxeye, where he oversees the company’s research, engineering and product efforts. Prior to co-founding the company, Ron worked as a security researcher at Orca Security, and led a security research team in the elite Unit 8200 of the Israeli... Read More →

Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

12:30 CEST

Lunch 🍲
Wednesday April 19, 2023 12:30 - 14:30 CEST
Halls 1 + 5
  Breaks

13:00 CEST

Marketing Lounge Office Hours
Wednesday April 19, 2023 13:00 - 15:00 CEST
Congress Center | D506
  Experiences

14:30 CEST

Choose Your Own Adventure: The Treacherous Trek to Development - Whitney Lee, VMware & Viktor Farcic, Upbound
From the moment of their inception as source code on the developer’s laptop, our hero knows that they are destined for great things. They long to be a real, running application, living in production, serving end users! But the epic journey to production is an arduous one, filled with cascading choices—choices concerning container build strategy, image registries, application configuration, adding and managing a database, migrating database schema, and Kubernetes-native development, to name a few. And who knows what other unseen forces lurk in the shadows! One wrong step could be catastrophic.

It is up to us, the audience, to guide our hero; and to help them grow from source code to container image, to the first pitstop on their journey- running in a development environment. In this ‘Choose Your Own Adventure’-style talk, Whitney and Viktor will present a linear view of all of the choices that an anthropomorphized application must make as they try to find their way to the fabled land of development. Throughout the presentation, the audience will use a voting app to choose which path our hero application will take. Can we navigate CNCF projects and avoid pitfalls and dead-ends to get our application to development before the session time elapses?

Join us if you dare! This talk is not for the faint of heart!

Speakers
avatar for Viktor Farcic

Viktor Farcic

Developer Advocate, Upbound
Viktor Farcic is a Developer Advocate at Upbound, a member of the Google Developer Experts, CDF Ambassadors, and GitHub Stars groups, and a published author. He is a host of the YouTube channel DevOps Toolkit and a co-host of DevOps Paradox.
avatar for Whitney Lee

Whitney Lee

Staff Developer Advocate, VMware
Whitney is a lovable goofball who enjoys understanding and using tools in the cloud native landscape. Creative and driven, Whitney recently pivoted from an art-related career to one in tech. She is active in the open source community, especially around CNCF projects focused on developer... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7 | Room A
  101 Track

14:30 CEST

Fight Back Against Cyber Risk in the Software Supply Chain with a Secure and Compliant DevSecOps Pipeline for Regulated Environments - Krishna Rajeesh Nallur Valiyaveettil & Brendan Kelly, IBM
Cyber-attacks and security vulnerabilities are one of the top concerns for organizations nowadays, especially for regulated environments, for example on the Financial Services market. Having secure and compliant dev sec ops pipelines is a major tool to fight back these threats and make sure regulated workloads can be safely deployed with reduced risk. In this session we will share our experience helping clients address these challenges using open-source tools and capabilities to provide secure and compliant DevSecOps pipelines. We will cover best practices of Secure Software Supply Chain including: - Reliable, repeatable automation with Everything as Code - Mitigation of security risks as early as possible - Driving standardization and reuse - Focus on Evidence Gathering for audits We will share a specific solution based on the BIAN (Banking Industry Architecture Network) architectural framework for banking interoperability which will showcase the application of Continuous Integration, Continuous Deployment and Continuous Compliance in a real-world scenario using available open source tools like Tekton, Terraform, SonarQube.
Speakers
avatar for Krishna Rajeesh Nallur Valiyaveettil

Krishna Rajeesh Nallur Valiyaveettil

Sr Architect, IBM Cloud for financial services, IBM
Krishna Rajeesh is a Senior Architect in IBM Cloud for Financial Services with over 18 years of experience in Financial, Manufacturing, and Service industries. Responsible for designing and deploying solutions on cloud and on-premises, with security and compliance strategies. He is... Read More →
avatar for Brendan Kelly

Brendan Kelly

Sr Architect, IBM Cloud for financial services, IBM
Brendan Kelly is a senior architect with IBM, having been in the software development industry for almost ten years.He is passionate about the use of automation in general, whatever the problem to be solved – be it data science, infrastructure provisioning, application development... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Elicium Building | D201-202
  CI/CD

14:30 CEST

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling - Christie Wilson, Google & Priya Wadhwa, Chainguard
SLSA is an emerging standard for supply chain security that makes it easier to reason about threats and mitigations, but how do we make it work for Kubernetes? It can be difficult to analyze the security posture of a Kubernetes based CI/CD platform, let alone mitigate the threats. Threat modeling to the rescue! Using Tekton as a case study, Priya and Christie will walk you through a threat model analysis of CI/CD execution on Kubernetes, identifying trust boundaries that can be exploited by malicious external actors, internal actors and even privileged admins, and mapping these trust boundaries to SLSA standards. They will demo how Tekton has complied with this standard by utilizing open source projects like Sigstore and SPIRE. You'll leave this talk with a deeper understanding of supply chain security and of how to mitigate potential threats to building artifacts on Kubernetes.
Speakers
avatar for Christie Warwick (Wilson)

Christie Warwick (Wilson)

Software Engineer, Google
Christie Wilson (Warwick) (she/her) is a software engineer with a passion for building quality software and having fun doing it. During her career she has worked in a wide range of domains from currency exchange to AAA games and is currently working on continuous delivery tools at... Read More →
avatar for Priya Wadhwa

Priya Wadhwa

Software Engineer, Chainguard
Priya Wadhwa is a software engineer at Chainguard, where she works on a variety of open source projects with the goal of improving software supply chain security. She is a member of the Sigstore TSC and a maintainer of the Tekton Chains project. She's passionate about making security... Read More →

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling pdf
Wednesday April 19, 2023 14:30 - 15:05 CEST
In Virtual Platform
  CI/CD

14:30 CEST

Going for Graduation: Crossing the Chasm - Bill Mulligan, Isovalent & Katie Gamanji, Apple
Sandbox, incubation, graduation. These are the three maturity stages for the 147 (at the time of writing) projects under the CNCF umbrella. While the formal process to go from one stage to the next is written down in the TOC repo, it isn’t just a check the box process and each community will have its own journey. This talk from a current TOC member and maintainer of a project applying for graduation will break down, from both sides of the table, what it takes to build a successful project and community to finally cross the chasm to graduation. The audience will learn: 1. What the graduation process looks like 2. When you should get started with the process 3. How to prepare for each of the graduation requirements 4. What resources are available to projects getting ready for graduation
Speakers
avatar for Katie Gamanji

Katie Gamanji

Senior Field Engineer, Apple
Katie is a cloud native leader, practitioner, and contributor, currently in a Senior Kubernetes Field Engineer role at Apple and a TOC for CNCF (Cloud Native Computing Foundation). As a cloud platform engineer, Katie has built the infrastructure for Conde Nast and American Express... Read More →
avatar for Bill Mulligan

Bill Mulligan

Community Pollinator, Isovalent
Bill Mulligan is a cloud native pollinator and community builder. He has given talk and written articles about building the business case for cloud native. While at CNCF he restarted the Kubernetes Community Day program and worked to grow the student community. He is currently at... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Auditorium Center | G106-107
  Community

14:30 CEST

PlayStation and Kubernetes: How to Solve a Problem Like Real-Time - Joseph Irving, PlayStation
Kubernetes can be a natural fit for hosting things like websites and APIs - but hosting something that requires sets of long-lived stable connections may not work as well in the shifting sands that is a Kubernetes cluster. Realtime video game servers are one of these things, as a group of friends would not enjoy being booted out of their 30 minute match because the pod they were playing in got autoscaled. At PlayStation we're trying to use an open source project, Agones, to run game servers in a Kubernetes cluster. We hope to get all the benefits that come with the Kubernetes ecosystem, without sacrificing the ability to provide great shared-world game experiences.
Speakers
avatar for Joseph Irving

Joseph Irving

Senior DevOps Engineer, PlayStation
Joseph is a Senior DevOps Engineer working in Playstation's centralised technology team. He’s been using Kubernetes to run production workloads for over 6 years and he enjoys trying to solve company wide problems in a simple but flexible way, building common tools and platforms... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

14:30 CEST

Argo CD Core - A Pure GitOps Agent for Kubernetes - Alexander Matyushentsev, Akuity & Leonardo Luz Almeida, Intuit
Argo CD is well known for being extremely helpful for application developers’ teams. Kubernetes administrators, however, have similar but slightly different requirements. In both cases, GitOps is the way to go. As one of the best-known GitOps operators, Argo CD is a popular choice among cluster administrators, but many application developers’ specific features might be standing in the way rather than helping. There is no need to fight with the tool since you can get precisely what you need instead. You don’t have to configure multi-tenancy and SSO integration if you don’t benefit from it. In this presentation, we will describe Argo CD Core - the officially supported Argo CD distribution that includes only the core features and is tailored towards cluster administrator use cases. The presentation covers the main Argo CD Core features and describes how you can combine them with ApplicationSet to get an efficient and flexible Kubernetes cluster management solution.
Speakers
avatar for Alexander Matyushentsev

Alexander Matyushentsev

Co-Founder, Akuity
Alexander is Argo project Co-Creator, Argo CD Lead, and maintainer. Energetic and passionate software engineer with over a decade of software development experience. Alexander is an enthusiast of continuous integration and agile environments and a huge open-source believer. Co-founder... Read More →
avatar for Leonardo Luz Almeida

Leonardo Luz Almeida

Staff Software Developer, Intuit
Leo is a staff member of the core Argo team at Intuit responsible for improving and operating Argo CD and Argo Rollouts in the company. He is an active Argo maintainer sharing his time between open-source and internal development. Leo is passionate about native cloud applications... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Forum Center | Forum
  Maintainer Track, Argo

14:30 CEST

Envoy Gateway Update - Alice Wasko, Ambassador Labs & Arko Dasgupta, Tetrate
Come here about updates on Envoy Gateway, the OSS Envoy ingress controller that the community has been working on!
Speakers
avatar for Alice Wasko

Alice Wasko

Software Engineer, Ambassador Labs
Alice Wasko is a maintainer of the Emissary-ingress incubating CNCF project and Envoy Gateway. Her technical expertise focuses on API Gateway development, Kubernetes networking, and developer/operator experience. Alice is a Go enthusiast and is currently working as a software engineer... Read More →
avatar for Arko Dasgupta

Arko Dasgupta

Software Engineer, Tetrate

Wednesday April 19, 2023 14:30 - 15:05 CEST
Forum Center | E103-104
  Maintainer Track, Envoy

14:30 CEST

From Automation to Community: A Deep Dive Into SIG Contributor Experience - Priyanka Saggu, SUSE; Madhav Jivrajani, VMware; Kaslin Fields, Google
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. It also provides an excellent place to get involved with the Kubernetes project, either through code, non-code, or both. Join us and learn about ContribEx's many programs and deep dive into some of our current initiatives: Granular Approval PR Plugin: The Kubernetes CI system currently can only assign Approvers on a directory basis. This has caused significant friction for various edge case scenarios. The changes for the approve plugin will distribute approval privilege by adding the ability to granularly assign approvers by file. Annual Report Generator: The Kubernetes project has an annual health check with all its SIGs and WGs. Recent improvements have significantly reduced the toil of project leads by automating much of the report generation. Peribolos: Improvements to in-house tool for GitHub user and team management. And much more!
Speakers
avatar for Priyanka Saggu

Priyanka Saggu

Kubernetes Integration Engineer, SUSE
Priyanka Saggu is a Kubernetes Integration Engineer at SUSE, with contributions to many parts of the upstream Kubernetes project through SIGs such as Release, Testing, ContribEx, and CLI. She is one of the Release Leads for Kubernetes v1.27 and v1.26 release cycles, served as the... Read More →
avatar for Kaslin Fields

Kaslin Fields

Developer Advocate, Google
Kaslin Fields is a Developer Advocate at Google Cloud & contributor to Open Source Kubernetes. She is passionate about making technology accessible to a broad audience through creating content in many forms, such as videos, blogs, documentation, and even comics which she illustrates... Read More →
avatar for Madhav Jivrajani

Madhav Jivrajani

Member of Technical Staff, VMware
Madhav is a Member of Technical Staff at VMware working on Kubernetes. He spends most of his time in the Kubernetes community in areas of Contributor Experience, API Machinery, Architecture and Scalability.

Wednesday April 19, 2023 14:30 - 15:05 CEST
Auditorium Center | G001-G002
  Maintainer Track, Kubernetes SIG Contributor Experience

14:30 CEST

How SIG Release Makes Kubernetes Releases Even More Stable and Secure - Veronica Lopez, PlanetScale & Marko Mudrinić, Kubermatic GmbH
SIG Release is one of the largest Kubernetes Special Interest Groups, responsible for delivering Kubernetes to millions of users. To accomplish that, individual contributors invest their time in developing various tools and libraries and ensuring that our release pipeline is as safe as possible. In this session, Verónica and Marko will show how Kubernetes influenced many other projects in the community by providing them with tooling that they can use to release their projects securely. They will highlight our two major efforts in 2023: moving packages from Google infra to the community-provided infra and migrating to the new image registry. Finally, they will talk about how you can join SIG Release and our efforts to make Kubernetes releases better. Come and see what it means for you as an end user, and how you can build upon our efforts as a Kubernetes subproject maintainer.
Speakers
avatar for Marko Mudrinić

Marko Mudrinić

Software Engineer, Kubermatic
Marko is Release Manager for Kubernetes SIG Release, and Senior Software Engineer @ Kubermatic. Student.
avatar for Verónica López González

Verónica López González

Software Engineer, PlanetScale
Verónica is a distributed systems engineer, currently serving as a tech lead for Kubernetes SIG Release.

Wednesday April 19, 2023 14:30 - 15:05 CEST
Forum Center | E105-106
  Maintainer Track, Kubernetes / SIG-Release

14:30 CEST

Kubernetes SIG Storage: Intro and Deep Dive - Xing Yang, VMware & Jan Šafránek, Red Hat
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
Speakers
avatar for Jan Šafránek

Jan Šafránek

Principal Software Engineer, Red Hat
Jan is a Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 4 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →
avatar for Xing Yang

Xing Yang

Tech Lead, VMware
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect of OpenSDS... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Forum Center | E107-108
  Maintainer Track, Kubernetes SIG Storage

14:30 CEST

Rook: Intro and Deep Dive with Ceph Storage - Travis Nielsen & Blaine Gardner, IBM Storage; Alexander Trost & Deepika Upadhyay, Koor Technologies, Inc
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
Speakers
avatar for Alexander Trost

Alexander Trost

Founding Engineer, Koor Technologies, Inc
I'm Alexander Trost, Founding Engineer of Koor Technologies, Inc. and maintainer of the Rook project. I'm happy to talk about anything container, storage and container storage related.
avatar for Blaine Gardner

Blaine Gardner

Senior Advisory Systems and Software Engineer, IBM Storage
Blaine is a Software Engineering Professional at IBM Storage on the OpenShift Data Foundation (ODF) team. He is a maintainer of the CNCF-graduated Rook project making sure Ceph and Kubernetes live together in harmony. Blaine lives in Denver, Colorado and enjoys rock climbing, partner... Read More →
TN

Travis Nielsen

Senior Principal Software Engineer, IBM Storage
Travis Nielsen is a Senior Principal Software Engineer at IBM Storage with the Ceph distributed storage system team. Travis leads the Rook project and is one of the original maintainers, integrating Ceph storage with Kubernetes. Prior to Rook, Travis was the storage platform tech... Read More →
DU

Deepika Upadhyay

Cloud Storage Engineer, Koor Technologies, Inc
Deepika is currently working as a Cloud Storage Engineer at Koor Technologies and is a contributor to Rook project, she is currently exploring backup and recovery for storage in the container world. She earlier worked as a Ceph Storage Engineer on the RADOS and RBD (Block based storage... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Auditorium Center | G109
  Maintainer Track, Rook

14:30 CEST

The Next Episode in Workload Isolation: Confidential Containers - Jeremi Piotrowski, Microsoft
Container based workloads are isolated at the OS level by default. Stronger isolation can be achieved using Kata Containers which adds a hardware isolation boundary. New hardware capabilities have appeared in CPUs in recent years that open up the possibility of enhancing this isolation with an added level of confidentiality. Kata-CC is an extension of Kata Containers that makes use of Trusted Execution Environment features present in modern CPUs to enhance security in a multi-tenant environment by combining workload attestation and memory encryption. An issue hindering wider adoption of this technology for some time has been hardware availability. New developments which will be covered in this talk address this and make confidentiality more accessible than ever. Jeremi will talk about the available ways to deploy containers in SEV-SNP (secure encrypted virtualization - secure nested paging) protected confidential virtual machines and dig into their respective architectures. He will also talk about the challenges with hardware attestation and how it ensures workload portability.
Speakers
avatar for Jeremi Piotrowski

Jeremi Piotrowski

Software Engineer, Microsoft
Jeremi is a Software Engineer at Microsoft, his work focuses on Linux OS components. In Azure he has been working on enabling Confidential Containers to run within Linux guests. He is a Flatcar Container Linux maintainer and contributed to projects like containerd and the Linux Kernel... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7 | Room B
  Multi-tenancy

14:30 CEST

Understand Systems with OpenTelemetry: A Hybrid Telemetry Data Backend - Ran Xu, Huawei & Xiaochun Yang, Northeastern University
HUAWEI CLOUD uses the cloud-native architecture to support thousands of services, DevOps requires understanding the running status of each system in a large number of interdependent microservices, middleware, and devices. openTelemetry is an observability industry standard. It provides standards and tools to generate high-quality telemetry data (metrics, logs, and traces). However, considering the need to quickly understand the system running status in massive telemetry data, a back-end storage that hybrid multiple types of telemetry data is a key part of the observability system. How to support efficient correlation query and real-time analysis in massive high-cardinality telemetry data and reduce the cost of telemetry data storage and computing is a challenge for us. In the sharing, we will introduce: 1. Key Challenges to Cloud Native Observability of HUAWEI CLOUD. 2. From metric data to telemetry data, the evolution history and thinking of observability back-end storage. 3. HUAWEI CLOUD observability cases.
Speakers
RX

Ran Xu

Software Architect, Huawei CLOUD
Xu Ran, a database expert in HUAWEI CLOUD Database Innovation Lab and openGemini time-series database architect, has been engaged in distributed databases and NoSQL databases as a cloud service for many years. Currently, Xu Ran is dedicated to research and innovation related technologies... Read More →
avatar for Xiaochun Yang

Xiaochun Yang

Professor, Northeastern University
Yang Xiaochun, a professor at Northeastern University in China, has been engaged in teaching and research in the field of data management and analysis for 20 years. She served as the board of Academic Working Committee of China Computer Federation (CCF), Editorial Board of the International... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7 | Room C
  Observability

14:30 CEST

How to Make Your K8s Cluster Survive When It Has No Internet Access: Airgap Reflection in a Cloud Native World - Christophe Jauffret, Nutanix
Internet is everywhere, everything is connected to the Internet ... this is clearly the default assumption of almost any cloud native products and we can see it in a large majority of their documentation. In the real world of business, it is often extremely different. The Internet is a resource that has to be earned and accessing it can sometimes become complicated. Firewall, Proxy, DMZ, ACL , limited bandwidth... are all constraints that will get in your way and prevent you from reaching your goal. During this session, we will go through the most typical infrastructure that can be found in companies, and we will see what it is possible to put in place in terms of tooling to simplify life to the maximum. Container Runtime, Registry, Policy Management can be configured and adapted to work best in these particular situations. Many precise examples will be given so that you can reproduce them on your own infrastructure.
Speakers
avatar for Christophe Jauffret

Christophe Jauffret

Solution Architect Cloud Native, Nutanix
Christophe Jauffret is a Staff Solution Architect on Cloud Native Technology within Nutanix Product Management Team. For nearly 22 years, he has been developing his expertise on the most innovative technologies in order to simplify the IT environment for customers. He contributes... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

14:30 CEST

Emergent Load Testing: Rules for Organized Chaos - Nicole van der Hoeven, Grafana Labs
When we write load testing scripts against our applications, we write them sequentially: A, then B, then C. But this doesn't accurately reflect the organized chaos of a system in production, nor does it prepare the system for the unexpected. Emergence is a phenomenon where parts of a whole independently develop properties not originally present in the whole. Emergence is what helps ant workers develop roles without leadership, prompts animals to evolve adaptive traits without forethought, and facilitates non-toxic communities without moderators. The growing field of emergent software applies this swarm logic to the programs that we write. What would it take to write emergent load testing scripts? It turns out that there are a few ingredients for emergence: a large population size, opportunities to interact, feedback, and an element of control. In this talk, Nicole van der Hoeven discusses how to bring these elements to load testing by writing a script in Grafana k6 that can independently decide what requests to make next, modify Kubernetes app pods, and disrupt services based on a continual feed of results during runtime-- all without manual intervention. She shows how to wield this new breed of load testing to improve confidence in the complex systems we build.
Speakers
avatar for Nicole van der Hoeven

Nicole van der Hoeven

Senior Developer Advocate, Grafana Labs
Nicole is a performance engineer with over a decade of experience in breaking software and learning to build it back up again. She has lived in the Philippines, the US, Australia, the Netherlands, and Portugal, helping teams all over the world scale up their load tests on the cloud... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Auditorium Center | G104-105
  Runtime Performance + Constrained Environments

14:30 CEST

A Confidential Story of Well-Kept Secrets - Lukonde Mwila, AWS
For generations, secrets have been kept, shared, and exposed. Most would agree that the best-kept secrets are the ones we've never heard of or told others about. The concepts that revolve around maintaining safe secrets are universal and stem from addressing these questions: "Where is the secret kept?", "Who needs to know about the secret?", "How does the secret get shared with the relevant parties?", and "How do you prevent the secret from being easily interpreted?" The answers can help you create a secure lifecycle for storing, sharing, and consuming secrets. In Kubernetes, a secure secret strategy depends on the answers to these same questions. Now more than ever, the vulnerabilities around the storage, sharing, and consumption of secrets in Kubernetes are well known, and as a result, more likely to be exploited. In this talk, Lukonde Mwila will share why addressing these questions can optimize managing sensitive data in Kubernetes. In addition, he'll highlight details of a Kubernetes secret strategy from a real-world project in relation to these questions. Lastly, he'll share how answers to these questions can be used to develop a framework for a secure secret lifecycle in Kubernetes environments with a demo using ESO, ArgoCD, and OPA Gatekeeper.
Speakers
avatar for Lukonde Mwila

Lukonde Mwila

Senior Developer Advocate, AWS
Lukonde is a Senior Developer Advocate at AWS and a HashiCorp Ambassador. He has years of experience in application development, solution architecture, cloud engineering, and DevOps workflows. He is a life-long learner and is passionate about sharing knowledge through various mediums... Read More →

A Confidential Story of Well Kept Secrets pdf
Wednesday April 19, 2023 14:30 - 15:05 CEST
Auditorium Center | Emerald Room
  Security + Identity

14:30 CEST

The Hacker's Guide to Kubernetes - Patrycja Wegrzynowicz, Form3
Do you want to see live Kubernetes hacking? Come to see interactive demos where your newly registered accounts in k8s application are hijacked. This talk guides you through various security risk of Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you will find out how to exploit a range of vulnerabilities or misconfigurations in your k8s clusters, attacking containers, pods, network, or k8s components, leading to an ultimate compromise of user accounts in an exemplary web application. You will learn about common mistakes and vulnerabilities along with the best practices for hardening your Kubernetes systems.
Speakers
avatar for Patrycja Wegrzynowicz

Patrycja Wegrzynowicz

Lead Engineer, Form3
Patrycja is a lead engineer at Form3, working on reliability and performance of UK payments. She is also the founder of Yon Labs, a startup focusing on automated tools for detection and refactoring of security vulnerabilities, performance anti-patterns, or cloud issues and providing... Read More →

Wednesday April 19, 2023 14:30 - 15:05 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

14:30 CEST

Tutorial: Hands on with WebAssembly Microservices and Kubernetes - Danilo Chiarlone, Microsoft & Radu Matei, Fermyon
This tutorial talk is meant to help you get started with WebAssembly (Wasm) on Kubernetes - a booming technology in the container world that promises delivery regardless of the platform, has an incredibly low memory footprint, and quick start times. We will start off the tutorial by introducing you to Wasm and its system interface (i.e., WASI), and how they work together with the underlying operating system. Then, we will move to demos and hands-on exercises to help you write your very first Wasm service that can, for example, serve HTTP/gRPC requests, persist data to key-value/blob stores, or react to event streams using pub/sub. What's more, these Wasm applications can be authored in multiple programming languages and frameworks, so its content and business logic can be extended to whatever you are most comfortable writing in. All in all, after building applications to Wasm, we will show how to package Wasm components to containers, and, lastly, we will deploy our work to environments like on-prem, cloud, and hybrid cloud using Kubernetes. Overall, you will leave the room having learned the pros and cons of using Wasm and how to build production-ready Wasm applications.
Speakers
RM

Radu Matei

Chief Technology Officer, Fermyon
Radu is the co-founder and CTO of Fermyon, a startup building the next generation of cloud computing using WebAssembly. Before Fermyon, he worked at Microsoft Azure at the intersection between distributed systems, security, and developer tooling. He is an avid learner, loves classical... Read More →
DC

Danilo Chiarlone

Software Engineer, Microsoft
Danilo (Dan) Chiarlone is an Open-Source Software Engineer at Microsoft's WebAssembly (Wasm) Container Upstream team, and he works on bringing Wasm to the cloud with projects like: containerd-wasm-shims, runwasi, and spiderlightning. During his free-time, Dan enjoys teaching others... Read More →

Wednesday April 19, 2023 14:30 - 16:00 CEST
Elicium Building | Elicium Ballroom 1 + 2
  Tutorials, Runtime Performance + Constrained Environments

14:30 CEST

🚨 ContribFest: CrossPlane - Accelerate New Features and Learn to Contribute Alongside the Crossplane Maintainer Team (Limited Availability; First-Come, First-Served)
In this session, the Crossplane maintainer team be focusing on a few exciting hands-on activities together - we will walk through a contributor enablement session to help you get a development environment set up and ready to contribute to the project, and we will also walk through using some of the latest features in Crossplane to expedite your adoption of them, as well as discuss your important feedback to help continue maturing them.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Speakers
avatar for Jared Watts

Jared Watts

Founding Engineer, Upbound
Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a founder and maintainer for the open source Rook (https://rook.io) and Crossplane (https://crossplane.io) projects... Read More →

Wednesday April 19, 2023 14:30 - 16:00 CEST
K101-102
  🚨 ContribFest

14:30 CEST

Mentorship Office Hours
The CNCF Mentorship Crew is holding open office hours at Kubecon! If you have any questions about mentorship and how it might fit your project or want to get pointers on writing proposals or selecting candidates, come by and chat with us!

Speakers
avatar for Nate Waddington

Nate Waddington

Developer Advocate, CNCF
Nate is a Developer Advocate with the Cloud Native Computing Foundation, focusing primarily on the CNCF’s documentation and mentorship efforts. Before joining the CNCF, Nate worked as a Creative Technologist at AKQA, helping build, install, and support interactive installations... Read More →

Wednesday April 19, 2023 14:30 - 16:30 CEST
Forum Center | E101
  Maintainer Track

15:25 CEST

How to Blow up a Kubernetes Cluster - Felix Hoffmann, iteratec
Last year, Felix was handed a Kubernetes cluster and he was told that some pods are using too much memory. He didn't have a single clue about Kubernetes but quickly figured out that pods can be tamed by setting resource limits. Felix went and set limits—and watched the entire cluster go haywire. Half of the pods were stuck in a crash loop, the other half were forever "pending". On first sight, resource request and limit seem straightforward: A request is a lower bound for CPU or memory; a limit is an upper bound for CPU or memory. Once demand becomes higher than supply though, it is imperative to know how Kubernetes handles scarce resources. How do these settings influence scheduling? Which pod gets terminated first? Felix learned these things the hard way. He is giving this talk so you don't have to repeat his mistakes.
Speakers
avatar for Felix Hoffmann

Felix Hoffmann

Software Engineer, iteratec
Felix is terrified of specialization: as full-stack engineer he loves to work on all parts of the application. Optimizing frontends for accessibility brings him as much joy as blowing up cloud infrastructure. A true jack of all trades, master of none. Felix is happiest when he gets... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7 | Room A
  101 Track

15:25 CEST

An Introduction to Cloud Native Capture The Flag - Andrew Martin & James Cleverley-Prance, ControlPlane
This session is a repeat of the 11:55 session with the same title.

The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon Europe attendees. In preparation for getting started with the activity, you are invited to attend an introductory session.

This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together.  Want to know more about the CTF? Review the details here.
Speakers
avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. He spends his days focusing on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and security architecture. He has reviewed the security posture of numerous... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, Control Plane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Auditorium Centre | G102-103
  Capture The Flag
  • Content Experience Level Any

15:25 CEST

Multi-Arch Infrastructure from the Ground up - Cheryl Hung, Arm
At a high level, the goal of Multi-Arch infrastructure is that workloads can run on the best hardware for their price/performance needs, without developers being concerned with the underlying architecture. That doesn’t mean it’s easy! Multi-Arch touches Infra As Code, CI/CD, packaging, binaries, images, Kubernetes upgrades, testing, scheduling, rollout, reproducible builds, performance testing and more. This talk looks at how early adopters handled the challenges so you are prepared for the road ahead.
Speakers
avatar for Cheryl Hung

Cheryl Hung

Senior Director, Ecosystem, Arm
Cheryl brings developers together to build the future of infrastructure, especially cloud native and open source. As Senior Director at Arm, Cheryl leads strategy across the cloud and infrastructure ecosystem. She founded the Cloud Native London meetup, now 7000 members. Previously... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Elicium Building | D201-202
  CI/CD

15:25 CEST

How Implicit Bias Affects Diversity and Inclusion in Open Source - Anita Ihuman, CHAOSS
Open Source communities operate on a set of values that include a commitment to inclusion and diversity. The idea that the tech ecosystem at large is faced with the challenges of diversity and inclusion is not a myth. To some degree, everyone has implicit biases and beliefs about various social and identity groups. Implicit biases are unconscious attitudes or stereotypes that affect how we think, act, and make decisions. Studies have shown that implicit bias is the main cause of most of the problems caused by diversity and inclusion. As users, maintainers, and contributors of Open Source software, we may have encountered different marginalised groups that have shared their encounters of bias in Open Source communities. Majority of people are unaware of this bias and how it affects them as individuals or even as the victims. I'll go over what diversity and inclusion are in this session and why they're important in open source. Challenges faced by underrepresented groups in open source communities as a result of bias. What implicit bias is and how to spot it. Highlights of different forms of implicit bias, how to be more aware of this biases as a community and how it can be improved.
Speakers
avatar for Anita Ihuman

Anita Ihuman

Developer Advocate, Layer5
Anita is a developer advocate and technical writer. she has a track record in web development and DevRel on a global scale. She is passionate about educating the developer market about cloud technologies, DevOps, documentation, open source, and DEI best practices. She has spoken at... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
In Virtual Platform
  Community

15:25 CEST

Building a Platform Engineering Fabric with the Kube API at Autodesk - Jesse Sanford & Greg Haynes, Autodesk
Autodesk is on a mission to become a platform company. To enable that future, a common deployment platform was built to accelerate the delivery of our cloud products. However, what started as the choreography of common deployment patterns has inevitably grown into a monolith of edge cases. Fortunately, the operator pattern and the extensibility of the Kube API has provided us with the fabric needed to retool. In this talk, Jesse and Greg will show that by providing a framework for declarative API design, we can unlock our platform engineer’s potential. That we can enable our globally distributed teams to build loosely coupled capability primitives on independent release schedules and product roadmaps. They will detail Autodesk's work with Crossplane and KubeVela and how they enable platform teams to build value without reinventing the wheel. Additionally, they will show how the prescription offered by these tools enables the clients of the platform to contribute back through inner source safely, abiding the “rules of the road”. Finally, they will demo how compliance is empowered through admission control and the strong separation of concerns built on Crossplane’s compositions and XRDs in conjunction with K8s RBAC to enforce sane defaults and security non-negotiables.
Speakers
avatar for Greg Haynes

Greg Haynes

Software Architect, Autodesk
Greg is a Software Architect at Autodesk focused on developer platform services and also chairs Autodesk’s open source program. He’s contributed to many open source cloud technologies in the past, such as Knative, Kubernetes’ sig-scheduling, and several OpenStack projects.
avatar for Jesse Sanford

Jesse Sanford

Senior Principal Engineer, Autodesk
Jesse is a lifelong software engineer focused on site reliability and Infosec. Currently architecting the juncture of platform engineering and security/compliance for Autodesk's Developer Enablement team. When not in front of a computer, he is a backpacker, sailor and continuously... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

15:25 CEST

Kubeadm Deep Dive - Rohit Anand, NEC & Paco Xu, Dao Cloud
This session will provide and update on the latest doings in the kubeadm project. What is the current state of the project and what is coming up next for it. Kubeadm is a subproject of SIG Cluster Lifecycle, one of the largest groups in the Kubernetes project. It is one of the most used tools for creating Kubernetes clusters and is the official node bootstrapper that is included in the Kubernetes release. It is the tool that is used by higher level projects like Minikube, Kubespray, Cluster API, kind and others. Kubeadm is actively maintained by a cross company team dedicated to keep the tool stable and generally available.
Speakers
avatar for Paco Xu

Paco Xu

OpenSource Team Leader, DaoCloud
Paco is currently the leader of the open-source team and KCD Chengdu 2022 organizer.Paco is sig-node & kubeadm reviewer and actively working in sig-cli/sig-testing.He has worked in the infrastructure team of DaoCloud Enterprise Platform(the Kubernetes-based platform) since 2016 and... Read More →
avatar for Rohit Anand

Rohit Anand

Technical Lead, NEC Corporation
Rohit is a cloud native enthusiast and active contributor in Kubernetes. Rohit is currently working as Technical Lead at NEC. He is working in primary as well as secondary software development work based on Kubernetes. Rohit has expertise in python, go, shell scripts, docker, kubernetes... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Auditorium Center | G001-G002
  Maintainer Track

15:25 CEST

On the Hunt for Etcd Data Inconsistencies - Marek Siarkowicz, Google
Many things can go wrong in a distributed system, making conventional testing techniques ineffective in preventing serious and subtle bugs. Even for mature systems like etcd, built on the reliable Raft foundations, bugs are inevitable. Last year the etcd community discovered 4 critical issues including data inconsistencies and lost durability that managed to pass our tests and a rigorous code review. Unfortunately, the testing methodology used by the etcd project was insufficient to detect such problems. So to prevent such issues in the future we needed a new approach. Over the course of 6 months the etcd community built a new testing framework that retroactively detected all issues that were found manually and on top of that identified a new issue. This presentation will discuss how the etcd project has adopted model testing methodology to weed out data inconsistency bugs in etcd and prevent such issues in the future.
Speakers
MS

Marek Siarkowicz

Senior Software Engineer, Google
Marek is a Software Engineer working at Google in Etcd team. He began his career in local startups where he loved open source and extreme programming. Currently he is a etcd maintainer and active member of SIG-instrumentation leading structured logging effort in Kubernetes. In his... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Forum Center | E103-104
  Maintainer Track, Etcd

15:25 CEST

The Ins and Outs of the Cloud Provider in Kubernetes - Nicholas Turner, Amazon & Andrew Sy Kim, Google
How do Kubernetes clusters interact with cloud services? In this session, the maintainers of SIG Cloud Provider will take a deep dive into the cloud provider framework, including how to implement an external cloud provider using the cloud provider interface, the cloud controller manager responsibilities, and an overview of the Kubelet image credential provider. We will also discuss the migration to external cloud providers in an HA configuration. We will identify trouble spots and processes that you should be aware of as you plan your migrations, and we will walk through the steps you can take to ensure zero downtime Kubernetes clusters as you perform this migration. Expect to walk away from this session with newfound knowledge about how Kubernetes interacts with cloud providers, an understanding of how to build an external cloud controller manager, and a solid plan of action for how you can migrate to external cloud controller managers without downtime.
Speakers
avatar for Nicholas Turner

Nicholas Turner

Senior Software Development Engineer, Amazon
Nick works at Amazon Web Services as a software development engineer for EKS where he works on building and operating a Kubernetes platform for customers who run their infrastructure on AWS. In the community, he is active in sig-cloud-provider and the provider-aws subproject, and... Read More →
AS

Andrew Sy Kim

Software Engineer, Google
Andrew Sy Kim is a Kubernetes maintainer and a Software Engineer at Google working on GKE (Google Kubernetes Engine).

Wednesday April 19, 2023 15:25 - 16:00 CEST
Auditorium Center | G109
  Maintainer Track, SIG Cloud Provider

15:25 CEST

The State of Backstage in 2023 - Ben Lambert & Patrik Oldsberg, Spotify
Ben and Patrik, both maintainers on the popular open source project Backstage, will talk through the state of the project and the new features that are coming your way. Coming off the back of BackstageCON in Detroit, the Backstage maintainer team have been working hard to get the Backend System ready for rollout, and some new features for the Scaffolder. They will show in detail what these new features mean, and how you can start using them today to start to improve your Backstage deployment in your organization. Ben and Patrik will also dive into a little bit of what is next for Backstage and what you can expect to see in the coming year, and what they're excited for!
Speakers
avatar for Ben Lambert

Ben Lambert

Engineer, Spotify
Ben is an Engineer at Spotify and a Maintainer of Backstage.io
avatar for Patrik Oldsberg

Patrik Oldsberg

Engineer, Spotify
Patrik is a Senior Software Engineer at Spotify and a core maintainer of Backstage. In 2019 he joined the team in Spotify’s platform organization that owned the Backstage platform, and worked together with the rest of the team to bring it out in the open. Before joining Spotify... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Forum Center | Forum
  Maintainer Track, Backstage

15:25 CEST

WG Batch: What’s New and What Is Next? - Swati Sehgal, Red Hat & Aldo Culquicondor, Google
Swati and Aldo will show you the improvements that the WG Batch has promoted in Kubernetes, and the opportunities under discussion to better support batch workloads such as HPC, AI/ML, data-analytics, etc. Aldo will talk about improvements to the Job API around scale and failure policies and the roadmap to make the Job API the standard for batch applications. Aldo will also talk about the new release and roadmap for Kueue, a Kubernetes subproject that offers job queueing, to build a multitenant batch system. Swati will talk about developments around hardware resources management. This includes features to support specialized hardware in nodes, and enhanced scheduling capabilities like NUMA awareness. The WG Batch was created in 2022 to serve the demand from the ecosystem to better support batch applications in Kubernetes. The WG is composed of SIGs’ experts and developers from various communities, with the objective to set roadmaps and collaborate in designs and implementations
Speakers
avatar for Aldo Culquicondor

Aldo Culquicondor

Senior Software Engineer, Google
Aldo is a Senior Software Engineer at Google. He works on Kubernetes and Google Kubernetes Engine, where he contributes to kube-scheduler, the Job API and other features to support batch workloads. He is currently a TL at SIG Scheduling and a member of WG Batch. He is also a maintainer... Read More →
avatar for Swati Sehgal

Swati Sehgal

Principal Software Engineer, Red Hat
Swati Sehgal is a Principal Software Engineer in the Ecosystem Engineering Group at Red Hat. She works to enhance OpenShift and its platform to deliver best-in-class networking applications, leading edge solutions and innovative enhancements across the stack. Her work includes working... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Forum Center | E105-106
  Maintainer Track, Kubernetes Batch Working Group

15:25 CEST

What's New with SIG Windows - Claudiu Belu, Cloudbase Solutions; Mark Rossetti, Microsoft; Pramita Gautam & Jay Vyas, VMware
In this maintainer track talk we'll cover what is new with SIG-Windows and will provide updates on our ongoing projects such as HostProcessContainers, WindowsServiceProxy, perf testing and more!
Speakers
avatar for Jay Vyas

Jay Vyas

Staff Engineer, VMWare
Jay Vyas is a Kubernetes engineer at VMWare (ex-RedHat, Blackduck), and has worked on K8s at its inception in 2015 as an open source project. He likes to hang out w/ the sig-network and sig-windows crews and hack on K8s stuff. On the business side ~ he's moved large on premise applications... Read More →
avatar for Claudiu Belu

Claudiu Belu

Senior Cloud Engineer, Cloudbase Solutions
Claudiu Belu is a Senior Cloud Engineer at Cloudbase Solutions, mostly focusing on cloud-related open source projects for the past several years, and is currently working on Kubernetes as one of the SIG-Windows' Tech Leads.
avatar for Mark Rossetti

Mark Rossetti

Principal Software Engineer, Microsoft
Mark Rossetti is a software engineering focusing on open-source projects at Microsoft and is also the co-chair of Kubernetes' SIG-Windows. Mark focuses on improving the experience of using Windows containers in Kubernetes. Mark has also served on the Kubernetes release team since... Read More →
avatar for Pramita Gautam

Pramita Gautam

Staff Engineer, VMware India
Pramita comes from the cloud engineering and devOps background. She is currently working in product validation team for VMware TANZU.

Wednesday April 19, 2023 15:25 - 16:00 CEST
Forum Center | E107-108
  Maintainer Track, Kubernetes SIG Windows

15:25 CEST

Operating CERN SaaS at Scale with Operators - Michael Hrivnak & Varsha Prasad Narsing, Red Hat; Rajula Vineet Reddy & Francisco Borges Aurindo Barros, CERN
CERN operates 1000+ CMS websites as a SaaS running on Kubernetes. This expert panel of end users from CERN and engineers from Operator Framework will discuss lessons from CERN’s drupal operator including: - How a very small team used the operator pattern to automate and scale delivery of CMS websites. - How they balanced reusability and open source principles against integration with CERN’s specific compute environment and existing infrastructure services. - Operator SDK, its best practices, and things to avoid when developing an operator from scratch. - How Kubernetes enables isolation, multi-tenancy, and resource sharing. - Automated maintenance and monitoring. Following the initial discussion of approximately 20 minutes, we will leave substantial time for Q&A. The target audience is anyone who is planning to build a SaaS on Kubernetes or operate many instances of an application.
Speakers
avatar for Michael Hrivnak

Michael Hrivnak

Senior Principal Software Engineer, Red Hat
Michael Hrivnak is a Senior Principal Software Engineer and Software Architect at Red Hat, where he’s been focused on container technology since 2014. He’s been a leader in developing early registry and distribution technology, the Operator SDK, and Kubernetes-native infrastructure... Read More →
FB

Francisco Barros

Site Reliability Engineer, CERN
Francisco Barros is an SRE at CERN. He likes to specialize on automating the repetitive, working with Cloud Native technologies, and helping to develop and maintain reliable and modern solutions. He lives near Geneva and enjoys snowboarding.
avatar for Varsha Prasad Narsing

Varsha Prasad Narsing

Senior Software Engineer, Red Hat
Varsha is a software engineer at Red Hat. She is passionate about solving problems by developing and leveraging various software technologies. She currently works with the Portfolio Enablement team (Operator Framework) and is an active contributor to Kubernetes SIGs projects like... Read More →
avatar for Rajula Vineet Reddy

Rajula Vineet Reddy

Site Reliability Engineer, CERN
Rajula is a SRE at CERN working with web services. He is also a member of Kubernetes SIG-Contribex and contributes to the Upstream Marketing Team. In his free time, he enjoys hiking & skiing.

Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7 | Room B
  Multi-tenancy

15:25 CEST

Hazardous Defaults: Managing Cardinality and Performance for Your Logging Stack - Derek Cavanaugh & Sara Moore, Recursion Pharma
Instrumented systems generate A LOT of data and we are fortunate to have performant open-source tools that help us spelunk through all that telemetry (logs, metrics, traces). Configuring these monitoring and observability tools - so that they themselves are performant and efficient - can be a challenge. For those new or unfamiliar to monitoring and observability, it can be appealing to just ‘roll the defaults’ from a configuration perspective. However, leaving those defaults unexamined can lead to unexpected performance issues; and worse, potential data loss. In this talk, we walk through the basic structure of the PLG-stack (Promtail, Loki and Grafana). We explore some unexpected cardinality (and associated performance) impacts that arise from the default configurations and how we made thoughtful adjustments to address those impacts. Finally, we will lay out a step-by-step guide to give your logging stack some ‘love’ and ensure that you are getting the most out of your tooling.
Speakers
avatar for Derek Cavanaugh

Derek Cavanaugh

Senior Infrastructure Engineer, Recursion Pharma
Derek is a Senior Infrastructure Engineer at Recursion Pharmaceuticals, a biotech company using ML and AI to decode biology and transform the drug discovery process. Prior to Recursion, Derek worked at Pluralsight on the Cloud Engineering team supporting their Kubernetes platform... Read More →
avatar for Sara Moore

Sara Moore

Infrastructure Engineer, Recursion Pharma
Sara is an infrastructure engineer at Recursion Pharmaceuticals, a biotech company using ML and AI to decode biology and transform the drug discovery process. At Recursion, Sara works with many cross functional teams to build tools and platforms which enable data science and engineering... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7 | Room C
  Observability

15:25 CEST

Availability and Storage Autoscaling of Stateful Workloads on Kubernetes - Leila Abdollahi Vayghan, Shopify
This talk is a story of how Shopify runs a highly available and scalable stateful application on Kubernetes which is accessed securely over the internet. The application discussed is Elasticsearch which stores petabytes of data over the globe. Search is a fundamental component of an ecommerce platform and high availability is an important requirement for it. While Kubernetes has proven to be the perfect platform for deploying stateless applications, running stateful applications on this platform in a highly available and scalable manner can be complicated. This talk will discuss these challenges and will share the steps towards solving them. For example, Leila will explain the obstacles of implementing storage autoscaling and how using the existing Kubernetes features allowed seamless expansion of persistent disks that store critical search data. She will also explain how her team implemented a feature that allowed shrinking persistent disks without any data loss and saved costs by releasing unused storage. Leila will also explain how Envoy is used to allow clients to connect to Elasticsearch through Kubernetes' ingress. This talk will give insight into the challenges and rewards of running highly available and scalable stateful applications on Kubernetes.
Speakers
avatar for Leila Vayghan

Leila Vayghan

Production Engineer, Shopify
Leila is a Production Engineer at Shopify, where she spends her days enabling millions of merchants to grow by making sure shoppers are able to search and find their products. She does this by running a large-scale Elasticsearch on Kubernetes in many regions of the world. Leila has... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

15:25 CEST

Efficient Access to Shared GPU Resources: Mechanisms and Use Cases - Diogo Filipe Tomas Guerra & Diana Gaponcic, CERN
GPUs and accelerators are changing traditional High Energy Physics (HEP) deployments while also being the key to enable efficient machine learning. GPU scheduling in Kubernetes has been limited until now. Not being able to easily share access to single GPUs by multiple workloads leads to inefficiencies when those are light or spiky. At the same time these resources are scarce, expensive and in high demand. In this talk we explore the different possibilities to improve overall usage of GPU resources. We explore the multiple options for GPU scheduling, time sharing and the recently introduced Nvidia Multi-Instance-GPU (MIG) for physical partitioning. We cover the features and limitations of each option and present extensive benchmark results that helped us assign each workload to the most appropriate layout. Finally we describe how we manage GPUs in a centralized way, ensuring optimal resource utilization for services like continuous integration, machine learning and batch.
Speakers
avatar for Diogo Guerra

Diogo Guerra

Cloud Engineer, CERN
Diogo is a Computing Engineer in the CERN Kubernetes service offering focusing on containerized deployments and supporting infrastructure. His main contributions focus on the automatically set up of cluster monitoring and other features like hardware accelerators configuration. He... Read More →
avatar for Diana Gaponcic

Diana Gaponcic

Cloud Engineer, CERN
Diana is a Computing Engineer in the CERN IT department. After an internship at CERN focusing on containerization of ETL applications she later joined the Kubernetes team. Her current focus is on optimizing the usage of GPUs and other Accelerators for simulation and machine learning... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Auditorium Center | G104-105
  Runtime Performance + Constrained Environments

15:25 CEST

From SBOMs to IBOMs - Know What's Happening in Your Clusters - Cindy Blake & Ido Neeman, Firefly
The acronym SBOM (AKA Software Bill of Materials) has become a household term in the wake of the many software supply chain attacks we've witnessed recently - from SolarWinds, Log4j, to CodeCov and many others. While much effort and research has gone into tooling and building SBOMs, very little has yet to be done on the infrastructure side. In this talk I'd like to dive into why an IBOM (infrastructure bill of materials) is equally important with cloud native infrastructure ultimately being software defined and driven, and how no SBOM is complete without a full inventory of your infrastructure stacks. We'll walk into the tools that will enable you to get an equivalent understanding of what is happening in your cloud native infrastructure including which assets, packages and applications are running where - and how this is all only possible with end-to-end codification. We'll review why this matters from a security perspective - from your service dependencies, to IAM roles, security groups, and even misconfigurations to ensure your infrastructure is properly provisioned and continuously monitored. We'll wrap up with how to leverage your IBOM not only for cost optimization, but also for removing cloud clutter, to reduce your potential attack service.
Speakers
avatar for Ido Neeman

Ido Neeman

Co-Founder & CEO, Firefly
CB

Cindy Blake

VP Marketing, Firefly

Wednesday April 19, 2023 15:25 - 16:00 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

15:25 CEST

🦝 Welcome to the Security Village - Marina Moore, NYU
TAG Security is hosting the first ever Security Village at KubeCon this year! But what does that mean? Join us for an introduction to the exciting activities taking place in the Security Village, and learn more about the evolution of TAG security’s activities at KubeCon. After the introduction, there will be time to meet and collaborate with fellow village attendees and organizers. If you are a security professional, enthusiast, or beginner, join us in the village to make cloud native more secure.
Speakers
avatar for Marina Moore

Marina Moore

PhD Candidate, NYU
Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab focusing on secure software updates and software supply chain security. She is a maintainer of TUF, a CNCF graduated project, as well as Uptane, the automotive variant of TUF. She contributed to the updated TAG Security... Read More →

Wednesday April 19, 2023 15:25 - 16:00 CEST
Auditorium Center | Emerald Room
  Security + Identity, TAG Security Recommended

16:00 CEST

Coffee Break ☕
Wednesday April 19, 2023 16:00 - 16:30 CEST
Halls 1 + 5
  Breaks

16:30 CEST

Kubernetes, Resistance Is Futile - Adnan Hodzic, ING
This talk covers ING’s MLP (Machine Learning Platform) 2+ year migration journey to Kubernetes. ING being the biggest bank in the Netherlands and one of the biggest world banks entails we work in a highly regulated environment and are subjected to rigorous policies in terms of control with IT process lifecycle. Being a data scientist in one such environment, who would like to deploy pre-trained machine learning models to Production, without much or any underlying SRE/deployment knowledge complicates things. That’s where MLP (Machine Learning Platform) steps in, as it takes care of all the above mentioned problems by serving as a model hosting platform. As an SRE Adnan will cover problems and limitations of the existing platform setup in the VM (Virtual Machine) world and the inception of an idea to migrate to Kubernetes. Which steps it took to start the realization of one such idea and its migration plan. Followed by resistance, inability to choose the ideal target destination, platform’s growth and challenge in supporting the current setup in its growing capacity and ultimately leading to scalability issues. All these factors lead to a perfect storm, which led to the inevitable. Migration to Kubernetes and how that process came to be.
Speakers
avatar for Adnan Hodzic

Adnan Hodzic

Lead Site Reliability Engineer, ING
work as Lead Site Reliability Engineer at ING’s (DAP) Public Cloud team. My expertise and interests are in infrastructure, kubernetes, linux, containers, cloud computing, etc. I created numerous open source projects, like: auto-cpufreq, wp-k8s, atuf.app, containerized-wordpress-project... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7 | Room A
  101 Track

16:30 CEST

Verifiable GitHub Actions with eBPF - Jose Donizetti, Aqua
GitHub actions have been one of the most popular ways to build and release software, with recent developments in supply chain security it became a major target for malicious attacks. A couple of years ago a widespread hack to codecov, a popular service prevalent in build pipelines, caught the industry’s attention. In response, a new solution to protect the build pipeline was created on top of Tracee, OSS Runtime Security solution, and introduced the concept of profiling with eBPF and verifying software builds. In this talk, we will present that solution and explore the lessons learned in the past two years since the initial release.
Speakers
JD

Jose Donizetti

Open Source Developer, Aqua
Jose Donizetti is an OpenSource Engineer at Aqua working on projects like Tracee and Trivy. In the past he was running thousands of redis at Shopify platform caching team.

Wednesday April 19, 2023 16:30 - 17:05 CEST
Elicium Building | D201-202
  CI/CD

16:30 CEST

Combat Maintainer Burnout with Proactive Metrics - Sophia Vargas, Google
While there are many ways that projects can define and measure health, this talk will focus on maintainers as they are critical to the development, leadership and governance of their projects. As burnout continues to be a growing issue across roles, industries and communities, losing maintainers within small communities can have detrimental impact on the sustainability of that project. This talk will discuss methods and metrics to identify signals for overloaded and overworked maintainers. While metrics alone cannot fix the problem, they can help to proactively flag emerging issues so your community can adjust before it's too late.
Speakers
avatar for Sophia Vargas

Sophia Vargas

Research Program Manager, Google
Sophia Vargas is a Program Manager in the research and operations team within Google’s Open Source Programs Office. In this role she leads efforts that span project health, contributor experience, and open source economics. She is also on the Governing Board and an active contributor... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Auditorium Center | G106-107
  Community

16:30 CEST

Protecting Your Crown Jewels with External Secrets Operator - Moritz Johner, Form3
Secrets management is a difficult challenge: How do you create, rotate and manage access? And how would you even do that at scale? With External Secrets Operator you can leverage existing solutions like HashiCorp Vault or AWS Secrets Manager that manage secrets for you and integrate them with Kubernetes. Moritz and Lucas want to share their insights on how secrets management is done right in a highly regulated environment to hit the sweet spot between developer productivity and information security concerns. In this session, attendees will learn how to manage secrets in a GitOps way for self-sufficient teams to make developers, auditors and product managers happy, going over a few threat models, and showing what should be a target for concern, and should not. External Secrets Operator is a community endeavor that emerged from different open source projects that all tried to solve one problem: pull secrets from a secret management API into Kubernetes. We joined our efforts in 2020 to find a common denominator across projects to build the best solution to that problem and even go beyond that. Today, we've built a vendor-neutral community around the project and provide a consistent custom resource API across different cloud vendors and secret management APIs.
Speakers
avatar for Moritz Johner

Moritz Johner

Sr, Software Eng., Form3
Moritz is a platform architect, Open Source maintainer and contributor in the Kubernetes Ecosystem with a strong interest in information security and automation. He's employed at Form3 and currently operating a true multi-cloud Kubernetes platform across three cloud providers and... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

16:30 CEST

Customizing Your Buildpacks Build – Yes You Can! - Natalie Arellano, VMware & Aidan Delaney, Bloomberg
Cloud Native Buildpacks makes building container images as easy as running “pack build.” However, you’ll eventually want to customize that out-of-the-box experience. This talk explores the many buildpacks extension points that enable custom workflows. For application developers, we’ll introduce inline buildpacks and build time environment variables. For platform operators, you’ll learn about base image extension with Dockerfiles, and how to control the level of customization available in order to adhere to security requirements. This talk is for anyone using buildpacks, or anyone who feels they can’t use buildpacks because of a limitation in their workflow. You’ll learn how to implement your unique build patterns using buildpacks.
Speakers
avatar for Natalie Arellano

Natalie Arellano

Software Engineer, Pivotal
Natalie is a software engineer at VMware and a maintainer on the Cloud Native Buildpacks project.
avatar for Aidan Delaney

Aidan Delaney

Engineer, Bloomberg
Aidan is a Buildpacks maintainer and works as part of Bloomberg’s Data Science Platform team. He fuses together Cloud Native technologies to increase accuracy and decrease time-to-market of AI products. Aidan has perviously taught Computer Science at undergraduate and postgratuate... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Forum Center | Forum
  Maintainer Track, Buildpacks.io

16:30 CEST

How to Turn Release Management from Duty to Fun: Lessons Learned Building the Cluster API Release Team - Yuvaraj Balaji Rao Kakaraparthi, VMware & Joe Kratzat, Oracle
Release management has always been a tedious process. Not anymore! A handful of folks, always the same, when free from other tasks, were cutting Cluster API releases for all the active branches. This was not good! Enter the Cluster API team! Want to know how the ClusterAPI project was able to deliver frequent and predictable release cadence? Want to learn how the release team made working on the release tasks satisfying and a fun learning experience for many different contributors? Come to this talk and we will share insights on how we created a ClusterAPI release team by taking inspiration from the Kubernetes release team and shrank it to a more appropriate scale for the project, what we learned from our first venture in running a release team, the problems we solved and other problems we have our sights on, and how this work had an immediate and positive impact on the community, the users of the project and the members of the release team itself!
Speakers
avatar for Yuvaraj Balaji Rao Kakaraparthi

Yuvaraj Balaji Rao Kakaraparthi

Senior Software Engineer, VMware
Bio:
avatar for Joe Kratzat

Joe Kratzat

Senior Member of Technical Staff, Oracle
Joe is a Senior Member of Technical Staff at Oracle with a passion for automating processes. He has many years of compute and cloud experience and recently joined the Kubernetes ecosystem. As a member of the team maintaining the Cluster API for OCI (Oracle Cloud Infrastructure), he... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Forum Center | E105-106
  Maintainer Track, Kubernetes Cluster API

16:30 CEST

Introduction to SIG Cluster Lifecycle - Lubomir I. Ivanov, VMware & Justin Santa Barbara, Google
In this session the Kubernetes SIG Cluster Lifecycle will be presented. An update will be given on the current state of the SIG subprojects and how they fit in the Kubernetes ecosystem. Future plans for the group will be discussed. A couple of SIG subprojects will be highlighted. Presentation attendees will be presented with contact details on how to get in touch with the group and get engaged in contributing,
Speakers
avatar for Justin Santa Barbara

Justin Santa Barbara

Software Engineer, Google
Justin has been contributing to kubernetes since 2014, and loves helping users adopt and grow their use of kubernetes - initially as the primary maintainer of the kubernetes AWS support, he also started the kOps project. He joined Google in 2018 to work full time on Kubernetes, focusing... Read More →
avatar for Lubomir I. Ivanov

Lubomir I. Ivanov

Software engineer, VMware
Lubomir started contributing to Kubernetes in 2017. His main area of interest has been SIG Cluster Lifecycle and subprojects like kubeadm and Cluster API. Currently he co-chairs the SIG and works for VMware's Open Source Program Office.

Wednesday April 19, 2023 16:30 - 17:05 CEST
Auditorium Center | G109
  Maintainer Track, SIG Cluster Lifecycle

16:30 CEST

No Fear, Falco Is Looking After Us! - Jason Dellaluce & Luca Guerra, Sysdig; Melissa Kilby, Apple; Carlos Panato, Chainguard; Hendrik Brueckner, IBM
Falco is a Cloud-Native Runtime Security project and the highest adopted threat detection project for Kubernetes. "Hackers only have to be right once" is so yesterday and Falco and its vibrant community are shifting the rules of the game! In this session, experienced Falco contributors will introduce the project and its ecosystem, present the most recent developments in the space, and show how to get involved as contributors and adopters. Topics of broad and current interest include the recent submission for graduation, the improved eBPF support, the security enhancements, news about falcoctl and the ecosystem integrations, and the envisioned roadmap for the project.
Speakers
avatar for Carlos Panato

Carlos Panato

European Site Lead / Staff Engineer, Chainguard
Carlos Panato is a Staff Software Engineer at Chainguard, Inc. who’s working on development and infrastructure using Kubernetes and containers. Previously, he’s worked on development, testing, processes, and management. Carlos Panato is also a contributor to the Falco project... Read More →
HB

Hendrik Brueckner

Architect for Linux and Red Hat OpenShift on IBM zSystems & LinuxONE, IBM
Hendrik works within the IBM Linux and Red Hat OpenShift teams to drive the integration of IBM zSystems and LinuxONE technologies. He has a strong focus on security and confidential computing. Hendrik has over 15 years experiences enabling emerging technologies for the IBM zSystems... Read More →
avatar for Melissa Kilby

Melissa Kilby

Security Engineer, Apple
Prior to joining Apple as Security Engineer, Melissa Kilby contributed to US Government research projects and taught Applied Data Science at BlackHat. She specialized in Machine Learning and Biomechanics during her PhD and contributed to NASA’s space suit engineering program. Melissa’s... Read More →
avatar for Jason Dellaluce

Jason Dellaluce

Open Source Engineer, Sysdig
Jason Dellaluce is an Open Source Engineer at Sysdig and a core maintainer of Falco, the CNCF tool for Cloud Native Runtime Security. On a daily basis, he contributes to the Falco Community and is exposed to Linux, Kubernetes, Containers, Security, eBPF, and the Open Source world... Read More →
LG

Luca Guerra

Open Source Engineer, Sysdig
Luca is an experienced software engineer, specializing in software design and security research. His professional experience includes designing security solutions for multiple platforms, building and breaking secure systems, and vulnerability management. As a Software Engineer at... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Forum Center | E103-104
  Maintainer Track, Falco

16:30 CEST

Observability with Fluent Bit: Logs, Metrics & Traces - Eduardo Silva & Anurag Gupta, Calyptia
Observability is an art, and it is not necessary start analyzing data right away, it starts with a journey of collecting data from different sources and formats, the need to perform pre-processing, sanitization and finally having an end-to-end solution that allows you to centralize the information for further analysis.

The following presentation will focus on various concepts around Logs, Metrics and traces, how they are implemented and how developers can take the most of them. Understanding the concepts that rule the technology helps to implement a scalable solution that can deal with common failure scenarios from your infrastructure.
Speakers
avatar for Anurag Gupta

Anurag Gupta

Cofounder, Calyptia
Anurag is a maintainer of the Fluentd and Fluent Bit project as well as a co-founder of Calyptia. Previously he has worked at Elastic, driving cloud product and creating the Elastic Operator product. He has also worked at Treasure Data heading enterprise open source with Fluentd... Read More →
avatar for Eduardo Silva

Eduardo Silva

CEO & Founder, Calyptia
Eduardo is an entrepreneur and Software Engineer. He is currently one of Fluentd project maintainers and creator of Fluent Bit, a lightweight Logs, Metrics and Traces processor. He also is the founder of Calyptia (the Fluent company).

Wednesday April 19, 2023 16:30 - 17:05 CEST
Auditorium Center | G001-G002
  Maintainer Track, Fluentd

16:30 CEST

SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Paul Morie, Apple; Stephen Kitt, Red Hat
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.
Speakers
avatar for Stephen Kitt

Stephen Kitt

Senior Principal Software Engineer, Red Hat
Stephen is one of the maintainers of the Submariner project. He is a long-time open source contributor, and has been at Red Hat since 2015, working on OpenDaylight and Submariner.
avatar for Jeremy Olmsted-Thompson

Jeremy Olmsted-Thompson

Senior Staff Software Engineer, Google
Jeremy is a software engineer who works on Google Kubernetes Engine. His main focus is on simplifying the Kubernetes experience, and making it as easy as possible to deploy applications both within a cluster with things like GKE Autopilot, and across clusters with multi-cluster solutions... Read More →
avatar for Laura Lorenz

Laura Lorenz

Software Engineer, Google
Laura Lorenz is a software engineer at Google working on the multicluster experience on GKE. She is an active member of Kubernetes’ special interest group SIG-Multicluster, and a subproject owner for the MCS API.
PM

Paul Morie

Software Engineer, Apple
Paul Morie is a Software Engineer

Wednesday April 19, 2023 16:30 - 17:05 CEST
In Virtual Platform
  Maintainer Track, Kubernetes SIG-Multicluster

16:30 CEST

What Does the Kubernetes Steering Committee Steer? - Nabarun Pal, VMware & Bob Killen, Google
The Kubernetes Steering Committee is tasked with decision-making and oversight of the non-technical aspects of the Kubernetes project. This session will be broken into two parts: The first half will be an overview of what the committee is, and what it isn’t. What it’s tasked with, its importance, what it has accomplished to date and its top priorities for the year. The latter half will be focused on answering questions from Kubernetes project constituents and the wider Cloud Native community at large. If you’re curious or have a question about how one of the largest Open Source projects is governed, how that impacts you, or how you can leverage our learnings in your cloud-native projects' governance journeys, we encourage you to come stop by for a conversation!
Speakers
avatar for Nabarun Pal

Nabarun Pal

Senior Member of Technical Staff, VMware
Nabarun is a Senior Engineer at VMware working on the upstream Kubernetes project. Nabarun is an elected Kubernetes Steering Committee member and contributes to various Special Interest Groups like API Machinery, Architecture, Contributor Experience, CLI, Release and Testing in the... Read More →
avatar for Bob Killen

Bob Killen

Program Manager, Google
Bob is a Program Manager at the Google Open Source Programs Office with a focus on Cloud Native computing. He serves the Kubernetes project as a member of the Kubernetes Steering Committee, a chair of the Contributor Experience SIG and has been involved in many other cross-cutting... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Forum Center | E107-108
  Maintainer Track, Kubernetes Steering Committee

16:30 CEST

Operate Multi-Tenancy Service Mesh with ArgoCD in Production - Lin Sun, Solo.io & Faseela K, Ericsson Software Technology
Service meshes offer a breadth of benefits from securing to adding reliability to gaining visibility into your applications. However, as you start to scale your environment and start onboarding different teams or applications into the mesh you run into challenges of tenant isolation in terms of configuration management, resource consumption and security. What is the difference between soft multi-tenancy and hard multi-tenancy? Which one fits best for you? In this session, Faseela and Lin who both are maintainers of Istio will present how to achieve soft multi-tenancy and hard multi-tenancy with Istio service mesh and roll it out to your teams or applications with ArgoCD in production along with live demos.
Speakers
avatar for Faseela K

Faseela K

Experienced Cloud-native Developer, Ericsson Software Technology
Faseela is a cloud-native software developer at Ericsson, majorly contributing to opensource service-mesh solutions. She is a steering committee member and maintainer at Istio. Prior to this, she was a platform development engineer at Cisco DNA Center, where the key focus was on accelerating... Read More →
avatar for Lin Sun

Lin Sun

Director of Open-Source, Solo.io
Lin is the Director of Open Source at Solo.io and a CNCF ambassador. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she was a Senior Technical Staff Member and Master Inventor at IBM for 15+ years. She is the author... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7 | Room B
  Multi-tenancy

16:30 CEST

Multi-Cluster Observability with Service Mesh - That Is a Lot of Moving Parts!? - Ryota Sawada, UPSIDER, Inc.
Observability is complicated and multi-faceted by nature. When you multiply that with a multi-cluster in play, the complexity can seem untameable. Service Mesh solutions could seem like they are the key to solving such a daunting task. They would make multi-cluster handling hidden away, and observability setup provided by default. So, is Service Mesh a silver bullet for any complex Observability requirements? No, it isn't - in fact, it can actually make things more complicated. Ryota has been running Istio since its v1.1 release in production. He will share how Istio helped in many areas, and also highlight some parts that he had trouble with, such as cross-cluster trace and metrics. We will then take a step back with Prometheus basics, understand what Istio does by default, and find the gaps. With the challenges of alert handling, high cardinality, remote read/write, we will wrap up with a demo of how such a multi-cluster Observability setup can be achieved using Istio, Prometheus Operator, and Thanos.
Speakers
avatar for Ryota Sawada

Ryota Sawada

Lead Platform Engineer, UPSIDER, Inc.
Ryota is a tech lead at UPSIDER, Inc., a startup providing B2B payment services for businesses mainly in Japan. He has worked on developing the company’s core payment processing system, and built the platform embracing Kubernetes, Argo, Istio, and other Cloud Native technology even... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7 | Room C
  Observability

16:30 CEST

Tales from on-Call: Fun with Operating Etcd at Scale - Geeta Gharpure & Chao Chen, Amazon
Etcd is the backbone of kubernetes cluster. At scale, workloads push etcd to its limits. In this session, engineers from EKS etcd team will share their challenges, experiences and solutions for the issues we see when operating etcd. Topics include handling etcd out of memory condition, managing etcd size quota, detecting and recovering from revision divergence and more. If you want to share notes on etcd oncall shifts or just learn more about etcd operations, this session is for you !
Speakers
GG

Geeta Gharpure

Senior Software Engineer, Amazon
Geeta works as a senior software engineer in EKS etcd team. She enjoys working on distributed systems. Her interests include containerization, platform design and distributed storage systems. She holds a MS degree in computer science.
avatar for Chao Chen

Chao Chen

Senior Software Engineer, EKS
Chao is a software development engineer in EKS etcd team. He is mainly working on etcd architecture, operations at AWS and also contributing to etcd open source development and release.

Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

16:30 CEST

Love, Death and Robots - with Wasm & K8s on Boston Dynamics Spot - Max Körbächer, Liquid Reply & Kevin Hawryluk, Roboverse Reply
Can containers and Kubernetes run anywhere? Yes, nearly. We have seen in the past fighter jets, fully isolated environments, security critical infrastructure and more with Kubernetes. So it is no wonder that Boston Dynamics Spot, the most advanced mobile quadrupled robot, is running on containers too. But this wasn’t enough for us. How and why we tweaked the (real world) bot a little and what are our lessons learned is part of this talk. We will show you the easy steps to migrate to K8s, the experimental integrations with Wasm and ideas on how to manage Spot like any other Kubernetes. Our targets are to provide a highly reliable, self-healing software infrastructure for industrial great robots that are secure, fast and autonomous.
Speakers
avatar for Max Körbächer

Max Körbächer

Co-Founder, Liquid Reply
Max is Co-Founder and Cloud Native Advocate at Liquid Reply. He is Co-Chair of the CNCF Environmental Sustainability Technical Advisory Group and served 3 years at the Kubernetes release team. Besides, he is part of different OSS Advisory Boards. His focus is on designing and building... Read More →
KH

Kevin Hawryluk

Head of Technology, Roboverse Reply
Kevin is Head of Technology at Roboverse Reply, a robotics and mixed reality specialized company. As the market leader in the development and implementation of use cases with Boston Dynamics Spot, the team around Kevin is traveling around the world to show the capabilities of autonomous... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Auditorium Center | G104-105
  Runtime Performance + Constrained Environments

16:30 CEST

Anatomy of a Cloud Security Breach - 7 Deadly Sins - Maya Levine, Sysdig
What leads to a cloud security breach? Misconfigurations, exposed APIs, vulnerability exploitation, and more. Attacker motivations haven’t changed much, but their methods have adapted to new technologies. As a defender, you must adapt too. Learn about the differences between cloud vs on-premise threats and breaches. What has changed? Are certain attack types more prevalent, attractive, or easy to execute in the cloud? Why? What are the high-level cloud attack trends (and defenses) and how to cope? We will walk through 7 examples of real cloud breaches based on analysis from the Sysdig Threat Research Team. Each breach discussed involves cloud infrastructure. We focus on the attack patterns, response patterns, and other interesting elements that give insight into how to better protect and respond to incidents in cloud environments. You won’t hear general, “lock your stuff down” guidance; each scenario will have a specific takeaway so you can avoid a similar pitfall. After this talk the audience will have an in-depth understanding of common cloud breaches currently running in the wild, lessons learned, and a full list of actions to avoid ending up in the news.
Speakers
avatar for Maya Levine

Maya Levine

Product Manager, Sysdig
Maya Levine is a Product Manager for Sysdig. Previously she worked at Check Point Software Technologies as a Security Engineer and later a Technical Marketing Engineer, focusing on cloud security. Her earnest and concise communication style connects to both technical and business... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

16:30 CEST

🦝 Canals and Bridges: Using Amsterdam’s Transit System To Secure K8s Networks - Cailyn Edwards, Shopify
Amsterdam has over 1200 bridges crossing the city's many canals and waterways. The web of bridges and canals continues to be used to move people and resources through the city, and has also aided in its defence. This complex lattice of connected components could be likened to a complex Kubernetes network. In this talk we will use Amsterdam’s city structure to visualize the benefits and challenges involved with security a k8s network. We will talk about how to get to know a network; perform a threat model and use the findings to plan and implement a strong security strategy. This talk will share useful network monitoring tools (eBPF anyone?!), important methods for planning a security strategy, go over how to make the most of NetworkPolicies and of course cover the cloud security basics. Attendees will leave this talk feeling ready (and pumped) to try out several strategies for evaluating and implementing security measures for their Kubernetes networks.
Speakers
avatar for Cailyn Edwards

Cailyn Edwards

Shopify
Cailyn Edwards (she/her) is a Senior infrastructure Security Engineer at Shopify, where she spends her time paving roads, putting up guard rails and generally helping to secure the cloud. She is also an active contributor to SIG-Security and 2022 Contributor Award recipient. Her current... Read More →

Wednesday April 19, 2023 16:30 - 17:05 CEST
Auditorium Center | Emerald Room
  Security + Identity, TAG Security Recommended

16:30 CEST

Tutorial: Getting Familiar with Security Observability Using eBPF and Cilium Tetragon - Tracy P Holmes & Duffie Cooley, Isovalent
There are many people who are interested in observability but don't understand what data matters or even where to start. There are others who do understand these things, yet have no idea how to spot certain activities (malicious or otherwise!) This is where Security Observability comes into play. Security Observability in general is about providing more context into events involving an incident. However, researching those events does not have to be confusing or difficult. In this session, we will help overcome these doubts by learning more about a good kind of S.O.R.E.ness - the Security Observability and Runtime Enforcement kind! In four steps we will: 1. Introduce the fundamentals of Cilium Tetragon and the basics of Security Observability 2. Discuss the layers where Tetragon can extract data from and provide enforcement 3. Determine exactly what activities to care about and to monitor, and how to spot those activities 4. Walk through a brief deep dive into network connections and the associated events. The audience will walk away with a better understanding of the types of data and activity that should be monitored in order to prevent malicious events, and the ability to detect a container escape step-by-step.
Speakers
avatar for Duffie Cooley

Duffie Cooley

Field CTO, Isovalent
Duffie is Field CTO at Isovalent focused on helping enterprises find success with Cilium and modern security tooling. Duffie has been working with all things systems and networking for 20 years and remembers most of it. A student of perspective, Duffie is always interested in working... Read More →
avatar for Tracy P Holmes

Tracy P Holmes

Technical Community Advocate, Isovalent
A "jackie of all trades" (and mistress of being herself), Tracy is a Technical Community Advocate at Isovalent focusing on all things Cilium, security, observability, and Anxiety Driven Development. When she isn't leveling up her programming skills, hanging with her pup, or learning... Read More →

Wednesday April 19, 2023 16:30 - 18:00 CEST
Elicium Building | Elicium Ballroom 1 + 2
  Tutorials, Security + Identity

16:30 CEST

🚨 ContribFest: Emissary-Ingress - Bugs, Deprecations, and Features, Oh My! (Limited Availability; First-Come, First-Served)
Interested in getting experience with multiple CNCF projects? Come help us smash some bugs, remove deprecated features, and help work on new features. You can learn about developing helm charts, designing Kubernetes CustomResources, and working with Envoy configuration.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Speakers
avatar for Flynn

Flynn

Technical Evangelist, Buoyant
Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering from the kernel up through distributed applications... Read More →
KJ

Kay James

Solutions Engineer, Ambassador Labs
avatar for Lance Austin

Lance Austin

Principal Engineer, Ambassador Labs
Lance Austin is an Engineer at Ambassador Labs that enjoys spending my day making it easier for users to adopt Kubernetes by empowering self-service API Gateway functionalities through Emissary-ingress. When I'm not coding I'm spending my time raising my three children and running... Read More →
avatar for Dave Sudia

Dave Sudia

Senior Developer Advocate, Ambassador Labs
Dave Sudia (he/him) is a Senior Developer Advocate for Ambassador Labs, creators of Emissary-Ingress and Telepresence. He was previously a DevOps/platform engineer and CNCF end user. Dave is passionate about supporting other developers in doing their best work by making sure they... Read More →

Wednesday April 19, 2023 16:30 - 18:00 CEST
K101-102
  🚨 ContribFest

17:25 CEST

OTel Me About Metrics: A Metrics 101 Crash Course - Reese Lee, New Relic
As more and more OpenTelemetry languages release stable metrics SDKs, many users are trying to understand metrics as they look to implement it as part of their observability strategy, but it can be quite confusing. There is so much to learn, such as – how do I choose which metrics instruments to implement to get certain measurements? What even are metrics instruments? What metrics can help me better understand my services? What’s the difference between an UpDownCounter and a Histogram? If you find these terms baffling, don’t worry. I will help you gauge when to use one over the other with this introduction to metrics using OpenTelemetry! In this session, you will get clarity around these concepts and the value different metrics and types of metrics can provide, with fun analogies and real world examples.
Speakers
avatar for Reese Lee

Reese Lee

Developer Relations Engineer, New Relic
Reese Lee joined the OpenTelemetry team at New Relic in 2021, bringing along her enthusiasm for providing quality technical support and enablement for observability end users. She primarily works in the OpenTelemetry End User Working Group to help increase awareness and adoption of... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7 | Room A
  101 Track

17:25 CEST

Creating a Culture of Documentation - Alanna Burke, amazee.io
Picture this: you’ve found a new project on GitHub. It does exactly what you’re looking for, and it’s open-source. Amazing! So you roll up your sleeves and get to it. But then, you run into an error. You Google it. You find similar queries, but never the answer. You pour over the code. You search for anything documenting this project, but keep coming up empty. This project would be perfect, but no one ever documented it. Far too often, the information we need is never found. It stays locked in the minds of the engineers who wrote the code. But what good is code that no one knows how to use? Documentation is every bit as important as making sure the project works. That buy-in can be hard. Stakeholders don’t want to pay for the time. Project managers don’t prioritize the work. Engineers don’t want to do it. The only way to solve this problem is to create a culture around documentation. In this session, we’ll talk about how to elevate the status of the humble documentation to its rightful place alongside your code. We’ll cover how to integrate the documentation process into your existing processes so that your engineers are on board, and how to show stakeholders and others who push back that documentation is not only worthwhile, but essential to the success of your project.
Speakers
avatar for Alanna Burke

Alanna Burke

Community Manager & Developer Advocate, amazee.io
Alanna is passionate about empowering people through technology. After ten years as a back-end Drupal developer, she decided a change of pace was in order, and has been happily working at amazee.io as a community manager, developer advocate, and documentation writer since 2020. Alanna... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Auditorium Center | G106-107
  Community

17:25 CEST

Let’s Go Backstage: IDP Security for Platform Engineers - Rotem Refael, ARMO & Suzanne Daniels, Spotify
Backstage is gaining wide adoption for platform engineering teams looking to build internal development platforms. It does an excellent job of enabling dev teams to manage a well-known inventory from creating clusters to adding them to the inventory and even rescans. Backstage coupled with Kubescape can provide you with the end to end Kubernetes security coverage you need across your entire pipeline through a rich plugin ecosystem. All of these together enable you to scan your known inventory and cluster, have a better understanding of your security posture, and visualize the results in your customized Backstage dashboard. In this talk we’ll provide real code examples for how to DIY, and build a full open source and fully secure IDP.
Speakers
avatar for Rotem Refael

Rotem Refael

Director of Engineering, ARMO
Rotem is Director of Engineering at ARMO, where she contributes to the Kubescape open source project, as well as other open source projects, as a staunch and passionate supporter of making open source security better and more accessible for everyone. Rotem is an engineering veteran... Read More →
avatar for Suzanne Daniels

Suzanne Daniels

Developer Relations, Backstage, Spotify
Suzanne's passion is finding ways to help developers and engineers get the tools and skills to do what they do best: creating the software this world runs on while trying to innovate and make sense of buzzwords at the same time. Suzanne is Microsoft MVP in Developer Technologies... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

17:25 CEST

Cilium Updates, News, Roadmap, and in the Wild - Liz Rice, Isovalent; Andy Allred, EfiCode; Richard Hartmann, Grafana Labs
Welcome to Cilium! In this session you'll get an update on how Cilium has been progressing as a project and on the road towards graduation. You'll hear about the latest developments and future roadmap. We will cover how Cilium is bringin eBPF powered data to the world of observability and why Cilium has become the CNI of choice in the wild. In this session you'll hear from Cilium contributors and users Isovalent, Grafana Labs, and Eficode.
Speakers
avatar for Liz Rice

Liz Rice

Chief Open Source Officer, Isovalent
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She sits on the CNCF Governing Board, and on the Board of OpenUK. She was Chair of the CNCF's Technical Oversight Committee in... Read More →
avatar for Richard Hartmann

Richard Hartmann

Director of Community, Grafana Labs
Richard "RichiH" Hartmann is the Director of Community at Grafana Labs, Prometheus team member, OpenMetrics founder, OpenTelemetry member, CNCF Technical Advisory Group Observability chair, CNCF Technical Oversight Committee member, CNCF Governing Board member, and more. He also leads... Read More →
avatar for Andy Allred

Andy Allred

Lead devops consultant, Eficode
Andy started his career as an electronic warfare and operations specialist in fast attack submarines. After ten years there, he spent several years working in the telecoms industry, working with various providers, vendors, and cloud use cases. Currently, he is consulting and helping... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Forum Center | Forum
  Maintainer Track, Cilium

17:25 CEST

Defining A Common Observability Query Language and Other Observability TAG Updates - Alolita Sharma & Matt Young, Apple
The CNCF Technical Advisory Group (TAG) on Observability serves as a discussion forum for topics related to observability of cloud native systems and workloads. We also produce supporting material and best practices for end users and provide guidance and coordination for CNCF observability projects working within the TAG’s scope. In this session the TAG co-chairs will provide an update on major observability projects in the CNCF, technology updates from these projects and opportunities to get involved in the TAG to build momentum on cross-collaboration across observability projects and the latest areas of discussion in the TAG meetings such as defining a specification for a general observability query language. We also invite observability practitioners, developers and contributors to join in for this session to discuss features, gaps and open source solutions for end-users.
Speakers
avatar for Alolita Sharma

Alolita Sharma

Engineering Manager, Apple
At AWS, Alolita has led open source observability engineering and provided product vision for projects including OpenTelemetry, Prometheus, Open Metrics, Cortex, Grafana, FluentBit, and the managed services for Prometheus and Grafana. Prior to AWS, she has managed engineering teams... Read More →
avatar for Matt Young

Matt Young

Open Source Program Office (OSPO), Apple
I’m a leader and technical strategist with expertise in cloud-native architecture, patterns, and practices who thrives in interdisciplinary and cross-group settings. My background spans compilers to clouds with contributions in development, test, support, and research roles. I have... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Auditorium Center | G001-G002
  Maintainer Track

17:25 CEST

Keeping the Lights on and the Bugs Away - Patrick Ohly, Intel
SIG Testing is responsible for the tools that drive the continuous testing of Kubernetes. Sooner or later, all Kubernetes developers will encounter those, whether it is through failure reports for PRs that they have submitted or directly when writing tests for a new feature. In this talk, we will focus on recent changes in the support packages for end-to-end (E2E) and integration tests. In Kubernetes 1.26, the test/e2e/framework was migrated to Ginkgo v2. This added new primitives for cleaning up after test execution (DeferCleanup) and for aborting a running test suite. For Kubernetes 1.27, most tests were modified to support that. The approach for polling objects and reporting failures is in the process of being overhauled. With the infrastructure and new guidelines in place, now is a good time for other contributors to get involved.
Speakers
avatar for Patrick Ohly

Patrick Ohly

Cloud Native Architect, Intel
Patrick Ohly is a software engineer at Intel GmbH, Germany. In the past he has worked on performance analysis software for HPC clusters ("Intel Trace Analyzer and Collector") and cluster technology in general (PTP and hardware time stamping). Since January 2009 he has worked for Intel... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Auditorium Center | G109
  Maintainer Track, SIG Testing

17:25 CEST

Kubernetes Code of Conduct: Working for the Community - Xander Grzywinski & Jeremy Rickard, Microsoft; Danielle Lancashire, Fermyon; Jason DeTiberus, Cisco; Hilliary Lipsig, Red Hat
The Kubernetes code of conduct exists to create and maintain a safe and respectful community. Have you ever wondered how the code of conduct is applied, what the incident response process looks like, or what it means to report an incident? In this session, a panel of members from the committee will discuss how the code of conduct is used to try and foster a safe space for community members. They will also answer questions submitted from the community about the process and application of the code of conduct. This is a chance to grow a better understanding of how the Kubernetes community operates, and learn what you can do to contribute.
Speakers
avatar for Jeremy Rickard

Jeremy Rickard

Principal Software Engineer, Microsoft
Jeremy Rickard is a Principal Software Engineer at Microsoft Azure, where he works on securing the consumption of open-source software within Azure and other security projects as part of the Azure Container Upstream Team. He also has worked on Virtual Kubelet, Open Service Broker... Read More →
avatar for Jason DeTiberus

Jason DeTiberus

Open Source Technical Leader, Cisco
Jason is a Technical Leader within Cisco's Open Source Program Office. Jason lives in Eastern North Carolina and enjoys collecting various hobbies and projects that rarely see completion. He can often be found daydreaming what hobby to start next, watching the Geese fly by, or honking... Read More →
avatar for Danielle Lancashire

Danielle Lancashire

Principal Software Engineer, Fermyon
Danielle Lancashire is principal software engineer at Fermyon. She is super passionate about bringing clarity to distributed systems and infrastructure. She works on a variety of OSS projects - most notably the Kubelet. In the past she's worked on Nomad, vSphere, CircleCI, and various... Read More →
avatar for Hilliary Lipsig

Hilliary Lipsig

Principal SRE, Red Hat
Hilliary is an autodidact and start-up veteran who has frequently learned and applied technologies to get a job done. She’s had her hand in every part of the application delivery process, honing in her skills originally as a QE engineer. Hilliary is an IT polyglot able to talk the... Read More →
avatar for Xander Grzywinski

Xander Grzywinski

Senior Product Manager, Microsoft
Xander is a senior open source product manager at Microsoft focusing on cloud native technologies. Previously he has worked in various engineering roles at HashiCorp, Apple, and Twitter. He's been involved in many areas of the Kubernetes project including release, contributor summit... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Forum Center | E105-106
  Maintainer Track, Kubernetes Code of Conduct Committee

17:25 CEST

Experience with “Hard Multi-Tenancy” in Kubernetes Using Kata Containers - Shuo Chen, Databricks
Databricks is building a serverless platform for performance-sensitive workloads such as Data Lakehouse on Kubernetes clusters. Because each cluster runs code on behalf of multiple customers, we need “hard multi-tenant” container isolation. After considering various options we chose Kata Containers, an open-source container runtime that provides strong isolation by running containers in micro-VMs. This case study discusses how we build a hard compute and network isolation layer among untrusted workloads in Kubernetes clusters leveraging Kata Containers, network policy and network security group. We will share the first-hand experience on how we integrate Kata Containers with Kubernetes in production, highlighting the challenges we faced, difficult trade-offs among security, performance and cost, and how to work around the heterogeneity across different public cloud providers.
Speakers
SC

Shuo Chen

Sr Software engineer, Databricks
Shuo Chen is a software engineer at Databricks platform team, whose domain area is focusing on high performance computing infrastructure. With the industrial experience of building the underlying network and disk infrastructure for multiple cloud provider companies, Shuo is currently... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
In Virtual Platform
  Multi-tenancy

17:25 CEST

Making Sense of Your Vital Signals: The Future of Pod and Containers Monitoring - David Porter, Google & Peter Hunt, Red Hat
It’s critical for users and cluster administrators to understand the health of their containers and pods and be able to monitor them. Despite of the fact that the health monitoring of the cluster is critical, it is still a mystery for many k8s users. How can these signals help to keep the clusters running or pinpoint the issues before it is too late? We will going in depth to describe where those metrics originate, how they are measured, and what components are involved to make this space less complicated. This presentation will outline the full pipeline of how these signals are collected and processed for pods and containers work starting from the cgroups in the linux kernel ending with prometheus metrics and dashboards. We will discuss future work in this space. The kubernetes community is currently ongoing a large effort to move container metrics away from cAdvisor into the container runtime as part of Kubernetes Enhancement 2371, “CRI Pod Container Stats” which aims to move metrics into the container runtime. We will discuss the goals of this effort and how it will impact the monitoring pipeline. This work will unlock new features and improve performance helping users and cluster administrators to be in control of their deployments.
Speakers
PH

Peter Hunt

Senior Software Engineer, Red Hat
Peter Hunt is a Senior Software Engineer working on Openshift at Red Hat. Passionate about free software, Peter focuses on maintaining CRI-O, attending SIG node, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, gardening, and... Read More →
DP

David Porter

Senior Software Engineer, Google
David Porter is a Senior Software Engineer at Google on Kubernetes GKE node team. David’s focus is on the kubelet node agent and the resource management area. He is primary maintainer of cAdvisor, a resource monitoring library widely used in kubernetes, reviewer of a SIG Node, and... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7 | Room C
  Observability

17:25 CEST

Highly Available Routing with Multi Cluster Gateways - Rob Scott, Google & Liwen Wu, AWS
Deploying applications across multiple clusters can improve availability and reduce latency. Until recently, connecting clusters together was quite challenging and often required manual configuration that varied across environments. Fortunately, we can use two of the newest Kubernetes APIs to dramatically simplify this. In this talk, Liwen and Rob will show how Gateway API and Multi-Cluster Services can be combined to create Multi-Cluster Gateways, enabling advanced routing across clusters. This talk will cover some important use cases for multi-cluster routing, including examples of how multi-cluster routing can improve the availability of your application. They will demonstrate how to achieve high availability on your applications using multiple clusters, showing how failover from one cluster to another can work. Finally, they will put the pieces together to show end to end demos of multi-cluster routing using the same Gateway API and MultiCluster Service configuration. You will see how these APIs can be used to provide portable multi-cluster routing configuration, even when they are mapped to different underlying cloud infrastructure. They will show how advanced features of Gateway API can be combined with the multi-cluster capabilities of the Multi-Cluster Services API.
Speakers
avatar for Rob Scott

Rob Scott

Software Engineer, Google
LW

Liwen Wu

Software Engineer, AWS
Liwen is a Software Engineer at AWS focused on improving AWS VPC networking for Kubernetes. Her first major Kubernetes project was design and development of AWS VPC CNI plugin for Kubernetes networking over AWS VPC. She is an active member of the Gateway API community and implemented... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

17:25 CEST

Adopting Network Policies in Highly Secure Environments - Raymond de Jong, Isovalent
In the world of distributed computing, everything goes over the network, but not everything should be public. Unfortunately, Kubernetes networking is open by default and it is up to you to adopt network policies to secure it. Using our knowledge of implementing network policies in complex regulated environments, we will introduce the fundamentals of Cilium Network Policies and the basics of application-aware and Identity-based Security. With these building blocks in place, we will compare a default-allow with a default-deny policy and how a risk-based approach helps you focus on securing the most sensitive workloads first. We will then discuss various exposure types and strategies for securing your workloads. Applying this theoretical knowledge to the real world, we will explore how observability tools Cilium, Hubble, and Grafana provide you with Network Policy superpowers, like showing how ingress and egress connections are visualized, enabling you to configure the Network Policies using the Network Policy editor. Finally, we will discuss how Network Policy Guardrails allow for keeping control while granting teams self-service management of Network Policies. The audience will learn how to secure their network effectively and efficiently, even for highly sensitive workloads.
Speakers
avatar for Raymond de Jong

Raymond de Jong

Field CTO EMEA, Isovalent
Raymond de Jong is Field CTO for EMEA at Isovalent, the originators of the Cilium project, providing networking, observability, and security for cloud-native applications using eBPF. In this role, he is supporting and enabling customers and partners to be successful with Cilium in... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

17:25 CEST

🦝 RBAC to the Future: Untangling Authorization in Kubernetes - Jimmy Mesta, KSOC
Role-based access control (RBAC) is an unavoidable part of the Kubernetes developer experience. Whether it is engineers managing cluster resources via kubectl or internal service accounts interacting with the Kubernetes API directly, development teams will need to understand how to build and distribute effective, least permissive RBAC policies. This session will first go back in time to help attendees understand exactly how RBAC works under the hood and explore some lesser-known RBAC gotchas. We will then cover the essential pillars of designing an effective RBAC strategy for the enterprise including automation and observability opportunities. After this session, attendees can expect to have a better understanding on how to build and monitor least privilege RBAC configurations within Kubernetes.
Speakers
avatar for Jimmy Mesta

Jimmy Mesta

Co-Founder, KSOC
Jimmy Mesta is the Co-Founder and CTO at KSOC. He is a veteran security engineering leader focusing on building cloud-native security products. Prior to KSOC, Jimmy held senior leadership positions at a number of enterprises including Signal Sciences (acquired by Fastly) where he... Read More →

Wednesday April 19, 2023 17:25 - 18:00 CEST
Auditorium Center | Emerald Room
  Security + Identity, TAG Security Recommended

17:25 CEST

Life Without Sidecars - Is eBPF's Promise Too Good to Be True? - Zahari Dichev, Buoyant
The recent popularity of eBPF has triggered a number of discussions of whether this technology will revolutionize the service mesh space. The promise of all the benefits that a service mesh can bring to your cloud-native infrastructure at a fraction of the performance and operational cost seems tantalizing. eBPF is said to be the tool that can help us build a native and highly efficient service mesh implementation and free us from the sidecar model. Could this all be true? In this talk, Zahari will go down the rabbit hole and try to explore what is and is not possible with an eBPF-powered service mesh. Are proxies really going away and if yes what does that really mean for the security, resilience, and operational complexity of your infrastructure?
Speakers
avatar for Zahari Dichev

Zahari Dichev

Software Engineer, Buoyant
Zahari Dichev is a software engineer working at Buoyant, the creator of Linkerd. He is passionate about performance, distributed systems and cloud-native technology.

Wednesday April 19, 2023 17:25 - 18:00 CEST
Auditorium Center | G104-105
  Service Mesh

18:00 CEST

KubeCrawl + CloudNativeFest sponsored by Gitpod
KubeCrawl + CloudNativeFest sponsored by Gitpod
One party to rule them all!

Been to KubeCon + CloudNativeCon before? You’ve undoubtedly come to the Welcome Reception + Booth Crawl or the All-Attendee Party (or both!) and had an amazing time connecting with fellow #TeamCloudNative members and the local culture. Together we’ve been to Tivoli Gardens, piano-dualed, watched an artist spill coffee to create his works, crawled the haunts of Rainey Street, and dipped our toes in a pool by the Valencian palms. As our community has grown, so too have our events, and we're working hard to create new opportunities for everyone to connect, collaborate, and have fun.

We are thrilled to announce that we'll be providing an enhanced, integrated experience for everyone by combining the Welcome Reception + Booth Crawl and All-Attendee Party into one big celebration on the first official night of KubeCon + CloudNativeCon! Combining these parties means:
  • Fewer long event days 
  • More opportunities for sponsor parties
  • A one-stop-shop for mingling with sponsors while also experiencing the flavor of the city

Don’t miss out on the latest and greatest party at your favorite tech event! We’ll see you in Amsterdam!

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.
Wednesday April 19, 2023 18:00 - 21:00 CEST
Halls 1 + 5
  Solutions Showcase

19:00 CEST

CNCF End User Reception (For active or applying CNCF End User Members only)
The CNCF End User Reception brings together cloud native users for food, beverages, and a casual setting to discuss best practices and lessons learned. Join us to meet peers and learn helpful tactics to help with navigating the cloud native community! Note: This event is reserved exclusively for active or applying CNCF end user members.
Wednesday April 19, 2023 19:00 - 20:30 CEST
Congress Center | Cafe Amsterdam
  Experiences
 
Thursday, April 20
 

08:00 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Thursday April 20, 2023 08:00 - 17:30 CEST
Entrance C
  Badge Pick-up

08:00 CEST

Badge Pick-Up + Vaccine or Negative COVID-19 Test Verification
Thursday April 20, 2023 08:00 - 17:30 CEST
Entrance K
  Badge Pick-up

09:00 CEST

Keynote: Kubernetes Project Updates
Thursday April 20, 2023 09:00 - 09:10 CEST
Hall 12
  Keynote Sessions

09:10 CEST

Sponsored Keynote: Open Source in Bloom 🌼 at AWS - Nathan Taber, Senior Product Manager, Amazon
Nathan Taber, AWS Head of Product for Kubernetes, joins us to highlight what AWS is doing to nurture open source, Kubernetes, and the CNCF
Speakers
avatar for Nathan Taber

Nathan Taber

Sr. Product Manager, Amazon
Nathan is a Sr. Product Manager on the AWS Kubernetes team. Nathan has been part of the launch teams for several AWS container services and currently helps to set the vision and direction for Amazon Elastic Kubernetes Service, AWS’ managed Kubernetes service. He works closely with... Read More →

Thursday April 20, 2023 09:10 - 09:15 CEST
Hall 12
  Keynote Sessions

09:15 CEST

Keynote: CNCF Incubating Project Updates
Thursday April 20, 2023 09:15 - 09:30 CEST
Hall 12
  Keynote Sessions

09:30 CEST

Sponsored Keynote: Total Clarity on Your Application Security - Guillaume Sauvage de Saint Marc, Vice President, Engineering, Emerging Technologies and Incubation, Cisco
Cloud Architects and Application Security teams stand, on a daily basis, in front of difficult questions: Where is my application vulnerable? Which of my assets are at risk? Where can I be hacked? What are the most critical security flaws in my applications that put my CPU, application logic, and data assets at immediate risk?

The industry and the open source community need a suite of tools that can be used to understand those risks across the entirety of an application development, deployment, and production runtime, across on-premises and cloud resources, over monolithic as well as cloud native architectures.

We will share latest updates on Open Clarity, an open source suite effort that aims at addressing the entire cloud security and application security stack, and making it practical and useable for developers, cloud architects, and security teams alike.
Speakers
avatar for Guillaume Sauvage de Saint Marc

Guillaume Sauvage de Saint Marc

Vice President, Engineering, Emerging Technologies and Incubation, Cisco

Thursday April 20, 2023 09:30 - 09:35 CEST
Hall 12
  Keynote Sessions

09:35 CEST

Keynote: Tales from the Cloud Native Community - Nikhita Raghunath, Staff Software Engineer, VMware & Ricardo Rocha, Computing Engineer, CERN
You have likely seen the CNCF landscape that shows the full extent of projects under the CNCF umbrella. With the scale of the landscape, ensuring the health of these projects and strengthening the ecosystem to meet the needs of end users and contributors is not an easy job. Especially when projects span a myriad of areas - security, testing, observability, storage, networking and more!

In this session, learn how the community works together to address this complexity. We will also shine a long-overdue light on the invaluable contributions of a number of contributors who continue to help shape the mission of making cloud native computing ubiquitous.

Whether you are just getting started in the cloud native community or are a long time member, through stories of amazing individuals and their contributions, we will show you the countless opportunities where you can learn, contribute and collaborate!
Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer at CERN IT focusing on containerized deployments, networking and more recently machine learning platforms. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Staff Engineer, VMware
Nikhita is a staff software engineer at VMware and a maintainer of the Kubernetes project. She is a CNCF Ambassador and has won the CNCF Top Committer Award in 2021 for her technical contributions. She is currently the technical lead for k8s SIG Contributor Experience and was al... Read More →

Thursday April 20, 2023 09:35 - 09:50 CEST
Hall 12
  Keynote Sessions

09:50 CEST

Keynote: Gardens and Glaciers: Saving Knowledge Through Succession - Emily Fox, Security Engineer, Apple
Founded in 2015, the Cloud Native Computing Foundation is designed to empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. In the past 8 years, we’ve seen technical innovation in cloud native garden grow by leaps and bounds. However, with each technical innovation we compact the depths of knowledge that were necessary for that innovation to occur. Kubernetes exists to orchestrate containerized workloads, we use a service mesh like Linkerd or Istio to simplify and secure communications between containerized microservices. Every project in the landscape is designed to create a layer or layers of abstraction to simplify the complexity in cloud native architectures. When compacted and concentrated this information forms knowledge glaciers — an accumulation and compaction of deep knowledge built over time that provides foundational understanding as community knowledge expands. Unless we take steps to preserve and transfer information, the more knowledge we lose with each generation of technologists as those lessons learned (like surviving day two operations) are lost to history. This emphasizes the importance in active succession planning and building-the-bench of community leaders and maintainers. We need to dedicate time to save the glaciers, transfer institutional and technical knowledge within the ecosystem, plant the seeds of tomorrow’s leaders, and make room for our community to grow and bloom.
Speakers
avatar for Emily Fox

Emily Fox

Security Engineer, Apple
Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She promotes the cross-pollination of development and security practices. She has worked in security for over 12 years to drive a cultural change where security is unobstructive, natural, and... Read More →

Thursday April 20, 2023 09:50 - 10:05 CEST
Hall 12
  Keynote Sessions

10:05 CEST

Keynote: MLOps on Highly Sensitive Data - Strict Confinement, Confidential Computing, and Tokenization Protecting Privacy - Maciej Mazur, Principal AI/ML Engineer, Canonical & Andreea Munteanu, AI/ML Product Manager, Canonical
MLOps is used in various organizations, that operate on very sensitive datasets. Pharmaceutical and life science companies handling human DNA samples, healthcare institutions training models on patient data, or highly regulated environments like telecom and financial companies. Many users are afraid that cloud-native would expose them more to vulnerabilities, data leaks, or other security issues. In reality, it's just the opposite. With Kubernetes and its ecosystem - Kubeflow, strict confinement for K8s using AppArmor profiles, confidential computing in case you run your workloads on the public cloud and blockchain-based tokenization you can achieve very safe and compliant setup. On the talk you will see a case study of a LifeSciences company creating customized treatments based on DNA, utilizing above mentioned technologies to run complex hybrid/multi-cloud MLOps using Kubernetes and Kubeflow.
Speakers
avatar for Maciej Mazur

Maciej Mazur

Principal ML Engineer, Canonical
I'm a Principal AI/ML Engineer at Canonical - the publisher of Ubuntu.My specialties are:▪ Machine Learning and Data Engineering ▪ Solutions Architecture - Data Lakes / Lakehouse, MLOps pipelines, real-time streaming▪ Public Clouds: AWS, Azure and GCP▪ Kubernetes at scale... Read More →
avatar for Andreea Munteanu

Andreea Munteanu

AI/ML Product Manager, Canonical
Telecom/IT engineer, with adaptive capacity in multicultural environments and background experience in telecom field, with huge interest for data and data analysis.My passion for analytics and my detailed oriented personality lead me to a career in Business Intelligence, working with... Read More →

Thursday April 20, 2023 10:05 - 10:20 CEST
Hall 12
  Keynote Sessions

10:20 CEST

Keynote: Closing Remarks
Thursday April 20, 2023 10:20 - 10:25 CEST
Hall 12
  Keynote Sessions

10:30 CEST

Coffee Break ☕
Thursday April 20, 2023 10:30 - 11:00 CEST
Halls 1 + 5
  Breaks

10:30 CEST

Capture The Flag Experience
The Capture The Flag (CTF) experience runs concurrently to KubeCon + CloudNativeCon Europe 2023!
Delve deeper into the dark and mysterious world of Cloud Native security! Exploit a supply chain attack and start your journey deep inside the target infrastructure, utilize your position to hunt and collect the flags, and hopefully learn something new and wryly amusing along the way!

Attendees can play three increasingly treacherous and demanding scenarios to bushwhack their way through the dense jungle of Cloud Native security. Everybody is welcome, from beginner to seasoned veterans, as we venture amongst the low-hanging fruits of insecure configuration and scale the lofty peaks of cluster compromise! Want to know more about the CTF? Review the details here.
Thursday April 20, 2023 10:30 - 16:30 CEST
Auditorium Centre | G102-103
  Capture The Flag
  • Content Experience Level Any

10:30 CEST

Solutions Showcase
Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.
Thursday April 20, 2023 10:30 - 17:30 CEST
Halls 1 + 5
  Solutions Showcase

11:00 CEST

The Life and Times of a Kubernetes Feature - Swati Sehgal & Francesco Romani, Red Hat
Have you been looking for an opportunity to contribute a feature to Kubernetes and feeling intimidated? Not sure where to start and wondering about things like: How do I share my ideas and get feedback? Who should I talk to, and where? What do reviews look like? Actually, what does the process look like? How do I even start? Worry not, and first of all, welcome to the community, we are delighted to have you! It is natural to feel daunted, but there are resources! This talk will help you navigate through the processes and empower you to find answers, paving your way to success. We will see examples of features made into kubernetes ranging from all degrees of maturity, from new and exciting alpha features to maturing beta features up to trusted and dependable GA. We will demystify the contribution process and provide insights on how to navigate through the Kubernetes processes, with real examples from existing features.
Speakers
avatar for Francesco Romani

Francesco Romani

Principal Software Engineer, Red Hat
Principal software engineer, joined Red Hat in late 2013, involved in open source projects since 2006. Worked in Red Hat about all things virtualization, then moved to the cloud native virtualization and now on cloud-native network functions. Currently works in the resource management... Read More →
avatar for Swati Sehgal

Swati Sehgal

Principal Software Engineer, Red Hat
Swati Sehgal is a Principal Software Engineer in the Ecosystem Engineering Group at Red Hat. She works to enhance OpenShift and its platform to deliver best-in-class networking applications, leading edge solutions and innovative enhancements across the stack. Her work includes working... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7 | Room A
  101 Track

11:00 CEST

Connecting OSS Dots: Business, Maintainers, Community, Sustainability - Nikhita Raghunath & Kiran Mova, VMware; Rita Zhang, Microsoft; Jago Macleod, Google; Vipul Sabhaya, Amazon
One of the recurring themes at KubeCon was maintainer burnout and project sustainability. There are very few contributors who have support from their employers to contribute during their day job. Organizations have also been finding it challenging to account for investing and staffing open source roles. We've heard a lot about this problem from maintainers. However, given that engineering managers are primarily responsible for driving this accountability within enterprise orgs, we will talk to managers of maintainers across Google, Microsoft, AWS and VMware on how they are enabling their reports to make significant contributions in OSS. Some of the topics that we will cover: - What metrics are used to justify OSS, including chop-wood-carry-water work? - What strategies have worked and failed to keep their reports motivated, and grow them through both the community and enterprise ladder? - How do they find a balance between company and OSS priorities? - What challenges have they faced to staff OSS roles, including hiring and retention? We will also be engaging the audience about challenges they've faced and brainstorming solutions with the panelists. Current and aspiring contributors will be able to bring back best practices to their managers (who might not be at KubeCon).
Speakers
avatar for Vipul Sabhaya

Vipul Sabhaya

Sr. Software Development Manager, Amazon
Vipul Sabhaya is Sr. Software Development Manager - EKS at Amazon Web Services (AWS), based in the Greater Seattle area. Vipul has led teams that focus on OSS software such as Kubernetes and Openstack prior to that. At Amazon, he leads the team that is responsible for managing Kubernetes... Read More →
avatar for Rita Zhang

Rita Zhang

Principal Software Engineer, Microsoft
Rita Zhang is a software engineer at Microsoft, based in the San Francisco bay area. She leads the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects that are part of the Azure Kubernetes Service. Rita is a Kubernetes SIG Auth co-chair... Read More →
JM

Jago Macleod

Engineering Director, Google
Jago Macleod is an Engineering Director at Google, where he is responsible for much of Google’s investment in Kubernetes, including productization through GKE, GDC, and Anthos. In this role since 2017, Jago has had the privilege of leading the ‘Kubernetes Kernel’ team, including... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Staff Engineer, VMware
Nikhita is a staff software engineer at VMware and a maintainer of the Kubernetes project. She is a CNCF Ambassador and has won the CNCF Top Committer Award in 2021 for her technical contributions. She is currently the technical lead for k8s SIG Contributor Experience and was al... Read More →
avatar for Kiran Mova

Kiran Mova

Senior Open Source Engineering Manager, VMware
Kiran Mova is Senior Open Source Engineering Manager at VMware with the mission to create a Open Source Engineering team around the Tanzu platform focusing on Kubernetes and other upstream projects. Prior to joining VMware, Kiran was the co-founder of a storage startup where he worked... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7 | Room C
  Business Value

11:00 CEST

Unlocking Argo CD’s Hidden Tools for Chaos Engineering - Featuring VCluster and More - Dan Garfield & Brandon Phillips, Codefresh
Running large scale GitOps operations with Argo CD is not only possible, but very fun! With almost every cloud-native tool there are pain points that come with scale, bumps that need to be planned around, or settings that need to be made. What if there was a way to easily simulate and plan out your large scale rollout so you could head off any issues before they happen? In this session, an Argo Maintainer will show you the hidden tools inside Argo CD that make this kind of performance testing easy and how different scenarios change the way you scale with Argo CD along with the tweaks and things to look out for. We’ll irreverently break Argo by hammering it with vCluster, apps, resources, and show dangerous misconfigurations that could cause chaos – and how to fix them! Plus, how to simulate users creating chaos in a GitOps environment.
Speakers
avatar for Dan Garfield

Dan Garfield

Chief Open Source Officer and Co-Founder, Codefresh
Dan Garfield is the Co-founder and Chief Open Source Officer of Codefresh, a CI/CD platform powered by GitOps and Argo. He helped launch the GitOps Working Group and helped lead the creation of the Open GitOps principles. As an Argo Maintainer, Kubernaut, Google Developer Expert... Read More →
BP

Brandon Phillips

Principal Technologist, Codefresh
Brandon Phillips is an engineer with a passion for all things electronic, motorized, and software related. Brandon has architected and built everything from factory automation lines to massive enterprise software deliveries. He particularly enjoys embracing new technology and sharing... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Elicium Building | D201-202
  CI/CD

11:00 CEST

Story of Our Transition to a Custom Kubernetes Operator for an API Gateway - Vincent Behar, Ubisoft
At Ubisoft, we're building an internal platform to provide managed services - such as Kubernetes clusters, databases, ... - through a unified experience. Any team can contribute to the platform by bringing their own services, which will need to be integrated at the API Gateway level. This talk is the story of our transition from a manually managed API Gateway - configuration and rules - to a self-service one, using a custom Kubernetes Operator. We'll go through the challenges we faced with our initial setup while scaling the platform, and our reasons for writing our own operator, instead of relying on existing solutions. We'll explain our platform's conventions, and how we are using OpenAPI as a central point of entry for our APIs. And we'll detail the features we needed - and implemented - to automatically configure our API Gateway based on the OpenAPI documents provided by the different services. While doing so, we'll also relate some organizational challenges, such as switching responsibilities, as well as technical benefits from using the controller pattern: the reconciliation loop, dry-run - with server-side apply. And we'll highlight what we learned along the way. Our technical stack is based on Kong, Kubebuilder/controller-runtime, testcontainers, Kind, Telepresence...
Speakers
avatar for Vincent Behar

Vincent Behar

Senior Engineer, Ubisoft
Senior Engineer at Ubisoft, Vincent has 15+ years of development experience, caring about Continuous Delivery and Observability. He started using - and sometimes contributing to - OpenShift & Kubernetes in 2015, more often than not with a focus on extending its API to build a platform... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

11:00 CEST

Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
Speakers
XY

Xiangqian Yu

Software Engineer, Google
Xiangqian Yu is a Software Engineer at Google. He is also a co-chair of the Data Protection WG in Kubernetes and a co-lead of the Volume Snapshot project in SIG Storage.

Thursday April 20, 2023 11:00 - 11:35 CEST
In Virtual Platform
  Maintainer Track, Kubernetes Data Protection WG

11:00 CEST

Life of a CVE with Ingress-Nginx; Understanding the Project's Release Cycle - James Strong, Chainguard & Dylen Turnbull, Nginx INC
In 7 years, Ingress-nginx has had 221 releases, with over 6800 commits. To ensure stability and to test this highly configurable controller, the project has grown to over 400 e2e tests and helm chart tests across various kubernetes versions and deployment landscapes. We were 3/4 through our stabilization project in the last maintainer track we presented. The ironic thing about OSS and software, in general, is that it is never really completed, nor should the stabilization and security of the project. In this talk, we discuss how we work to improve the release process of ingress-nginx to keep Ingress-nginx CVE-free with real-world examples. We will discuss the current release process and how we are working with sig-release and sig-security to increase release velocity, reduce complexity and increase the security of ingress-nginx. Please join us for this presentation if you want to hear about the ingress-nginx controller getting released & how we continue to improve it.
Speakers
avatar for James Strong

James Strong

Solutions Architect, Chainguard
James joined Chainguard after a long stint of helping customers migrate to the Cloud and Kubernetes. Security was the number one issue he saw when completing these migrations, and he now wants to help secure their supply chains. James is also the author of O’Reilly’s Networking... Read More →
avatar for Dylen Turnbull

Dylen Turnbull

Solutions Architect, NGINX Inc.
Throughout his career, Dylen Turnbull, has worked for several companies Symantec, Veritas, F5 Networks and now F5's NGINX business unit. This time represents an accumulation of over 23 years of enterprise/opensource software and solution development experience. Working with NGINX... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Auditorium Center | G109
  Maintainer Track, Sig-Network Ingress-nginx Subproject

11:00 CEST

Revamping Kubernetes with Contextual and Structured Logging, a Deep Dive - Shivanshu Raj Shrivastava, Tetrate
Kubernetes is undergoing fundamental changes in its logging infrastructure to emit structured logs containing references to Kubernetes objects and the context of a log entry, making logging in Kubernetes uniform and machine-readable, bringing more automation to Kubernetes monitoring. Much effort has gone into enhancing klog and migrating Kubernetes components to achieve structured and contextual logging. We aim to cover a deep dive into the changes, a demo comparing performances and seamless log ingestion with log collection agents like Fluent Bit. It affects the complete code base of Kubernetes and needs collaboration between maintainers of different SIGs. This talk will make adopting best practices easy as we advance. We welcome everyone contributing to Kubernetes or interested in understanding the modern way of Kubernetes logs collection. New contributors are most welcome as it gives a good starting point to familiarize themselves with the Kubernetes code base.
Speakers
avatar for Shivanshu Raj Shrivastava

Shivanshu Raj Shrivastava

Software Engineer, Tetrate
Shivanshu is a Software Engineer at Tetrate an enterprise service mesh company, primarily working on Istio an open-source service mesh implementation.He's a member of Istio and Kubernetes and closely working with the Structured-Logging Working Group in Kubernetes.He was also one of... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Forum Center | E107-108
  Maintainer Track, Kubernetes Structured Logging WG

11:00 CEST

State of the Mop: Cloud Custodian in 2023 - Jorge Castro & Kapil Thangavelu, Stacklet Inc.
2022 has been an impactful year for Cloud Custodian as the intersection of compliance and finops continues to grow. This session will cover the past year's worth of development and discuss where we're planning on going for 2023: - General project health updates - Overview of Kubernetes usage with c7n - Overview of c7n-left, a new module to enforce policies at the planning stage of deployment The bulk of the session will be dedicated to a tour/outline of how the project is laid out and organized so that attendees can understand the contribution process: - Project architecture and organization - Overview of the testing processes and pipelines - Release processes - Contribution and review examples and tutorial We will also cover our progress in other project goals as they relate to project graduation: - Dedicated maintainer process and workflow - Governance model All skill levels welcome, knowledge of Python and typical cloud stacks (AWS, Azure, GCP, and K8s) helps.
Speakers
avatar for Kapil Thangavelu

Kapil Thangavelu

CTO, Stacklet Inc.
Kapil is a Co-Founder and CTO at Stacklet, building products to help companies be well managed in the cloud. Prior to that he was a Principal Open Source Technologist at Amazon working on various opensource projects. As a Senior Director at Capital One he focused on accelerating best... Read More →
avatar for Jorge Castro

Jorge Castro

Community Manager, Stacklet Inc.
Jorge is a Community Manager at Stacklet, working on growing the Cloud Custodian project. He resides in Ann Arbor, Michigan with his lovely wife Jill, their son Rafael, and their beagle Oscar. Hobbies and interests include heavy metal, passport renewal, paleontology, gaming, technology... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Forum Center | Forum
  Maintainer Track, Cloud Custodian

11:00 CEST

The RPC Revolution: Getting the Most Out of gRPC - Richard Belleville & Kevin Nilson, Google
gRPC has changed the way people design and deploy their APIs. But many people have just scratched the surface of the depth gRPC has to offer. In this talk, we'll cover advanced gRPC topics including atomicity concerns, custom code generation, and many others. We'll then cover recent updates in the gRPC ecosystem.
Speakers
avatar for Richard Belleville

Richard Belleville

Software Engineer, Google
Richard Belleville is a senior software engineer on the gRPC team at Google. He is the tech lead for the gRPC Python bindings. In his free time, he tinkers on a server rack at home running Kubernetes.
avatar for Kevin Nilson

Kevin Nilson

Software Engineering Manager, google

Thursday April 20, 2023 11:00 - 11:35 CEST
Forum Center | E103-104
  Maintainer Track, gRPC

11:00 CEST

Using CNCF Projects for Adding Music and Announcements to My Home Elevator - Erwin de Keijzer, Fullstaq
Erwin's house has an elevator, you might think it's an apartment, but no, it's a family home with an elevator. Since moving in Erwin has wanted to upgrade the elevator experience. In this talk Erwin explains how he used open source projects like NATS, Grafana, Prometheus, AlertManager and protocol buffers to track elevator performance and add awesome elevator music and floor announcements to an otherwise mundane elevator ride. Erwin will show how he made the system resilient and performant and show some epic dashboards with insights into the elevator performance. This talk will not feature a live demo, Erwin thought about bringing the elevator with him, but it was not accepted by his family.
Speakers
avatar for Erwin de Keijzer

Erwin de Keijzer

DevOps Engineer, Fullstaq
Erwin has been fascinated by CNCF ever since its Inception, having made it a personal goal to try as many products as possible. Both in his personal as professional work he embraces the cloud native mindset. Pet projects, or as he likes to call it: side quests are a perfect playing... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7 | Room B
  Open Interfaces + Interoperability

11:00 CEST

Kubernetes Database Operators Landscape - Xing Yang, VMware; Melissa Logan, Constantia.io; Sergey Pronin, Percona; Alvaro Hernandez, OnGres
To handle Day-2 operations for data workloads on Kubernetes, organizations rely heavily on operators, but they present a number of challenges – including lack of integration with existing tools; lack of interoperability with the rest of their stack; varying degrees of quality; and lack of standardization. And yet – a majority of people are using at least 20 operators according to the 2022 Data on Kubernetes Report. For those evaluating their options, the challenge is further complicated by choice; the number of operators continues to grow with Operator Hub currently listing 270+. Without operator standards, how can end users possibly evaluate each one to know whether it meets their needs? This panel unites the Data on Kubernetes Community Operator SIG and Kubernetes Storage SIG to discuss key features of Kubernetes database operators -- what works, what doesn’t, and where the industry is going. Panelists will also present a feature matrix to help end users compare a multitude of database operators.
Speakers
avatar for Xing Yang

Xing Yang

Tech Lead, VMware
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect of OpenSDS... Read More →
avatar for Melissa Logan

Melissa Logan

Director of Data on Kubernetes Community; CEO/Founder of Constantia.io, Constantia.io
Melissa Logan is a tech marketing veteran with over 22 years of experience working with startups and the Fortune 500. She's currently the CEO/founder of Constantia, a tech community company that manages independent communities including the Data on Kubernetes Community and Data Mesh Learning; and provides marketing... Read More →
avatar for Alvaro Hernandez

Alvaro Hernandez

Founder, OnGres
Álvaro is a passionate database and software developer. Founder of OnGres ("ON postGRES"), he has been dedicated to Postgres and R&D in databases for more than two decades.Álvaro is at heart an open source advocate and developer. He has created software like StackGres, a Platform... Read More →
avatar for Sergey Pronin

Sergey Pronin

Group product manager, Percona
Sergey is a passionate technology "driver". After graduation worked in various fields: internet service provider, financial sector and M&A business. Main focal points were infrastructure and products around it. At Percona as a Group Product Manager drives forward Kubernetes and Cloud... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

11:00 CEST

Cloud-Native Quantum: Running Quantum Serverless Workloads on Kubernetes - Paul Schweigert & Michael Maximilien, IBM
We’ve all heard about the changes that quantum computing will cause, among them faster algorithms, new solutions to complex problems, and threats to the cryptography that the modern web is based on. But more specifically, what does the rise of quantum computing mean to the cloud-native landscape? In this talk, Paul and Max will show how the Kubernetes ecosystem will play a crucial role as quantum computing moves from the laboratory to mainstream. In particular, they will present on how to manage and run quantum workloads in a serverless manner by utilizing Kubernetes and Knative and the open source toolkit Qiskit; in the process in this presentation they will demonstrate that quantum serverless will constitute an important part of of the future of cloud computing.
Speakers
avatar for Michael Maximilien

Michael Maximilien

Distinguished Engineer, IBM
My name is Michael Maximilien, better known as max or dr.max, and I am a currently a Distinguished Engineer with IBM. I am the leader for IBM’s Open Source team contributing to all things Serverless and Platform-as-a-Service (PaaS). I have worked at various divisions of IBM. At... Read More →
avatar for Paul Schweigert

Paul Schweigert

Software Developer, IBM
Paul Schweigert works on quantum and serverless technologies at IBM. He is a member of the TOC on the Knative project and has also contributed to various other areas across the Kubernetes ecosystem. He’s also worked as a tech lead for various platform engineering and data science... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Auditorium Center | G106-107
  Research + Academia + HPC + Advanced Concepts

11:00 CEST

Setting up Etcd with Kubernetes to Host Clusters with Thousands of Nodes - Marcel Zięba, Isovalent & Laurent Bernaille, Datadog
Setting up clusters that need thousands of nodes can be challenging especially when it comes to etcd architecture and configuration. It’s especially common in use cases like large processing farms for AI/ML/HPC workloads,or in case of internet scale serving applications. In this session you’ll be able to learn best practices around etcd deployments architecture and configuration from tech leads from DataDog and Google Cloud. DataDog has been running their own Kubernetes clusters with thousands of nodes for many years already. Google Cloud has been offering managed clusters up to 15000 nodes since 2020. You’ll be able to hear from practitioners in the space how to squeeze performance, reliability and scale from etcd instances in your clusters. You'll be able to hear about topics like handling disk io or network throughput bottlenecks or how to handle api server restarts and their impact on etcd.
Speakers
avatar for Laurent Bernaille

Laurent Bernaille

Principal Engineer, Datadog
Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud, adopt containers and improve their deployment pipelines. He is now Staff Engineer at Datadog and works in the Compute team... Read More →
avatar for Marcel Zięba

Marcel Zięba

Senior Software Engineer, Isovalent
Marcel Zięba is a Senior Software Engineer at Isovalent and is leading SIG Scalability in the Kubernetes open-source community. Previously, Marcel worked on Kubernetes and Google Kubernetes Engine since 2020 focusing mainly on performance and scalability. Now he is focusing on the... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Auditorium Center | G104-105
  Runtime Performance + Constrained Environments

11:00 CEST

Back to the Future: Next-Generation Cloud Native Security - Matt Jarvis, Snyk & Andrew Martin, Control Plane
Cloud native security moves quickly: what will be the compounded effects of today’s emerging technologies on future architectural patterns? In this talk we’ll explore what security might look like in the cloud ecosystem of the future - from hardware, cryptography, architecture and software development patterns, to build an almost certainly fuzzy picture of what the coming years might bring. Bringing defence through an offensive lens, we model the ecosystem and look at how the industry can stride forward into the unknown. Peering into the void of uncertainty, we will: Appraise the state of tomorrow’s emergent cloud native security landscape Model an idealised security pipeline using next-generation technologies Highlight the challenges we need to overcome as an industry Call for community contributions to cut through the noise and define the future
Speakers
avatar for Matt Jarvis

Matt Jarvis

Director, Developer Relations, Snyk
Matt Jarvis is a Director of Developer Relations at Snyk. Matt has spent more than 15 years building products and services around open source software, on everything from embedded devices to large scale distributed systems. Most recently he has been focused on the open cloud infrastructure... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, Control Plane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Auditorium Center | Emerald Room
  Security + Identity

11:00 CEST

Improve Vulnerability Management with OCI Artifacts – It Is That Easy! - Itay Shakury, Aqua Security & Toddy Mladenov , Microsoft
In the past couple of years supply chain security rose to mainstream attention and the industry has been devoted to address related concerns. Managing vulnerabilities and software dependencies is an integral part of this process. One of the most dominant advancements was the popularization of standard SBOMs (Software Bill of Materials) as well as signed attestations. While SBOM generation and validation is a non-issue today, efficiently utilizing it at scale is still a challenge. It relies on custom solutions or proprietary integrations. OCI artifacts specification is a new specification, which solves this challenge in an elegant and efficient manner. With it, you can sign images, store and sign SBOMs, scan results and other important supply chain related attestations alongside the relevant artifacts in the registry. In this talk, the audience will learn how to improve their vulnerability management practices by employing the new registry capabilities and using open-source tools like Trivy, Notary and ORAS. Same practices could be utilized for any OCI artifact including WASM, packages, and libraries.
Speakers
avatar for Itay Shakury

Itay Shakury

VP Open Source, Aqua Security
Itay Shakury is the VP of Open Source at Aqua Security, where he leads engineering for open source, cloud native security solutions. Itay has some 20 years of professional experience in various software development, architecture and product management roles. Itay is also a CNCF Cloud... Read More →
avatar for Toddy Mladenov

Toddy Mladenov

Principal Product Manager – Azure Containers Upstream, Microsoft
Toddy has over 25 years of experience in software engineering and design, consulting, and product management for companies like Microsoft, T-Mobile, and SAP. He started his cloud journey 13 years ago as part of the Azure team. Since then, Toddy worked on large-scale cloud implementations... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

11:00 CEST

Rotate Roots Right Round: Using Cert-Manager for Safer Private PKI - Ashley Davis, Jetstack
There are plenty of benefits when you control your own certificate authority (CA), whether for just one Kubernetes cluster or for your whole organization. Putting a service mesh into production might require rolling your own CA, for example, but there are other use cases where a private PKI makes sense to avoid the headaches of rate limits, issuance costs or relying on third party services. Luckily for us, the concepts behind Public Key Infrastructure (PKI) have been around since at least the 70s and there are there's a tonne to learn from existing PKI deployments which we can apply to today's cloud native landscape. Plus, cert-manager is here to help! In this talk we'll discuss how to use cert-manager to safely deploy a private PKI at organizational scale and some the things we need to think about to ensure that we can run it safely - without causing a major outage down the road by failing to plan for rotation! Ash is a public key cryptography nerd with prior experience in administering PKI at large scale. As a cert-manager maintainer he's committed to improving the experience of anyone that runs private PKI in cloud native projects and beyond!
Speakers
avatar for Ashley Davis

Ashley Davis

Senior Software Engineer, Jetstack
Ash is a professional certificate nerd and full-time open source enthusiast. As a teenager, he got his start in tech by wondering how video games were made. That sparked an interest in computing ranging from the barest of bare metal programming right up to scalable distributed platforms... Read More →

Thursday April 20, 2023 11:00 - 11:35 CEST
In Virtual Platform
  Security + Identity

11:00 CEST

TechDocs Office Hours
We’re taking the TechDocs Office Hours on the road! If you have any questions about documentation, the writing process, or how the CNCF TechDocs team can help your project, come by and chat with us!
Speakers
avatar for Nate Waddington

Nate Waddington

Developer Advocate, CNCF
Nate is a Developer Advocate with the Cloud Native Computing Foundation, focusing primarily on the CNCF’s documentation and mentorship efforts. Before joining the CNCF, Nate worked as a Creative Technologist at AKQA, helping build, install, and support interactive installations... Read More →

Thursday April 20, 2023 11:00 - 12:30 CEST
Forum Center | E101
  Maintainer Track

11:00 CEST

Tutorial: Only if Dan Confirms: Exploring OIDC by Building an Unconventional Provider - Daniel Mangum, Upbound
Once upon a time, identity was simple. It was established by users giving a system secret information, and the system associating that user’s privileges with any entity that possessed the information. Unfortunately, the internet grew up and users started wanting to delegate only some of their privileges to other entities. Sometimes the entity was even controlled by someone else! With the continued growth of managed infrastructure services, users find themselves constantly needing to establish trust between systems. CI/CD pipelines need to deploy artifacts to compute. Workloads running on compute need to talk to data stores, queues, and other workloads. Identity federation can quickly become cumbersome to manage, and if handled improperly, can lead to severe security vulnerabilities. OpenID Connect (OIDC) is a commonly supported protocol built on top of OAuth 2.0 to standardize many of these interactions. In this talk, we’ll dive into the world of OIDC by looking at its specifications, exploring common use cases, and building an identity provider that uses some… unconventional methods to establish trust between entities. Attendees will walk away with a deep understanding of how OIDC actually works, and the skills to build and operate systems that interact with it.
Speakers
avatar for Daniel Mangum

Daniel Mangum

Principal Software Engineer, Upbound
Daniel Mangum is a Principal Software Engineer at Upbound and a maintainer of Crossplane, an open source CNCF incubating project. He has served in a variety of roles in the upstream Kubernetes project, most recently as a Tech Lead of SIG Release, and is active in multiple other open... Read More →

Thursday April 20, 2023 11:00 - 12:30 CEST
In Virtual Platform
  Tutorials, Security + Identity

11:00 CEST

🚨 ContribFest: Etcd - Work on Improving Etcd with Maintainers - (Limited Availability; First-Come, First-Served)
Join the contributors to Etcd, the most popular cloud-native database that backs Kubernetes. We'll be working on improving key features and testing for Etcd, and in the process we’ll teach those new to the project how to contribute. Etcd is a very useful, fun, and essential project, and welcomes both new contributors and those who want to “level
up”.

Attendees should be familiar with programming in Go, using GitHub, and should bring a laptop on which they can do cloud-native development: either a Linux laptop, your own Github Devcontainer setup, or some equivalent.Etcd maintainers will organise work to improve reliability of Etcd. We will focus on improving etcd robustness testing and paying technical depth.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Thursday April 20, 2023 11:00 - 12:30 CEST
K101-102
  🚨 ContribFest

11:55 CEST

Container Is the New VM: The Paradigm Change No One Explained to You - Marga Manterola, Isovalent & Rodrigo Campos Catelin, Microsoft
Before containers took over the world, a VM was the atomic unit that we used for firewalls, for load balancers and for auto-scaling. Today, some tools and cloud provider services are still centered around VMs, like load balancers that mostly support forwarding traffic to VMs, creating an additional challenge to adopt containers. So, what do you do when you need to configure the cloud load balancer to forward traffic to VMs, but you don’t know on which VMs your container will be running? Or how do you limit connectivity between two apps, if your firewalls rules limit connectivity between VMs and you don’t know on which VM your container will be scheduled? Is all your previous knowledge obsolete now? What new security measures do you need to implement when doing the switch? During this talk we will guide you through the paradigm changes you need to accept to successfully migrate to containers and let go of VMs. Based on our experience of doing this for several companies, we will go through the biggest challenges a cluster administrator faces when migrating to containers in the cloud, including load-balancing, managing firewalls, autoscaling while running them securely. By the end of this talk, you'll be ready to embrace containers as the new VM.
Speakers
avatar for Rodrigo Campos Catelin

Rodrigo Campos Catelin

Software Engineer, Microsoft
Rodrigo studied Computer Science at the University of Buenos Aires (Argentina). He has been involved in Kubernetes since 2016 and has been a free software developer for 20 years. He is currently working on user namespaces support in Kubernetes. Previously, he worked on support for... Read More →
avatar for Marga Manterola

Marga Manterola

Director of Engineering, Isovalent
A Debian Developer and Open Source enthusiast, Marga has been working with Linux for 20 years. She worked as an SRE at Google, in the team maintaining the internal Linux distribution used by Google engineers. She later joined the cloud native world, working on Flatcar, a container... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7 | Room A
  101 Track

11:55 CEST

How We Migrated Over 1000 Services to Backstage Using GitOps and Survived to Talk About It! - Shahar Shmaram & Ran Mansoor, AppsFlyer
We decided to go ALL IN with GitOps and Terraform so all developers in AppsFlyer now manage their cloud resources in their git repository, later we realized it was time to have a single source of truth catalog for the entire company’s assets that can be self-extended by any of AppsFlyer's developers, we decided to choose Backstage as our service catalog platform. But how do we integrate them both together? AppsFlyer has over 1000 services and processes HUGE amounts of data daily (over 200 Billion events per day). Our customers depend on us to help them make good choices, so while we knew that this needed to be done, we also knew that the migration process was not going to be an easy task. As if things weren't complicated enough, we needed to integrate GitOps and Terraform into that process. In this talk, we will demonstrate how we managed to enable GitOps in the migration process within Backstage. We’ll discuss different approaches we took, the challenges we faced, and most importantly, our unique approach to solving them.
Speakers
avatar for Shahar Shmaram

Shahar Shmaram

Senior Software Developer, AppsFlyer
Shahar holds 10+ years of experience developing large-scale, widely distributed web applications. He specializes in JavaScript, NodeJS, and Go. Prior to working at AppsFlyer, Shahar was a Software Engineer and Tech Lead at Intel for 11 years and holds a B.Sc. in Software Engineering... Read More →
avatar for Ran Mansoor

Ran Mansoor

Software Developer, Appsflyer
Ran has 6+ years of experience developing large-scale server-side software, focused on distributed systems, cloud platforms and infrastructure management. He specializes in Go, Kubernetes, and anything cloud native. Prior to working at AppsFlyer, Ran was a Software Engineer at Intel... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7 | Room C
  Application + Delivery

11:55 CEST

Tips from the Trenches: GitOps at Adobe - Larisa Andreea Danaila & Ionut-Maxim Margelatu, Adobe
At Adobe, Larisa and Ionut have spent a big part of 2022 investing in GitOps, learning how to model a deployment system which encompasses stringent organisational CI/CD standards. They onboarded new concepts, rethought deployment automation flows and got creative in the process, when community resources proved insufficient. They migrated off of Spinnaker and rebuilt deployment pipelines from scratch using the Argo projects. In the process, they had to tackle challenges such as promotion of code across environments, automated rollbacks or deployment validation through functional tests. Over time, they refactored these deployment pipelines to serve an increasing number of applications, adding new patterns to accommodate web, streaming and batch services alike. New practices have emerged from this experience, tackling challenges such as: * testing infrastructure changes; * eliminating duplication of manifests; * auditing; * getting visibility into deployments. This journey has left Larisa and Ionut feeling like they're getting GitOps right and that these patterns and practices are ready for company-wide adoption. Join them to hear how they overcame the concerns of moving to a GitOps paradigm and adopted Argo at Adobe.
Speakers
avatar for Ionut-Maxim Margelatu

Ionut-Maxim Margelatu

Senior Computer Scientist, Adobe
Ionut works as a Senior Computer Scientist with the Adobe Experience Platform team. He has been developing middleware and back-end services for 16 years. He has spent the last 7 years designing, developing and operating various services with stringent high-throughput low-latency requirements... Read More →
avatar for Larisa Andreea Danaila

Larisa Andreea Danaila

Software Development Engineer, Adobe
Larisa works as a Software Development Engineer with the Adobe Experience Platform team. She’s been developing back-end services for 4 years while being interested in developer productivity and making it safe for developers to fail. Apart from work, she enjoys reading, theater and... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Elicium Building | D201-202
  CI/CD

11:55 CEST

Building a Globally Accessible Community - Kaitlyn Barnard, Kong & Hannah Ouellette, NGINX
Building a diverse community is an aspiration for many open source professionals but doing so takes more than mission statements and boilerplate Code of Conducts. With many marketing, developer relations, and engineering resources focused in North America and Europe, community is often underserved in other regions, effectively closing the door to a large swath of talented developers around the world. It takes active effort to foster globally accessible communities but momentum is possible with dedicated steps. This talk will cover the benefits of a globally accessible community and ways to build momentum for geographical and cultural inclusion. We’ll explore: - How to communicate the value of investing in inclusive programs & global communities - How to build globally accessible programs and common pitfalls - How to advocate for an inclusion, both internally and externally We’ll illustrate these points with real-life examples from some of the largest global tech communities.
Speakers
avatar for Kaitlyn Barnard

Kaitlyn Barnard

Senior Manager, Developer Marketing, Kong
Kaitlyn leads Developer Marketing at Kong, one of the most downloaded open-source API Gateways and the creators of Kuma, an open source service mesh and Sandbox project of CNCF. Prior to joining Kong, Kaitlyn worked at The Linux Foundation where she focused on developer outreach... Read More →
HO

Hannah Ouellette

Senior Manager, Community, NGINX
Hannah Ouellette is the Sr. OSS Community Manager for NGINX, part of F5 Inc. They discovered their passion for OSS community at Kong before serving as technical community manager at Postman. They believe that Diversity, Equity, Inclusion & Belonging are crucial to a healthy community... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Auditorium Center | G106-107
  Community

11:55 CEST

Use Knative When You Can, and Kubernetes When You Must - David Hadas & Michael Maximilien, IBM
Knative extends Kubernetes. It lowers costs and improves the security of the deployed services. …and yes! it also helps you become greener and save energy. This talk provides a fresh view of Knative. Forget about Serverless, consider Knative simply as an Opinionated Kubernetes. Knative advantages include Automation, Simplification, Auto-Scaling, Controlled-Revisions, and An Application Backbone. Deploying services via Knative is therefore a better choice than deploying the same services using Kubernetes directly. Knative requires each deployed service to work in a certain way. We show that many existing microservices are already built to run as Knative services offering an immediate benefit to users. Since Knative extends Kubernetes, it allows a mix and match between Knative services and Kubernetes microservices. We analyze the security benefits of deploying your services via Knative and show how Knative help protect users against configuration drift. We also show that even when users deploy vulnerable services, Knative protects such services from being exploited. Last, we show how using Knative reduces the energy footprint of your services and discuss what the future holds to continuing on this path of making Kubernetes energy efficient.
Speakers
avatar for Michael Maximilien

Michael Maximilien

Distinguished Engineer, IBM
My name is Michael Maximilien, better known as max or dr.max, and I am a currently a Distinguished Engineer with IBM. I am the leader for IBM’s Open Source team contributing to all things Serverless and Platform-as-a-Service (PaaS). I have worked at various divisions of IBM. At... Read More →
avatar for David Hadas

David Hadas

Cloud Cyber Research, IBM Research
Cloud technology research @ IBM Research since 2008, with a focus on runtime-security of cloud workloads. In the last 2 years, my research evolves methods to secure cloud services with the help of ML.   Before joining IBM, had been working for 15 years in the Israeli Startup realm... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

11:55 CEST

InSPIREing Progress: How We're Growing SPIFFE and SPIRE in 2023 and Beyond - Daniel Feldman, Hewlett Packard Enterprise & Andrés Vega, ControlPlane
SPIFFE/SPIRE keeps your data safe and hackers away by automatically assigning unique, secure credentials based on the unique properties of your software. It's a bit like a fingerprint scanner, but for code. In the last year, we've: * Added Windows support, SIGSTORE integration, and a new Kubernetes controller * Greatly improved hardware security support * Deployed SPIFFE/SPIRE at more than a dozen of the largest enterprises in the world * Started working hard on support for extended tokens which enable powerful new security insights * And finally, we graduated from the CNCF after four years in sandbox and incubation! Come visit some of the project team and learn how you can use SPIFFE/SPIRE to keep your infra secure!
Speakers
avatar for Daniel Feldman

Daniel Feldman

Principal Software Engineer, Hewlett Packard Enterprise
Daniel Feldman is a principal software engineer focusing on open source security technologies. He is on the SPIFFE Steering Committee, has deployed SPIFFE/SPIRE infrastructure at more than 10 large companies, coauthored a book on SPIFFE/SPIRE, and is spearheading zero trust security... Read More →
avatar for Andres Vega

Andres Vega

Vice President of Operations, ControlPlane
Andrés Vega is Vice President of Operations at ControlPlane focused on securing modern applications from supply-chain and runtime attacks with a zero trust, continuous security approach He is also an open source maintainer, contributor, and author.

Thursday April 20, 2023 11:55 - 12:30 CEST
Auditorium Center | G109
  Maintainer Track, SPIFFE/SPIRE

11:55 CEST

Introducing CloudEvents Discovery - Clemens Vasters, Microsoft & Klaus Deissner, SAP
CloudEvents Discovery is a metadata document format and metadata API for creating, publishing, discovering, and connecting event flows. It defines a schema registry, a message and event catalog and an declarative model for defining producer, consumer, and subscriber endpoints. The core focus of CloudEvents Discovery is on providing a metaschema for CloudEvents, but the specification also defines metaschemas for AMQP and MQTT messages and is extensible for further metaschemas. In this session you will learn about CloudEvents discovery and the existing tooling, including code generators and transformation of endpoint information into AsyncAPI and OpenAPI.
Speakers
avatar for Klaus Deissner

Klaus Deissner

Development Architect, SAP
Klaus is an architect at SAP focusing on event-driven architecture. He has over 20 years of experience in architecting and engineering software and has spent a large portion of his career with technology topics such as building messaging infrastructures, developer tools, as well as... Read More →
avatar for Clemens Vasters

Clemens Vasters

Principal Architect, Microsoft
Clemens Vasters is Lead Architect in Microsoft’s Azure Messaging team that builds and operates a fleet of hyper-scale messaging services, including Event Grid, Service Bus, and Event Hubs. Clemens represents Microsoft in messaging standardization in OASIS (AMQP) and CNCF (CloudEvents... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Forum Center | Forum
  Maintainer Track, CloudEvents

11:55 CEST

Kubernetes Security Response Committee: Intro & Deep Dive - Monis Khan, Microsoft & Micah Hausler, AWS
The Kubernetes Security Response Committee (SRC) is responsible for the security release process for Kubernetes. In this talk, we will go over what that involves such as the lifecycle of a vulnerability, all the way from the initial report to the public disclosure. The overall responsibilities of SRC will be discussed, with highlights around the differences between SRC, SIG Auth, and SIG Security. Finally, we will also discuss some of the interesting findings from 2022 security audit, and how they impacted the community, as well as the changes that were made to help prevent similar issues in the future. We hope to increase awareness within the community as we have seen multiple instances where folks have not known about the existence of SRC or the process for reporting a vulnerability.
Speakers
avatar for Mo Khan

Mo Khan

Principal Software Engineer, Microsoft
Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor to SIG... Read More →
avatar for Micah Hausler

Micah Hausler

Principal Engineer, AWS
Micah is a Kubernetes contributor, a member of the Kubernetes Security Response Committee, and a Principal Engineer working on EKS at Amazon Web Services.

Thursday April 20, 2023 11:55 - 12:30 CEST
Forum Center | E105-106
  Maintainer Track, Kubernetes Security Response Committee (SRC)

11:55 CEST

Notes from the Field: A Discussion with the KubeVirt End Users - Alona Paz, Red Hat; Ryan Hallisey, Nvidia; Dinesh Majrekar, Civo; Kim Wüstkamp, Killercoda; Peter Salanki, CoreWeave
Since joining the CNCF as a sandbox project in 2019, KubeVirt has steadily grown in size, features, and stability. But developing a project is different from how it is used. As we approach our milestone v1.0 release, we wanted to have an open discussion with our end users. In this panel discussion, we will hear from representatives for ARM, Civo, CoreWeave, Killercoda, and NVIDIA. This will be a free-flowing conversation but we expect attendees will learn about how these companies deploy KubeVirt, and any other CNCF projects, to cover their use cases and address their customers' needs, how they interact with and contribute back to the project, and how we can learn from and grow with each other.
Speakers
avatar for Alona Paz

Alona Paz

Principal Software Engineer, Red Hat
Alona is a Principal Software Engineer, specializing in networking. Maintainer of  KubeVirt. Former mainainer of oVirt. She is part of the Red Hat container-native virtualization team.
avatar for Kim Wuestkamp

Kim Wuestkamp

Founder, Killercoda
Kim is the founder of killercoda.com and killer.sh. He is deep into everything regarding DevOps, Kubernetes, Cloud, Software Development and Infrastructure Architecture.
avatar for Dinesh Majrekar

Dinesh Majrekar

CTO, Civo
Dinesh is a visionary CTO at Civo, fast growing tech company focused on cloud-native technologies. As a proven entrepreneur with years of experience, Dinesh has a track record of building successful tech companies from the ground up. Dinesh has vast experience in building highly scalable... Read More →
avatar for Ryan Hallisey

Ryan Hallisey

Software Engineer, Nvidia
Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.
PS

Peter Salanki

Director or Engineering, CoreWeave
Peter is the Director of Engineering at CoreWeave.

Thursday April 20, 2023 11:55 - 12:30 CEST
Forum Center | E107-108
  Maintainer Track, KubeVirt

11:55 CEST

Yesterday, Today … Project Harbor - The Maintainers Track - Vadim Bauer, 8gears & Yan Wang, VMware
In this session, maintainers are going to highlight the benefits of new features towards better image management, a short overview of v2.7 and v2.8 release and show some of the new features like “Replication by chunk”, Job dashboar.... Next we will discuss the effort on topics such as Edge usage and ongoing implementation of harbor-operator and newly adopted Terraform provider for Harbor We will also talk about the Harbor community, including ways to contribute and areas(work groups) where we need help, such as in the Technical Documentation WG. We will also thank the contributors for their work in version 2.8 and share some of the adoption statistics for Harbor. Finally, we will discuss the roadmap and for the future of Harbor, including planned updates and improvements as we will provide an opportunity for participants to provide feedback.This is a great opportunity to learn about Harbor and how you can get involved in the community.
Speakers
YW

Yan Wang

Staff Engineer, VMware
Yan Wang is a Staff Engineer currently working at VMWare, living in Peking. I have a Master of Science in Computer Science from Beijing JiaoTong University and started my career in Adobe System 10 years ago. I am a core maintainer of open source project Harbor, which is an incubation... Read More →
avatar for Vadim Bauer

Vadim Bauer

Founder, 8gears Container Registry
Vadim is a Container Silverback, who has been running containers in production since 2013. As a maintainer of the CNCF project Harbor, he facilitates the management of container images with Harbor in combination with other CNCF projects. With decades of software engineering on his... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Forum Center | E103-104
  Maintainer Track, Harbor

11:55 CEST

Safe, Dynamic Middleware with Dapr and WebAssembly - Mauricio Salatino, Diagrid & Adrian Cole, Tetrate
Join us for a practical talk on how the Dapr event-driven runtime implements dynamic extensions with WebAssembly. We'll cover how things work in general as well rationale and a peek into implementation. When you leave, you'll have a good idea of how WebAssembly lets you extend cloud native architecture without RPC. Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. A request goes through all defined middleware components before it’s routed to user code, and backwards through the same components before a response is returned to the client. This talk shows how custom HTTP middleware can used without changing the Dapr binary, using WebAssembly technology. Dapr loads these dynamically and without requiring any system dependencies or RPC services. Specifically, we'll review the http-wasm application binary interface (ABI) which SDKs implements, and how this relates to other ABI like proxy-wasm or waPC. Well cover how the middleware works, including the wazero runtime which Dapr embeds to run wasm without system dependencies. Finally, we'll chat about how this fits into Dapr's long-term strategy in extensibility.
Speakers
avatar for Mauricio Salatino

Mauricio Salatino

OSS Software Engineer, Diagrid
OSS Software Engineer @Diagrid working on @DaprDev and @KnativeProjectKnative Steering Committee member for the Knative Project, Knative Functions Co-Lead, and working on the Dapr.io project at @Diagrid. Manning Book Author: Continuous Delivery for Kubernetes. Previously I worked... Read More →
AC

Adrian Cole

Open Source Engineer, Tetrate
Adrian is an engineer working at Tetrate on Open Source projects. He’s been a routine contributor to open source for over ten years. Lately, he spends most of his time on wazero: the zero dependency WebAssembly runtime for Go developers, as well http-wasm.io which is a portability... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7 | Room B
  Open Interfaces + Interoperability

11:55 CEST

Archetypes for Reliable Systems - Steve McGhee & Ameer Abbas, Google
We present a model and implementation for designing and running cloud-based internet services at various levels of intended reliability, based on "Deployment Archetypes for Cloud Applications" [Berenberg, Calder, 2022] https://dl.acm.org/doi/full/10.1145/3498336# This model allows cloud customers to describe the reliability needs (availability, failure domain resilience, RTO/RPO) of an application and then provides a kubernetes-based deployment strategy that implements that archetype. Our implementation provides a multi-tenant, multi-application, multi-cluster strategy, with CI/CD, micro-segmentation, policy management, traffic routing, SLOs and application + infrastructure monitoring. This allows for application teams to own their services, while allowing infrastructure teams to perform updates without service interruption.
Speakers
avatar for Ameer Abbas

Ameer Abbas

Outbound Product Manager, Google
Ameer is a Google product manager focused on application modernization and cloud native platforms.
avatar for Steve Mcghee

Steve Mcghee

Reliability Advocate, SRE, Google
Steve was an SRE at Google for about 10 years in Android, YouTube and Cloud. He then joined a company to build reliable systems on the Cloud. Now he's back at Google, helping more companies do that.

Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

11:55 CEST

Taming Tactical Cluster Federation at the Edge - Anna Magdalena Kosek, TNO & Stefan van Gastel, Dutch Ministry of Defence
Cluster federation sounds easy: you take several k8s clusters and treat them as one. Right? Easy! What if the network is unstable? What if clusters are resource-diverse and on the move? What if clusters join, unjoin, and re-join spontaneously? What if a cluster running a stateful application leaves the federation? Cluster federation does not sound so easy anymore. Join us on an adventure of bringing cloud federation to the edge and uncovering just how far a mesh of elastic mobile clouds can stretch. See the use Liqo for distributed federation; a combination of TAS (Telemetry Aware Scheduler) and OLSR (Optimized Link State Routing) for network aware scheduling; and Chaos Mesh to simulate network effects. We will show you a tactical cloud concept developed together by TNO and the Dutch Ministry of Defence, where manned or unmanned vehicles join spontaneously in ad-hoc cloud constellations to deliver a resilient, distributed, and collaborative computation.
Speakers
avatar for Stefan van Gastel

Stefan van Gastel

Head of Innovation and Research at JIVC, Dutch Ministry of Defence
Starting his career as a web developer, Stefan van Gastel has seen and joined the rise of innovative technologies, methods, and principles. Being responsible for starting movements to implement CI/CD, DevOps, containerization, and other modern software development practices within... Read More →
AM

Anna Magdalena Kosek

Senior Software Intergator, TNO
PhD Anna Magdalena Kosek is a senior software engineering and integration expert at TNO, Netherlands Organization for Applied Scientific Research. She has a background in mathematics and computer science and is an experienced software developer, architect, analyst, researcher, and... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Auditorium Center | G104-105
  Runtime Performance + Constrained Environments

11:55 CEST

Automated Cloud-Native Incident Response with Kubernetes and Service Mesh - Matt Turner, Tetrate & Francesco Beltramini, Control Plane
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain. Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world. In this talk, Francesco and Matt will * Recap incident response 101 * Introduce some cloud-native tech including Kubernetes, Istio, and GitOps * Show an Operator built by Matt for dynamically adding complex layer-7 traffic rules in response to changes in the environment, which will be used as part of the demo * Walk you through a response to a log4shell attack against a workload in a k8s cluster: sensor alert, SIEM analysis, IRP automation (honeypots, isolation), building the IoC, and killing the attack.
Speakers
avatar for Matt Turner

Matt Turner

Software Engineer, Tetrate
Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over a decade. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's given many... Read More →
avatar for Francesco Beltramini

Francesco Beltramini

Security Engineering Manager, ControlPlane
Francesco is a Security Professional with 10+ years of working experience and deep technical competence matured on a number of high-end projects for both public and private sector organizations. Francesco had the opportunity of working on a variety of technology stacks in designing... Read More →

Thursday April 20, 2023 11:55 - 12:30 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

11:55 CEST

Kubernetes Defensive Monitoring with Prometheus - David de Torres Huerta & Mirco De Zorzi, Sysdig
A great ecosystem of applications and open source projects has emerged to cover different needs and use cases. However, most of the time we always think about using these applications in the use case that they have been designed for. One example is Prometheus, which is the graduated monitoring project in the CNCF. However, monitoring can become a complementary defensive tool for other projects like Falco. Its access via metrics to other kinds of information that is not available in the kernel calls and the ability to look back in the past, allows Prometheus to cover some blindspots that can be exploited by potential attackers. In this talk, David and Mirco will explore some interesting use cases and practical examples where Prometheus can be used for defensive monitoring, giving some ready to use examples and comparing the pros and cons of this approach with runtime security.
Speakers
avatar for David de Torres Huerta

David de Torres Huerta

Engineer Manager, Sysdig
David is Manager of Engineering at Sysdig and has studies on Computer Science and Cultural and Social Anthropology. Previously he worked as CTO in a company specialized in IoT for energy metering and Industry 4.0. He is a computer engineer and collaborates with open source projects... Read More →
avatar for Mirco De Zorzi

Mirco De Zorzi

Software Engineer, Sysdig
Mirco is a Software Engineer at Sysdig. Although he currently works on the data platform team he’s also passionate about security, often participating in cybersecurity competitions, and tutoring new students on network security at Ca’ Foscari University.

Thursday April 20, 2023 11:55 - 12:30 CEST
Auditorium Center | Emerald Room
  Security + Identity

12:30 CEST

Lunch 🍲
Thursday April 20, 2023 12:30 - 14:30 CEST
Halls 1 + 5
  Breaks

12:30 CEST

Diversity + Equity + Inclusion Lunch
Special lunch program featuring discussion around diversity, equity, and inclusivity.

Thank you to our sponsor, Intel!
Thursday April 20, 2023 12:30 - 14:30 CEST
TBA
  Diversity + Equity + Inclusion

13:00 CEST

Marketing Lounge Office Hours
Thursday April 20, 2023 13:00 - 15:00 CEST
Congress Center | D506
  Experiences

14:30 CEST

Unlocking the Potential of KEDA: New Features and Best Practices - Jorge Turrado Ferrero, SCRM Lidl International Hub & Zbynek Roubalik, Red Hat
KEDA is an open-source project that allows users to scale their applications based on the number of events rather than resource usage. This makes it perfect for event-driven architectures and workloads in general, where cost-saving is essential. Furthermore, KEDA provides autoscaling (including scaling to zero) that allows for better utilization of resources by only running pods when there is an actual workload. In this talk, we will provide an overview of the project and its current features and discuss new and upcoming developments. Some of the new features are: - Improved monitoring capabilities - Performance improvements - Improved validation of resources - The possibility to run multi-tenant installations We will discuss best practices and also describe the new features to help attendees better understand how to use KEDA to scale their applications effectively and take advantage of the latest developments in the project. A demo will also be provided to show the KEDA in action.
Speakers
avatar for Zbynek Roubalik

Zbynek Roubalik

Principal Software Engineer, Red Hat
Zbynek works as Principal Software Engineer working for Red Hat within the OpenShift Serverless team. Maintainer of CNCF incubating project KEDA, which aims to help with event-driven applications autoscaling on Kubernetes. Member of the Knative Technical Oversight Committee. In the... Read More →
avatar for Jorge Turrado

Jorge Turrado

SRE Expert, SCRM Lidl International Hub
I have been working around software development for more than 6 years. Involving development, infrastructure architecture, monitoring, etc. Currently, I work as SRE at SCRM Lidl International Hub. Also, I have been awarded with Microsoft MVP for 4 years in a row and nowadays, I invest... Read More →

Thursday April 20, 2023 14:30 - 14:45 CEST
Forum Center | E103-104
  Maintainer Track, KEDA

14:30 CEST

Hacking and Defending Kubernetes Clusters: We'll Do It LIVE!!! - Rowan Baker & James Cleverley-Prance, ControlPlane
Ever wondered about the security of your own Kubernetes cluster, but new to Kubernetes security and not sure where to start? In this talk Rowan and James will, via a series of live demos, demonstrate both common attacks and offensive techniques against Kubernetes clusters and workloads, and the runtime controls to protect against them. Scenarios include: * Leveraging a compromised Container to attack the underlying node, pivot across the network, or abuse accessible secrets and tokens. * A Malicious Insider exploiting common RBAC misconfigurations. * Using a single node to hijack the entire cluster. Each attack will be contextualised via mapping to the threat model resources available to the community today, such as the MITRE ATT&CK® Containers Matrix and CNCF Financial Services User Group attack trees. Rowan and James will explain how to use these resources, and the demonstrated attacks and controls to threat model, security test and defend your own Kubernetes Clusters.
Speakers
avatar for Rowan Baker

Rowan Baker

Head of Security, ControlPlane
Rowan has extensive experience auditing, accrediting, and developing Kubernetes and containerised systems for high compliance commercial and public sector organisations. He is an author of the GKE CIS Benchmark, contributor to the CNCF Financial Services User Group Kubernetes Threat... Read More →
avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. He spends his days focusing on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and security architecture. He has reviewed the security posture of numerous... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7 | Room A
  101 Track

14:30 CEST

Telepresence Case Studies: From First Experience to Fast Feedback at Scale - Edidiong Asikpo, Ambassador Labs
Building and testing your microservice-based application becomes difficult when you can no longer run everything locally due to resource requirements. Moving to the cloud for testing is a no-brainer, but how do you synchronize your local changes against your remote Kubernetes environment? Following the usual container build-push-test cycle makes your inner development loop slower because you’d have to wait for minutes, sometimes hours, before seeing the impact of your code changes, and this dramatically reduces the number of iterations you can perform, the features you can ship to your end-users and negatively impacts the developer experience. Using three companies as a case study, this talk highlights how adopting the open source CNCF tool Telepresence improved their developer experience, accelerated their inner dev loop, and reduced staging environment compute costs. An explanation of what Telepresence is and a demo of how to implement it will also be covered in this talk.
Speakers
avatar for Edidiong Asikpo

Edidiong Asikpo

Senior Developer Advocate, Ambassador Labs
Edidiong Asikpo is a Senior Developer Advocate based in Lagos, Nigeria. She is passionate about sharing her knowledge of DevOps through technical articles, videos, and social media. Edidiong has given over 100+ talks at tech events worldwide and continues to play a significant role... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7 | Room C
  Application + Delivery

14:30 CEST

Scaling Databases at Activision - Greg Smith & Vladimir Kovacik, Activision/Blizzard
A brief story of how we came to use Vitess/Kubernetes to power some of the biggest entertainment franchises on the planet A few years ago we started thinking about: “What would it look like to run a database on Kubernetes?” We had just migrated most of our workloads from VMs to Linux system containers. This unlocked a lot of performance potential, while being a mostly drop-in replacement. As our fleet grew and the on-call burden started to rear its head, we did some requirements gathering for running these databases using our new Kubernetes-based platform. We ended up testing a parallel track using several open source technologies. Months into the testing there was a very clear winner which met our requirements: Vitess. We spent the last few months of the year building a proof of concept for one of our smaller services, and launched it with that year’s major titles. The success of this spurred an increased interest in Vitess across Demonware/Activision leading to many larger services adopting it for the following year. This talk will mainly be about the transitional phases of moving from our classic database stack to Vitess. We will give a high level overview of the experience, what we learned, and some interesting points worth sharing to the wider community.
Speakers
avatar for Vladimir Kovacik

Vladimir Kovacik

Senior SRE, Activision/Blizzard
Vladimir Kovacik is a Senior SRE at Activision, working from Vancouver, Canada. He’s worked in a variety of roles during his 20 years of experience. Vlad started as a software engineer in Slovakia, then transitioned to a systems engineer. Later he worked as a cloud engineer in Ireland... Read More →
avatar for Greg Smith

Greg Smith

Principal Architect, Activision/Blizzard
Greg Smith is a Principal Architect at Activision, based out of Vancouver, Canada. He has been working at Activision for around 10 years, and has been a key person for many AAA game launches. With over 20 years of experience, ranging from being a pen tester in Japan to a systems engineer... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Auditorium Center | G104-105
  Business Value

14:30 CEST

Patterns in Plain Sight: How TestGrid Demystifies Noise in Test Signals - Michelle Shepardson & Sean Chase, Google
If you’ve developed for Kubernetes or Knative and had tests fail, you’ve seen TestGrid. As the name implies, it’s a Grid of Tests, but it’s also a powerful alerting and summarization tool. It’s an open-source, kubernetes-based system that couples best with Prow, but can be paired with any test framework that publishes results to the cloud. Join us as we explore TestGrid, and how to get the test signal you care about. We'll cover how TestGrid works, its move to open-source, and how you can extend TestGrid to fit your needs. For more, see TestGrid's repo at https://github.com/GoogleCloudPlatform/testgrid/, and TestGrid itself at testgrid.k8s.io.
Speakers
MS

Michelle Shepardson

Software Engineer, Google
Michelle Shepardson is a Senior Software Engineer at Google, with over 10 years of experience in developing tooling and helping engineer productivity. As a member and chair of sig-testing, they primarily focus on developing TestGrid, a tool for visualizing test results in a grid to... Read More →
SC

Sean Chase

Software Engineer, Google
Sean Chase is a Engineering Productivity Developer at Google who has worked with the Kubernetes community for 3 years. He maintains and develops TestGrid and Prow, to keep the PRs and tests flowing. Sean has years of experience with both tests and grids.

Thursday April 20, 2023 14:30 - 15:05 CEST
Elicium Building | D201-202
  CI/CD

14:30 CEST

Community Leaders Tell All: Everything You Wanted to Know and Were Too Afraid to Ask - Kim McMahon, Kyverno / Nirmata; Lisa-Marie Namphy, Cockroach Labs; Sharone Zitzman, RTFM Please Ltd; Bart Farrell, Consultant/Content Creator
There is no doubt that community, visibility, and marketing is a key component to the health and growth of open source projects. There are many approaches you can choose, and of course many missteps can happen along the way to building your community tribe. The important thing is to listen, learn, and try new things. In this presentation, community leaders Kim McMahon, Lisa Marie-Namphy, Sharone Zitzman, and moderator Bart Farrell will share their top pieces of advice on how they have built inclusive, sustainable, and healthy communities. To give you a sneak peek… Inclusivity, empathy, and assume positive intent. The big tent and be ready to chop wood and carry water. There are no silver bullets. Community building is one user at a time with personal connections and attention to details. Metrics. Which ones matter and how to measure? Join us for this panel if you are looking to kickstart your own open source community, or are part of an open source community and would like to learn how to optimize and grow it, and make a greater impact.
Speakers
avatar for Lisa-Marie Namphy

Lisa-Marie Namphy

Head of Developer Relations, Cockroach Labs
Lisa is a developer advocate and community architect, and a CNCF Ambassador with 20+ years of experience primarily at Cloud Native, Analytics, and Enterprise Software companies and start-ups. Lisa organizes and runs the SF Bay Cloud Native Containers User Group (one of the world’s... Read More →
avatar for Kim McMahon

Kim McMahon

Leader Open Source and Community, Cisco
Kim McMahon is well-known in the CNCF ecosystem for leading the marketing and community activities during the Dan Kohn era. She has moved to run community and open source marketing at Cisco where talking with developers is a key activity. Community building, breaking down barriers... Read More →
avatar for Bart Farrell

Bart Farrell

Head of Community, Data on Kubernetes Community
Bart Farrell is a freelance consultant and a CNCF Ambassador. He has been the Head of Community at the Data on Kubernetes Community since 2020, in which he’s hosted 170+ livestreams and four co-located events at KubeCons. Bart creatively focuses his community efforts on bringing... Read More →
avatar for Sharone Zitzman

Sharone Zitzman

Chief Manual Reader, RTFM Please Ltd
Sharone Zitzman, is a developer relations professional and an open source community builder, who likes to work with engineering teams that are building products that developers love. Having built both the DevOps Israel and Cloud Native & OSS Israel communities from the ground up... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Auditorium Center | G106-107
  Community

14:30 CEST

How to Develop a Robust Operator for Day-2 (Lesson Learned on KubeVirt/HCO) - Simone Tiraboschi, Red Hat
Developing a new Operator for day 1 operations (deployment, initial configuration) is nowadays quite easy. But from our experience, and from our mistakes, developing the Hyperconverged Cluster Operator for the KubeVirt project we know that this is just the tip of the iceberg. KubeVirt manages VMs and VMs are a strange beasts: they should not simply be destroyed and restarted on a different node but they should be migrated and this takes time so so the upgrade is long and complex. This presentation will share what we learned developing, over the years, an operator that manages a rich product that hosts stateful applications. You will learn about: - Control plane vs workload upgrade - Long running upgrades - Reliability concerns: canary deployments and fail-forward upgrades - Protecting pre-release feature with feature-gates - How to introduce new APIs and deprecate others - How to discriminate defaults vs explicit user choices vs don't care ones - How to implement it with a declarative approach to write less imperative code - How to keep the upgrade matrix small and how to be able to plot the upgrade graph Attendees will be ready to face upgrade challenges providing a robust operator that the user can trust for fully automatic and continuous upgrades
Speakers
avatar for Simone Tiraboschi

Simone Tiraboschi

Principal Software Engineer, Red Hat
Simone Tiraboschi is a Principal Software Engineer at Red Hat, where he’s been focused on automating and writing deployment tools for Virtualization technologies since 2014. He’d been the maintainer of the hosted-engine deployment tool for the oVirt project and since 2019 he is... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7 | Room E
  Customizing + Extending Kubernetes

14:30 CEST

Cluster API Providers: Intro, Deep Dive, and Community! - Ashutosh Kumar & Ankita Swamy, VMware; Richard Case, SUSE
Come learn about Cluster API (a Kubernetes sub-project) which allows users to do declarative and easy life cycle management of Kubernetes clusters on many target infrastructure environments. We’ll cover CAPI providers, with a special focus on Azure, GCP, and AWS providers. In this session, we will cover: 1. Introduction to Cluster API 2. Overview of CAPI providers: CAPZ, CAPG, and CAPA, how to join and get involved. 3. Introduction to the features around managed Kubernetes. 4. Update on topics like Identity and management and Async reconciliation 5. Future trends and goals for the infrastructure providers. At the end of this session, the audience will take away an understanding of the cluster lifecycle and management on public clouds, along with what’s new and how to contribute back to open source and the CNCF.
Speakers
AK

Ashutosh Kumar

Senior Member of Technical Staff, VMware
Ashutosh is an engineer at VMware on cluster lifecycle team and is an active contributor and reviewer of the cluster api provider azure project. Prior to this, he worked in a storage startup and is an emeritus control plane maintainer of the OpenEBS project which is a CNCF sandbox... Read More →
avatar for Richard Case

Richard Case

Principal Engineer, SUSE
Richard Case is a Principal Engineer @SUSE where he works on building Kubernetes products and open source. He's currently one of the maintainers of the AWS, GCP & Microvm Cluster API providers.
avatar for Ankita Swamy

Ankita Swamy

Senior Member of Technical Staff, VMware
Ankita is working as Senior MTS at VMware. She is a part of the Edge team at VMware. She is an acting maintainer of Cluster API provider for AWS and contributes to CAPZ/CAPV as well. She has worked on developing cloud native applications on OpenStack cloud through microservices in... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Forum Center | Forum
  Maintainer Track, Cluster API

14:30 CEST

Kubernetes Networking 101: An Overview of Popular Networking Options - Goutam Verma, Student Developer
Kubernetes Networking: Understanding the Options Available. This presentation, led by Goutam Verma, will dive into the various networking options available in Kubernetes, such as Calico, Flannel, and Weave. Attendees will gain a comprehensive understanding of the features and use cases of each option and how they compare to each other. The talk will cover the advantages and disadvantages of each option, including their scalability, security, and ease of use. Additionally, the presentation will cover the real-world use cases and scenarios that can help attendees to make informed decisions when choosing a networking solution for their Kubernetes environment. This talk is suitable for anyone who wants to improve their knowledge of Kubernetes networking and make the most out of the Kubernetes cluster. Whether you're a developer, an administrator, or a network engineer, this talk will give you the information you need to effectively manage and operate your Kubernetes network.
Speakers
avatar for Goutam Verma

Goutam Verma

Software Developer, ETH India
Goutam Verma, an accomplished OpenSource Developer from India. With experience at top organizations such as Google Summer of Code, Summer of Bitcoin, MLH Fellowship, GeeksforGeeks and ETH India. A proven track record of success in delivering high-quality projects.

Thursday April 20, 2023 14:30 - 15:05 CEST
In Virtual Platform
  Maintainer Track, I/O: Networking + Storage

14:30 CEST

Kyverno Introduction and Deep Dive - Charles-Edouard Brétéché, Nirmata & Jinhong Brejnholt, Saxo Bank
Kyverno is a Kubernetes policy engine which enables a broad set of use cases to secure and automate Kubernetes workloads and cluster configurations. Kyverno policies enable resource validation, mutation, generation, cleanup, and software supply chain security use cases all without requiring knowledge of a programming language. In this session, Jinhong and Charles-Edouard will introduce you to Kyverno and explain and demonstrate in detail all of its capabilities. First, as a Kyverno user and community member, Jinhong will present how her company evaluated policy engines, and how they utilize Kyverno to not only enforce security and best practices, including better secret management. Next, Charles-Edouard, will dive into key project updates and features and demonstrate how to use Kyverno for Policy-as-Code and governance across clusters. They will also share future roadmap plans, how you can get involved in the community, and provide resources you need to start solving your use cases.
Speakers
avatar for Jinhong Brejnholt

Jinhong Brejnholt

Lead Cloud Architect, VELUX A/S
Jinhong is a hands-on cloud and platform developer/architect. She is passionate about DevSecOps practice and Cloud native technologies. She holds MSc. in Software Development and Technology, and is a certified Kubernetes application developer, administrator and security specialist.Currently... Read More →
CB

Charles-Edouard Brétéché

Staff Engineer, Nirmata
Charles-Edouard Brétéché is a Staff Engineer at Nirmata, a maintainer for Kyverno, and is contributing to various open source projects, including a Terraform provider for kOps. He has been building and delivering software for more than 20 years, as a software engineer, SRE, platform... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Forum Center | E107-108
  Maintainer Track, Kyverno

14:30 CEST

The State of Green Software + Cloud Native - Leonard Vincent Simon Pahlke, Liquid Reply & Cara Delia, Red Hat
In this session, you will hear the latest from the CNCF Environmental Sustainability TAG. We’ll focus on the findings exploring the Cloud Native Sustainability landscape, the landscape of organizations that we collaborate with, and the Cloud Native Sustainability maturity model! We highlight current bottlenecks and challenges and provide guidance and opportunities to contribute to sustainability yourself. This will introduce you to cloud native projects that you can use today to build your tech stack a little more sustainable.
Speakers
avatar for Leonard Pahlke

Leonard Pahlke

Software Engineer, Liquid Reply
Leonard is a CNCF Ambassador and chair of the TAG Environmental Sustainability, previously the Kubernetes Release Lead for v1.26 and in general passionate about software, cloud, open source and sustainability related things.
avatar for Cara Delia

Cara Delia

Principal Community Architect Financial Services and Sustainability, Red Hat
Advocates open source principles and practices by contributing to external open source communities focused on Financial Services and Climate Sustainability at Red Hat.

Thursday April 20, 2023 14:30 - 15:05 CEST
Auditorium Center | G109
  Maintainer Track, TAG

14:30 CEST

Ephemeral Clusters as a Service with ClusterAPI and GitOps - Alessandro Vozza, Solo.io & Joaquin Rodriguez, Microsoft
GitOps has seen widespread adoption in the last few years due to the clear advantages over traditional CI/CD tools. However, with adoption comes the growing pains of scale: running and managing multiple clusters across different cloud providers represents a major hurdle for organizations wanting to adopt Kubernetes as a standard deployment platform. In particular, observability and security at scale are two thorny aspects that need to be addressed; we will demonstrate how it’s possible to tame the complexity of such scaled infrastructure via open-source tools, such as ClusterAPI, ArgoCD and Prometheus+Thanos to provide control and visibility over an arbitrary number of clusters. We will show a sample, created after our collective experience at large scale customers, which can automate the deployment of hundreds of clusters and applications automatically and securely, and collect metrics from all the ephemeral clusters along the way.
Speakers
avatar for Joaquin Rodriguez

Joaquin Rodriguez

Senior Software Engineer, Microsoft
Joaquin Rodriguez, a Senior Software Engineer in the Commercial Software Engineering organization at Microsoft, helps customers tackle their toughest technical problems, on the cloud and at the edge. With over ten years of experience, Joaquin is passionate about open-source technologies... Read More →
avatar for Alessandro Vozza

Alessandro Vozza

Developer Advocate, Solo.io
Community leader and CNCF ambassador, Alessandro has spent the last few years building cloud native infrastructures for Microsoft customers, animating the Dutch community, and training others to pass the CKx exams. He has passion for all things cloud native, he's been around open... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7 | Room B
  Open Interfaces + Interoperability

14:30 CEST

Making Legacy Modern: How to Monitor and Fine Tune the Performance of Your Windows Clusters - Brandon Smith & Howard Hao, Microsoft
Having trouble running your Windows clusters at scale? We’re here to help! Nowadays cost reduction is at the forefront of everyone’s minds, and we want to help you do more in your Windows clusters with minimal excess resource utilization and optimal reliability. Join us in a deep dive where we address the most common problems facing Windows clusters today and how you can work proactively to get the most out of your deployment. In this session we’ll introduce a new open-source tool for you to run on Windows nodes which monitors known performance and reliability problems, issues alerts, and helps you take proactive action to achieve a high degree of cluster performance and reliability needed to maintain customer SLAs. We’ll then dive into installing the windows-exporter via HostProcess containers and explain the best practices in monitoring Windows via Prometheus. Finally, we’ll walk through how Windows behaves under common workload scenarios and explain how to avoid any common pitfalls. Kubernetes is difficult enough to get working for new applications, let alone for anything legacy. Join us in sharing the journeys of other community members to help you learn and get up and running in no time.
Speakers
avatar for Brandon Smith

Brandon Smith

Product Manager, Microsoft
Brandon Smith is a Kubernetes SIG-Windows contributor and product manager focused on driving the performance and reliability of the Windows container technology. He helped drive the HostProcess K8s feature to fruition, has presented for SIG-Windows at previous KubeCons, and is working... Read More →
HH

Howard Hao

Principle Software Engineer, Microsoft
Howard Hao is a software engineer focused on advancing the performance and reliability of the Windows container platform at Microsoft. Howard maintains a holistic view of container performance across all areas of Windows and is the chief knowledge source for any problems facing the... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7 | Room D
  Reliability + Operational Continuity

14:30 CEST

Cluster Grey Zone: Risks in Managed Cluster Middleware - Shay Berkovich & Barak Sharoni, Wiz
With the increase in K8s and cloud popularity, cloud security providers (CSPs) realized the advantages of offering Kubernetes as a PaaS to their users. Today the default deployment of production workloads is through the cloud-managed Kubernetes services, where the responsibility for securing the cluster is shared between the user and the CSP. While users are generally aware of their own workloads, there is a less-documented set of components, automatically deployed by the CSPs and running on worker nodes. We call it Managed Cluster Middleware (abbreviated MCM). A freshly deployed EKS node will typically have 3 additional pods, AKS and GKE deploy even more pods. The number increases depending on the features and plugins one chooses to add to the defaults. MCM can introduce an additional threat surface, with a footprint on every node and carrying high privileges, additional network exposure and vulnerabilities. Therefore, MCM can be an attractive target for attackers, while frequently omitted by scanners and configuration tools. This talk follows up on our previous research on cloud grey zone. We analyze the MCM security posture as we would approach the non-trusted deployments. Consequently, we review how users should adjust their K8s threat model in light of this research.
Speakers
BS
avatar for Shay Berkovich

Shay Berkovich

Threat Research, Wiz
Shay is part of the Threat Research team in Wiz working on various aspects of container security with the emphasis on Kubernetes emerging threats. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security research... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Forum Center | E105-106
  Security + Identity

14:30 CEST

Image Signing and Runtime Verification at Scale: Datadog's Journey - Ethan Lowman, Datadog
The recent prevalance of software supply chain attacks has led to a flurry of new tools and approaches to secure the end-to-end integrity of container images, and image signing in open source is gradually reaching maturity through projects like SigStore. However, the path is largely uncharted for signing and verifying container images internally at scale. Internally, Datadog's engineering teams use a wide variety of languages and CI/CD configurations, constantly deploying images to tens of thousands of nodes across dozens of Kubernetes clusters, spanning multiple cloud providers and datacenters. To meet the challenges of this complex environment, we take a unique approach to image signing and verification. To ease adoption and maintenance of image signing across heterogenous build environments, we take a service-oriented approach, encapsulating cryptographic complexity within a gRPC signing service. For verification, motivated by both reliability and security, we buck the trend of using Kubernetes admission controllers, validating image signatures at runtime using an image verification plugin system we are contributing upstream to containerd. In this talk we discuss how we reached these designs, and share our experience operating this system in production.
Speakers
avatar for Ethan Lowman

Ethan Lowman

Senior Software Engineer, Datadog
Ethan Lowman is a senior software engineer at Datadog working on software supply chain security, including container image signing and verification. Previously, he has worked on large-scale network flow monitoring systems, infrastructure configuration security monitoring tools, and... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Auditorium Center | Emerald Room
  Security + Identity

14:30 CEST

Mind the Gap! Bringing Together Cloud Services and Managed K8s Environments - Christophe Tafani-Dereeper, Datadog & Diego Comas, Sourcegraph
Many organizations run Kubernetes as part of managed offerings such as AWS EKS, Azure AKS or GCP GKE. But that’s only one part of the story; other pieces of infrastructure such as databases, object storage or legacy workloads generally live outside the cluster. In this context comes the need to bridge the gaps between what runs inside a managed Kubernetes cluster, and what is deployed in other services of the cloud provider. In this talk, we start by reviewing how the different cloud providers tackle authenticating and authorizing humans to the managed Kubernetes control plane, as well as individual workloads to the cloud provider API. Then, we dive into the different techniques to bring external secrets (e.g., from AWS Secrets Manager) inside the cluster. Along the way we cover how practitioners can leverage these mechanisms to architect cloud-native applications that benefit from the full power of cloud services, while avoiding complete vendor lock-in. We also describe how an attacker can abuse these mechanisms to pivot from exploiting a single containerized workload to compromising full cloud environments, and how to best protect against these attack vectors.
Speakers
avatar for Christophe Tafani-Dereeper

Christophe Tafani-Dereeper

Cloud Security Researcher & Advocate, Datadog
Christophe works on cloud security research and open source at Datadog. He was previously a software developer, penetration tester and cloud security engineer, where he extensively worked with cloud and container technologies and in particular managed Kubernetes solutions. He previously... Read More →
avatar for Diego Comas

Diego Comas

Head of Security, Sourcegraph
Diego is the Head of Security at Sourcegraph. He is passionate about cloud-native security and has years of experience protecting cloud environments and containerized applications, in particular in large engineering organizations and highly regulated environments.

Thursday April 20, 2023 14:30 - 15:05 CEST
Auditorium Center | Auditorium + Balcony
  Security + Identity

14:30 CEST

Tutorial: What Went Wrong with My Persistent Data? - Le Tran & Michael Cade, Kasten by Veeam
Looking for the fundamentals around Kubernetes storage with volumes, especially persistent volumes, persistent volume claims, and storage classes? Then this tutorial is for you. Michael and Le will introduce some fundamental concepts, then dive right into some common pitfalls of setting up persistent data storage in Kubernetes clusters in the format of troubleshooting labs. During these hands-ons labs, folks will be presented with some common errors when setting up pods with persistent volumes or persistent volume claims in a cluster, and will work to identify and resolve these issues. They will be provided with tips and tools on how to navigate these scenarios. Newcomers to K8S will leave with an understanding of basic concepts and tools to effectively work with and troubleshoot persistent data. Additionally, they will also walk away with suggestions around data management for data services, and how to protect their data.
Speakers
avatar for Le Tran

Le Tran

Member of Technical Staff, Kasten by Veeam
Le Tran has been a member of the technical staff at Kasten by Veeam since October 2021 and is new to cloud native development. Prior to joining Kasten, she worked in the automotive embedded systems industry as a software engineer. She led a team that launched new surround view camera... Read More →
avatar for Michael Cade

Michael Cade

Field CTO, Kasten by Veeam
A community first technologist for Kasten by Veeam Software. Based in the UK with over 16 years of industry experience with a key focus on technologies such as cloud native, automation & data management. His role at Kasten is to act as a technical thought leader, community champion... Read More →

Thursday April 20, 2023 14:30 - 16:00 CEST
Elicium Building | Elicium Ballroom 1 + 2
  Tutorials, 101 Track

14:30 CEST

🚨 ContribFest: Contour - A Route to Becoming a Contributor and Improving Ingress (Limited Availability; First-Come, First-Served)
Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. We are actively seeking more feedback in the areas of adding more advanced API Gateway features and onboarding new users and contributors so they are able to join the conversation and contribute to the project.

For those new to the project we will provide a tour of the repository and help set up development environments to begin contributing on some existing issues of outstanding technical debt.

For those that have some familiarity with Contour and API Gateways, we will spend time getting deeper in technical detail about how new features will be implemented and how they will fit together with Contour and its current capabilities.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Speakers
TS

Tero Saarni

Principal Developer, Ericsson
Tero Saarni is a developer at Ericsson. He is a maintainer of Contour ingress controller and contributor to several other projects in the cloud-native space.
SK

Steve Kriss

Staff Engineer, VMware
Steve Kriss is currently a Staff Engineer at VMware focused on service networking in Kubernetes. He is a maintainer on Contour and Envoy Gateway and a contributor to Gateway API. In the past he was a lead maintainer for Velero (formerly Heptio Ark), a cloud-native backup and restore... Read More →

Thursday April 20, 2023 14:30 - 16:00 CEST
K101-102
  🚨 ContribFest

15:25 CEST

Using DevSpace to Usher in an Era of Peace for Our Developers - Rajsimman Ravichandiran, Independent
At Ada, our software engineers are the superstars who bring our products to life. Yet they used to have to jump through complex hurdles to develop and deploy their code to production. They had to share testing clusters, solve a myriad of puzzles to set up local environments, and request multiple teams to gain access to the deployment environments. This clearly bruised their developer experience and hampered their velocity. Faith in their code dwindled as they played Hunger Games with other developers, and that made their testing experience miserable. Our platform team decided to take the action and implemented a solution using open source tools, including Kubernetes and DevSpace. We were able to create a safe space for our developers to test and rapidly improve their developer productivity. Since then, our developers have created hundreds of ephemeral dev environments to satisfy their testing needs, which has greatly improved the quality of code deployed to production. How did we do it? Join us for this case study to find out.
Speakers
avatar for Rajsimman Ravichandiran

Rajsimman Ravichandiran

Senior DevOps Engineer, Independent
Raj is a Senior DevOps Engineer and has over 5+ years of professional experience in cloud infrastructure management and software development. His passion is in cloud computing, Site Reliability Engineering and DevOps. Outside of work, he often likes to break things (sometimes literally... Read More →

Thursday April 20, 2023 15:25 - 16:00 CEST
Hall 7 | Room A
  101 Track

15:25 CEST

Processing of Amsterdam City Data with Vendor Agnostic Serverless Functions - Mohit Suman & Zbynek Roubalik, Red Hat
Serverless and Functions are useful and interesting concepts, usually used for the development of event-driven applications. That means, applications that scale on demand, consume just the right amount of resources and enable developers to deal just with the business logic. Using Serverless, developers should focus on the code and easy-to-use deployment model. It is usually perceived that Serverless means a vendor lock-in, ie. forcing developers to build the whole solution around one platform without the possibility of migrating to another one. But it is not the case! We will present a solution that enables developers to benefit from Serverless concepts and still be able to deploy across multiple cloud environments. A solution that is very user-friendly to use. No Dockerfiles, and no YAML editing. Just a few CLI commands or actions in your favourite IDE. We will use the Amsterdam City Data to showcase the capabilities of Serverless Functions in the Cloud Native Way. This will be a live demo of adding real-time capabilities to their serverless applications using Functions deployed on multiple cloud platforms, leveraging Knative Serving and Eventing building blocks, CNCF Buildpacks, Tekton Pipelines, Camel-K, and everything within the IDE of the developer's choice.
Speakers
avatar for Mohit Suman

Mohit Suman

Senior Product Manager, Red Hat
Mohit Suman is based out of beautiful country India. He works as a Senior Technical Product Manager at Red Hat, Developer Experience. He holds experience in Product Management, Software Engineering and Architecture in fields ranging from large-scale distributed computing and developer... Read More →
avatar for Zbynek Roubalik

Zbynek Roubalik

Principal Software Engineer, Red Hat
Zbynek works as Principal Software Engineer working for Red Hat within the OpenShift Serverless team. Maintainer of CNCF incubating project KEDA, which aims to help with event-driven applications autoscaling on Kubernetes. Member of the Knative Technical Oversight Committee. In the... Read More →

Thursday April 20, 2023 15:25 - 16:00 CEST
Hall 7 | Room C
  Application + Delivery

15:25 CEST

Building a Successful Business in Cloud Native - Liz Rice, Isovalent; Guillermo Rauch, Vercel; Kelsey Hightower, Google
The cloud native community brings together an ecosystem of open source projects, end user companies, and vendors. Like a natural ecosystem, there’s a delicate balance between the species, and some will thrive while others struggle.

In this panel we’ll discuss how start-ups and smaller vendors can best take advantage of opportunities to succeed within the cloud native ecosystem. How can contributing to open source projects help a business? How can vendors make their products appeal to a community centred around open source? How does this business environment differ from traditional markets, and how can you use these differences to best effect?

Our panel includes practitioners and entrepreneurs who will share the lessons they have learned from their own companies and from their broad perspective across the cloud native ecosystem. We’ll help you understand what works and what doesn’t when you’re building a cloud native business.
Speakers
avatar for Liz Rice

Liz Rice

Chief Open Source Officer, Isovalent
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She sits on the CNCF Governing Board, and on the Board of OpenUK. She was Chair of the CNCF's Technical Oversight Committee in... Read More →
avatar for Kelsey Hightower

Kelsey Hightower

Director, Developer Advocate, Google
Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go... Read More →
avatar for Guillermo Rauch

Guillermo Rauch

CEO and Founder, Vercel
Guillermo Rauch is the founder and CEO of Vercel where he leads the company’s mission to enable developers to create at the moment of inspiration. Prior to founding Vercel, Guillermo co-founded LearnBoost and Cloudup where he served the company as CTO through its acquisition by... Read More →

Thursday April 20, 2023 15:25 - 16:00 CEST
Hall 7 | Room B
  Business Value, Startup Track

15:25 CEST

The Compliance Business Case for Kubernetes in the EU: Get Ready for EUCS - Robert Ficcaglia, SunStone Secure, LLC & Anders Eknert, Styra, Inc.
This session demonstrates how EU enterprise, government, health care, and education organisations can design and build cloud native apps on Kubernetes in compliance with new EU Cybersecurity Scheme for Cloud Services (EUCS) requirements. The session will help users to plan for, enforce and audit EUCS requirements in a Kubernetes cluster using Open Policy Agent (OPA) and other CNCF tools. All cloud native architects, application developers, IT systems operators and mission owners in the EU who plan to host critical workloads on Kubernetes in the cloud must understand these important new regulatory requirements and how OPA can relieve the headache of compliance by allowing policy-as-code collaboration across stakeholder SMEs. The EUCS defines EU-wide rules for the security controls, levels of assurance, and assessment processes. The EUCS is legislation under the EU Cybersecurity Act aiming to increase trust and security in cloud products and services, and to counter fragmentation between member states, facilitate trade and transparency of security features. This is a live, hands-on demo session showing real world examples of "governance ops" for both business and technical stakeholders to understand how to build on Kubernetes confidently with EUCS compliance in the EU.
Speakers
avatar for Anders Eknert

Anders Eknert

Developer Advocate, Styra, Inc.
Anders is a Developer Advocate and a member of the open source team at Styra with a long background in software development, security and identity systems in primarily distributed environments. When not in front of his computer he enjoys watching football, cooking and Belgian bee... Read More →
RF

Robert Ficcaglia

CTO, SunStone Secure, LLC
Robert Ficcaglia is CTO of SunStone Secure, a virtual CISO and Compliance Advisory firm, and also serves as the Kubernetes Policy Workgroup Co-Chair, CNCF Security Technical Advisory Group (TAG) Lead Assessor, and member of the Kubernetes Security Special Interest Group (SIG-security... Read More →

Thursday April 20, 2023 15:25 - 16:00 CEST
Auditorium Center | G104-105
  Business Value

15:25 CEST

Automating Configuration and Permissions Testing for GitOps with OPA Conftest - Eve Ben Ezra & Michael Hume, The New York Times
Deployment is an important part of the software development life cycle. The New York Times had an even more ambitious goal: build a self-service platform that allowed developers to deploy with autonomy. But managing multi-tenant deployments securely is a difficult task. And while top-down checks were configured in Kubernetes and ArgoCD itself that disallowed certain resource creation or access, engineers wanted to ensure there were proper checks in place to make sure no excessive permissions or bad practices, such as latest images, got checked into the source code of the ArgoCD app-of-apps architecture itself. Enter OPA conftest. OPA conftest allows for policies and testing against structured configuration at the PR level, before any code is merged. By narrowing the scope of allowed declarative permissions, the CICD team at NYT was able to take a "trust, but verify" approach to deployment, safeguarding systems while also giving feature developers the autonomy they needed to self-service deploy their applications. In this presentation, the speakers will go through policy set-up, best practices, and implementation within a greater GitOps mindset.
Speakers
avatar for Eve Ben Ezra

Eve Ben Ezra

Software Engineer, The New York Times
Eve Ben Ezra is a Software Engineer with The New York Times Company. Coming from a data and mathematics background, Eve has built a career on using logic to apply solutions to broad business problems while considering necessary outliers. In their free time, Eve makes jokes about kubernetes... Read More →
MH

Michael Hume

Senior Software Engineer, The New York times
Michael Hume is a DevOps engineer who has focused on migrating and containerizing workloads. In his spare time, he enjoys tinkering with Kubernetes and bringing enterprise-like support to non-cloud and edge environments.

Thursday April 20, 2023 15:25 - 16:00 CEST
Elicium Building | D201-202
  CI/CD