Loading…
In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Monday, April 17
 

09:00 CEST

Application Networking Day with Istio, Ambient, eBPF, and Cilium - Hosted by Solo.io - SOLD OUT
This event is currently at capacity. To be placed on the waitlist, please click HERE to provide your information and you will be notified if a seat at the event becomes available.

Start with equal parts API gateway, Kubernetes ingress and service mesh, then throw in security, observability, and multi-tenancy. The world of application networking is changing fast. Join us at this off-site co-located event to learn about what’s new with open source application networking technologies including Istio, Ambient, Cilium and eBPF, and how to use them together to better power your applications.


This event includes one full day of technical sessions presented by end users and industry leaders from across the cloud native ecosystem concurrent with live, hands-on workshops so you can try out the technologies as you learn.

Please note, this is an off-site Sponsor Hosted Co-located Event
For questions regarding this event, please contact: events@solo.io
For details and location information, please visit: https://www.solo.io/events/kubecon/application-networking-day/



Monday April 17, 2023 09:00 - 18:00 CEST
Amstel Boathouse Amsteldijk 223 1079 LK Amsterdam Netherlands

13:00 CEST

Operator Day Hosted by Canonical
What are Software Operators?
Software operators are crucial in the Kubernetes landscape; They help human operators and administrators run their applications efficiently and effectively. At Canonical, we redefined how to operate applications through an OSS-based platform and framework for building and running operators with Juju, the Charmed Operator Framework.
 
Although a software operator is often associated with Kubernetes, operators can cover applications for many substrates: bare metal servers, private clouds, public clouds, and Kubernetes clusters. Juju offers a mature, consistent, intuitive user interface for integrating applications for all substrates.
 
Why attend operator day?
We launched Operator Day at the KubeCon + CloudNativeCon North America conference in 2020. Since then, we have proudly hosted 5 Operator Day events with various sessions presenting industry leaders redefining the operators' landscape.
 
The 6th Operator Day is a must-attend virtual event; it will cover the basics behind software operators, what they are, how to use them, how to create them, and how your team can benefit from them. You can dial in from anywhere and watch use case presentations where software operators have been applied successfully across the entire stack: on VMs, private clouds, public clouds, or in a multi-cloud scenario.

Please note that this is a virtual Sponsor-hosted Co-located event.
For questions regarding this event, please contact: julia.obraztsova@canonical.com
For details please visit: https://app.myonvent.com/event/operator-day


Monday April 17, 2023 13:00 - 18:00 CEST
Virtual

14:00 CEST

14:00 CEST

18:00 CEST

SKYY Bar Happy Hour Hosted by Harness - SOLD OUT
Let's kick off the week of KubeCon + CloudNativeCon in style! Join Harness for an evening of drinks and networking on Monday, April 17th from 18:00 - 21:00 at the SKYY Bar, located on the rooftop of the Westcord Fashion Hotel Amsterdam!

Registration for this event is currently sold out. However, a waitlist has been implemented when adding to your KubeCon + CloudNativeCon registration.

Please note that this is an off-site Sponsor-hosted Co-located event.
For questions regarding this event, please contact: events@harness.io

Monday April 17, 2023 18:00 - 21:00 CEST
SKYY Bar Rooftop of the Westcord Fashion Hotel, Hendrikje Stoffelsstraat 1, 1058 GC
 
Tuesday, April 18
 

07:30 CEST

07:30 CEST

08:00 CEST

Dapr Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Dapr Project Meeting
Tuesday, April 18 | 8:00 - 10:00 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 08:00 - 10:00 CEST
D303 | Third Floor | Congress Centre (Elicium Building)

08:00 CEST

Knative Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Knative Project Meeting
Tuesday, April 18 | 8:00 - 10:00 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 08:00 - 10:00 CEST
D304 | Third Floor | Congress Centre (Elicium Building)

08:00 CEST

Fluent Bit Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Fluent Bit Project Meeting
Tuesday, April 18 | 8:00 - 12:00 CEST
Room G111, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 08:00 - 12:00 CEST
G111 | First Floor | Congress Centre

08:00 CEST

OpenGitOps Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenGitOpsProject Meeting
Tuesday, April 18 | 8:00 - 12:00 CEST
Auditorium Center | Amsterdam Suite

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 08:00 - 12:00 CEST
Amsterdam Suite | First Floor | Congress Centre

08:00 CEST

TAG Environmental Sustainability Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TAG Environmental Sustainability Project Meeting
Tuesday, April 18 | 8:00 - 12:00 CEST
Room G108, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 08:00 - 12:00 CEST
G108 | First Floor | Congress Centre

09:00 CEST

Cloud Native Telco Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
This event is sold out.  

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the Cloud Native Telco Day schedule only, use the right-hand navigation bar to sort and filter.

Adopting cloud native best practices and principles are critical to the success and growth of Service Providers as they scale to meet new demands for 5G and beyond. Cloud Native Telco Day brings together Service Providers and Vendors across the Telco ecosystem to collaborate with the cloud native community to share lessons learned in their cloud native journey. Anyone involved with the digital transformation of Telco applications and/or infrastructures should join our third Cloud Native Telco Day. Please visit the event's webpage for more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 09:00 - 12:30 CEST
Hall 7, Room A | Ground Floor | Europe Complex

09:00 CEST

Linkerd Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
This event is sold out.  

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the Linkerd Day schedule only, use the right-hand navigation bar to sort and filter.

The Linkerd maintainers are thrilled to announce the first ever Linkerd Day, a practitioner-driven community conference that emphasizes end-user case studies as well as deep technical talks. Come join us for an exciting day of technical content, networking, and learning.

Linkerd was the first service mesh, the only service mesh to achieve graduation, and the project to coin the term “service mesh.” Today, Linkerd powers the production infrastructure of organizations around the world. Linkerd’s focus on simplicity and performance makes it unique int the service mesh space, and its community of enthusiastic adopters and contributors continue taking the project to new heights. Please visit the event's webpage more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 18, 2023 09:00 - 12:30 CEST
Hall 7, Room D | Ground Floor | Europe Complex

09:00 CEST

[Livestream Sponsored by Isovalent] CiliumCon Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
CiliumCon will be livestreamed* in our virtual platform, Stova. Thank you to our live stream sponsor, Isovalent. *Must be registered for KubeCon + CloudNativeCon Europe to view livestream. 

This event is sold out.   

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the CiliumCon schedule only, use the right-hand navigation bar to sort and filter.


CiliumCon is a half-day co-located event for Cilium users, contributors, and new community members. You’ll hear from end users who will share their experiences, and from contributors who will teach you about Cilium’s technology, and its use of eBPF to provide high-performance networking, observability, and security features. In addition, following the success of the Cilium Project Meeting held at Detroit, we will set aside time and space for a meet-the-maintainers session where attendees can discuss proposals, PRs, and issues. This includes support for new contributors who need help. Please visit the event's webpage for more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 18, 2023 09:00 - 12:30 CEST
Hall 7, Room B | Ground Floor | Europe Complex

09:00 CEST

AWS Container Day featuring Kubernetes Hosted by AWS
AWS Container Day co-located alongside KubeCon + CloudNativeCon Europe 2023 is a day-long virtual event dedicated to helping Kubernetes practitioners optimize their workloads and reduce their Ops burden. AWS and guest speakers will dive deep into the latest trends, techniques, and best practices for deploying, managing, securing, and scaling with Kubernetes. The day will feature new solution demos and interactive challenges designed to provide hands-on experience and practical insights. Attendees will walk away with new tools, mental models, and resources to innovate, optimize, and scale their applications.

Please note that this is a virtual Sponsor-hosted Co-located event. Additional registration is required.
For questions regarding this event, please contact: aws-container-day@amazon.com
For details, please visit: https://aws-kubecon-eu.splashthat.com/

Tuesday April 18, 2023 09:00 - 16:00 CEST
Virtual

09:00 CEST

ArgoCon Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
This event is sold out.  

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the ArgoCon schedule only, use the right-hand navigation bar to sort and filter.

Celebrate Argo’s recent CNCF graduation by joining us for ArgoCon in Amsterdam. This is our first ArgoCon in Europe after very high demand from Argo users!

#ArgoCon is designed to foster collaboration, discussion, and knowledge sharing on the Argo Project, which consists of four projects: Argo CD, Argo Workflows, Argo Rollouts and Argo Events.

The Argo Project is a suite of open source tools for deploying and running applications and workloads on Kubernetes. It extends the Kubernetes APIs and unlocks new and powerful capabilities in application deployment, container orchestration, event automation, progressive delivery, and more.
Connect with others that are passionate about Argo and interact with project maintainers. Learn from practitioners about pitfalls to avoid and best practices on how to adopt Argo in your cloud-native environment. Get inspired by and provide input to Argo leads on project roadmaps.

The event is vendor-neutral and is being organized by the CNCF Argo Community. Topics in the past have included getting started with Argo, scaling and managing Argo, lessons learned from production deployments, technical sessions, and thought leadership. Please visit the event's webpage for more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 18, 2023 09:00 - 17:00 CEST
Elicium Building | Elicium Ballroom 1 + 2

09:00 CEST

Cloud Native Wasm Day Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
This event is sold out.  

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the Cloud Native Wasm Day schedule only, use the right-hand navigation bar to sort and filter.

Cloud Native Wasm Day highlights the growing importance and ubiquity of WebAssembly throughout the cloud-native ecosystem. As an application host, an application plugin, or an application platform, WebAssembly is a technology that is compatible with containers and Kubernetes but not dependent upon them. Along with devices, virtual machines, containers, and Kubernetes, WebAssembly is an additional deployment method for workloads everywhere. Please visit the event's webpage for more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 09:00 - 17:00 CEST
Hall 7, Room C | Ground Floor | Europe Complex

09:00 CEST

[Livestream Sponsored by Lightstep from ServiceNow] Observability Day Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
Observability Day will be livestreamed* in our virtual platform, Stova. Thank you to our live stream sponsor, Lightstep from ServiceNow. *Must be registered for KubeCon + CloudNativeCon Europe to view livestream.

This event is sold out.  

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the Observability Day schedule only, use the right-hand navigation bar to sort and filter.

Observability Day fosters collaboration, discussion, and knowledge sharing of cloud-native observability projects (including but not necessarily limited to Prometheus, Fluentd, Fluent Bit, OpenTelemetry, and OpenMetrics), as well as vendor-neutral best practices for addressing observability challenges. Sessions include a keynote, panel discussions, workshops, lightning talks, and individual presentations. This event is intended both for audiences that are new to observability as well as for seasoned practitioners. Observability Day will enable you to spend a day peeking under the hood of major Cloud Native Computing Foundation observability-related projects and broadening your knowledge of observability. The event is vendor-neutral and organized by members of the community. Please visit the event's webpage more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 09:00 - 17:00 CEST
Hall 7, Room E | Ground Floor | Europe Complex

09:00 CEST

Azure Day with Kubernetes Hosted by Microsoft Azure - SOLD OUT
Azure Day with Kubernetes Hosted by Microsoft Azure is currently sold out. Please sign up to receive videos after the event.

Join Microsoft experts to learn best practices for building cloud-native apps with Kubernetes on Azure. In this full-day session, you will:
  • Learn how to build modern apps using Azure Kubernetes Service (AKS) and integrated development tools.
  • Understand best practices for managing your Kubernetes footprint, securely and at scale. 
  • Gain a clear understanding of how to manage and optimize cost of your Kubernetes footprint. 
  • Learn how to scale and optimize your workloads for energy efficiency and reduced carbon emissions. 
  • Get a preview into new and upcoming Kubernetes on Azure product updates. 
  • Learn how customers are using Kubernetes on Azure to drive business outcomes. 
Please note that this is an off-site Sponsor-hosted Co-located event.
For event details, please visit: http://azuredaywithkubernetes2023.com
For questions regarding this event, please contact: v-nimcginty@microsoft.com, v-lpalmer@microsoft.com

Tuesday April 18, 2023 09:00 - 17:00 CEST
Hotel Casa Eerste Ringdijkstraat 4, 1097 BC, Amsterdam

09:00 CEST

Data Workshop on Kubernetes Hosted by Portworx by Pure Storage - $50.00 (donated to Dan Kohn Scholarship Fund)
The Data Workshop on Kubernetes brought to you by Portworx by Pure Storage is back for another year! In this one-day workshop, you will be led through a number of labs that highlight how to enhance your Kubernetes application deployments with Kubernetes-native container storage, data management, data protection, and even database services.

You’ll also learn how you can cut down on cloud spend and drive better developer productivity. No matter where you are in your Kubernetes journey, our data workshop will arm you with the tools you need to easily manage secure, resilient, and scalable applications and databases. As part of the workshop, attendees will receive training and experience with the Portworx portfolio of products. Join us for an action-packed day of learning followed by a happy hour where you can network with other industry professionals.

We reserve the right to restrict attendance of any competitors at our event. We appreciate your understanding.

Please note that this is an off-site Sponsor-hosted Co-located event and requires to be added to your KubeCon + CloudNativeCon registration.
The fee is $50.00. Registration proceeds are donated to the Dan Kohn Scholarship Fund.
For questions regarding this event, please contact: jwi@purestorage.com



Tuesday April 18, 2023 09:00 - 17:00 CEST
A’DAM LOOKOUT Overhoeksplein 5 1031 KS Amsterdam

09:00 CEST

Distributed SQL Summit - Hosted by YugabyteDB - SOLD OUT
Distributed SQL is a revolutionary category of databases for building mission-critical, cloud native applications.

Join YugabyteDB at Distributed SQL Summit Europe co-located (off-site) with KubeCon + CloudNativeCon – an open destination for you to discuss, collaborate, share ideas, and learn with your fellow app developers and database practitioners.

Distributed SQL Summit will feature a wide range of thought-provoking technical demos, presentations, networking, and live discussions - all focused on distributed SQL

Please note, this is an off-site Sponsor Hosted Co-located Event
For questions regarding this event, please contact: events@yugabyte.com
For location and event information please visit: https://info.yugabyte.com/2023-dss-amsterdam



Tuesday April 18, 2023 09:00 - 17:00 CEST
nHow Amsterdam RAI Hotel, 23rd Floor, Ginger Room Europaboulevard 2b, 1078 RV Amsterdam

09:00 CEST

OpenShift Commons Gathering Hosted by Red Hat - SOLD OUT (in-person. virtual available)
This Hybrid OpenShift Commons Gathering will be held in-person and all talks will be delivered live and streamed live via Hopin to attendees around the globe. As always, our focus is on creating a welcoming and inclusive space for peer-to-peer interactions online. This Gathering will focus on talks from and by Cloud Native practitioners with production deployments sharing their use cases, insights into their workloads and lessons learned along the way.

Please note that the in-person OpenShift Commons Gathering is an off-site Sponsor-hosted Co-located event. The virtual event will be streamed via Hopin
For questions regarding this event, please contact: npazmino@redhat.com

Tuesday April 18, 2023 09:00 - 17:00 CEST
Amstel Boathouse Amsteldijk 223 1079 LK Amsterdam Netherlands

09:30 CEST

Armada Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Armada Project Meeting
Tuesday, April 18 | 9:30 - 10:30 CEST
Room D408, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 09:30 - 10:30 CEST
D408 | Fourth Floor | Congress Centre (Elicium Building)

09:30 CEST

OpenFeature Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenFeature Project Meeting
Tuesday, April 18 | 9:30 - 10:30 CEST
Room D407, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 09:30 - 10:30 CEST
D407 | Fourth Floor | Congress Centre (Elicium Building)

09:30 CEST

OpenFGA Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenFGA Project Meeting
Tuesday, April 18 | 9:30 - 10:30 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 09:30 - 10:30 CEST
D406 | Fourth Floor | Congress Centre (Elicium Building)

10:30 CEST

Buildpacks.io Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Buildpacks.io Project Meeting
Tuesday, April 18 | 10:30 - 12:30 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 10:30 - 12:30 CEST
D303 | Third Floor | Congress Centre (Elicium Building)

10:30 CEST

Falco Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Falco Project Meeting
Tuesday, April 18 | 10:30 - 12:30 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 10:30 - 12:30 CEST
D304 | Third Floor | Congress Centre (Elicium Building)

10:30 CEST

KubeVirt Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
KubeVirt Project Meeting
Tuesday, April 18 | 10:30 - 12:30 CEST
Room D402, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 10:30 - 12:30 CEST
D402 | Fourth Floor | Congress Centre (Elicium Building)

11:00 CEST

Kubescape Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Kubescape Project Meeting
Tuesday, April 18 | 11:00 - 12:00 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 11:00 - 12:00 CEST
D406 | Fourth Floor | Congress Centre (Elicium Building)

11:00 CEST

Open Cluster Management Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Open Cluster Management Project Meeting
Tuesday, April 18 | 11:00 - 12:00 CEST
Room D407, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 11:00 - 12:00 CEST
D407 | Fourth Floor | Congress Centre (Elicium Building)

11:00 CEST

Pixie Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Pixie Project Meeting
Tuesday, April 18 | 11:00 - 12:00 CEST
Room D408, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 11:00 - 12:00 CEST
D407 | Fourth Floor | Congress Centre (Elicium Building)

12:00 CEST

Learning Day Featuring Kubernetes Hosted by KubeCampus - SOLD OUT
KubeCampus Rookie Lab: 12:00 - 14:00 (Kubernetes beginners!)
KubeCampus Pro Lab: 14:00 - 16:00 (Kubernetes skills!)

Back by popular demand! Kasten by Veeam invites you to take your Kubernetes knowledge to the next level at Learning Day Featuring Kubernetes, hosted by KubeCampus, a community-focused, independent learning resource for Kubernetes users. This no cost, in-person Kubernetes learning session is designed for all levels!

At this event, you’ll have the opportunity to expand your Kubernetes skill set during one of two, 2-hour hands-on labs, where you’ll learn real-world cloud native skills from thought leaders and experts. Choose from two tracks: The Rookie Track (12:00-14:00) offers an intro to Kubernetes, and the Pro Track (14:00-16:00) is a deep dive for those with some Kubernetes experience.

During the labs, you will:

Gain valuable knowledge about Kubernetes, a highly in-demand skill

Build your resume and share your lab completion badge on LinkedIn

Make valuable contacts with industry experts and community members

KubeCampus consistently earns high scores for its informative, hands-on labs – and Learning Day Featuring Kubernetes is another way to ensure the community can benefit from them.

In addition to the labs, you’ll receive your official pin and certificate once you complete each lab. Whether you’re a Kubernetes Rookie or a seasoned Pro, this event will provide ample opportunities to grow your Kubernetes skills and knowledge.

Please note that this is an off-site Sponsor-hosted Co-located event.
For questions regarding this event, please contact: cassandra.faris@veeam.com
 

Tuesday April 18, 2023 12:00 - 16:00 CEST
Hilton Amsterdam Apollolaan 138, 1077 BG Amsterdam

13:00 CEST

Backstage Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Backstage Project Meeting
Tuesday, April 18 | 13:00- 15:00 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 13:00 - 15:00 CEST
D304 | Third Floor | Congress Centre (Elicium Building)

13:00 CEST

LitmusChaos Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
LitmusChaos Project Meeting
Tuesday, April 18 | 13:00 - 15:00 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 13:00 - 15:00 CEST
D303 | Third Floor | Congress Centre (Elicium Building)

13:00 CEST

Etcd Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Etcd Project Meeting
Tuesday, April 18 | 813:00 - 17:00 CEST
Room D408, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 13:00 - 17:00 CEST
D408 | Fourth Floor | Congress Centre (Elicium Building)

13:00 CEST

Flux Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Flux Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room G108, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 13:00 - 17:00 CEST
G108 | First Floor | Congress Centre

13:00 CEST

Harbor Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
HarborProject Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room G111, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 13:00 - 17:00 CEST
G111 | First Floor | Congress Centre

13:00 CEST

TAG App Delivery Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TAG App Delivery Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room D301, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 13:00 - 17:00 CEST
D302 | Third Floor | Congress Centre (Elicium Building)

13:00 CEST

TAG-Runtime Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TAG-Runtime Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Room D301, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 13:00 - 17:00 CEST
D301 | Third Floor | Congress Centre (Elicium Building)

13:00 CEST

TUF Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
TUF Project Meeting
Tuesday, April 18 | 13:00 - 17:00 CEST
Amsterdam Suite, Auditorium Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 13:00 - 17:00 CEST
Amsterdam Suite | First Floor | Congress Centre

13:30 CEST

Istio Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
This event is sold out. 

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the Istio Day schedule only, use the right-hand navigation bar to sort and filter.
Istio Day community event for the industry’s most popular service mesh, where you will find lessons learned from running Istio in production, hands-on experiences, and featuring maintainers from across the Istio ecosystem. Please visit the event's webpage for more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 18, 2023 13:30 - 17:00 CEST
Hall 7, Room D | Ground Floor | Europe Complex

13:30 CEST

Kubernetes Batch + HPC Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
This event is sold out. 

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the Kubernetes Batch + HPC Day schedule only, use the right-hand navigation bar to sort and filter.

An event for contributors and users working on making Kubernetes the best tool to build platforms for mathematical computations – advanced HPC, ML training, data and analytics. We will discuss the latest developments in core Kubernetes around these use cases and what’s happening in the ecosystem and where it should go. Please visit the event's webpage for more details.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 13:30 - 17:00 CEST
Hall 7, Room A | Ground Floor | Europe Complex

13:30 CEST

Kubernetes on Edge Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
This event is sold out. 

Please visit the full event schedule and build your personal schedule by selecting the sessions you would like to attend.  Once in the schedule to view the Kubernetes on Edge Day schedule only, use the right-hand navigation bar to sort and filter.

Kubernetes on Edge Day brings together developers and adopters across the entire cloud native ecosystem to share their lessons learned in building, breaking, and bettering their edge infrastructure. Any developer interested in learning how to deploy Kubernetes and cloud native projects at the edge should attend.

Edge Computing will be 4x larger than cloud and will generate 75% of data worldwide by 2025. With hardware and software spread across hundreds or thousands of locations, the only feasible way to manage these distributed systems are the simple paradigms around observability, loosely coupled systems, declarative APIs, and robust automation, that have made cloud native technologies so successful in the cloud. Kubernetes is already becoming a key part of the edge ecosystem, driving integrations and operations. Please visit the event's webpage more details.

The event schedule is now available. To select the sessions you'd like to attend, simply click on the titles of the sessions you're interested in attending.

*Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Tuesday April 18, 2023 13:30 - 17:00 CEST
Hall 7, Room B | Ground Floor | Europe Complex

14:00 CEST

14:00 CEST

14:30 CEST

Carvel Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Carvel Project Meeting
Tuesday, April 18 | 14:30 - 15:30 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 14:30 - 15:30 CEST
D406 | Fourth Floor | Congress Centre (Elicium Building)

14:30 CEST

KubeArmor Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
LitmusChaos Project Meeting
Tuesday, April 18 | 14:30 - 15:30 CEST
Room D407, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 14:30 - 15:30 CEST
D407 | Fourth Floor | Congress Centre (Elicium Building)

14:30 CEST

Snyk + HashiCorp Workshop: Securing Your Infrastructure as Code Hosted by Snyk
Join this virtual AWS workshop to learn how to scan and deploy an infrastructure-as-code (IaC) project to AWS using Snyk and HashiCorp Terraform. Experts from Snyk and HashiCorp will then show you how to use the CLI and web interfaces for these solutions to identify and fix issues.

Be sure to sign up for a FREE Snyk and Hashicorp Terraform Cloud account to participate in this session.

1. Snyk Account: https://snyk.co/kubeconfreeaccount
2. HashiCorp Terraform Cloud Account: https://app.terraform.io/public/signup/account

Please note that this is a virtual Sponsor-hosted Co-located event.
For questions regarding this event, please contact: madison.rocha@snyk.io

Tuesday April 18, 2023 14:30 - 16:30 CEST
Virtual

15:30 CEST

cert-manager Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
cert-manager Project Meeting
Tuesday, April 18 | 15:30 - 17:30 CEST
Room D402, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 15:30 - 17:30 CEST
D402 | Fourth Floor | Congress Centre (Elicium Building)

15:30 CEST

Cilium Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Cilium Project Meeting
Tuesday, April 18 | 15:30 - 17:30 CEST
Room D304, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 15:30 - 17:30 CEST
D304 | Third Floor | Congress Centre (Elicium Building)

15:30 CEST

Keptn Project Meetiing
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
Keptn Project Meeting
Tuesday, April 18 | 15:30 - 17:30 CEST
Room D303, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 15:30 - 17:30 CEST
D303 | Third Floor | Congress Centre (Elicium Building)

16:00 CEST

OpenTelemetry Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting. If you are not registered for KubeCon + CloudNativeCon click here to register.

Details
OpenTelemetry Project Meeting
Tuesday, April 18 | 16:00 - 17:00 CEST
Room D407, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday April 18, 2023 16:00 - 17:00 CEST
D407 | Fourth Floor | Congress Centre (Elicium Building)

16:00 CEST

wasmCloud Project Meeting
Please note that you must be a KubeCon + CloudNativeCon Europe 2023 registrant in order to attend this meeting.

Details
wasmCloud Project Meeting
Tuesday, April 18 | 8:00 - 10:00 CEST
Room D406, Congress Center

*Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.


Tuesday April 18, 2023 16:00 - 17:00 CEST
D406 | Fourth Floor | Congress Centre (Elicium Building)

17:30 CEST

⚡ Lightning Talk: Debugging Kubernetes E2E Tests with Delve - Mauricio Poppe, Google
When Mauricio started working on Kubernetes one of his first tasks was to run the Kubernetes storage e2e tests with a CSI Driver, e2e tests run by compiling the e2e test codebase onto a binary called e2e.test, while running tests Mauricio wanted to stop at some specific part of the test to check the status of the cluster which previously required adding sleep statements in the test and recompiling the e2e.test binary, as Mauricio was learning go tooling he found Delve which enables setting breakpoints on go programs but saw that it wasn't integrated with the way Kubernetes run e2e tests. Mauricio added a way to debug the e2e tests with Delve, in this talk Mauricio will talk about how Delve works and how it's used with the e2e.test binary to debug tests. This talk is for people that want to contribute to Kubernetes but don't know where to start, in Mauricio's opinion you can start from the e2e tests and by setting breakpoints and analyzing the cluster state based on what the test does you'll understand how Kubernetes works.

Speakers
avatar for Mauricio Poppe

Mauricio Poppe

Software Engineer, Google
Mauricio is a Software Engineer in the Anthos Storage team making sure that block and file storage are available wherever a Pod can be scheduled. In upstream Kubernetes Mauricio is a member of sig-storage and kubernetes-csi. Mauricio also leads the development of CSI in Windows.



Tuesday April 18, 2023 17:30 - 17:35 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  ⚡ Lightning Talks, 101 Track

17:35 CEST

⚡ Lightning Talk: Be the Main Character of Your Story: The Cloud Native Way of Technical Writing - Karuna Tata, Aurora's Degree and PG College
When it comes to Cloud Native, everyone's story is unique. Some may feel like a supporting character while observing code contributors, while others may believe that Cloud Native is the villain in their story and that they will never be able to contribute. Not everyone is a main character from the start of their Cloud Native story, but this talk will help you become one. Technical writing is one such field where you can learn about Cloud Native concepts and present them to users ranging from novice to experienced developers. Technical writing will also assist you in getting started with your code contributions. In this lightning talk, Karuna will discuss how to get started with documentation contributions, technical writing principles, and opportunities to get their hands dirty by contributing to documentation of various CNCF projects. This talk is intended for students who are just getting started with Cloud Native and are looking for ways to put their knowledge to use by contributing to CNCF.

Speakers
avatar for Karuna Tata

Karuna Tata

Student, Aurora's Degree and PG college
I am a B.Sc data science undergraduate student at Aurora's Degree and PG College, Hyderabad, India. I worked as a technical writing intern at AsyncAPI as part of the Google Season of Docs program. I also worked as a hackathon Coach at Major League Hacking. I create content for a beginner-friendly... Read More →



Tuesday April 18, 2023 17:35 - 17:40 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  ⚡ Lightning Talks, Student
  • Content Experience Level Any
  • Talk Type Virtual
  • Presentation Slides Attached Yes

17:40 CEST

⚡ Lightning Talk: Airflow and Armada - Airflow Meets Multi-Cluster Kubernetes with Armada - Kevin Patrick Hannon, G Research
As Kubernetes matures, many users are exploring how and if they should run multi-cluster workloads. Armada is a Sandbox project in the CNCF and its main focus is enabling batch processing across multiple kubernetes clusters. Armada defines APIs for integration and has released a python API. A primary goal of these APIs is to enable integrations with other open source projects. The users at G-Research wanted to use orchestration software to enable the scheduling of multiple tasks on Armada. The open source decided to build an Airflow Operator that allows G-Research users to take advantage of Airflow’s integrations. In this talk, we will briefly introduce Armada and our integration with Airflow. With this integration, Airflow is now able to schedule jobs on multiple Kubernetes.

Speakers
KP

Kevin Patrick Hannon

Open Source Software Engineer, G Research
Kevin Hannon started his career as a computational chemist where he learned programming in the scientific computing space. He went on to a masters in Chemistry learning how to apply parallel computing to speed up chemistry simulations. In his latest roles, he is focused on improving... Read More →


Tuesday April 18, 2023 17:40 - 17:45 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre

17:45 CEST

⚡ Lightning Talk: GreenCourier: Towards Sustainable Serverless Computing - Mohak Chadha, Technical University of Munich
This talk will describe GreenCourier in detail, present experimental results, and motivate the development of other carbon-aware solutions in the cloud ecosystem. GreenCourier targets a new cloud computing paradigm called Serverless Computing aka Function-as-a-Service, in which users are only responsible for writing small pieces of code called functions while all infrastructure management is handled by the cloud service provider. To reduce carbon emissions on function invocations, GreenCourier incorporates an intelligent scheduling policy for Kubernetes that schedules serverless functions across geographically interconnected Kubernetes clusters depending on their carbon-efficiency. To this end, GreenCourier implements a scheduling plugin for Kubernetes based on the Scheduler API that obtains periodic information from the carbon-aware sdk to determine the carbon-efficiency of a geographical region. As the FaaS platform, GreenCourier utilizes the serving component of Knative. On function invocation, GreenCourier listens for the creation of Knative objects and automatically schedules them on the most carbon-efficient region. For seamlessly establishing geographically distributed Kubernetes multi-cluster topologies, GreenCourier utilizes Liqo based on the Virtual Kubelet.

Speakers
avatar for Mohak Chadha

Mohak Chadha

Research Associate, Technical University of Munich
Mohak Chadha is a final-year Ph.D. candidate at the Technical University of Munich. He is working in the broad domain of cloud computing, particularly focusing on solving several challenges in serverless computing. During his studies, he has worked at Intel Labs, the Central Research... Read More →



Tuesday April 18, 2023 17:45 - 17:50 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  ⚡ Lightning Talks, Research + Academia + HPC + Advanced Concepts

17:50 CEST

⚡ Lightning Talk: The CNCF Board Game Rules Explained - Peter O'Neill, Styra
Let's abstract the world of the CNCF and imagine it as an RPG board game. You will encounter level 99 developers, speakers, and content creators. Don't fear; these are not your enemies but rather a living example showing what it takes to reach the same level. Being level 1 at anything is hard, but you can quickly gain experience and level up with a simple shift in how you're already working. If you're already writing code to help you solve a problem, can you push it upstream? If you're teaching your friends the latest tech tips, can you expand your audience? If you're analyzing security trends on your internal systems, can you apply your learnings to an open-source project? With these small shifts, you are now ready to start leveling up. Not only can you level up your character, but you can level up projects. Looking at the project status will let you know the storyline difficulty. Kubernetes (main storyline mmorpg+irl) Graduated (standard) Incubating (hard) Sandbox (challenging) When you choose to work together, every XP you gain for the project earns double XP for the players in the party. So build your team, find your quests, smash some PRs, and level-up. Join me in this talk to learn how to get your player card and level up in the CNCF today!

Speakers
avatar for Peter O'Neill

Peter O'Neill

WEBRIOT
Peter is a Community Architect for Cloud Native tools. Currently he is working as a Community Advocate for OPA (Open Policy Agent) a graduated CNCF project. Previously, Peter has held engineering positions at early stage startups and large scale enterprises. Including Mozilla, Google... Read More →


Tuesday April 18, 2023 17:50 - 17:55 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  ⚡ Lightning Talks, Business Value

17:55 CEST

⚡ Lightning Talk: FAQs for CFPs: A Beginners Guide to Conference Speaking - Paula Kennedy, Syntasso
Have you ever attended a conference like KubeCon and wished you could be one of the speakers presenting? Maybe you think that you don't have anything to say or that you'd never have the courage to present in public. In this short talk, Paula will answer some frequently asked questions (FAQs) on what a "Call for Proposals" (CFP) actually is, how to go about finding one that is the right fit for you and how you should approach it. She'll share some of her experiences and provide some simple advice that will help guide the audience through the process. Following this talk, the audience should have a better understanding of where to start and the encouragement they need to submit to a Call for Proposal, perhaps even to the next KubeCon!

Speakers
avatar for Paula Kennedy

Paula Kennedy

Co-Founder, Chief Operating Officer, Syntasso
Paula is Co-Founder and Chief Operating Officer of Syntasso; her previous roles include Senior Director of Tanzu Global Education at VMware, Senior Director of Platform Services EMEA at Pivotal and Co-Founder & Chief Operating Officer of CloudCredo. Working in the IT industry for... Read More →


Tuesday April 18, 2023 17:55 - 18:00 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  ⚡ Lightning Talks, 101 Track

18:00 CEST

⚡ Lightning Talk: Tricks for Enforcing Conventions for Your Kubernetes Cluster Using Only YAML - Joe Betz, Google
Have you ever operated a Kubernetes cluster for multiple developers? If you have, you probably realized quickly that things are going to be a lot smoother if you could just enforce some basic conventions. Maybe all your services have a well defined endpoint for the liveness probe but developers sometimes forget to set it up. Or maybe developers should always use a semantic version tag on their containers and avoid :latest. Or maybe there is a deprecated Kubernetes API field and you'd like to ensure it is never used in your cluster. In this talk we will run through a series of easy solutions to help enforce conventions using only YAML. You have a lot more control that you might realize. Learn from a Kubernetes contributor involved in the development of numerous extensibility features including CRDs, admission webhooks and admission policies. We will show you some handy tricks and leveraging new features including new features like Validating Admission Policies alpha API introduced in 1.26.

Speakers
avatar for Joe Betz

Joe Betz

Staff Software Engineer, Google
Joe Betz is a tech lead of the Kubernetes api-machinery SIG. Joe has contributed to extensibility features including custom resources, admission webhooks, and CEL. Joe has also contributed to etcd as a project maintainer.


Tuesday April 18, 2023 18:00 - 18:05 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre

18:05 CEST

⚡ Lightning Talk: Power-Aware Scheduling in Kubernetes - Yuan Chen, Apple Inc.
The Vanilla Kubernetes scheduler does not take power into account when placing pods on nodes and racks. As a result, the power usage of servers and racks in a data center can exceed the allocated power envelope and lead to service outages and costly downtime. In this short talk, Yuan Chen from Apple will give an overview of a new scheduler feature to support power-aware scheduling in Kubernetes. The proposed power-aware scheduling can protect power supply infrastructures and improve workload stability in large scale Kubernetes clusters by (1) enforcing power cap at both the server and rack levels, and (2) by optimizing pod placement to more evenly distribute workloads and power demand across servers and racks. The enhanced scheduling strategy is implemented by extending the default Kubernetes scheduler via scheduler plugins using the standard Kubernetes scheduling framework API. Specifically, power capping is implemented using the scheduler Filter plugin, and workload and power distribution optimization is achieved via the scheduler Scoring plugin. The improved scheduler can help safely increase server hardware and data center infrastructure size, and improve resource utilization and workload reliability for Kubernetes clusters.

Speakers
avatar for Yuan Chen

Yuan Chen

Principal Software Engineer, Nvidia
Yuan Chen is a Principal Software Engineer at Nvidia. Before joining Nvidia, Yuan served as a staff software engineer at Apple, where he contributed to the development of Apple's Kubernetes infrastructure beginning in 2019. Yuan has actively contributed to the Kubernetes projects... Read More →



Tuesday April 18, 2023 18:05 - 18:10 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre

18:10 CEST

⚡ Lightning Talk: Talking to Kubernetes with Rust - James Laverack, Jetstack
The Kubernetes API provides a gateway to manage cloud native resources, and there exist client libraries to interact with Kubernetes in many languages. Rust is uniquely positioned to write software for Kubernetes. With a powerful type system, fast binaries, excellent documentation, and unparalleled memory safety it is well positioned for critical tooling and infrastructure. This talk will be a crash course on how to interact with Kubernetes in Rust, and will cover the basics you need to know to write your next tool targeting Kubernetes with Rust.

Speakers
avatar for James Laverack

James Laverack

Staff Solutions Engineer, Jetstack
James is a software engineer specialising in cloud native software and distributed systems. At Jetstack he consults with organisations of all sizes on their use of cloud native technology. He’s also an contributor to the Kubernetes project and has previously served as Release Team... Read More →



Tuesday April 18, 2023 18:10 - 18:15 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  ⚡ Lightning Talks, 101 Track

19:00 CEST

House of Kube Hosted by Humanitec
Can't wait to meet you in person and burn up the dance floor at the House Of Kube a.k.a. the hottest party in cloud native. Join fellow platform engineers and cloud pioneers by the platform engineering community this time in Amsterdam.

Where engineering meets Berlin techno. Your golden ticket to the darkroom of DevOps.

Please note this is an off-site Sponsor-hosted Co-located event. “Secret Location” TBA. Additional registration is required, and can be added to your KubeCon + CloudNativeCon registration.
For questions regarding this event, please contact: mariya.skalka@humanitec.com

Tuesday April 18, 2023 19:00 - 23:30 CEST
Iso Amsterdam Isolatorweg 17 1014 AS Amsterdam
 
Wednesday, April 19
 

06:30 CEST

Group Fun Run
Squeeze in your daily cardio with a casual / informal group run! Meet at the nhow Amsterdam RAI hotel (right next to RAI Amsterdam) at 06:30 for a 06:45 departure. The run will last one hour at the group's pace. 

Wednesday April 19, 2023 06:30 - 07:45 CEST
nhow Amsterdam RAI | Hotel Lobby Europaboulevard 2b, 1078 RV Amsterdam, Netherlands

07:30 CEST

07:30 CEST

08:00 CEST

EmpowerUs Breakfast
Attendees who identify as women, non-binary individuals, or allies at KubeCon + CloudNativeCon are invited to join this special event and program for an open discussion about challenge, leadership innovation, and empowerment in our fast-growing ecosystem.


Space is limited and will be given on a first come, first served basis.

Wednesday April 19, 2023 08:00 - 09:00 CEST
Europe Foyer 1 | Ground Floor | Congress Centre

09:00 CEST

Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation & Chris Aniszczyk, CTO, Cloud Native Computing Foundation
Speakers
avatar for Chris Anisczcyk

Chris Anisczcyk

CTO, Linux Foundation (CNCF)
Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →
avatar for Priyanka Sharma

Priyanka Sharma

Executive Director, Cloud Native Computing Foundation
Priyanka is the Executive Director of the Cloud Native Computing Foundation (CNCF) which serves as the vendor-neutral home for 100+ of the fastest-growing open source projects, including Kubernetes, Prometheus, and Envoy. She is also a co-creator of the Inclusive Naming Initiative... Read More →


Wednesday April 19, 2023 09:00 - 09:20 CEST
Hall 12 | First Floor | Holland Complex

09:20 CEST

Keynote: Tulips, Terabytes, and Transformations: Blooming Innovations in the Cloud Native Garden - Taylor Dolezal, Head of Ecosystem, Cloud Native Computing Foundation
Whether you are an end user who is utilizing and adopting cloud-native technologies or a vendor who is providing cloud native solutions, Taylor will provide you with a comprehensive update on the latest news and trends in the CNCF End User Ecosystem. Join us to learn more about the exciting developments in cloud-native technologies and how they are transforming the way we build and operate modern applications.

Speakers
avatar for Taylor Dolezal

Taylor Dolezal

Head of Ecosystem, The Linux Foundation (CNCF)
I work on infrastructure tools that enable innovation. I specialize in Kubernetes, Terraform, public clouds, and distributed systems. You can also find me buried deep in a book. preparing a technical talk, or going for a run with the dogs.


Wednesday April 19, 2023 09:20 - 09:30 CEST
Hall 12 | First Floor | Holland Complex

09:30 CEST

Keynote: Cappucci-Know: Percolating EU End User Insights in the Cloud Native Café - Moderated by Taylor Dolezal
Join us for an engaging fireside chat, where leading end users across the European Union will share their insights, experiences, and success stories with cloud native technologies. This session will dive into overcoming challenges, navigating regulations, and fostering collaboration within the EU’s cloud native ecosystem.

Speakers
avatar for Kasper Borg Nissen

Kasper Borg Nissen

Lead Platform Architect, Lunar
Kasper is a Cloud Native Computing Foundation Ambassador, and co-founder of the Nordic meetup alliance, Cloud Native Nordics, where he serves as Community Lead. He works as Lead Platform Architect at Lunar. He has worked at Lunar for 6 years, and is one of the architects behind the... Read More →
avatar for Yuichi Nakamura

Yuichi Nakamura

Director, Hitachi,Ltd.
Yuichi Nakamura,Ph.D works for Hitachi,Ltd. He has been engaged with OSS over 20 years, gave presentations in many OSS events such as Linux Security Summit and Embedded Linux Conference, is a board of the Linux Foundation. He launched API management solution using Keycloak, and his... Read More →
avatar for Taylor Dolezal

Taylor Dolezal

Head of Ecosystem, The Linux Foundation (CNCF)
I work on infrastructure tools that enable innovation. I specialize in Kubernetes, Terraform, public clouds, and distributed systems. You can also find me buried deep in a book. preparing a technical talk, or going for a run with the dogs.
avatar for Sabine Wolz

Sabine Wolz

Senior Product Manager, Mercedes-Benz Tech Innovation
Sabine has been working for Mercedes-Benz Tech Innovation for over 6 years. As a senior Product Manager of a service providing cloud native ready-to-use toolboxes running on Kubernetes, she is a real enthusiast of the CNCF world. Her works plays an important role in shaping the digital... Read More →
avatar for Sergiu Petean

Sergiu Petean

Head of DevOps, Allianz Direct
Sergiu is working as the Head of DevOps for Allianz Direct. A dedicated cloud native advocate, he has led teams across various industries, successfully guiding migrations to cloud-native platforms. He is deeply passionate about nurturing talent, promoting collaboration, and employing... Read More →


Wednesday April 19, 2023 09:30 - 09:40 CEST
Hall 12 | First Floor | Holland Complex

09:40 CEST

Sponsored Keynote: Accelerate Sustainable Computing with Community Collaboration - Cara Delia, Principal Community Architect Financial Services and Sustainability, Red Hat & Huamin Chen, Senior Principal Software Engineer, Red Hat
Open source allows for a shift toward collaboration and co-creation as a problem-solving solution. Through leveraging the power of open source, this collaboration can accelerate creative, scientific and technological advancements in addressing the climate crisis.

Learn how sustainable computing, the cloud native way, can impact energy efficient technology and how upstreaming communities can enable the acceleration of these efforts.

Speakers
avatar for Huamin Chen

Huamin Chen

Sr. Principal Software Engineer, RedHat
Dr. Huamin Chen is a passionate developer at Red Hat' CTO office. He is one of the founding members of Kubernetes SIG Storage, member of Ceph, Knative, and Rook. He previously spoke at KubeCon, OpenStack Summits, and other technical conferences.
avatar for Cara Delia

Cara Delia

Sr Principal Vertical Community Architect | FSI & Sustainability, Red Hat
Program manage the open source values on behalf of Red Hat in the Fintech Open Source Foundation (FINOS), Banking Infrastructure Architecture Network (BIAN) and OS-Climate.


Wednesday April 19, 2023 09:40 - 09:45 CEST
Hall 12 | First Floor | Holland Complex

09:45 CEST

10:00 CEST

Sponsored Keynote: Building a Sustainable, Carbon-Aware Cloud: Scale Workloads and Reduce Emissions - Jorge Palma, Principal PM Lead, Microsoft Azure
When we think about sustainability in the technology space, we know that reducing emissions is essential, even as we face greater demand to build scalable applications. Choosing efficient hardware is only part of the answer. Let's look at carbon awareness from the perspective of building sustainable cloud-native apps.
Using the CNCF open-source project KEDA and making it carbon-aware, we can leverage proactive scaling to reduce carbon emissions for k8s workloads - without requiring changes to your code or your workloads. We’ll look at relevant business scenarios and workload categories where innovating in this space helps us all build a more sustainable open-source future (while also helping manage energy costs).

Speakers
avatar for Jorge Palma

Jorge Palma

Principal PM Lead, Microsoft Azure
Jorge is the Principal PM Lead for AKS (Azure Kubernetes Service) where he serves thousands of customers and mission critical application and helped lead the service to become the fastest growing service in Azure’s history. Formerly he was the Technical Lead for App Dev and DevOps... Read More →


Wednesday April 19, 2023 10:00 - 10:05 CEST
Hall 12 | First Floor | Holland Complex

10:05 CEST

Keynote: Building a Sustainable CNCF Project Contributor Base - Dawn Foster, Director Open Source Community Strategy, VMware
Maintaining an open source project is hard work that often extends out over several years, and maintainer burnout is common within open source projects. It can be hard for already overworked maintainers to balance the day to day work required to keep the project running while also investing in additional activity to increase future sustainability. The good news is that the CNCF has best practices, resources, guides, and templates available to make it easier for you to build a contributor strategy that leads to becoming a sustainable CNCF project over the long term. This talk will help you apply those resources in your project. This talk will include:

  1. Major factors that impact project sustainability. 
  2. Developing and executing on a sustainable contributor growth strategy, including governance, new contributor onboarding, and mentoring. 
  3. Using contributor ladders to promote contributors into leadership positions as more maintainers to share the workload can reduce maintainer burnout over time.

The audience will walk away with a better understanding of how to grow their contributor base and build a sustainable community around their CNCF project.

Speakers
avatar for Dawn Foster

Dawn Foster

Director of Data Science, CHAOSS
Dr. Dawn Foster works as the Director of Data Science for CHAOSS where she is also a board member / maintainer. She is co-chair of CNCF TAG Contributor Strategy and an OpenUK board member. She has 20+ years of experience at companies like VMware and Intel with expertise in community... Read More →



Wednesday April 19, 2023 10:05 - 10:20 CEST
Hall 12 | First Floor | Holland Complex
  Keynote Sessions
  • Presentation Slides Attached Yes

10:20 CEST

10:30 CEST

10:30 CEST

Project Pavilion
Attending in-person? Swing by the Project Pavilion located in the Solutions Showcase in Hall 5 to connect with project maintainers to learn more about the project, ask questions, or exchange ideas. 

See more information about Project Engagement at KubeCon + CloudNativeCon Europe 2023.

Wednesday April 19, 2023 10:30 - 21:00 CEST
Hall 5 | Ground Floor | Europe Complex

10:30 CEST

Solutions Showcase
Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Wednesday April 19, 2023 10:30 - 21:00 CEST
Halls 1 + 5 | Ground Floor | Europe Complex

11:00 CEST

Kubernetes from Scratch for Neuroscientific Research - Carolina Lindqvist & Daniel Fernández, EPFL
The Blue Brain Project (BBP) is a research initiative at the École polytechnique fédérale de Lausanne (EPFL) in Switzerland aiming to build the world’s first biologically detailed digital reconstructions and simulations of the mouse brain. This talk presents BBP's journey into the vast Kubernetes ecosystem. It started two years ago with a plan to transition to Kubernetes and various prototypes for an on-premise cluster. During this time we gradually discovered the main components of Kubernetes and carved out the main use cases as well as the specific needs of a scientific organization. The work was done in close collaboration between developers and infrastructure maintainers. The presentation aims to lower the barriers for entry into the Kubernetes ecosystem by presenting an example of a full cluster setup that leverages automation and provides an easy-to-understand experience for end users. The goal is to have a blueprint that can be built upon and tailored for any small organization or research institute.

Speakers
avatar for Carolina Lindqvist

Carolina Lindqvist

Site Reliability Engineer, EPFL
Carolina Lindqvist is the Site Reliability Engineer in the Neuroinformatics Software Engineering (NISE) team. Carolina works on the Kubernetes infrastructure for the Blue Brain Nexus platform. It is an application for storing, accessing and linking neuroscientific data. She is responsible... Read More →
avatar for Daniel Fernández

Daniel Fernández

Site Reliability Engineer, EPFL
Daniel Fernández is a software engineer working as a Site Reliability Engineer in the Computing Division at EPFL Blue Brain Project. He has extensive experience deploying and running services in production. He is an open-source enthusiast and tries to participate in the open-source... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:00 CEST

A CI/CD Platform in the Palm of Your Hand - Claudia Beresford, Weaveworks
In a strange way CI infra is treated as something of an afterthought by many orgs who would call themselves "cloud native". The providers we have to choose from tend to use legacy infrastructure, creating bottlenecks when teams need to incrementally build, test, and release. And for those which promise containerised builds, we then have to worry about the security of privileged docker-in-docker runs. That's our choice: slow spin up times, or a compromise on security. And this is before we even talk about the overhead, both cost and environmental, of maintaining a hot pool of nodes, which is what you would need to provide either solution with any decent degree of usability. Stranger still is that a solution may lie in the Old School: I'm talking bare-metal. Sort of. What's hot and new in this space are MicroVMs. Exactly as it sounds, MicroVMs are teeny VMs, giving the speed and flexibility of containers, with the security of regular VMs. The promise that MicroVMs can be a more performant and cost-effective CI model is catching on, and one such project making exciting progress is Liquid Metal. In this talk Claudia will present a case study of an experimental system combining Kubernetes with on-demand MicroVMs... and she will demo it all live on a Raspberry Pi cluster.

Speakers
avatar for Claudia Beresford

Claudia Beresford

Senior Software Engineer
Claudia is an Engineer at Weaveworks building hot new things for bare-metal. Before this she was a major contributor to the OSS Cloud Foundry PaaS container runtime solution. In “the before times” she spoke at many conferences including Container Camp, Paris Container Day and... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7, Room D | Ground Floor | Europe Complex
  CI/CD

11:00 CEST

Distributing Pod Disruption Budgets Across Multiple Clusters - Illya Chekrygin, Apple
Over the last few years, Kubernetes made incredible strives to offer a computing platform for deploying and operating highly available applications. The platform combines the need for infrastructure administrators to perform automated cluster actions of upgrading and autoscaling clusters with the application owner's workload protection against workload disruptions in the form of PodDisruptionBudget(PDB) policies. To further advance service availability, it is increasingly common for organizations to operate and deploy workloads that transcend Kubernetes Cluster boundaries addressing the requirement for a failure domain that spawns across multiple regions. The Kubernetes PDB policy protection is limited to a single namespace scope and cannot protect workloads distributed across multiple namespaces or clusters. In this talk, we will review the intricacies of Kubernetes PDB and Eviction API. We will also introduce and demo a Distributed PodDisruptionBudget - a decentralized and fully compatible Kubernetes PDB alternative with multi-cluster support.

Speakers
avatar for Illya Chekrygin

Illya Chekrygin

Field Engineer, Apple
Illya is a Kubernetes Field Engineer at Apple. Before Apple, Illya was working on advancing cloud-native computing by “freeing the cloud” at Upbound, and he is an (emeritus) maintainer of the open-source Crossplane (https://crossplane.io (https://crossplane.io/)) project. Illya... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:00 CEST

Building High-Throughput Applications with Bulk Messaging in Dapr - Shubham Sharma, Microsoft
Pub/Sub is a core building block of Dapr that enables developers to create event-driven applications. With the v1.10 release, Dapr has introduced a new set of capabilities to the pub/sub building block - Bulk Publish and Bulk Subscribe. This presentation will include an introduction to the pub/sub building block, different messaging patterns supported by Dapr, and strategies for achieving high throughput in applications using the Bulk APIs, along with performance benchmarks.

Speakers
avatar for Shubham Sharma

Shubham Sharma

Software Engineer 2, Microsoft
Shubham is a software engineer at Microsoft's Developer Division, and a maintainer of the JavaScript SDK for Dapr, a CNCF incubating project. Prior to his work with Dapr, Shubham was a member of the team responsible for building modern authentication for Dynamics 365. He is an alumnus... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
E105-106 | First Floor | Congress Centre
  Maintainer Track, Dapr

11:00 CEST

Gateway API Project Update - Nick Young, Isovalent & Rob Scott, Google
The Gateway API subproject of Kubernetes SIG-Network is making great strides towards the goal of being the description language for inbound traffic that’s portable, extensible, expressive, and role-oriented. With nearly 20 implementations in progress, interest is high. This session is about what’s happening now and next. We’ll update on: The state of the API, and when we’re planning to move to GA and 1.0 Our plans for conformance testing and certification What’s happening with the GAMMA initiative and how the efforts work together Maintainer Q+A And a lot more!

Speakers
avatar for Nick Young

Nick Young

Senior Systems Engineer, Isovalent
Nick has been working to prevent the entropic downfall of systems for 20 years, across Windows and Linux, datacenters and clouds, networking, storage and compute. Currently he's a Senior Software Engineer at Isovalent, and a maintainer on the Kubernetes Gateway API project, where... Read More →
avatar for Rob Scott

Rob Scott

Software Engineer, Google
Rob is an open source enthusiast currently working on Kubernetes Networking at Google. He's been a maintainer of Gateway API since the very early days of the project and led the development of other Kubernetes networking APIs like EndpointSlices.


Wednesday April 19, 2023 11:00 - 11:35 CEST
E103-104 | First Floor | Congress Centre

11:00 CEST

Intro + Deep Dive: Kubernetes SIG Scalability - Wojciech Tyczynski, Google
This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Cooperation with other SIGs is an important aspect of the presentation as many improvements driven from the SIG are in fact owned by other SIGs. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.

Speakers
avatar for Wojciech Tyczyński

Wojciech Tyczyński

Senior Staff Software Engineer, Google
Wojciech is working on Google Technical Infrastructure & Cloud since 2012. Since 2015 he works on Kubernetes and GKE. With the main focus on scalability, performance and reliability, he gained experience and contributed to many Kubernetes features and most of its components. Before... Read More →


Wednesday April 19, 2023 11:00 - 11:35 CEST
E107-108 | First Floor | Congress Centre

11:00 CEST

Learn the Helm Code Base and PR Review Process - Scott Rigby, Independent; Andrew Block & Karena Angell, Red Hat
Helm is the best way to package, find, share, and use software on Kubernetes. It's ease of use and ability to be integrated into a wider ecosystem of projects, products and solutions make Helm one of the most popular tools in the cloud native community. But, in addition to the features you know and love, there are even more exciting contributions waiting to be added to the project. In this session, Helm maintainers will highlight several exciting pending enhancements, and show you how you can help speed up the process of getting them landed upstream. This includes an introduction to the Helm codebase as well as demystifying the community Pull Request review process including how to choose an open PR to review, and reproduce and test the original issues and proposed fixes. Opportunities are abound for community members to step up the contributor ladder to join the Helm team to become a 'Triage Maintainer' and more!

Speakers
avatar for Andrew Block

Andrew Block

Distinguished Architect, Red Hat
Andrew Block is a Distinguished Architect at Red Hat that works with organizations to design and implement solutions leveraging cloud native technologies. He specializes in Continuous Integration and Continuous Delivery methodologies with a focus on security to reducing the overall... Read More →
avatar for Karena Angell

Karena Angell

Senior Principal Product Manager, Red Hat
Karena Angell is a Senior Principal Product Manager at Red Hat focusing on cloud native application workloads for Kubernetes, open source software projects, as well as solutions for the 'open' hybrid cloud. She is a Helm maintainer and TAG App Delivery Technical Lead.
avatar for Scott Rigby

Scott Rigby

Developer Experience Engineer, Weaveworks


Wednesday April 19, 2023 11:00 - 11:35 CEST
Forum | Ground Floor | Congress Centre

11:00 CEST

Policy Matters! A Policy Working Group Introduction and Deep Dive - Jim Bugwadia, Nirmata & Frank Jogeleit, LOVOO
Kubernetes policies are configuration objects that control other configuration and runtime behaviors. The Kubernetes Policy Working Group (WG) is charted with researching and developing policy implementations, architectures, and best practices for Kubernetes. In this session Jim and Frank will provide an overview of the Policy WG projects, deliverables, and activities, and then deep dive into the Policy Report API which is being proposed as a standard by the Policy WG to unify policy observability across different areas of Kubernetes security and automation. They will demonstrate how different engines and scanners utilize this API, and show how a common policy administration point can leverage the API to provide visibility across the continuous delivery pipeline. They will also detail how to get involved with the working group activity tracks to learn, contribute, and share in the areas of policy, governance, and compliance!

Speakers
avatar for Jim Bugwadia

Jim Bugwadia

Co-founder and CEO, Nirmata
Jim Bugwadia is a co-founder and the CEO of Nirmata, the Kubernetes policy and governance company. Jim is an active contributor in the cloud native community and currently serves as co-chair of the Kubernetes Policy and Multi-Tenancy Working Groups. Jim is also a co-creator and maintainer... Read More →
avatar for Frank Jogeleit

Frank Jogeleit

Senior Software Engineer, LOVOO
Frank Jogeleit is a Senior Software Engineer at LOVOO. He is also the creator and maintainer of Policy Reporter an open-source solution for unified policy result observability and compliance, that uses the Policy WG Policy Report API specification. Frank is a Certified Kubernetes... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
G109 | First Floor | Congress Centre

11:00 CEST

Updates and Best-Practices in Kubebuilder and Controller-Tools - Varsha Prasad Narsing, Bryce Palmer & Rashmi Gottipati, Red Hat; Tony Jin, Boston University; Camila Macedo, Replicated
If you have ever developed an Operator or controller you may have heard of the Kubebuilder and controller-tools projects. During this talk, we will cover some of the new features in recent releases of both Kubebuilder and controller-tools that aid in accelerating the development of Operators while adhering to best practices. A brief summary of the features we will be covering for Kubebuilder is creating/consuming external plugins, a new default scaffold layout, and two new built-in plugins. For controller-tools, we will cover how controller-tools can be leveraged to create custom generators.

Speakers
avatar for Rashmi Gottipati

Rashmi Gottipati

Senior Software Engineer, Red Hat
Rashmi Gottipati is a Senior Software Engineer at RedHat working on the Operator SDK team at Red Hat focussing on integration with Operator Lifecycle Manager and tooling for SDK and Kubebuilder to make them easily extensible for Operator Developers and Authors. Rashmi is an open source... Read More →
avatar for Varsha Narsing

Varsha Narsing

Senior Software Engineer, Red Hat
Varsha is a software engineer at Red Hat. She is passionate about solving problems by developing and leveraging various software technologies. She currently works with the Portfolio Enablement team (Operator Framework) and is an active contributor to Kubernetes SIGs projects like... Read More →
avatar for Tony J

Tony J

Student, Individual
Tony is a CS master student at Boston University. He has worked as a software engineer in the area of cloud infra for 3 years. He started his journey in open source contribution through Google Summer of Code 2022 participated with CNCF. Currently, he is actively working in the Kubernetes... Read More →
BP

Bryce Palmer

Software Engineer, Red Hat
Bryce is a Software Engineer working for the OpenShift Container Platform at Red Hat with a focus on contributing to the Operator Framework. Bryce is passionate about making developers’ lives easier. Bryce is a maintainer of both Operator SDK and Kubebuilder and is focused on making... Read More →
avatar for Camila Macedo

Camila Macedo

Senior Software Engineer, Replicated
Camila Macedo is a Senior Software Engineer at Replicated. Previously, she worked at Red Hat and was responsible for maintaining Operator-SDK and other projects under Operator Framework. She has over 20+ years of experience working with back-end solutions and is passionate about open-source... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
In Virtual Platform
  Maintainer Track, Kubernetes
  • Talk Type Virtual
  • Presentation Slides Attached Yes

11:00 CEST

Walk, Jog and Run with Cloud Native and the CNCF TAG-Runtime - Ricardo Aravena, TruEra & Nikhita Raghunath, VMware
Learn about the CNCF open-source projects that allow users to run cloud-native workloads, with a particular focus on Edge and Batch use cases! In this session, we will cover the following: 1) Overview of TAG Runtime, how to join and get involved 2) Overview of CNCF open source projects around workload management 3) Update on working groups, including topics like: a. Whitepaper on edge native application principles b. Interactive jobs in Kubernetes c. What is the latest in CDI (Container Device Interface) 4) Future trends for cloud-native technologies in the TAG scope (such as containers, VMs, WebAssembly and MlOps) After this session, the audience will take away an understanding of the CNCF landscape in the workloads and runtime space, along with what’s new and how to contribute back to open source and the CNCF.

Speakers
avatar for Ricardo Aravena

Ricardo Aravena

Cloud Native Engineering Lead, Truera
Ricardo currently works at Truera as a Cloud Native Lead helping automate everything with cloud native technologies. He's an open source enthusiast and co-chair of the CNCF TAG-Runtime. He has been working in tech in software engineering roles for more than 20 years and comes from... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Staff Software Engineer, CNCF TOC Member, VMware
Nikhita is a staff software engineer at VMware and a maintainer of the Kubernetes project. She is a member of the CNCF Technical Oversight Committee and has won the CNCF Top Committer Award in 2021 for her technical contributions. She is currently the technical lead for Kubernetes... Read More →


Wednesday April 19, 2023 11:00 - 11:35 CEST
G001-G002 | Ground Floor | Congress Centre

11:00 CEST

The Power of Self-Managing Clusters - Sahithi Ayloo & Arun Krishnakumar, VMware
As we all know, Kubernetes cluster life cycle management is challenging. Imagine the herculean job of managing 1000s or more clusters on your clouds. Adopting Cluster API solves this problem to an extent by out-sourcing the burden to "management cluster(s)", which are expected to manage their children-workload clusters. However, it raises many new questions, like a) who manages these 100s of "management clusters" on gigantic clouds? b) scale issues on the management clusters c) how to enable multitenancy on the management clusters d) how to prevent management cluster admin from seeing workload cluster secrets e) HA, RBAC, Backup of the management clusters f) K8s version skew between management and workload clusters and so on. Can we get away with this overhead of "Management clusters" but still leverage all the richness of Cluster API? Yes, that is possible by transforming workload clusters into "Self Managing" clusters. Come to our talk and learn more about our journey on how we have productized the concept of "Self-Managing" clusters in our Multi-tenant cloud platform and our success story.

Speakers
avatar for Arun M. Krishnakumar

Arun M. Krishnakumar

Cloud Architect, VMware Inc
Arun has been working with Kubernetes since 2016 initially building Data Science and ML platforms at a time when Docker would not always play well with Kubernetes and GPU support was new. Recently Arun has been at VMware working on a KaaS engine for their Multi-Tenant provider named... Read More →
avatar for Sahithi Ayloo

Sahithi Ayloo

Staff Engineer, VMware
Sahithi Ayloo is the technical lead for Kubernetes-as-a-Service platform for a multi-tenant cloud provider platform at VMware. She holds a strong track record of engineering customer-centric, distributed system-based solutions stacked on top of complex software-defined datacenters... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  Multi-tenancy

11:00 CEST

It Is More Than Just Correlation - A Debug Journey - Simon Pasquier & Vanessa Martini, Red Hat
Workloads running on Kubernetes can break in many different and subtle ways, which are often hard to diagnose. Ideally, we would have many observability signals at our disposal to understand what happens and how to fix it: alerts, metrics, logs, and traces. Besides these traditional observability signals, the Kubernetes API also provides useful information such as resources’ metadata, status, and events. With so many different data sources available, the main challenge is making sense of this firehose of data and correlating the different signals in a meaningful way. The talk will focus on korrel8, a new open source tool, which aims - through the correlation of observability signals - at reducing the cognitive load of engineers when attempting to debug issues.

Speakers
avatar for Simon Pasquier

Simon Pasquier

Principal Software Engineer, Red Hat
Simon is a Principal Software Engineer at Red Hat working on the OpenShift monitoring stack. He is a member of the Prometheus team as well as a maintainer of Alertmanager and Prometheus operator. He is interested in all things related to observability.
avatar for Vanessa Martini

Vanessa Martini

Senior Product Manager, Red Hat
Vanessa is a Senior Product Manager in the Observability group at Red Hat, focusing on both OpenShift Analytics and Observability UI. She is particularly interested in turning observability signals into answers. She loves to combine her passions: data and languages.



Wednesday April 19, 2023 11:00 - 11:35 CEST
G104-105 | First Floor | Congress Centre
  Observability

11:00 CEST

Be the Change Our Planet Seeks: How YOU Can Contribute to Running Environment-Friendly Workloads on Kubernetes - Kristina Devochko, Admincontrol
Climate change affects us all and it’s impact can be seen throughout all aspects of our life, including software engineering. Reducing carbon footprint and following sustainable software engineering principles is now a part of every software company’s goal, but do you know that YOU, as a developer or a platform engineer, have all the power to contribute to making your technical platform and this world a better, greener place? Kubernetes is one of the technologies that comes in multiple flavors, but it’s up to YOU to utilize it in a way that will lessen harmful impacts of global warming. During this session Kristina will shed light on how sustainable software engineering principles can be applied to Kubernetes and it’s workloads, as well as which eye-opening insights she has gained during her Kubernetes journey and what concrete actions you can take with you and apply further in your projects after the conference in order to make your Kubernetes workloads more eco-friendly.

Speakers
avatar for Kristina Devochko

Kristina Devochko

Platform Engineer, Content Creator, TAG Environmental Sustainability Lead, Tietoevry, Public 360° unit
Kristina Devochko is a platform engineer, tech content creator, speaker and tech community contributor. She focuses on all things cloud native, Kubernetes and green tech. Kristina is an owner of kristhecodingunicorn.com tech blog, a CNCF Ambassador, Microsoft Azure MVP, CNCF TAG Environmental... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)
  Reliability + Operational Continuity

11:00 CEST

Node Resource Management: The Big Picture - Sascha Grunert & Swati Sehgal, Red Hat; Alexander Kanevskiy, Intel; Evan Lezar, NVIDIA; David Porter, Google
Resource management is a fundamental area in Kubernetes that focuses on how to properly reserve, allocate, and isolate finite resources on nodes such as CPU, memory, disk, network, accelerators, etc. Resource Management is a hot topic, with multiple proposals raised recently on how to improve things both in Kubernetes and container runtimes: Dynamic Resource Allocation, QoS class resources, improvements to CPU Management, to container lifecycle management and statistics, support in CRI-enabled container runtimes for advanced low-level runtimes such as Kata containers, Firecracker, gVisor, and Confidential Containers and many more. In this presentation, speakers will present the “big picture” for these proposals, how they are interconnected, how they are different, which problems they are targeting to solve, and what they mean for Kubernetes users. This presentation will be helpful for cluster administrators and users to understand the future direction in their resource management area and give a framework for them to provide feedback that can help shape these future efforts. We will also describe opportunities for folks who are more interested to get involved with the open source SIG-Node and runtime communities to drive these efforts forward.

Speakers
avatar for Alexander Kanevskiy

Alexander Kanevskiy

Principal Engineer, Cloud Software, Intel
Alexander is currently employed by Intel as Principal Engineer, Cloud Software, focusing on various aspects in Kubernetes: Resource Management, Device plugins for hardware accelerators, Cluster Lifecycle and Cluster APIs. Alexander has over 25+ years of experience in areas of Linux... Read More →
avatar for Swati Sehgal

Swati Sehgal

Principal Software Engineer, Red Hat
Swati Sehgal is a Principal Software Engineer in the Ecosystem Engineering Group at Red Hat. She works to enhance OpenShift and its platform to deliver best-in-class networking applications, leading edge solutions and innovative enhancements across the stack. Her work includes working... Read More →
DP

David Porter

Senior Software Engineer, Google
David Porter is a Senior Software Engineer at Google on Kubernetes GKE node team. David’s focus is on the kubelet node agent and the resource management area. He is primary maintainer of cAdvisor, a resource monitoring library widely used in kubernetes, reviewer of a SIG Node, and... Read More →
avatar for Sascha Grunert

Sascha Grunert

Senior Software Engineer, Red Hat
Sascha is a Senior Software Engineer at Red Hat, where he works on many different container related open-source projects like Kubernetes. He joined the open-source community in November 2018. Sascha's passions include contributing to open source, as well as giving talks and evangelizing... Read More →
avatar for Evan Lezar

Evan Lezar

Senior Systems Software Engineer, NVIDIA
Evan Lezar is a Senior Systems Software Engineer on the Cloud Native team at NVIDIA. His focus is making GPUs and other NVIDIA devices easily accessible from containerized environments. This includes driving development and adoption of the Container Device Interface (CDI).



Wednesday April 19, 2023 11:00 - 11:35 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Runtime Performance + Constrained Environments

11:00 CEST

Cert-Manager Can Do SPIFFE? Solving Multi-Cloud Workload Identity Using a De Facto Standard Tool - Thomas Meadows, Jetstack & Joshua Van Leeuwen, Diagrid
If you’re like me, your Kubernetes journey started well. Booting up a cluster and deploying a demo application, only to find the dreaded “Your connection is not private” message in your web browser. Attackers could be stealing your information, credit cards and passwords? Frankly, your sock shopping addiction should be nobody's business. Luckily I found the cert-manager project. As if by magic, this clever controller made my security woes fold away. What about secrets? API and service account keys. This highly sensitive data must be bolted to your pod to ensure it can access databases, api-servers and more. After accidentally committing raw secrets to Github (nobody got time for that), I grew tired. I crawled away into the wonders of Google Cloud Workload Identity. But wait? Haven't I given up on the wonder of multi-cloud Kubernetes? If only identity could come batteries included. As an encore in the machine identity space, cert-manager now leverages SPIFFE to solve this problem. Pods are empowered to enter the VIP lounge of their choice in whatever cloud, provided they are on the guest list. Don't believe me? Call me on my bluff. Join me as I explore how this industry problem has been solved using the same magic that gave us TLS on Kubernetes only a few short years ago.

Speakers
avatar for Josh van Leeuwen

Josh van Leeuwen

Software Engineer, Diagrid
I am a software engineer working at Diagrid. For the past 7 years I have worked on open source software in the Kubernetes ecosystem, including cert-manager and more recently Dapr. I’m most interested in securing distributed systems and workload identities.
avatar for Thomas Meadows

Thomas Meadows

Solutions Engineer, Jetstack
Tom is an engineer who works for Jetstack as a Kubernetes and Cloud Native consultant. After becoming intrigued by the space, he decided to dive into the world of supply-chain security (mostly software, but also some strange food analogies). By being enabled by initiatives like the... Read More →



Wednesday April 19, 2023 11:00 - 11:35 CEST
Emerald Room | First Floor | Congress Centre
  Security + Identity

11:00 CEST

Zero Privilege Architectures - Thijs Ebbers & Diana Iordan, ING
In this talk we'll start out with a bit of Dutch folkore (Hey, we're in Amsterdam :-)), we'll explain what is wrong with typical "Least Privilege" & "Zero Trust" implementations and ask the confronting question: "Are we playing for a Draw or are we playing to Win against our IT security adversaries...? Next we'll use some "classical" laws of war/diplomacy, biology/business and engineering to develop a modern IT architecture suitable for todays challenges. This architecture is based on desired state infrastructure, built using CI/CD and Infra/Policy-as-code. It stores its data in Data Services. It uses Events, Observability and IAM to operate securely. (In summary: we cover quite a lot of the CNCF landscape...) We'll explain this architecture and show different views of this architecture for: - Architects/Developers/Engineers - C-level Managers - CISO/Auditors And answer some questions like: - Can it be build ? (spoiler : Yes, ING is running it today, details in previous talks we gave at OpenShift Commons Detroit & San Diego) - My workloads won't fit - We're not a bank, we cannot afford this - Doesn't this collide with current views/implementations of established entities in the security(/compliancy) industry ? To conclude answer any other question the audience asks

Speakers
avatar for Thijs Ebbers

Thijs Ebbers

Cloud Native Architect, ING
Architecting Cloud Native @ING since 2016 (employee since 2001) Architecture Lead for the Runtime Domain (“VM & Container Hosting”), for ING Private & Public Clouds Speaker at OpenShift Commons San Diego & Detroit Interviewed by TheCUBE during KubeCon Detroit Living together with... Read More →
avatar for Diana Iordan

Diana Iordan

Engineer, ING
 I am an engineer in ING's CI/CD squad, building container deployment capabilities for DevOps application deployment pipelines. Working and living in Bucharest.



Wednesday April 19, 2023 11:00 - 11:35 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity

11:00 CEST

Open Space Session: The future of CNCF students
During the session, participants will have the chance to discuss the current state of the student community, its strengths and weaknesses, and potential areas for growth. They will also explore ways in which students can get involved in the community, including through internships, mentorship programs, and open-source contributions.

Overall, the session will be a valuable opportunity for anyone interested in cloud-native technologies and the CNCF student community to learn about its past achievements, current state, and future goals, as well as how to get involved and make a meaningful contribution to the community.

Wednesday April 19, 2023 11:00 - 11:45 CEST
Open Space Session 1 | Solutions Showcase

11:00 CEST

Tutorial: Measure Twice, Cut Once: Dive Into Network Foundations the Right Way! - Marino Wijay & Jason Skrzypek, Solo.io
Networking is the foundation of distributed computing, especially in cloud-native ecosystems. Your awareness of how data moves between applications is critical for understanding their performance, security, and efficiency. As many microservices are built and deployed onto container systems like Kubernetes, it’s key to understand where traffic goes, how to communicate with your applications, how to decipher network protocols, and the various transactions that could be present. CoreDNS, Envoy, Istio, CNI, and Cilium and cloud-native networking tools offer many advantages, but in failure conditions, they require a deep understanding of the Linux networking stack. This workshop will prepare you to navigate networks and develop expertise in the networking technologies found throughout KubeCon + CloudNativeCon. Taking this workshop will help you to answer the questions: - What does a packet look like? - How does it flow into your microservices? - How do you track network communications? - Why do you need DNS? - How does a service mesh enhance your microservices network? - What does the shift away from IPtables toward eBPF mean for network performance?

Speakers
avatar for Jason Skrzypek

Jason Skrzypek

Field Engineer, Solo.io
The taxonomy of the cloud native landscape has consumed Jason Skrzypek for more than half a decade now. His home office in Lancaster NY has taken him from Application Developer to Infrastructure Admin to Network Engineer and beyond. While exploring this ecosystem a few common threads... Read More →
avatar for Marino Wijay

Marino Wijay

Developer Advocate, Solo.io
Marino is a Developer & Platform Advocate at Solo.io, EddieHub Ambassador, and KubeHuddle Organizer. He is passionate about technology and modern distributed systems that involve heavy networking. He will always fall back to the patterns of Networking and the ways of the OSI. Community... Read More →


Wednesday April 19, 2023 11:00 - 12:30 CEST
Elicium Building | Elicium Ballroom 1 + 2
  Tutorials, I/O: Networking + Storage

11:00 CEST

🚨 ContribFest: NATS - Help Design and Build the Future of the NATS Go Client! (Limited Availability; First-Come, First-Served)
Download the code ahead of time. No DCO or CLA is required.

In this session attendees will have a chance to work together with NATS maintainers on the initial design and first pass implementation of the v2 version of nats.go.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.

Speakers
avatar for Wally Quevedo

Wally Quevedo

Software Developer, Synadia
Waldemar Quevedo is a core maintainer of the NATS.io project working at Synadia and author of the 'Practical NATS' book.


Wednesday April 19, 2023 11:00 - 12:30 CEST
K101-102 | First Floor | Congress Centre

11:55 CEST

Silly Gooses, Let's Make Sense of the Security Supply Chain, Together - Grace Nguyen, University of Waterloo
When Grace started her job in security and open-source, she didn’t get the joke about honking geese folks in security would throw around and there was never a good time to ask. The same thing is happening for supply chain security. The landscape is evolving rapidly with high adoption but comprehensive documentations and talks, especially for beginners, are still lagging behind. Starting with why we care about supply chain security, the talk will provide an overview of the landscape and how tools like Fulcio, Rekor and cosign come together. Unlike geese, we won’t hiss at you!

Speakers
avatar for Grace Nguyen

Grace Nguyen

Student, Independent
An undergrad at uWaterloo, Grace Nguyen has interned in VC, the government, research, startups and big tech. Having built in various verticals with a focus on using technology to help underserved communities, she spends most of her day hacking software, and contributing to Kubern... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track

11:55 CEST

An Introduction to Cloud Native Capture The Flag - Andrew Martin & James Cleverley-Prance, ControlPlane
The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon Europe attendees. In preparation for getting started with the activity, you are invited to attend an introductory session.

This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together. Want to know more about the CTF? Review the details here.  Connect with the CTF team on Slack.

Speakers
avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. He spends his days focusing on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and security architecture. He has reviewed the security posture of numerous... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →


Wednesday April 19, 2023 11:55 - 12:30 CEST
G102-103 | First Floor | Congress Centre
  Capture The Flag
  • Content Experience Level Any

11:55 CEST

Kubernetes Prow Jobs - Day 2 Aspects and How to Navigate, Read & Write Them - Priyanka Saggu, SUSE & Mario Jason Braganza, Independent
Are you curious to know how projects in the Kubernetes ecosystem test code changes using Prow CI/CD? And how those tests are automated using Prow jobs? Do you want to learn how to read and navigate the source code of hundreds of existing Prow jobs, that help ensure the latest Kubernetes releases meet quality standards, and work across cloud providers, container engines, and networking plugins? If any of this interests you, this talk is for you! There are many resources available today that cover Day 0 & Day 1 aspects of deploying and using Prow as a testing tool, but something that covers reading & understanding existing Kubernetes Prow jobs is still needed. This talk aims to fill in these gaps, to cover the Day 2 aspects of using Prow as a testing tool, i.e. to help users gain better insight by reading & navigating through existing Prow jobs written for various Kubernetes projects, (and eventually to write new ones.) To that end, this talk will address the following: * What Prow Jobs are, their different types & the anatomy of a prow job * Dive into the code of existing Prow jobs running Kubernetes tests and learn how to locally replicate, build and diagnose them * Introduction to Spyglass & Testgrid, and how to use them to read test statistics & generate useful CI signals

Speakers
avatar for Priyanka Saggu

Priyanka Saggu

Kubernetes Integration Engineer, SUSE
Priyanka Saggu is a Kubernetes Integration Engineer at SUSE and has made significant contributions to different aspects of the Kubernetes project. She serves as the Technical Lead for the project's SIG ContribEx and has held leadership positions as Kubernetes Release Lead Shadow (v1.27... Read More →
avatar for Mario Jason Braganza

Mario Jason Braganza

IT Consultant, Janusworx
Jason is a seasoned IT consultant with over 20 years of expertise in designing solutions for small & medium-sized businesses. He is currently focused on the path to learning and promoting FOSS, specifically Linux. He mentors young folk in Linux, communication, & blogging at the Linux... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)
  CI/CD

11:55 CEST

Grow Your Own Community! Lessons Learned from Running Kubernetes Community Days Across Europe - Matt Jarvis, Snyk; Annalisa Gennaro, SparkFabrik; Max Korbacher, Liquid Reply; Alessandro Vozza, Solo.io; Paula Kennedy, Syntasso
Kubernetes Community Days are community organized events that gather adopters and technologists from open source and cloud native communities to learn, collaborate, and network to further advancement in Kubernetes. They also are a lot of fun and a great way to meet new people and build community. Organizing KCDs is highly rewarding, but can also be a big undertaking, with lots of potential challenges and pitfalls. In this panel discussion, organizers from some of the biggest Kubernetes Community Days in Europe will come together to share their experiences and best practices for how to get going, along with dos and don’ts for organizing community events. We’ll talk about building your team, ensuring diversity, managing logistics, raising sponsorship, handling finances and more. If you’re new to community organizing or a seasoned veteran, you’ll be sure to gain some insights into how you can organize better events !

Speakers
avatar for Matt Jarvis

Matt Jarvis

Director, Developer Relations, Snyk
Matt Jarvis is a Director of Developer Relations at Snyk. Matt has spent more than 15 years building products and services around open source software, on everything from embedded devices to large scale distributed systems. Most recently he has been focused on the open cloud infrastructure... Read More →
avatar for Paula Kennedy

Paula Kennedy

Co-Founder, Chief Operating Officer, Syntasso
Paula is Co-Founder and Chief Operating Officer of Syntasso; her previous roles include Senior Director of Tanzu Global Education at VMware, Senior Director of Platform Services EMEA at Pivotal and Co-Founder & Chief Operating Officer of CloudCredo. Working in the IT industry for... Read More →
avatar for Max Körbächer

Max Körbächer

Co-Founder & Cloud Native Advisor, Liquid Reply
Max is Founder and Cloud Native Advocate at Liquid Reply. He is Co-Chair of the CNCF Environmental Sustainability Technical Advisory Group, CNCF Ambassador, Linux Foundation Europe Advisory Board inaugural member and served 3 years at the Kubernetes release team. In his work he supports... Read More →
avatar for Annalisa Gennaro

Annalisa Gennaro

Head of Marketing and Communication, SparkFabrik
After working as Digital Marketer in a fairly different industry for over 20 years, I steered towards the tech world as Head of Marketing and Communication at SparkFabrik in January 2021. Always and forever in love with communication, I fell in love with the Cloud Native Community... Read More →
avatar for Alessandro Vozza

Alessandro Vozza

Developer Advocate, Solo.io
Community leader and CNCF ambassador, Alessandro has spent the last few years building cloud native infrastructures for Microsoft customers, animating the Dutch community, and training others to pass the CKx exams. He has passion for all things cloud native, he's been around open... Read More →


Wednesday April 19, 2023 11:55 - 12:30 CEST
G106-107 | First Floor | Congress Centre
  Community

11:55 CEST

What Happened to the Service Catalog? - Adam Wolfe Gordon, DigitalOcean
Imagine you provide a hosted cloud service - for example, a SaaS metrics platform or a managed database. Your customers use Kubernetes and you want to let them easily consume your service in their Kubernetes workloads. Today, you would build an operator or perhaps a Crossplane provider. But not so long ago there was a Kubernetes project specifically for this use-case: the Service Catalog. The Service Catalog worked with the Open Service Broker API to allow management of hosted services via Kubernetes resources. It provided a standardized, vendor-neutral way to manage and connect to external services from Kubernetes workloads. It never really took off. Operators won the day, and the Service Catalog project was shut down in 2022. This talk explores both the limitations and the advantages of the Service Catalog model. We'll compare and contrast the Service Catalog with operators and Crossplane, and explore where each approach could learn lessons from the others. With that context in mind, we'll think about the future. Kubernetes users will continue to consume cloud services in their applications; what's the best way to facilitate that?

Speakers
avatar for Adam Wolfe Gordon

Adam Wolfe Gordon

Senior Engineer II, DigitalOcean
Adam Wolfe Gordon is a senior engineer focused on product strategy at DigitalOcean. Among other things, he previously worked as the tech lead for DigitalOcean's Kubernetes and container registry products. Adam is interested in infrastructure products, and likes to spend as much time... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:55 CEST

Best Practices for Accelerated Image Distribution Using Dragonfly - Wenbo Qi, Ant Group & Yiyang Huang, ByteDance
This sharing introduces dragonfly, which is a P2P-based image and file distribution system. Introduce the system architecture of dragonfly and how to select the technology in the design. Provides best practices for image acceleration using dragonfly in company. Finally, describe how dragonfly can be combined and used with other systems in the ecosystem, such as Harbor, Nydus, eStargz, etc.

Speakers
avatar for Wenbo Qi

Wenbo Qi

Software Engineer, Ant Group
Wenbo Qi is a software engineer at Ant Group working on Dragonfly. He is a maintainer of the Dragonfly. He hopes to do some positive contributions to open source software and believe that fear springs from ignorance.
avatar for Yiyang Huang

Yiyang Huang

Software Engineer, ByteDance
Yiyang Huang is a software engine at BytaDance working on artifact registry. He is a contributer of Dragonfly, Harbor etc.



Wednesday April 19, 2023 11:55 - 12:30 CEST
In Virtual Platform
  Maintainer Track, Dragonfly
  • Content Experience Level Any
  • Talk Type Virtual
  • Presentation Slides Attached Yes

11:55 CEST

Emissary-Ingress: Self-Service APIs and the Kubernetes Gateway API - Lance Austin, Ambassador Labs & Flynn, Buoyant
Emissary-ingress, a CNCF Incubating project, is a self-service Kubernetes-native open-source API gateway and ingress controller built on the Envoy Proxy -- but really, what does that mean? In this session, we'll give attendees an overview of why ingress controllers are necessary, how self-service developer workflows work for developers and for operations, and how Emissary-ingress can make all of this easier. We'll also look at current best practices around designing, managing, and evolving self-service APIs. We'll continue with a deeper dive into Emissary-ingress' evolution and future, notably, the plans for supporting the Kubernetes Gateway API, and our excitement about that emerging standard. You can also learn how to get involved as a contributor or as a user who wants to offer feedback. This is a great opportunity to interact directly with the Emissary-ingress maintainers and make sure your voice is heard!

Speakers
avatar for Flynn

Flynn

Technical Evangelist, Buoyant
Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering from the kernel up through distributed applications... Read More →
avatar for Lance Austin

Lance Austin

Principal Engineer, Ambassador Labs
Lance Austin is an Engineer at Ambassador Labs that enjoys spending my day making it easier for users to adopt Kubernetes by empowering self-service API Gateway functionalities through Emissary-ingress. When I'm not coding I'm spending my time raising my three children and running... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
E105-106 | First Floor | Congress Centre
  Maintainer Track, Emissary-ingress

11:55 CEST

Flux Beyond Git: Harnessing the Power of OCI - Stefan Prodan & Hidde Beydals, Weaveworks
In this session, Stefan and Hidde will talk about the latest developments of Flux around the Open Container Initiative (OCI). The focus will be on how OCI can serve as the single source of truth for both application code (container images) and configuration (OCI artifacts). We will start by explaining how Flux can be used as a package manager for distributing Kubernetes configs and Terraform modules as OCI artifacts. Afterwards, we will demonstrate how to build a secure delivery pipeline that leverages Flux integrations with GitHub Actions and keyless signatures from Sigstore Cosign. Lastly, we will touch upon the upcoming plans for 2023 and the significance of OCI in the future of continuous delivery with Flux.

Speakers
avatar for Stefan Prodan

Stefan Prodan

Principal Engineer, Weaveworks
Stefan is a Principal Engineer at Weaveworks and an open source contributor to cloud-native projects. He is the creator of Flagger the progressive delivery operator for Kubernetes, and a core maintainer of the CNCF's Flux project. Stefan has over 15 years of experience with software... Read More →
avatar for Hidde Beydals

Hidde Beydals

Senior Software Engineer, Weaveworks
Hidde is a Senior Software Engineer at Weaveworks, and a seasoned maintainer of the CNCF Flux project. With over 15 years of experience in software development, he has been a significant contributor to the project since 2018, developing and maintaining key features such as the Helm... Read More →


Wednesday April 19, 2023 11:55 - 12:30 CEST
E103-104 | First Floor | Congress Centre

11:55 CEST

Jaeger: The Future with OpenTelemetry and Metrics - Pavol Loffay, Red Hat & Jonah Kowall, Aiven
In this session, we will start with an introduction to the Jaeger distributed tracing project and the basics of distributed tracing. Jaeger recently deprecated its native clients in favor of the OpenTelemetry SDKs. We will explain what this means to you as users and why we are changing the path forward. To help facilitate this transition, we will cover OpenTelemetry auto-instrumentation best practices to build a scalable trace pipeline to deliver this data to a Jaeger backend. Moving Jaeger from a tracing system to a monitoring system has been a big push for the project in the last year. Made possible by OpenTelemetry and the processor layer which allows for the creation of metrics derived from traces in the pipeline. Operational monitoring is now possible using the new monitoring tab, which adds metrics capabilities to Jaeger UI via another graduated project, Prometheus. We are always seeking new collaborators, contributors, and users. We need your help, please join us!

Speakers
avatar for Pavol Loffay

Pavol Loffay

Principal Software Engineer, Red Hat
Pavol Loffay is a principal software engineer at Red Hat working on open-source observability technology for modern cloud-native applications. Pavol contributes and maintains Cloud Native Computing Foundation (CNCF) projects OpenTelemetry and Jaeger. In his free time, Pavol likes... Read More →
avatar for Jonah Kowall

Jonah Kowall

VP Product Management, Aiven
Jonah Kowall, computer scientist and open-source contributor to Jaeger (Maintainer),  OpenSearch (Leadership Committee Member), OpenTelemetry. A technical leader across startups to large enterprises specialized in operations, security, and performance. Led Gartner research on monitoring... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
Forum | Ground Floor | Congress Centre
  Maintainer Track, Jaeger

11:55 CEST

Nurturing Security Permaculture: Kubernetes SIG Security Update - Tabitha Sable, Datadog; Mahé Tardy, Isovalent; Savitha Raghunathan, Red Hat; Ala Dewberry, VMware
SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join contributors Savitha, Ala, Mahé, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our documentation, third-party audit, self-assessments, and tooling subprojects. You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there!

Speakers
avatar for Savitha Raghunathan

Savitha Raghunathan

Senior Software Engineer, Red Hat
Savitha Raghunathan is a Senior Software Engineer at Red Hat, working on Container Migration and Application Modernization technologies. She leads K8s sig-security-documentation sub-project aiming to create security awareness through docs. As a maintainer of the Konveyor project... Read More →
avatar for Tabitha Sable

Tabitha Sable

Staff Engineer, Datadog
Tabitha Sable never met a system she didn't want to take apart. She serves the Kubernetes community as co-chair of SIG Security and a member of the Security Response Committee. At work, Tabitha leads Runtime Infrastructure Security at Datadog. She writes exploits, hardens infrastructure... Read More →
avatar for Mahé Tardy

Mahé Tardy

Security Engineer, Isovalent
Mahé is a security engineer at Isovalent and an active contributor to Kubernetes SIG Security. He was previously working as a security researcher and loves working with Linux, security, and Kubernetes!
avatar for Ala Dewberry

Ala Dewberry

Product Line Manager, Broadcom
Ala is a Product Line Managerat Broadcom, working at the intersection AI, security, and modern applications. Before joining VMware, she headed up engineering operations for SS&C Eze’s Eclipse platform, held customer facing roles at Veracode, a leader in application security, and... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
G001-G002 | Ground Floor | Congress Centre
  Maintainer Track, Kubernetes

11:55 CEST

Prometheus Updates and Deep Dive - Kemal Akkoyun, Polar Signals & Bryan Boreham, Grafana Labs
As the 2nd oldest project in the CNCF, you have probably heard about Prometheus before. Prometheus is the de facto standard in cloud-native metrics monitoring and beyond, mainly because Kubernetes is designing its custom metrics engine for Prometheus. Nevertheless, the project maintainers will introduce you from the very beginning, followed by a deep dive into its internal and a list of the exciting new features that have been released recently or are in the pipeline. You will learn about many opportunities to use Prometheus, and we will cover a mix of introduction content, a deeper dive into current developments, and open Q&A at the end. We can even tempt you to contribute to the project yourself.

Speakers
avatar for Kemal Akkoyun

Kemal Akkoyun

Software Engineer, Polar Signals
Kemal Akkoyun is a Senior Software Engineer at Polar Signals. He is one of the maintainers of Thanos and Prometheus. He is heavily invested in observability, profiling, and performance engineering. Kemal is interested in tools like Go, eBPF, Kubernetes, Prometheus, and Rust. He likes... Read More →
avatar for Bryan Boreham

Bryan Boreham

Distinguished Engineer, Grafana Labs
Bryan Boreham is a Distinguished Engineer at Grafana Labs, working on highly scalable storage for metrics, logs and traces. Bryan's career has ranged from charting pie sales at a bakery to real-time pricing of billion-dollar bond trades. A contributor to many Open Source projects... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
E107-108 | First Floor | Congress Centre
  Maintainer Track, Prometheus

11:55 CEST

Sig Scheduling Deep Dive - Aldo Culquicondor, Google & Kante Yin, DaoCloud
In this talk, Aldo and Kante will present the latest enhancements that SIG Scheduling recently promoted in Kubernetes, and the opportunities under discussion, to better support both services and batch type workloads in Kubernetes. We will discuss the recent improvements to scheduler performance that are allowing it to reach new scheduling throughput highs, better support for rolling updates in deployments while maintaining high availability, the new spec. SchedulingGates knob and how it allows external integrators, like dynamic quota managers, to control when pods should be considered for scheduling. We will also discuss the recent developments in sponsored projects, such as Kueue, scheduling plugins and the descheduler.

Speakers
avatar for Aldo Culquicondor

Aldo Culquicondor

Sr. Software Engineer, Google
Aldo is a Senior Software Engineer at Google. He works on Kubernetes and Google Kubernetes Engine, where he contributes to kube-scheduler, the Job API and other features to support batch, AI/ML and HPC workloads. He is currently a TL at SIG Scheduling and an Organizer of the WG Batch... Read More →
avatar for Kante Yin

Kante Yin

Senior Software Engineer, DaoCloud
Kante is a senior software engineer and an open source enthusiast. He's currently working at the Kubernetes AI platform team at DaoCloud, based in Shanghai. He also works on upstream Kubernetes as SIG-Scheduling Maintainer and several sub-projects maintainers.



Wednesday April 19, 2023 11:55 - 12:30 CEST
G109 | First Floor | Congress Centre
  Maintainer Track, Kubernetes SIG Scheduling

11:55 CEST

How We Securely Scaled Multi-Tenancy with VCluster, Crossplane, and Argo CD - Ilia Medvedev & Kostis Kapelonis, Codefresh
What do you do when RBAC with namespaces aren’t enough to meet your multi-tenancy needs? Namespaces are easy to implement but they generally do not provide the level of isolation that is needed when working with external users. Instead of running multiple clusters, which are complex to manage, hard to scale and often costly, we turned to vCluster. vCluster is an open source project that allows you to create virtual clusters in any Kubernetes cluster. Virtual clusters enjoy higher isolation than simple namespaces and can also be used for cluster level resources like CRDs without any versioning conflicts. Using virtual clusters in the Codefresh’s hosted GitOps platform that is powered by thousands of Argo instances we enabled high isolation between tenants while lowering the cost of application multi-tenancy. For most companies, multi-tenancy means supporting multiple teams within an organization, or perhaps a partner. For us, multi-tenancy means providing access to the general public. We needed to go deeper than RBAC, namespaces, and auditing. In this end-user talk, we’ll share how we leveraged vCluster, Crossplane, and Argo CD to approach multi-tenancy, scale, and security in a totally GitOps fashion. You’ve never seen vCluster scale like this before!

Speakers
avatar for Kostis Kapelonis

Kostis Kapelonis

Codefresh
Kostis is a software engineer/technical-writer dual class character. He lives and breathes automation, good testing practices and stress-free deployments.
avatar for Ilia Medvedev

Ilia Medvedev

DevOps Engineer, Codefresh
DevOps Engineer at Codefresh. Kubernetes, container driven development and CI/CD enthusiast, with a strong passion for GitOps and Argo. Working with the amazing team at Codefresh to optimize the GitOps methodology for software delivery at scale.



Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  Multi-tenancy

11:55 CEST

Past, Present, and Future of eBPF in Cloud Native Observability - Frederic Branczyk, Polar Signals & Natalie Serrino, New Relic
eBPF has long been promising in the cloud native ecosystem but has evolved significantly over the years. Frederic will start by first giving a brief history of the past and how eBPF has developed to be what it is today. This leads us to the current state of things in the present space of observability. Here Frederic will outline how eBPF is safely used in a variety of open source, apache2 licensed, projects from Cilium Hubble, Pixie, to Parca, and others. Here we will also take a look at a simple demo on eBPF and how this can be run on a Kubernetes cluster and what we can find about that cluster just by using eBPF data. The last portion of the talk will discuss the future of observability using eBPF and where Frederic thinks it will develop, which among other things will include how eBPF will enable correlation between different signals such as connecting distributed tracing with profiling data.

Speakers
avatar for Natalie Serrino

Natalie Serrino

Principal Engineer, New Relic
Natalie Serrino is a Principal Engineer at New Relic working on the Pixie open source project. She focuses on Pixie’s data layer, more specifically, the PxL language, the PxL compiler, and Pixie’s edge query engine for analytics.
FB

Frederic Branczyk

Software Engineer & Founder, Polar Signals
Frederic is the founder of Polar Signals. Before founding Polar Signals he was a senior principal engineer and the main architect for all things Observability at Red Hat, which he joined through the CoreOS acquisition. Frederic is a Prometheus and Thanos maintainer and tenured as... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Observability

11:55 CEST

Colocate Hadoop YARN with Kubernetes to Save Massive Costs on Big Data - Irvin Lim & Hailin Xiang, Shopee
Although containerization enables flexibility for workloads and has better resource utilization than virtual machines. But the resource utilization of a production Kubernetes cluster is still quite low if accumulates by 24 hours, while Big Data workloads stabilize at a high resource utilization level. To address the low resource utilization issue on Kubernetes clusters, the industry would colocate online services and offline jobs in the same cluster usually. But how to ensure offline jobs don't affect the normal running of online services is very tricky. Offline jobs may occupy a lot of L3 caches, consume memory bandwidth, hold critical kernel lock and then affect the error rate and the latency of colocated online services. In this talk, we would share how we customize and extend Linux Kernel, Container Runtime, Kubernetes Scheduler, and Kubelet to improve resource utilization significantly while ensuring online services are running as normal. We would share why default cgroup CFS and memory limits are insufficient in complicated real-world scenarios and how to overcome them. We also would share Kubernetes restrictions on offline job scheduling and how we workaround it to save costs on purchasing computing resources for Big Data.

Speakers
avatar for Irvin Lim

Irvin Lim

Expert Engineer, Shopee
Irvin is an Expert Engineer in Shopee, under the Engineering Infrastructure platform engineering department. As one of the earlier engineers to adopt Kubernetes in Shopee, he helped to spearhead the development and adoption of several significant cloud-native platforms in Shopee... Read More →
HX

Hailin Xiang

Senior Engineer, Shopee
Hailin Xiang is a Senior Engineer at Shopee. He evolves Shopee infrastructure via Cloud Native tech stack with other colleagues in past years, e.g. he implemented the Shopee Colocation Platform from scratch and verify its power with big campaign traffics. Besides Kubernetes, he is... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
Hall 7, Room D | Ground Floor | Europe Complex
  Reliability + Operational Continuity

11:55 CEST

Device Plugins 2.0: How to Build a Driver for Dynamic Resource Allocation - Kevin Klues, NVIDIA & Alexey Fomenko, Intel
Dynamic Resource Allocation (DRA) is a new Kubernetes feature that puts resource scheduling in the hands of 3rd-party developers. From an end-users perspective, it moves away from the limited "countable" interface for requesting access to resources (e.g. "nvidia.com/gpu: 2"), providing an API more akin to that of persistent volumes. Using GPUs as an example, DRA unlocks a host of new features without the need for awkward solutions shoehorned on top of the existing device plugin API. These features include: * Controlled GPU Sharing (both within a pod and across pods) * Multiple GPU models per node (e.g. T4 and A100) * Specifying arbitrary constraints for a GPU (min/max memory, device model, etc.) * Dynamic allocation of MIG devices * Dynamic repurposing of a GPU from full to MIG mode * Dynamic repurposing of a GPU for use as Passthrough vs. vGPU * ... the list goes on ... In this talk, you will learn how to build your own resource driver for DRA. This includes details of how to use Kubernetes's in-tree helper libraries for DRA, where to find an example driver to get you started, as well as best-practices for architecting the driver itself. Throughout this talk, we will use our existing NVIDIA and Intel GPU drivers as a guide, concluding with a demo of these drivers in action.

Speakers
avatar for Kevin Klues

Kevin Klues

Distinguished Engineer, NVIDIA
Kevin Klues is a distinguished engineer on the NVIDIA Cloud Native team. Kevin has been involved in the design and implementation of a number of Kubernetes technologies, including the Topology Manager, the Kubernetes stack for Multi-Instance GPUs, and Dynamic Resource Allocation (DRA... Read More →
avatar for Alexey Fomenko

Alexey Fomenko

Cloud Software Developer, Intel
Started using computers at the age of 7, hacking at 10, programming at 14. Been using Linux-based OS for last 20 years. Working 15 years by now, with quite many different fields: a bit of Linux OS core components maintenance for mobile phones, a bit of B2B consulting, a little Big... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
G104-105 | First Floor | Congress Centre
  Runtime Performance + Constrained Environments

11:55 CEST

Confidential Containers Made Easy - Fabiano Fidencio, Intel & Jens Freimann, Red Hat
Join us as we expose the steps that make Confidential Containers (CoCo) easy to provision and run your first workload! CoCo is an open source community working to enable cloud native confidential computing by leveraging trusted execution environments (TEE) to protect containers and data. CoCo integrates multiple features from many open source projects that need to need to securely and efficiently work together on many distinct hardware technologies, supporting several CRI runtimes, and more that can appear to be complex to get started. We will share how the project's front-end is an operator responsible for such deployment in a Kubernetes cluster, how to declare your setup via a Custom Resource and simply let the Operator take care of everything else for you.

Speakers
avatar for Jens Freimann

Jens Freimann

Software Engineering Manager, Red Hat
Jens started his career working on firmware for I/O chipsets in IBM's mainframes but soon transferred to work on a full-system simulator based on KVM. This led him to work on core KVM in the IBM Linux Technology Center before he jumped over to Red Hat to continue working in virtualization... Read More →
FF

Fabiano Fidencio

Cloud Orchestration Software Engineer, Intel
Fabiano Fidêncio is a Software Engineer with a strong passion for easing the usability of the projects he works on. He's been serving as an Architecture Committee member of the Kata Containers project for the past 2 years, and has been involved with Confidential Containers since... Read More →



Wednesday April 19, 2023 11:55 - 12:30 CEST
Emerald Room | First Floor | Congress Centre
  Security + Identity

11:55 CEST

Using OpenTelemetry for Application Security, with a Real Life Example - Ron Vider, Oxeye
The composition of application vulnerabilities has changed as a result of the shift from monolithic applications to cloud native applications, but application security testing hasn't kept up, and the security of cloud native applications is at risk. In this presentation, we’ll explore how vulnerabilities have evolved in the shift from monolithic to cloud native and microservices. We’ll see how cloud native vulnerabilities are executed, and how they look like vulnerable flows rather than just a static bug. Starting with an overview of OpenTelemetry, we’ll explore what observability is, why it’s needed in modern software development, and how it works. We’ll then dive into a real life example of a ‘cloud native vulnerability’, and how OpenTelemetry helps us detect it. We will: • Demonstrate a Kubernetes application with two microservices, and a message queue in between them. One microservice exposes an API to the internet, and a payload continues through the MQ up to the internal microservice. • Deploy the application & show the attack • Install OpenTelemetry manually on the environment, and show a vulnerable flow in Jaeger We will also look at the challenges: • Additional security related instrumentation • Test coverage - you don’t know what you don’t know • Installation process

Speakers
avatar for Ron Vider

Ron Vider

CTO, Co-Founder, Oxeye
Ron Vider is the CTO and co-founder of Oxeye, where he oversees the company’s research, engineering and product efforts. Prior to co-founding the company, Ron worked as a security researcher at Orca Security, and led a security research team in the elite Unit 8200 of the Israeli... Read More →


Wednesday April 19, 2023 11:55 - 12:30 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity

12:30 CEST

Lunch 🍲
Wednesday April 19, 2023 12:30 - 14:30 CEST
Halls 1 + 5 | Ground Floor | Europe Complex

13:00 CEST

Open Space Session: Outlining a virtual global sustainability event
Leonard Pahlke co-chair of the CNCF TAG Environmental Sustainability, will lead this session to gauge interest in organizing a global virtual meeting on sustainability, brainstorm meeting format, gather session ideas, and engage and excite potential co-organizers. 

Wednesday April 19, 2023 13:00 - 13:45 CEST
Open Space Session 1 | Solutions Showcase

13:00 CEST

14:30 CEST

Choose Your Own Adventure: The Treacherous Trek to Development - Whitney Lee, VMware & Viktor Farcic, Upbound
From the moment of their inception as source code on the developer’s laptop, our hero knows that they are destined for great things. They long to be a real, running application, living in production, serving end users! But the epic journey to production is an arduous one, filled with cascading choices—choices concerning container build strategy, image registries, application configuration, adding and managing a database, migrating database schema, and Kubernetes-native development, to name a few. And who knows what other unseen forces lurk in the shadows! One wrong step could be catastrophic.

It is up to us, the audience, to guide our hero; and to help them grow from source code to container image, to the first pitstop on their journey- running in a development environment. In this ‘Choose Your Own Adventure’-style talk, Whitney and Viktor will present a linear view of all of the choices that an anthropomorphized application must make as they try to find their way to the fabled land of development. Throughout the presentation, the audience will use a voting app to choose which path our hero application will take. Can we navigate CNCF projects and avoid pitfalls and dead-ends to get our application to development before the session time elapses?

Join us if you dare! This talk is not for the faint of heart!


Speakers
avatar for Viktor Farcic

Viktor Farcic

Developer Advocate, Upbound
Viktor Farcic is a lead rapscallion at Upbound, a member of the CNCF Ambassadors, Google Developer Experts, CDF Ambassadors, and GitHub Stars groups, and a published author. He is a host of the YouTube channel DevOps Toolkit and a co-host of DevOps Paradox.
avatar for Whitney Lee

Whitney Lee

Staff Technical Advocate, Broadcom
Whitney is a lovable goofball and a CNCF Ambassador who enjoys understanding and using tools in the cloud native landscape. Creative and driven, Whitney recently pivoted from an art-related career to one in tech. You can catch her lightboard streaming show ⚡️ Enlightning on Tanzu.TV... Read More →


Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track

14:30 CEST

Fight Back Against Cyber Risk in the Software Supply Chain with a Secure and Compliant DevSecOps Pipeline for Regulated Environments - Krishna Rajeesh Nallur Valiyaveettil & Brendan Kelly, IBM
Cyber-attacks and security vulnerabilities are one of the top concerns for organizations nowadays, especially for regulated environments, for example on the Financial Services market. Having secure and compliant dev sec ops pipelines is a major tool to fight back these threats and make sure regulated workloads can be safely deployed with reduced risk. In this session we will share our experience helping clients address these challenges using open-source tools and capabilities to provide secure and compliant DevSecOps pipelines. We will cover best practices of Secure Software Supply Chain including: - Reliable, repeatable automation with Everything as Code - Mitigation of security risks as early as possible - Driving standardization and reuse - Focus on Evidence Gathering for audits We will share a specific solution based on the BIAN (Banking Industry Architecture Network) architectural framework for banking interoperability which will showcase the application of Continuous Integration, Continuous Deployment and Continuous Compliance in a real-world scenario using available open source tools like Tekton, Terraform, SonarQube.

Speakers
avatar for Krishna Rajeesh Nallur Valiyaveettil

Krishna Rajeesh Nallur Valiyaveettil

Sr Architect, IBM Cloud for financial services, IBM
Krishna Rajeesh is a Senior Architect in IBM Cloud for Financial Services with over 18 years of experience in Financial, Manufacturing, and Service industries. Responsible for designing and deploying solutions on cloud and on-premises, with security and compliance strategies. He is... Read More →
avatar for Brendan Kelly

Brendan Kelly

Sr Architect, IBM Cloud for financial services, IBM
Brendan Kelly is a senior architect with IBM, having been in the software development industry for almost ten years.He is passionate about the use of automation in general, whatever the problem to be solved – be it data science, infrastructure provisioning, application development... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)
  CI/CD

14:30 CEST

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling - Christie Wilson, Google & Priya Wadhwa, Chainguard
SLSA is an emerging standard for supply chain security that makes it easier to reason about threats and mitigations, but how do we make it work for Kubernetes? It can be difficult to analyze the security posture of a Kubernetes based CI/CD platform, let alone mitigate the threats. Threat modeling to the rescue! Using Tekton as a case study, Priya and Christie will walk you through a threat model analysis of CI/CD execution on Kubernetes, identifying trust boundaries that can be exploited by malicious external actors, internal actors and even privileged admins, and mapping these trust boundaries to SLSA standards. They will demo how Tekton has complied with this standard by utilizing open source projects like Sigstore and SPIRE. You'll leave this talk with a deeper understanding of supply chain security and of how to mitigate potential threats to building artifacts on Kubernetes.

Speakers
avatar for Christie Warwick

Christie Warwick

Software Engineer, Google
Christie Wilson (Warwick) (she/her) is a software engineer with a passion for building quality software and having fun doing it. During her career she has worked in a wide range of domains from currency exchange to AAA games and is currently working on continuous delivery tools at... Read More →
avatar for Priya Wadhwa

Priya Wadhwa

Software Engineer, Chainguard
Priya Wadhwa is a software engineer at Chainguard, where she works on a variety of open source projects with the goal of improving software supply chain security. She is a member of the Sigstore TSC and a maintainer of the Tekton Chains project. She's passionate about making security... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
In Virtual Platform
  CI/CD

14:30 CEST

Going for Graduation: Crossing the Chasm - Bill Mulligan, Isovalent & Katie Gamanji, Apple
Sandbox, incubation, graduation. These are the three maturity stages for the 147 (at the time of writing) projects under the CNCF umbrella. While the formal process to go from one stage to the next is written down in the TOC repo, it isn’t just a check the box process and each community will have its own journey. This talk from a current TOC member and maintainer of a project applying for graduation will break down, from both sides of the table, what it takes to build a successful project and community to finally cross the chasm to graduation. The audience will learn: 1. What the graduation process looks like 2. When you should get started with the process 3. How to prepare for each of the graduation requirements 4. What resources are available to projects getting ready for graduation

Speakers
avatar for Katie Gamanji

Katie Gamanji

Senior Field Engineer @ Apple, Apple
Katie is a cloud-native leader, practitioner, and contributor, currently in a Senior Field Engineer role at Apple and a TOC for CNCF. As a cloud platform engineer, Katie has contributed to the buildout of infrastructure at Conde Nast, and American Express, gravitating towards cloud-native... Read More →
avatar for Bill Mulligan

Bill Mulligan

Community Pollinator, Isovalent
Bill Mulligan is a cloud native pollinator and community builder. He has given talk and written articles about building the business case for cloud native. While at CNCF he restarted the Kubernetes Community Day program and worked to grow the student community. He is currently at... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
G106-107 | First Floor | Congress Centre
  Community

14:30 CEST

PlayStation and Kubernetes: How to Solve a Problem Like Real-Time - Joseph Irving, PlayStation
Kubernetes can be a natural fit for hosting things like websites and APIs - but hosting something that requires sets of long-lived stable connections may not work as well in the shifting sands that is a Kubernetes cluster. Realtime video game servers are one of these things, as a group of friends would not enjoy being booted out of their 30 minute match because the pod they were playing in got autoscaled. At PlayStation we're trying to use an open source project, Agones, to run game servers in a Kubernetes cluster. We hope to get all the benefits that come with the Kubernetes ecosystem, without sacrificing the ability to provide great shared-world game experiences.

Speakers
avatar for Joseph Irving

Joseph Irving

Senior DevOps Engineer, PlayStation
Joseph is a Senior DevOps Engineer working in Playstation's centralised technology team. He’s been using Kubernetes to run production workloads for over 6 years and he enjoys trying to solve company wide problems in a simple but flexible way, building common tools and platforms... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes

14:30 CEST

Argo CD Core - A Pure GitOps Agent for Kubernetes - Alexander Matyushentsev, Akuity & Leonardo Luz Almeida, Intuit
Argo CD is well known for being extremely helpful for application developers’ teams. Kubernetes administrators, however, have similar but slightly different requirements. In both cases, GitOps is the way to go. As one of the best-known GitOps operators, Argo CD is a popular choice among cluster administrators, but many application developers’ specific features might be standing in the way rather than helping. There is no need to fight with the tool since you can get precisely what you need instead. You don’t have to configure multi-tenancy and SSO integration if you don’t benefit from it. In this presentation, we will describe Argo CD Core - the officially supported Argo CD distribution that includes only the core features and is tailored towards cluster administrator use cases. The presentation covers the main Argo CD Core features and describes how you can combine them with ApplicationSet to get an efficient and flexible Kubernetes cluster management solution.

Speakers
avatar for Alexander Matyushentsev

Alexander Matyushentsev

Co-founder and Chief Architect, Akuity
Argo Co-Creator, Argo CD Lead, and maintainer. Energetic and passionate software engineer with over a decade of software development experience. I'm an enthusiast of continuous integration, agile environments, and a huge open-source believer. Core contributor and maintainer of http://argoproj.io... Read More →
avatar for Leonardo Luz Almeida

Leonardo Luz Almeida

Staff Software Developer, Intuit
Leo is a staff member of the core Argo team at Intuit responsible for improving and operating Argo CD and Argo Rollouts in the company. He is an active Argo maintainer sharing his time between open-source and internal development. Leo is passionate about native cloud applications... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
Forum | Ground Floor | Congress Centre

14:30 CEST

Envoy Gateway Update - Alice Wasko, Ambassador Labs & Arko Dasgupta, Tetrate
Come here about updates on Envoy Gateway, the OSS Envoy ingress controller that the community has been working on!

Speakers
avatar for Alice Wasko

Alice Wasko

Software Engineer, Ambassador Labs
Alice Wasko is a maintainer of the Emissary-ingress incubating CNCF project and Envoy Gateway. Her technical expertise focuses on API Gateway development, Kubernetes networking, and developer/operator experience. Alice is a Go enthusiast and is currently working as a software engineer... Read More →
avatar for Arko Dasgupta

Arko Dasgupta

Software Engineer, Tetrate, Tetrate
Software Engineer at Tetrate spending most of his time building & debugging networking features with Envoy and Istio.



Wednesday April 19, 2023 14:30 - 15:05 CEST
E103-104 | First Floor | Congress Centre
  Maintainer Track, Envoy

14:30 CEST

From Automation to Community: A Deep Dive Into SIG Contributor Experience - Priyanka Saggu, SUSE; Madhav Jivrajani, VMware; Kaslin Fields, Google
The Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. It also provides an excellent place to get involved with the Kubernetes project, either through code, non-code, or both. Join us and learn about ContribEx's many programs and deep dive into some of our current initiatives: Granular Approval PR Plugin: The Kubernetes CI system currently can only assign Approvers on a directory basis. This has caused significant friction for various edge case scenarios. The changes for the approve plugin will distribute approval privilege by adding the ability to granularly assign approvers by file. Annual Report Generator: The Kubernetes project has an annual health check with all its SIGs and WGs. Recent improvements have significantly reduced the toil of project leads by automating much of the report generation. Peribolos: Improvements to in-house tool for GitHub user and team management. And much more!

Speakers
avatar for Priyanka Saggu

Priyanka Saggu

Kubernetes Integration Engineer, SUSE
Priyanka Saggu is a Kubernetes Integration Engineer at SUSE and has made significant contributions to different aspects of the Kubernetes project. She serves as the Technical Lead for the project's SIG ContribEx and has held leadership positions as Kubernetes Release Lead Shadow (v1.27... Read More →
avatar for Kaslin Fields

Kaslin Fields

Developer Advocate, Google
Kaslin Fields is a Developer Advocate at Google Cloud & contributor to Open Source Kubernetes. She is passionate about making technology accessible to a broad audience through creating content in many forms, such as videos, blogs, documentation, and even comics which she illustrates... Read More →
avatar for Madhav Jivrajani

Madhav Jivrajani

Member of Technical Staff 2, VMware by Broadcom
Madhav is currently working at VMware on upstream Kubernetes. He has been a part of the Kubernetes community for about a year and mainly helps out with SIG-{Contribex, Node, Architecture, API-Machinery}. He was also involved with the structured logging efforts in the Kubernetes project... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
G001-G002 | Ground Floor | Congress Centre

14:30 CEST

How SIG Release Makes Kubernetes Releases Even More Stable and Secure - Veronica Lopez, PlanetScale & Marko Mudrinić, Kubermatic GmbH
SIG Release is one of the largest Kubernetes Special Interest Groups, responsible for delivering Kubernetes to millions of users. To accomplish that, individual contributors invest their time in developing various tools and libraries and ensuring that our release pipeline is as safe as possible. In this session, Verónica and Marko will show how Kubernetes influenced many other projects in the community by providing them with tooling that they can use to release their projects securely. They will highlight our two major efforts in 2023: moving packages from Google infra to the community-provided infra and migrating to the new image registry. Finally, they will talk about how you can join SIG Release and our efforts to make Kubernetes releases better. Come and see what it means for you as an end user, and how you can build upon our efforts as a Kubernetes subproject maintainer.

Speakers
avatar for Marko Mudrinić

Marko Mudrinić

Software Engineer, Kubermatic
Marko is a Senior Software Engineer at Kubermatic, a Release Manager for Kubernetes, and a Teaching Associate at the School of Computing in Belgrade. He's working on various Kubernetes cluster management solutions and he's one of the core maintainers for Kubermatic's KubeOne project... Read More →
avatar for Veronica Lopez

Veronica Lopez

Software Engineer, PlanetScale
Verónica is a distributed systems engineer, currently serving as a tech lead for Kubernetes SIG Release.



Wednesday April 19, 2023 14:30 - 15:05 CEST
E105-106 | First Floor | Congress Centre
  Maintainer Track, Kubernetes / SIG-Release

14:30 CEST

Kubernetes SIG Storage: Intro and Deep Dive - Xing Yang, VMware & Jan Šafránek, Red Hat
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.

Speakers
avatar for Jan Šafránek

Jan Šafránek

Software Engineer, Red Hat
Jan is a Senior Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 8 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →
avatar for Xing Yang

Xing Yang

Tech Lead, VMware by Broadcom
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware by Broadcom. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
E107-108 | First Floor | Congress Centre
  Maintainer Track, Kubernetes SIG Storage

14:30 CEST

Rook: Intro and Deep Dive with Ceph Storage - Travis Nielsen & Blaine Gardner, IBM Storage; Alexander Trost & Deepika Upadhyay, Koor Technologies, Inc
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

Speakers
avatar for Alexander Trost

Alexander Trost

Founding Engineer, Koor Technologies, Inc
I'm Alexander Trost, Founding Engineer of Koor Technologies, Inc. and maintainer of the Rook project. I'm happy to talk about anything container, storage and container storage related.
avatar for Blaine Gardner

Blaine Gardner

Senior Advisory Systems and Software Engineer, IBM Storage
Blaine is a Software Engineering Professional at IBM Storage on the OpenShift Data Foundation (ODF) team. He is a maintainer of the CNCF-graduated Rook project making sure Ceph and Kubernetes live together in harmony. Blaine lives in Denver, Colorado and enjoys rock climbing, partner... Read More →
avatar for Travis Nielsen

Travis Nielsen

Senior Principal Software Engineer, IBM Storage
Travis Nielsen is a Senior Principal Software Engineer at IBM Storage with the Ceph distributed storage system team. Travis leads the Rook project and is one of the original maintainers, integrating Ceph storage with Kubernetes. Prior to Rook, Travis was the storage platform tech... Read More →
DU

Deepika Upadhyay

Cloud Storage Engineer, Koor Technologies, Inc
Deepika is currently working as a Cloud Storage Engineer at Koor Technologies and is a contributor to Rook project, she is currently exploring backup and recovery for storage in the container world. She earlier worked as a Ceph Storage Engineer on the RADOS and RBD (Block based storage... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
G109 | First Floor | Congress Centre
  Maintainer Track, Rook

14:30 CEST

The Next Episode in Workload Isolation: Confidential Containers - Jeremi Piotrowski, Microsoft
Container based workloads are isolated at the OS level by default. Stronger isolation can be achieved using Kata Containers which adds a hardware isolation boundary. New hardware capabilities have appeared in CPUs in recent years that open up the possibility of enhancing this isolation with an added level of confidentiality. Kata-CC is an extension of Kata Containers that makes use of Trusted Execution Environment features present in modern CPUs to enhance security in a multi-tenant environment by combining workload attestation and memory encryption. An issue hindering wider adoption of this technology for some time has been hardware availability. New developments which will be covered in this talk address this and make confidentiality more accessible than ever. Jeremi will talk about the available ways to deploy containers in SEV-SNP (secure encrypted virtualization - secure nested paging) protected confidential virtual machines and dig into their respective architectures. He will also talk about the challenges with hardware attestation and how it ensures workload portability.

Speakers
avatar for Jeremi Piotrowski

Jeremi Piotrowski

Software Engineer, Microsoft
Jeremi is a Software Engineer at Microsoft, his work focuses on Linux OS components. In Azure he has been working on enabling Confidential Containers to run within Linux guests. He is a Flatcar Container Linux maintainer and contributed to projects like containerd and the Linux Kernel... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  Multi-tenancy

14:30 CEST

Understand Systems with OpenTelemetry: A Hybrid Telemetry Data Backend - Ran Xu, Huawei & Xiaochun Yang, Northeastern University
HUAWEI CLOUD uses the cloud-native architecture to support thousands of services, DevOps requires understanding the running status of each system in a large number of interdependent microservices, middleware, and devices. openTelemetry is an observability industry standard. It provides standards and tools to generate high-quality telemetry data (metrics, logs, and traces). However, considering the need to quickly understand the system running status in massive telemetry data, a back-end storage that hybrid multiple types of telemetry data is a key part of the observability system. How to support efficient correlation query and real-time analysis in massive high-cardinality telemetry data and reduce the cost of telemetry data storage and computing is a challenge for us. In the sharing, we will introduce: 1. Key Challenges to Cloud Native Observability of HUAWEI CLOUD. 2. From metric data to telemetry data, the evolution history and thinking of observability back-end storage. 3. HUAWEI CLOUD observability cases.

Speakers
avatar for Ran Xu

Ran Xu

Software Architect, Huawei CLOUD
Xu Ran, a database expert in HUAWEI CLOUD Database Innovation Lab and openGemini time-series database architect, has been engaged in distributed databases and NoSQL databases as a cloud service for many years. Currently, Xu Ran is dedicated to research and innovation related technologies... Read More →
avatar for Xiaochun Yang

Xiaochun Yang

Professor, Northeastern University
Yang Xiaochun, a professor at Northeastern University in China, has been engaged in teaching and research in the field of data management and analysis for 20 years. She served as the board of Academic Working Committee of China Computer Federation (CCF), Editorial Board of the International... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Observability
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

14:30 CEST

How to Make Your K8s Cluster Survive When It Has No Internet Access: Airgap Reflection in a Cloud Native World - Christophe Jauffret, Nutanix
Internet is everywhere, everything is connected to the Internet ... this is clearly the default assumption of almost any cloud native products and we can see it in a large majority of their documentation. In the real world of business, it is often extremely different. The Internet is a resource that has to be earned and accessing it can sometimes become complicated. Firewall, Proxy, DMZ, ACL , limited bandwidth... are all constraints that will get in your way and prevent you from reaching your goal. During this session, we will go through the most typical infrastructure that can be found in companies, and we will see what it is possible to put in place in terms of tooling to simplify life to the maximum. Container Runtime, Registry, Policy Management can be configured and adapted to work best in these particular situations. Many precise examples will be given so that you can reproduce them on your own infrastructure.

Speakers
avatar for Christophe Jauffret

Christophe Jauffret

Principal Solutions Architect Cloud Native, Nutanix
Christophe Jauffret is a Staff Solution Architect on Cloud Native Technology within Nutanix Product Management Team. For nearly 25 years, he has been developing his expertise on the most innovative technologies in order to simplify the IT environment for customers. He contributes... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
Hall 7, Room D | Ground Floor | Europe Complex
  Reliability + Operational Continuity

14:30 CEST

Emergent Load Testing: Rules for Organized Chaos - Nicole van der Hoeven, Grafana Labs
When we write load testing scripts against our applications, we write them sequentially: A, then B, then C. But this doesn't accurately reflect the organized chaos of a system in production, nor does it prepare the system for the unexpected. Emergence is a phenomenon where parts of a whole independently develop properties not originally present in the whole. Emergence is what helps ant workers develop roles without leadership, prompts animals to evolve adaptive traits without forethought, and facilitates non-toxic communities without moderators. The growing field of emergent software applies this swarm logic to the programs that we write. What would it take to write emergent load testing scripts? It turns out that there are a few ingredients for emergence: a large population size, opportunities to interact, feedback, and an element of control. In this talk, Nicole van der Hoeven discusses how to bring these elements to load testing by writing a script in Grafana k6 that can independently decide what requests to make next, modify Kubernetes app pods, and disrupt services based on a continual feed of results during runtime-- all without manual intervention. She shows how to wield this new breed of load testing to improve confidence in the complex systems we build.

Speakers
avatar for Nicole van der Hoeven

Nicole van der Hoeven

Senior Developer Advocate, Grafana Labs
Nicole is a performance engineer with over a decade of experience in breaking software and learning to build it back up again. She has lived in the Philippines, the US, Australia, the Netherlands, and Portugal, helping teams all over the world scale up their load tests on the cloud... Read More →


Wednesday April 19, 2023 14:30 - 15:05 CEST
G104-105 | First Floor | Congress Centre

14:30 CEST

A Confidential Story of Well-Kept Secrets - Lukonde Mwila, AWS
For generations, secrets have been kept, shared, and exposed. Most would agree that the best-kept secrets are the ones we've never heard of or told others about. The concepts that revolve around maintaining safe secrets are universal and stem from addressing these questions: "Where is the secret kept?", "Who needs to know about the secret?", "How does the secret get shared with the relevant parties?", and "How do you prevent the secret from being easily interpreted?" The answers can help you create a secure lifecycle for storing, sharing, and consuming secrets. In Kubernetes, a secure secret strategy depends on the answers to these same questions. Now more than ever, the vulnerabilities around the storage, sharing, and consumption of secrets in Kubernetes are well known, and as a result, more likely to be exploited. In this talk, Lukonde Mwila will share why addressing these questions can optimize managing sensitive data in Kubernetes. In addition, he'll highlight details of a Kubernetes secret strategy from a real-world project in relation to these questions. Lastly, he'll share how answers to these questions can be used to develop a framework for a secure secret lifecycle in Kubernetes environments with a demo using ESO, ArgoCD, and OPA Gatekeeper.

Speakers
avatar for Lukonde Mwila

Lukonde Mwila

Senior Developer Advocate, AWS
Lukonde is a Senior Developer Advocate at AWS and a CNCF Ambassador. He has years of experience in application development, solution architecture, cloud engineering, and DevOps workflows. He is a life-long learner and is passionate about sharing knowledge through various mediums... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
Emerald Room | First Floor | Congress Centre
  Security + Identity

14:30 CEST

The Hacker's Guide to Kubernetes - Patrycja Wegrzynowicz, Form3
Do you want to see live Kubernetes hacking? Come to see interactive demos where your newly registered accounts in k8s application are hijacked. This talk guides you through various security risk of Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you will find out how to exploit a range of vulnerabilities or misconfigurations in your k8s clusters, attacking containers, pods, network, or k8s components, leading to an ultimate compromise of user accounts in an exemplary web application. You will learn about common mistakes and vulnerabilities along with the best practices for hardening your Kubernetes systems.

Speakers
avatar for Patrycja Wegrzynowicz

Patrycja Wegrzynowicz

Lead Engineer, Form3
Patrycja is a lead engineer at Form3, Financial Cloud, working on reliability and performance of UK payments. She is also the founder of Yon Labs, a startup focusing on automated tools for detection and refactoring of security vulnerabilities, performance anti-patterns, or cloud issues... Read More →



Wednesday April 19, 2023 14:30 - 15:05 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity

14:30 CEST

Security Unconference hosted by CNCF Security TAG
Join the Security TAG for a daily afternoon unconference. Discover a range of security-related topics, from securing software supply chains to implementing zero-trust security, managing security for cloud-native infrastructure and applications, or building a security-first culture.

Submit a Security Unconference Topic: Each morning you can come to the village to submit topics for that afternoon’s unconference session. Industry experts, practitioners, and YOU will be able to share experiences and insights. Help us make the Security Village an inclusive and engaging destination for anyone interested in securing their cloud-native journey.

Security Unconference Schedule


Wednesday April 19, 2023 14:30 - 16:00 CEST
Onyx Lounge | Ground Floor | Congress Centre
  Security + Identity

14:30 CEST

Tutorial: Hands on with WebAssembly Microservices and Kubernetes - Jiaxiao Zhou, David Justice & Kate Goldenring, Microsoft & Radu Matei, Fermyon
This tutorial talk is meant to help you get started with WebAssembly (Wasm) on Kubernetes - a booming technology in the container world that promises delivery regardless of the platform, has an incredibly low memory footprint, and quick start times. We will start off the tutorial by introducing you to Wasm and its system interface (i.e., WASI), and how they work together with the underlying operating system. Then, we will move to demos and hands-on exercises to help you write your very first Wasm service that can, for example, serve HTTP/gRPC requests, persist data to key-value/blob stores, or react to event streams using pub/sub. What's more, these Wasm applications can be authored in multiple programming languages and frameworks, so its content and business logic can be extended to whatever you are most comfortable writing in. All in all, after building applications to Wasm, we will show how to package Wasm components to containers, and, lastly, we will deploy our work to environments like on-prem, cloud, and hybrid cloud using Kubernetes. Overall, you will leave the room having learned the pros and cons of using Wasm and how to build production-ready Wasm applications.

Speakers
avatar for David Justice

David Justice

Principal Software Engineer Lead, Microsoft
David Justice is a Principal Software Engineer Lead in Microsoft's Azure Container Upstream team, which focuses on contributing to and supporting open source initiatives in the cloud native ecosystem. David leads both the Azure Steel Thread team building the next wave of compute for... Read More →
avatar for Kate Goldenring

Kate Goldenring

Senior Software Engineer, Fermyon Technologies, Inc
Kate Goldenring is a senior software engineer at Fermyon and serves as co-chair of the Cloud Native Computing Foundation IoT Edge Working Group. She is an open-source developer who is drawn to building the best of what’s to come, maintaining projects focused on serverless WebAssembly... Read More →
avatar for Radu Matei

Radu Matei

Chief Technology Officer, Fermyon
Radu is the co-founder and CTO of Fermyon, building the next generation of cloud computing using WebAssembly. He is passionate about WebAssembly, distributed systems, and artificial intelligence. In the past he worked at Microsoft Azure in the DeisLabs research and development team... Read More →
avatar for Jiaxiao Zhou

Jiaxiao Zhou

Software Engineer, Microsoft
Jiaxiao (Joe) Zhou is a Software Engineer at Microsoft. He is on the Azure Container Upstream team and works on bringing WebAssembly to the cloud through projects like "runwasi", "SpiderLightning", and "containerd-wasm-shims". He is also a champion of several WASI proposals including... Read More →



Wednesday April 19, 2023 14:30 - 16:00 CEST
Elicium Building | Elicium Ballroom 1 + 2
  Tutorials, Runtime Performance + Constrained Environments

14:30 CEST

🚨 ContribFest: CrossPlane - Accelerate New Features and Learn to Contribute Alongside the Crossplane Maintainer Team (Limited Availability; First-Come, First-Served)
In this session, the Crossplane maintainer team be focusing on a few exciting hands-on activities together - we will walk through a contributor enablement session to help you get a development environment set up and ready to contribute to the project, and we will also walk through using some of the latest features in Crossplane to expedite your adoption of them, as well as discuss your important feedback to help continue maturing them.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.

Speakers
avatar for Jared Watts

Jared Watts

Founding Engineer, Upbound
Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a co-creator of the open source Crossplane (https://crossplane.io) and Rook (https://rook.io) projects. Prior to... Read More →
avatar for Muvaffak Onuş

Muvaffak Onuş

Staff Software Engineer, Upbound
Muvaffak is a maintainer in Crossplane, an incubating CNCF project, where he led several big initiatives in the last couple of years to enable control plane architectures in cloud native ecosystem. Before Crossplane, he built the SaaS backend of SAP Data Intelligence platform using... Read More →



Wednesday April 19, 2023 14:30 - 16:00 CEST
K101-102 | First Floor | Congress Centre

14:30 CEST

Mentorship Office Hours
The CNCF Mentorship Crew is holding open office hours at Kubecon! If you have any questions about mentorship and how it might fit your project or want to get pointers on writing proposals or selecting candidates, come by and chat with us!


Speakers
avatar for Nate Waddington

Nate Waddington

Developer Advocate, CNCF
Nate is a Developer Advocate with the Cloud Native Computing Foundation, focusing primarily on the CNCF landscape’s documentation efforts. Before joining the CNCF, Nate worked as a Creative Technologist at AKQA, helping build, install, and support interactive installations for retail... Read More →


Wednesday April 19, 2023 14:30 - 16:30 CEST
E101 | First Floor | Congress Centre

15:25 CEST

How to Blow up a Kubernetes Cluster - Felix Hoffmann, iteratec
Last year, Felix was handed a Kubernetes cluster and he was told that some pods are using too much memory. He didn't have a single clue about Kubernetes but quickly figured out that pods can be tamed by setting resource limits. Felix went and set limits—and watched the entire cluster go haywire. Half of the pods were stuck in a crash loop, the other half were forever "pending". On first sight, resource request and limit seem straightforward: A request is a lower bound for CPU or memory; a limit is an upper bound for CPU or memory. Once demand becomes higher than supply though, it is imperative to know how Kubernetes handles scarce resources. How do these settings influence scheduling? Which pod gets terminated first? Felix learned these things the hard way. He is giving this talk so you don't have to repeat his mistakes.

Speakers
avatar for Felix Hoffmann

Felix Hoffmann

Software Engineer, iteratec
Felix is terrified of specialization: as full-stack engineer he loves to work on all parts of the application. Optimizing frontends for accessibility brings him as much joy as blowing up cloud infrastructure. A true jack of all trades, master of none. Felix is happiest when he gets... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

15:25 CEST

An Introduction to Cloud Native Capture The Flag - Andrew Martin & James Cleverley-Prance, ControlPlane
This session is a repeat of the 11:55 session with the same title.

The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon Europe attendees. In preparation for getting started with the activity, you are invited to attend an introductory session.

This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together.  Want to know more about the CTF? Review the details hereConnect with the CTF team on Slack.

Speakers
avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. He spends his days focusing on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and security architecture. He has reviewed the security posture of numerous... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →


Wednesday April 19, 2023 15:25 - 16:00 CEST
G102-103 | First Floor | Congress Centre
  Capture The Flag
  • Content Experience Level Any

15:25 CEST

Multi-Arch Infrastructure from the Ground up - Cheryl Hung, Arm
At a high level, the goal of Multi-Arch infrastructure is that workloads can run on the best hardware for their price/performance needs, without developers being concerned with the underlying architecture. That doesn’t mean it’s easy! Multi-Arch touches Infra As Code, CI/CD, packaging, binaries, images, Kubernetes upgrades, testing, scheduling, rollout, reproducible builds, performance testing and more. This talk looks at how early adopters handled the challenges so you are prepared for the road ahead.

Speakers
avatar for Cheryl Hung

Cheryl Hung

Senior Director, Ecosystem, Arm
Cheryl brings developers together to build the future of infrastructure, especially cloud native and open source. As Senior Director at Arm, Cheryl leads strategy across the cloud and infrastructure ecosystem. She founded the Cloud Native London meetup, now 7000 members. Previously... Read More →


Wednesday April 19, 2023 15:25 - 16:00 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)
  CI/CD

15:25 CEST

How Implicit Bias Affects Diversity and Inclusion in Open Source - Anita Ihuman, CHAOSS
Open Source communities operate on a set of values that include a commitment to inclusion and diversity. The idea that the tech ecosystem at large is faced with the challenges of diversity and inclusion is not a myth. To some degree, everyone has implicit biases and beliefs about various social and identity groups. Implicit biases are unconscious attitudes or stereotypes that affect how we think, act, and make decisions. Studies have shown that implicit bias is the main cause of most of the problems caused by diversity and inclusion. As users, maintainers, and contributors of Open Source software, we may have encountered different marginalised groups that have shared their encounters of bias in Open Source communities. Majority of people are unaware of this bias and how it affects them as individuals or even as the victims. I'll go over what diversity and inclusion are in this session and why they're important in open source. Challenges faced by underrepresented groups in open source communities as a result of bias. What implicit bias is and how to spot it. Highlights of different forms of implicit bias, how to be more aware of this biases as a community and how it can be improved.

Speakers
avatar for Anita Ihuman

Anita Ihuman

Developer Advocate, CHAOSS
Anita is a Developer Advocate and technical writer. With 3+ years of experience in Web development and DevRel on a global scale. She is passionate about educating the developer market about new tools and technologies. She champions topics around Documentation, Open source, DEI best... Read More →


Wednesday April 19, 2023 15:25 - 16:00 CEST
In Virtual Platform
  Community

15:25 CEST

Building a Platform Engineering Fabric with the Kube API at Autodesk - Jesse Sanford & Greg Haynes, Autodesk
Autodesk is on a mission to become a platform company. To enable that future, a common deployment platform was built to accelerate the delivery of our cloud products. However, what started as the choreography of common deployment patterns has inevitably grown into a monolith of edge cases. Fortunately, the operator pattern and the extensibility of the Kube API has provided us with the fabric needed to retool. In this talk, Jesse and Greg will show that by providing a framework for declarative API design, we can unlock our platform engineer’s potential. That we can enable our globally distributed teams to build loosely coupled capability primitives on independent release schedules and product roadmaps. They will detail Autodesk's work with Crossplane and KubeVela and how they enable platform teams to build value without reinventing the wheel. Additionally, they will show how the prescription offered by these tools enables the clients of the platform to contribute back through inner source safely, abiding the “rules of the road”. Finally, they will demo how compliance is empowered through admission control and the strong separation of concerns built on Crossplane’s compositions and XRDs in conjunction with K8s RBAC to enforce sane defaults and security non-negotiables.

Speakers
avatar for Jesse Sanford

Jesse Sanford

Software Architect, Autodesk
Jesse is a lifelong software engineer focused on site reliability and Infosec. Currently architecting the juncture of platform engineering and security/compliance for Autodesk's Developer Enablement team. He regularly contributes to open source and frequently speaks about his work... Read More →
avatar for Greg Haynes

Greg Haynes

Software Architect, Autodesk
Greg is a Software Architect at Autodesk focused on developer platform services and also chairs Autodesk’s open source program. He’s contributed to many open source cloud technologies in the past, such as Knative, Kubernetes’ sig-scheduling, and several OpenStack projects.



Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes

15:25 CEST

Kubeadm Deep Dive - Rohit Anand, NEC & Paco Xu, Dao Cloud
This session will provide and update on the latest doings in the kubeadm project. What is the current state of the project and what is coming up next for it. Kubeadm is a subproject of SIG Cluster Lifecycle, one of the largest groups in the Kubernetes project. It is one of the most used tools for creating Kubernetes clusters and is the official node bootstrapper that is included in the Kubernetes release. It is the tool that is used by higher level projects like Minikube, Kubespray, Cluster API, kind and others. Kubeadm is actively maintained by a cross company team dedicated to keep the tool stable and generally available.

Speakers
avatar for Paco Xu

Paco Xu

OpenSource Team Leader, DaoCloud
Paco is an active Kubernetes contributor in multi SIGs and the lead of the DaoCloud open-source team.Kubernetes Steering CommitteeKubeadm MaintainerKubernetes v1.30 Release Signal Team LeadSIG-Node ReviewerHe organized Kubernetes Contributor Summit China 2023 and KCD Chengdu 2022, and speaked at KubeCon EU 2023, KubeCon China 2021 & 2023, KCD Shanghai. In 2024, he becomes LFAPAC Evangelist... Read More →
avatar for Rohit Anand

Rohit Anand

Technical Lead, NEC Corporation
Rohit is a cloud native enthusiast and active contributor in Kubernetes. Rohit is currently working as Technical Lead at NEC. He is working in primary as well as secondary software development work based on Kubernetes. Rohit has expertise in python, go, shell scripts, docker, kubernetes... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
G001-G002 | Ground Floor | Congress Centre
  Maintainer Track

15:25 CEST

On the Hunt for Etcd Data Inconsistencies - Marek Siarkowicz, Google
Many things can go wrong in a distributed system, making conventional testing techniques ineffective in preventing serious and subtle bugs. Even for mature systems like etcd, built on the reliable Raft foundations, bugs are inevitable. Last year the etcd community discovered 4 critical issues including data inconsistencies and lost durability that managed to pass our tests and a rigorous code review. Unfortunately, the testing methodology used by the etcd project was insufficient to detect such problems. So to prevent such issues in the future we needed a new approach. Over the course of 6 months the etcd community built a new testing framework that retroactively detected all issues that were found manually and on top of that identified a new issue. This presentation will discuss how the etcd project has adopted model testing methodology to weed out data inconsistency bugs in etcd and prevent such issues in the future.

Speakers
avatar for Marek Siarkowicz

Marek Siarkowicz

Senior Software Engineer, Google
Marek is a Software Engineer working at Google in Etcd team. He began his career in local startups where he loved open source and extreme programming. Currently he is a etcd maintainer and active member of SIG-instrumentation leading structured logging effort in Kubernetes. In his... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
E103-104 | First Floor | Congress Centre
  Maintainer Track, Etcd

15:25 CEST

The State of Backstage in 2023 - Ben Lambert & Patrik Oldsberg, Spotify
Ben and Patrik, both maintainers on the popular open source project Backstage, will talk through the state of the project and the new features that are coming your way. Coming off the back of BackstageCON in Detroit, the Backstage maintainer team have been working hard to get the Backend System ready for rollout, and some new features for the Scaffolder. They will show in detail what these new features mean, and how you can start using them today to start to improve your Backstage deployment in your organization. Ben and Patrik will also dive into a little bit of what is next for Backstage and what you can expect to see in the coming year, and what they're excited for!

Speakers
avatar for Ben Lambert

Ben Lambert

Engineer, Spotify
Ben is an Engineer at Spotify and a Maintainer of Backstage.io
avatar for Patrik Oldsberg

Patrik Oldsberg

Senior Engineer, Spotify
Patrik is a Senior Software Engineer at Spotify and a core maintainer of Backstage. In 2019 he joined the team in Spotify’s platform organization that owned the Backstage platform, and worked together with the rest of the team to bring it out in the open. Before joining Spotify... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
Forum | Ground Floor | Congress Centre
  Maintainer Track, Backstage

15:25 CEST

WG Batch: What’s New and What Is Next? - Swati Sehgal, Red Hat & Aldo Culquicondor, Google
Swati and Aldo will show you the improvements that the WG Batch has promoted in Kubernetes, and the opportunities under discussion to better support batch workloads such as HPC, AI/ML, data-analytics, etc. Aldo will talk about improvements to the Job API around scale and failure policies and the roadmap to make the Job API the standard for batch applications. Aldo will also talk about the new release and roadmap for Kueue, a Kubernetes subproject that offers job queueing, to build a multitenant batch system. Swati will talk about developments around hardware resources management. This includes features to support specialized hardware in nodes, and enhanced scheduling capabilities like NUMA awareness. The WG Batch was created in 2022 to serve the demand from the ecosystem to better support batch applications in Kubernetes. The WG is composed of SIGs’ experts and developers from various communities, with the objective to set roadmaps and collaborate in designs and implementations

Speakers
avatar for Aldo Culquicondor

Aldo Culquicondor

Sr. Software Engineer, Google
Aldo is a Senior Software Engineer at Google. He works on Kubernetes and Google Kubernetes Engine, where he contributes to kube-scheduler, the Job API and other features to support batch, AI/ML and HPC workloads. He is currently a TL at SIG Scheduling and an Organizer of the WG Batch... Read More →
avatar for Swati Sehgal

Swati Sehgal

Principal Software Engineer, Red Hat
Swati Sehgal is a Principal Software Engineer in the Ecosystem Engineering Group at Red Hat. She works to enhance OpenShift and its platform to deliver best-in-class networking applications, leading edge solutions and innovative enhancements across the stack. Her work includes working... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
E105-106 | First Floor | Congress Centre
  Maintainer Track, Kubernetes Batch Working Group

15:25 CEST

What's New with SIG Windows - Claudiu Belu, Cloudbase Solutions; Mark Rossetti, Microsoft; Pramita Gautam & Jay Vyas, VMware
In this maintainer track talk we'll cover what is new with SIG-Windows and will provide updates on our ongoing projects such as HostProcessContainers, WindowsServiceProxy, perf testing and more!

Speakers
avatar for Jay Vyas

Jay Vyas

Staff Engineer, VMWare
Jay Vyas is a Kubernetes engineer at VMWare (ex-RedHat, Blackduck), and has worked on K8s at its inception in 2015 as an open source project. He likes to hang out w/ the sig-network and sig-windows crews and hack on K8s stuff. On the business side ~ he's moved large on premise applications... Read More →
avatar for Claudiu Belu

Claudiu Belu

Senior Cloud Engineer, Cloudbase Solutions
Claudiu Belu is a Senior Cloud Engineer at Cloudbase Solutions, mostly focusing on cloud-related open source projects for the past several years, and is currently working on Kubernetes as one of the SIG-Windows' Tech Leads.
avatar for Mark Rossetti

Mark Rossetti

Principal Software Engineer, Microsoft
Mark Rossetti is a software engineering focusing on open-source projects at Microsoft and is also the co-chair of Kubernetes' SIG-Windows. Mark focuses on improving the experience of using Windows containers in Kubernetes. Mark has also served on the Kubernetes release team since... Read More →
avatar for Pramita Gautam

Pramita Gautam

Staff Engineer, VMware India
Pramita comes from the cloud engineering and devOps background. She is currently working in product validation team for VMware TANZU.



Wednesday April 19, 2023 15:25 - 16:00 CEST
E107-108 | First Floor | Congress Centre
  Maintainer Track, Kubernetes SIG Windows

15:25 CEST

Operating CERN SaaS at Scale with Operators - Michael Hrivnak & Varsha Prasad Narsing, Red Hat; Rajula Vineet Reddy & Francisco Borges Aurindo Barros, CERN
CERN operates 1000+ CMS websites as a SaaS running on Kubernetes. This expert panel of end users from CERN and engineers from Operator Framework will discuss lessons from CERN’s drupal operator including: - How a very small team used the operator pattern to automate and scale delivery of CMS websites. - How they balanced reusability and open source principles against integration with CERN’s specific compute environment and existing infrastructure services. - Operator SDK, its best practices, and things to avoid when developing an operator from scratch. - How Kubernetes enables isolation, multi-tenancy, and resource sharing. - Automated maintenance and monitoring. Following the initial discussion of approximately 20 minutes, we will leave substantial time for Q&A. The target audience is anyone who is planning to build a SaaS on Kubernetes or operate many instances of an application.

Speakers
avatar for Michael Hrivnak

Michael Hrivnak

Senior Principal Software Engineer and Software Architect, Red Hat
Michael Hrivnak is a Senior Principal Software Engineer and Software Architect at Red Hat, where he’s been focused on container technology since 2014. He’s been a leader in developing early registry and distribution technology, the Operator SDK, and Kubernetes-native infrastructure... Read More →
avatar for Rajula Vineet Reddy

Rajula Vineet Reddy

Site Reliability Engineer, CERN
Rajula is a SRE at CERN working with web services. He is also a member of Kubernetes SIG-Contribex and contributes to the Upstream Marketing Team. In his free time, he enjoys traveling, hiking & skiing.
avatar for Francisco Barros

Francisco Barros

Site Reliability Engineer, CERN
Francisco Barros is an SRE at CERN. He likes to specialize on automating the repetitive, working with open source technologies, and helping to develop and maintain reliable and modern solutions. Currently he manages a Kubernetes flavored cluster that handles all the CMS websites at... Read More →
avatar for Varsha Narsing

Varsha Narsing

Senior Software Engineer, Red Hat
Varsha is a software engineer at Red Hat. She is passionate about solving problems by developing and leveraging various software technologies. She currently works with the Portfolio Enablement team (Operator Framework) and is an active contributor to Kubernetes SIGs projects like... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  Multi-tenancy

15:25 CEST

Hazardous Defaults: Managing Cardinality and Performance for Your Logging Stack - Derek Cavanaugh & Sara Moore, Recursion Pharma
Instrumented systems generate A LOT of data and we are fortunate to have performant open-source tools that help us spelunk through all that telemetry (logs, metrics, traces). Configuring these monitoring and observability tools - so that they themselves are performant and efficient - can be a challenge. For those new or unfamiliar to monitoring and observability, it can be appealing to just ‘roll the defaults’ from a configuration perspective. However, leaving those defaults unexamined can lead to unexpected performance issues; and worse, potential data loss. In this talk, we walk through the basic structure of the PLG-stack (Promtail, Loki and Grafana). We explore some unexpected cardinality (and associated performance) impacts that arise from the default configurations and how we made thoughtful adjustments to address those impacts. Finally, we will lay out a step-by-step guide to give your logging stack some ‘love’ and ensure that you are getting the most out of your tooling.

Speakers
avatar for Derek Cavanaugh

Derek Cavanaugh

Senior Infrastructure Engineer, Recursion Pharma
Derek is a Senior Infrastructure Engineer at Recursion Pharmaceuticals, a biotech company using ML and AI to decode biology and transform the drug discovery process. Prior to Recursion, Derek worked at Pluralsight on the Cloud Engineering team supporting their Kubernetes platform... Read More →
avatar for Sara Moore

Sara Moore

Infrastructure Engineer, Recursion Pharma
Sara is an infrastructure engineer at Recursion Pharmaceuticals, a biotech company using ML and AI to decode biology and transform the drug discovery process. At Recursion, Sara works with many cross functional teams to build tools and platforms which enable data science and engineering... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Observability

15:25 CEST

Availability and Storage Autoscaling of Stateful Workloads on Kubernetes - Leila Vayghan, Shopify
This talk is a story of how Shopify runs a highly available and scalable stateful application on Kubernetes which is accessed securely over the internet. The application discussed is Elasticsearch which stores petabytes of data over the globe. Search is a fundamental component of an ecommerce platform and high availability is an important requirement for it. While Kubernetes has proven to be the perfect platform for deploying stateless applications, running stateful applications on this platform in a highly available and scalable manner can be complicated. This talk will discuss these challenges and will share the steps towards solving them. For example, Leila will explain the obstacles of implementing storage autoscaling and how using the existing Kubernetes features allowed seamless expansion of persistent disks that store critical search data. She will also explain how her team implemented a feature that allowed shrinking persistent disks without any data loss and saved costs by releasing unused storage. Leila will also explain how Envoy is used to allow clients to connect to Elasticsearch through Kubernetes' ingress. This talk will give insight into the challenges and rewards of running highly available and scalable stateful applications on Kubernetes.

Speakers
avatar for Leila Vayghan

Leila Vayghan

Senior Infrastructure Engineer, Shopify
Leila is an engineer at Shopify, where she spends her days enabling millions of merchants to grow by making sure buyers are able to search and find their products. She does this by running a large-scale search infrastructure on Kubernetes in many regions of the world. Leila has completed... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
Hall 7, Room D | Ground Floor | Europe Complex
  Reliability + Operational Continuity

15:25 CEST

Efficient Access to Shared GPU Resources: Mechanisms and Use Cases - Diogo Filipe Tomas Guerra & Diana Gaponcic, CERN
GPUs and accelerators are changing traditional High Energy Physics (HEP) deployments while also being the key to enable efficient machine learning. GPU scheduling in Kubernetes has been limited until now. Not being able to easily share access to single GPUs by multiple workloads leads to inefficiencies when those are light or spiky. At the same time these resources are scarce, expensive and in high demand. In this talk we explore the different possibilities to improve overall usage of GPU resources. We explore the multiple options for GPU scheduling, time sharing and the recently introduced Nvidia Multi-Instance-GPU (MIG) for physical partitioning. We cover the features and limitations of each option and present extensive benchmark results that helped us assign each workload to the most appropriate layout. Finally we describe how we manage GPUs in a centralized way, ensuring optimal resource utilization for services like continuous integration, machine learning and batch.

Speakers
avatar for Diogo Guerra

Diogo Guerra

Cloud Engineer, CERN
Diogo is a Computing Engineer in the CERN Kubernetes service offering focusing on containerized deployments and supporting infrastructure. His main contributions focus on the automatically set up of cluster monitoring and other features like hardware accelerators configuration. He... Read More →
avatar for Diana Gaponcic

Diana Gaponcic

Computing Engineer, CERN
Diana is a Computing Engineer in the CERN IT department. After an internship at CERN focusing on containerization of ETL applications she later joined the Kubernetes team. Her current focus is on optimizing the usage of GPUs and other Accelerators for simulation and machine learning... Read More →



Wednesday April 19, 2023 15:25 - 16:00 CEST
G104-105 | First Floor | Congress Centre
  Runtime Performance + Constrained Environments

15:25 CEST

From SBOMs to IBOMs - Know What's Happening in Your Clusters - Ido Neeman, Firefly
The acronym SBOM (AKA Software Bill of Materials) has become a household term in the wake of the many software supply chain attacks we've witnessed recently - from SolarWinds, Log4j, to CodeCov and many others. While much effort and research has gone into tooling and building SBOMs, very little has yet to be done on the infrastructure side. In this talk I'd like to dive into why an IBOM (infrastructure bill of materials) is equally important with cloud native infrastructure ultimately being software defined and driven, and how no SBOM is complete without a full inventory of your infrastructure stacks. We'll walk into the tools that will enable you to get an equivalent understanding of what is happening in your cloud native infrastructure including which assets, packages and applications are running where - and how this is all only possible with end-to-end codification. We'll review why this matters from a security perspective - from your service dependencies, to IAM roles, security groups, and even misconfigurations to ensure your infrastructure is properly provisioned and continuously monitored. We'll wrap up with how to leverage your IBOM not only for cost optimization, but also for removing cloud clutter, to reduce your potential attack service.

Speakers
avatar for Ido Neeman

Ido Neeman

Co-Founder & CEO, Firefly


Wednesday April 19, 2023 15:25 - 16:00 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity

15:25 CEST

🦝 Welcome to the Security Village - Marina Moore, NYU
TAG Security is hosting the first ever Security Village at KubeCon this year! But what does that mean? Join us for an introduction to the exciting activities taking place in the Security Village, and learn more about the evolution of TAG security’s activities at KubeCon. After the introduction, there will be time to meet and collaborate with fellow village attendees and organizers. If you are a security professional, enthusiast, or beginner, join us in the village to make cloud native more secure.

Speakers
avatar for Marina Moore

Marina Moore

PhD Candidate, New York University
Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab researching secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as in-toto, an incubating project. She contributed to the... Read More →


Wednesday April 19, 2023 15:25 - 16:00 CEST
Emerald Room | First Floor | Congress Centre

16:00 CEST

16:30 CEST

Kubernetes, Resistance Is Futile - Adnan Hodzic, ING
This talk covers ING’s MLP (Machine Learning Platform) 2+ year migration journey to Kubernetes. ING being the biggest bank in the Netherlands and one of the biggest world banks entails we work in a highly regulated environment and are subjected to rigorous policies in terms of control with IT process lifecycle. Being a data scientist in one such environment, who would like to deploy pre-trained machine learning models to Production, without much or any underlying SRE/deployment knowledge complicates things. That’s where MLP (Machine Learning Platform) steps in, as it takes care of all the above mentioned problems by serving as a model hosting platform. As an SRE Adnan will cover problems and limitations of the existing platform setup in the VM (Virtual Machine) world and the inception of an idea to migrate to Kubernetes. Which steps it took to start the realization of one such idea and its migration plan. Followed by resistance, inability to choose the ideal target destination, platform’s growth and challenge in supporting the current setup in its growing capacity and ultimately leading to scalability issues. All these factors lead to a perfect storm, which led to the inevitable. Migration to Kubernetes and how that process came to be.

Speakers
avatar for Adnan Hodzic

Adnan Hodzic

Lead Site Reliability Engineer, ING
work as Lead Site Reliability Engineer at ING’s (DAP) Public Cloud team. My expertise and interests are in infrastructure, kubernetes, linux, containers, cloud computing, etc. I created numerous open source projects, like: auto-cpufreq, wp-k8s, atuf.app, containerized-wordpress-project... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

16:30 CEST

Verifiable GitHub Actions with eBPF - Jose Donizetti, Aqua
GitHub actions have been one of the most popular ways to build and release software, with recent developments in supply chain security it became a major target for malicious attacks. A couple of years ago a widespread hack to codecov, a popular service prevalent in build pipelines, caught the industry’s attention. In response, a new solution to protect the build pipeline was created on top of Tracee, OSS Runtime Security solution, and introduced the concept of profiling with eBPF and verifying software builds. In this talk, we will present that solution and explore the lessons learned in the past two years since the initial release.

Speakers
JD

Jose Donizetti

Open Source Developer, Aqua
Jose Donizetti is an OpenSource Engineer at Aqua working on projects like Tracee and Trivy. In the past he was running thousands of redis at Shopify platform caching team.



Wednesday April 19, 2023 16:30 - 17:05 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)
  CI/CD

16:30 CEST

Combat Maintainer Burnout with Proactive Metrics - Sophia Vargas, Google
While there are many ways that projects can define and measure health, this talk will focus on maintainers as they are critical to the development, leadership and governance of their projects. As burnout continues to be a growing issue across roles, industries and communities, losing maintainers within small communities can have detrimental impact on the sustainability of that project. This talk will discuss methods and metrics to identify signals for overloaded and overworked maintainers. While metrics alone cannot fix the problem, they can help to proactively flag emerging issues so your community can adjust before it's too late.

Speakers
avatar for Sophia Vargas

Sophia Vargas

Research Program Manager, Google
Sophia Vargas is a Program Manager in the research and education team within Google’s Open Source Programs Office. In this role she leads efforts that span project health, contributor experience, and open source economics. She is also on the Governing Board and an active contributor... Read More →


Wednesday April 19, 2023 16:30 - 17:05 CEST
G106-107 | First Floor | Congress Centre
  Community

16:30 CEST

Protecting Your Crown Jewels with External Secrets Operator - Moritz Johner, Form3
Secrets management is a difficult challenge: How do you create, rotate and manage access? And how would you even do that at scale? With External Secrets Operator you can leverage existing solutions like HashiCorp Vault or AWS Secrets Manager that manage secrets for you and integrate them with Kubernetes. Moritz and Lucas want to share their insights on how secrets management is done right in a highly regulated environment to hit the sweet spot between developer productivity and information security concerns. In this session, attendees will learn how to manage secrets in a GitOps way for self-sufficient teams to make developers, auditors and product managers happy, going over a few threat models, and showing what should be a target for concern, and should not. External Secrets Operator is a community endeavor that emerged from different open source projects that all tried to solve one problem: pull secrets from a secret management API into Kubernetes. We joined our efforts in 2020 to find a common denominator across projects to build the best solution to that problem and even go beyond that. Today, we've built a vendor-neutral community around the project and provide a consistent custom resource API across different cloud vendors and secret management APIs.

Speakers
avatar for Moritz Johner

Moritz Johner

Sr, Software Eng., Form3
Moritz is a platform architect, Open Source maintainer and contributor in the Kubernetes Ecosystem with a strong interest in information security and automation. He's employed at Form3 and currently operating a true multi-cloud Kubernetes platform across three cloud providers and... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes

16:30 CEST

Customizing Your Buildpacks Build – Yes You Can! - Natalie Arellano, VMware & Aidan Delaney, Bloomberg
Cloud Native Buildpacks makes building container images as easy as running “pack build.” However, you’ll eventually want to customize that out-of-the-box experience. This talk explores the many buildpacks extension points that enable custom workflows. For application developers, we’ll introduce inline buildpacks and build time environment variables. For platform operators, you’ll learn about base image extension with Dockerfiles, and how to control the level of customization available in order to adhere to security requirements. This talk is for anyone using buildpacks, or anyone who feels they can’t use buildpacks because of a limitation in their workflow. You’ll learn how to implement your unique build patterns using buildpacks.

Speakers
avatar for Natalie Arellano

Natalie Arellano

Software Engineer, Pivotal
Natalie is a software engineer at VMware and a maintainer on the Cloud Native Buildpacks project.
avatar for Aidan Delaney

Aidan Delaney

Engineer, Bloomberg
Aidan is a Buildpacks maintainer and works as part of Bloomberg’s Data Science Platform team. He fuses together Cloud Native technologies to increase accuracy and decrease time-to-market of AI products. Aidan has perviously taught Computer Science at undergraduate and postgratuate... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
Forum | Ground Floor | Congress Centre

16:30 CEST

How to Turn Release Management from Duty to Fun: Lessons Learned Building the Cluster API Release Team - Yuvaraj Balaji Rao Kakaraparthi, VMware & Joe Kratzat, Oracle
Release management has always been a tedious process. Not anymore! A handful of folks, always the same, when free from other tasks, were cutting Cluster API releases for all the active branches. This was not good! Enter the Cluster API team! Want to know how the ClusterAPI project was able to deliver frequent and predictable release cadence? Want to learn how the release team made working on the release tasks satisfying and a fun learning experience for many different contributors? Come to this talk and we will share insights on how we created a ClusterAPI release team by taking inspiration from the Kubernetes release team and shrank it to a more appropriate scale for the project, what we learned from our first venture in running a release team, the problems we solved and other problems we have our sights on, and how this work had an immediate and positive impact on the community, the users of the project and the members of the release team itself!

Speakers
avatar for Yuvaraj Balaji Rao Kakaraparthi

Yuvaraj Balaji Rao Kakaraparthi

Senior Software Engineer, VMware
Bio:
avatar for Joe Kratzat

Joe Kratzat

Senior Member of Technical Staff, Oracle
Joe is a Senior Member of Technical Staff at Oracle with a passion for automating processes. He has many years of compute and cloud experience and recently joined the Kubernetes ecosystem. As a member of the team maintaining the Cluster API for OCI (Oracle Cloud Infrastructure), he... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
E105-106 | First Floor | Congress Centre
  Maintainer Track, Kubernetes Cluster API

16:30 CEST

Mission Accomplished: Kubernetes Is Not a Monorepo. Now Our Work Begins! - Justin Santa Barbara, Google & Ciprian Hacman, Microsoft
Over the past few years kubernetes developers have all been working hard to break up the kubernetes monorepo. Storage, networking, container runtimes and most recently cloud-providers are now independently developed in their own projects and repositories. Broadly, we’ve completed the technical code separation: mission accomplished. But have we made kubernetes harder to install, upgrade and operate? Do we still have the quality we had when there was one version of kubernetes, that was end-to-end tested on multiple clouds on every PR? Must a production-ready kubernetes distribution undo all our hard work and reassemble the monorepo? Join two kOps maintainers as they describe how kOps has tackled these issues - by necessity of maintaining a working kubernetes distribution. Learn how kOps maintainers collaborate with these new projects to help them build towards a coherent kubernetes. The speakers will share their visions of the component-based kubernetes distribution that we are all building, and open a discussion on how we should best build and test it. This won’t happen accidentally; the organizational work is at least as hard as the technical work. But together we can build a reliable and easy kubernetes experience, while allowing more choice and experimentation.

Speakers
avatar for Justin Santa Barbara

Justin Santa Barbara

Software Engineer, Google
Justin has been contributing to kubernetes since 2014, initially as the primary maintainer of the kubernetes AWS support, he also started the kOps project. He loves helping users adopt and grow their use of kubernetes, and believes that we have only scratched the surface of the kubernetes... Read More →
avatar for Ciprian Hacman

Ciprian Hacman

Software Engineer, Microsoft
Ciprian Hacman is a Software Engineer, working with cloud-native technologies. He is also an open source project maintainer for kOps (Kubernetes Operations), etcd-manager, cloud-provider-aws and frequent contributor to other projects in the Kubernetes ecosystem.



Wednesday April 19, 2023 16:30 - 17:05 CEST
G109 | First Floor | Congress Centre
  Maintainer Track, kOps

16:30 CEST

No Fear, Falco Is Looking After Us! - Jason Dellaluce & Luca Guerra, Sysdig; Melissa Kilby, Apple; Carlos Panato, Chainguard; Hendrik Brueckner, IBM
Falco is a Cloud-Native Runtime Security project and the highest adopted threat detection project for Kubernetes. "Hackers only have to be right once" is so yesterday and Falco and its vibrant community are shifting the rules of the game! In this session, experienced Falco contributors will introduce the project and its ecosystem, present the most recent developments in the space, and show how to get involved as contributors and adopters. Topics of broad and current interest include the recent submission for graduation, the improved eBPF support, the security enhancements, news about falcoctl and the ecosystem integrations, and the envisioned roadmap for the project.

Speakers
avatar for Carlos Panato

Carlos Panato

Staff Engineer, Chainguard
Carlos Panato (@cpanato) is a Staff Software Engineer at Chainguard, Inc., who’s working on development and infrastructure using Kubernetes and containers. Previously, he’s worked on development, testing, processes, and management. He contributes to several CNCF/LF projects and... Read More →
avatar for Hendrik Brueckner

Hendrik Brueckner

Architect for Linux and Red Hat OpenShift on IBM zSystems & LinuxONE, IBM
Hendrik works within the IBM Linux and Red Hat OpenShift teams to drive the integration of IBM zSystems and LinuxONE technologies. He has a strong focus on security and confidential computing. Hendrik has over 15 years experiences enabling emerging technologies for the IBM zSystems... Read More →
avatar for Melissa Kilby

Melissa Kilby

Security Engineer | Falco Core Maintainer, Apple
Before joining Apple, Security Engineer Melissa Kilby contributed to US Government research projects and taught Applied Data Science at BlackHat. She has a Ph.D., specializing in machine learning and biomechanics. She has also contributed to NASA’s space suit engineering program... Read More →
avatar for Jason Dellaluce

Jason Dellaluce

Senior Open Source Engineer, Sysdig
Jason Dellaluce is an Open Source Engineer at Sysdig and a core maintainer of Falco, the CNCF tool for Cloud Native Runtime Security. On a daily basis, he contributes to the Falco Community and is exposed to Linux, Kubernetes, Containers, Security, eBPF, and the Open Source world... Read More →
LG

Luca Guerra

Open Source Engineer, Sysdig
Luca is an experienced software engineer, specializing in software design and security research. His professional experience includes designing security solutions for multiple platforms, building and breaking secure systems, and vulnerability management. As a Software Engineer at... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
E103-104 | First Floor | Congress Centre
  Maintainer Track, Falco

16:30 CEST

Observability with Fluent Bit: Logs, Metrics & Traces - Eduardo Silva & Anurag Gupta, Calyptia
Observability is an art, and it is not necessary start analyzing data right away, it starts with a journey of collecting data from different sources and formats, the need to perform pre-processing, sanitization and finally having an end-to-end solution that allows you to centralize the information for further analysis.

The following presentation will focus on various concepts around Logs, Metrics and traces, how they are implemented and how developers can take the most of them. Understanding the concepts that rule the technology helps to implement a scalable solution that can deal with common failure scenarios from your infrastructure.

Speakers
avatar for Anurag Gupta

Anurag Gupta

Cofounder, Calyptia
Anurag is a maintainer of the Fluentd and Fluent Bit project as well as a co-founder of Calyptia. Previously he has worked at Elastic, driving cloud product and creating the Elastic Operator product. He has also worked at Treasure Data heading enterprise open source with Fluentd... Read More →
avatar for Eduardo Silva

Eduardo Silva

Engineering Manager, Chronosphere
Eduardo is an entrepreneur and Software Engineer. He is one of Fluentd project maintainers and creator of Fluent Bit, a lightweight Logs, Metrics, and Traces processor. Prev: founder at Calyptia, now at Chronosphere.



Wednesday April 19, 2023 16:30 - 17:05 CEST
G001-G002 | Ground Floor | Congress Centre
  Maintainer Track, Fluentd

16:30 CEST

SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Paul Morie, Apple; Stephen Kitt, Red Hat
SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape.

Speakers
avatar for Stephen Kitt

Stephen Kitt

Senior Principal Software Engineer, Red Hat
Stephen is one of the maintainers of the Submariner project. He is a long-time open source contributor, and has been at Red Hat since 2015, working on OpenDaylight and Submariner.
avatar for Jeremy Olmsted-Thompson

Jeremy Olmsted-Thompson

Senior Staff Software Engineer, Google
Jeremy is a software engineer who works on Google Kubernetes Engine. His main focus is on simplifying the Kubernetes experience, and making it as easy as possible to deploy applications both within a cluster with things like GKE Autopilot, and across clusters with multi-cluster solutions... Read More →
avatar for Laura Lorenz

Laura Lorenz

Software Engineer, Google
Laura Lorenz is a software engineer at Google working on the multicluster experience on GKE. She is an active member of Kubernetes’ special interest group SIG-Multicluster, and a subproject owner for the MCS API.
PM

Paul Morie

Software Engineer, Apple
Paul Morie is a Software Engineer


Wednesday April 19, 2023 16:30 - 17:05 CEST
In Virtual Platform

16:30 CEST

What Does the Kubernetes Steering Committee Steer? - Nabarun Pal, VMware & Bob Killen, Google
The Kubernetes Steering Committee is tasked with decision-making and oversight of the non-technical aspects of the Kubernetes project. This session will be broken into two parts: The first half will be an overview of what the committee is, and what it isn’t. What it’s tasked with, its importance, what it has accomplished to date and its top priorities for the year. The latter half will be focused on answering questions from Kubernetes project constituents and the wider Cloud Native community at large. If you’re curious or have a question about how one of the largest Open Source projects is governed, how that impacts you, or how you can leverage our learnings in your cloud-native projects' governance journeys, we encourage you to come stop by for a conversation!

Speakers
avatar for Nabarun Pal

Nabarun Pal

Staff Engineer at VMware, Kubernetes Steering Committee and Maintainer, Broadcom
Nabarun is a Staff Software Engineer at VMware, a maintainer of the Kubernetes project, an elected Kubernetes Steering Committee member and a chair of Kubernetes SIG Contributor Experience. He is a Release Manager for Kubernetes and has been the Kubernetes 1.21 Release Team Lead... Read More →
avatar for Bob Killen

Bob Killen

OSS Program Manager, Google
Bob is a Program Manager at the Google Open Source Programs Office with a focus on Cloud Native computing. He serves the Kubernetes project as a Steering Committee member and chair of the Contributor Experience SIG. Bob comes from an academic background, spending 15 years at the University... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
E107-108 | First Floor | Congress Centre
  Maintainer Track, Kubernetes Steering Committee

16:30 CEST

Operate Multi-Tenancy Service Mesh with ArgoCD in Production - Lin Sun, Solo.io & Faseela K, Ericsson Software Technology
Service meshes offer a breadth of benefits from securing to adding reliability to gaining visibility into your applications. However, as you start to scale your environment and start onboarding different teams or applications into the mesh you run into challenges of tenant isolation in terms of configuration management, resource consumption and security. What is the difference between soft multi-tenancy and hard multi-tenancy? Which one fits best for you? In this session, Faseela and Lin who both are maintainers of Istio will present how to achieve soft multi-tenancy and hard multi-tenancy with Istio service mesh and roll it out to your teams or applications with ArgoCD in production along with live demos.

Speakers
avatar for Faseela K

Faseela K

Experienced Cloud-native Developer, Ericsson Software Technology
Faseela is a cloud-native developer at Ericsson Software Technology(EST) and is a steering committee member and maintainer at Istio. Prior to this, she has worked as a platform development engineer at Cisco and as a Tech Lead at Ericsson R&D, leading contributions to the OpenDaylight... Read More →
avatar for Lin Sun

Lin Sun

Head of Open-Source, solo.io
Lin is the Director of Open Source at Solo.io and a CNCF ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical Staff Member... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  Multi-tenancy

16:30 CEST

Multi-Cluster Observability with Service Mesh - That Is a Lot of Moving Parts!? - Ryota Sawada, UPSIDER, Inc.
Observability is complicated and multi-faceted by nature. When you multiply that with a multi-cluster in play, the complexity can seem untameable. Service Mesh solutions could seem like they are the key to solving such a daunting task. They would make multi-cluster handling hidden away, and observability setup provided by default. So, is Service Mesh a silver bullet for any complex Observability requirements? No, it isn't - in fact, it can actually make things more complicated. Ryota has been running Istio since its v1.1 release in production. He will share how Istio helped in many areas, and also highlight some parts that he had trouble with, such as cross-cluster trace and metrics. We will then take a step back with Prometheus basics, understand what Istio does by default, and find the gaps. With the challenges of alert handling, high cardinality, remote read/write, we will wrap up with a demo of how such a multi-cluster Observability setup can be achieved using Istio, Prometheus Operator, and Thanos.

Speakers
avatar for Ryota Sawada

Ryota Sawada

Lead Platform Engineer, UPSIDER, Inc.
Ryota is a tech lead at UPSIDER, Inc., a startup providing B2B payment services for businesses mainly in Japan. He has worked on developing the company’s core payment processing system, and built the platform embracing Kubernetes, Argo, Istio, and other Cloud Native technology even... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Observability

16:30 CEST

Tales from on-Call: Fun with Operating Etcd at Scale - Geeta Gharpure & Chao Chen, Amazon
Etcd is the backbone of kubernetes cluster. At scale, workloads push etcd to its limits. In this session, engineers from EKS etcd team will share their challenges, experiences and solutions for the issues we see when operating etcd. Topics include handling etcd out of memory condition, managing etcd size quota, detecting and recovering from revision divergence and more. If you want to share notes on etcd oncall shifts or just learn more about etcd operations, this session is for you !

Speakers
avatar for Chao Chen

Chao Chen

Software Engineer, EKS
Chao is a software development engineer in EKS etcd team. He is mainly working on etcd architecture, operations at AWS and also contributing to etcd open source development and release.
avatar for Geeta Gharpure

Geeta Gharpure

Senior Software Engineer, Amazon
Geeta works as a senior software engineer in EKS etcd team. She enjoys working on distributed systems. Her interests include containerization, platform design and distributed storage systems. She holds a MS degree in computer science.



Wednesday April 19, 2023 16:30 - 17:05 CEST
Hall 7, Room D | Ground Floor | Europe Complex
  Reliability + Operational Continuity

16:30 CEST

Love, Death and Robots - with Wasm & K8s on Boston Dynamics Spot - Max Körbächer, Liquid Reply
Can containers and Kubernetes run anywhere? Yes, nearly. We have seen in the past fighter jets, fully isolated environments, security critical infrastructure and more with Kubernetes. So it is no wonder that Boston Dynamics Spot, the most advanced mobile quadrupled robot, is running on containers too. But this wasn’t enough for us. How and why we tweaked the (real world) bot a little and what are our lessons learned is part of this talk. We will show you the easy steps to migrate to K8s, the experimental integrations with Wasm and ideas on how to manage Spot like any other Kubernetes. Our targets are to provide a highly reliable, self-healing software infrastructure for industrial great robots that are secure, fast and autonomous.

Speakers
avatar for Max Körbächer

Max Körbächer

Co-Founder & Cloud Native Advisor, Liquid Reply
Max is Founder and Cloud Native Advocate at Liquid Reply. He is Co-Chair of the CNCF Environmental Sustainability Technical Advisory Group, CNCF Ambassador, Linux Foundation Europe Advisory Board inaugural member and served 3 years at the Kubernetes release team. In his work he supports... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
G104-105 | First Floor | Congress Centre

16:30 CEST

Anatomy of a Cloud Security Breach - 7 Deadly Sins - Maya Levine, Sysdig
What leads to a cloud security breach? Misconfigurations, exposed APIs, vulnerability exploitation, and more. Attacker motivations haven’t changed much, but their methods have adapted to new technologies. As a defender, you must adapt too. Learn about the differences between cloud vs on-premise threats and breaches. What has changed? Are certain attack types more prevalent, attractive, or easy to execute in the cloud? Why? What are the high-level cloud attack trends (and defenses) and how to cope? We will walk through 7 examples of real cloud breaches based on analysis from the Sysdig Threat Research Team. Each breach discussed involves cloud infrastructure. We focus on the attack patterns, response patterns, and other interesting elements that give insight into how to better protect and respond to incidents in cloud environments. You won’t hear general, “lock your stuff down” guidance; each scenario will have a specific takeaway so you can avoid a similar pitfall. After this talk the audience will have an in-depth understanding of common cloud breaches currently running in the wild, lessons learned, and a full list of actions to avoid ending up in the news.

Speakers
avatar for Maya Levine

Maya Levine

Product Manager, Sysdig
Maya Levine is is a Product Manager for Sysdig. Previously she worked at Check Point Software Technologies as a Security Engineer and later a Technical Marketing Engineer, focusing on cloud security. Her earnest and concise communication style connects to both technical and business... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

16:30 CEST

🦝 Canals and Bridges: Using Amsterdam’s Transit System To Secure K8s Networks - Cailyn Edwards, Shopify
Amsterdam has over 1200 bridges crossing the city's many canals and waterways. The web of bridges and canals continues to be used to move people and resources through the city, and has also aided in its defence. This complex lattice of connected components could be likened to a complex Kubernetes network. In this talk we will use Amsterdam’s city structure to visualize the benefits and challenges involved with security a k8s network. We will talk about how to get to know a network; perform a threat model and use the findings to plan and implement a strong security strategy. This talk will share useful network monitoring tools (eBPF anyone?!), important methods for planning a security strategy, go over how to make the most of NetworkPolicies and of course cover the cloud security basics. Attendees will leave this talk feeling ready (and pumped) to try out several strategies for evaluating and implementing security measures for their Kubernetes networks.

Speakers
avatar for Cailyn Edwards

Cailyn Edwards

Shopify
Cailyn Edwards (she/her) is a Senior infrastructure Security Engineer at Shopify, where she spends her time paving roads, putting up guard rails and generally helping to secure the cloud. She is also an active contributor to SIG-Security and 2022 Contributor Award recipient. Her current... Read More →



Wednesday April 19, 2023 16:30 - 17:05 CEST
Emerald Room | First Floor | Congress Centre
  Security + Identity, TAG Security Recommended

16:30 CEST

Security Unconference hosted by CNCF Security TAG
Join the Security TAG for a daily afternoon unconference. Discover a range of security-related topics, from securing software supply chains to implementing zero-trust security, managing security for cloud-native infrastructure and applications, or building a security-first culture.

Submit a Security Unconference Topic: Each morning you can come to the village to submit topics for that afternoon’s unconference session. Industry experts, practitioners, and YOU will be able to share experiences and insights. Help us make the Security Village an inclusive and engaging destination for anyone interested in securing their cloud-native journey.

Security Unconference Schedule


Wednesday April 19, 2023 16:30 - 17:25 CEST
Onyx Lounge | Ground Floor | Congress Centre
  Security + Identity

16:30 CEST

Tutorial: Getting Familiar with Security Observability Using eBPF and Cilium Tetragon - Tracy P Holmes & Duffie Cooley, Isovalent
There are many people who are interested in observability but don't understand what data matters or even where to start. There are others who do understand these things, yet have no idea how to spot certain activities (malicious or otherwise!) This is where Security Observability comes into play. Security Observability in general is about providing more context into events involving an incident. However, researching those events does not have to be confusing or difficult. In this session, we will help overcome these doubts by learning more about a good kind of S.O.R.E.ness - the Security Observability and Runtime Enforcement kind! In four steps we will: 1. Introduce the fundamentals of Cilium Tetragon and the basics of Security Observability 2. Discuss the layers where Tetragon can extract data from and provide enforcement 3. Determine exactly what activities to care about and to monitor, and how to spot those activities 4. Walk through a brief deep dive into network connections and the associated events. The audience will walk away with a better understanding of the types of data and activity that should be monitored in order to prevent malicious events, and the ability to detect a container escape step-by-step.

Speakers
avatar for Duffie Cooley

Duffie Cooley

Field CTO, Isovalent
Duffie is Field CTO at Isovalent focused on helping enterprises find success with Cilium and modern security tooling. Duffie has been working with all things systems and networking for 20 years and remembers most of it. A student of perspective, Duffie is always interested in working... Read More →
avatar for Tracy P Holmes

Tracy P Holmes

Technical Community Advocate, Isovalent
A "jackie of all trades" (and mistress of being herself), Tracy is a Technical Community Advocate at Isovalent focusing on all things Cilium, security, observability, and Anxiety Driven Development. When she isn't leveling up her programming skills, hanging with her pup, or learning... Read More →


Wednesday April 19, 2023 16:30 - 18:00 CEST
Elicium Building | Elicium Ballroom 1 + 2
  Tutorials, Security + Identity

16:30 CEST

🚨 ContribFest: Emissary-Ingress - Bugs, Deprecations, and Features, Oh My! (Limited Availability; First-Come, First-Served)
Download the code ahead of time. DCO Required.

Interested in getting experience with multiple CNCF projects? Come help us smash some bugs, remove deprecated features, and help work on new features. You can learn about developing helm charts, designing Kubernetes CustomResources, and working with Envoy configuration.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.

Speakers
avatar for Flynn

Flynn

Technical Evangelist, Buoyant
Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering from the kernel up through distributed applications... Read More →
KJ

Kay James

Solutions Engineer, Ambassador Labs
avatar for Lance Austin

Lance Austin

Principal Engineer, Ambassador Labs
Lance Austin is an Engineer at Ambassador Labs that enjoys spending my day making it easier for users to adopt Kubernetes by empowering self-service API Gateway functionalities through Emissary-ingress. When I'm not coding I'm spending my time raising my three children and running... Read More →
avatar for Dave Sudia

Dave Sudia

Senior Developer Advocate, Ambassador Labs
Dave Sudia (he/him) is a Senior Developer Advocate for Ambassador Labs, creators of Emissary-Ingress and Telepresence. He was previously a DevOps/platform engineer and CNCF end user. Dave is passionate about supporting other developers in doing their best work by making sure they... Read More →



Wednesday April 19, 2023 16:30 - 18:00 CEST
K101-102 | First Floor | Congress Centre
  🚨 ContribFest
  • Presentation Slides Attached Yes

17:25 CEST

OTel Me About Metrics: A Metrics 101 Crash Course - Reese Lee, New Relic
As more and more OpenTelemetry languages release stable metrics SDKs, many users are trying to understand metrics as they look to implement it as part of their observability strategy, but it can be quite confusing. There is so much to learn, such as – how do I choose which metrics instruments to implement to get certain measurements? What even are metrics instruments? What metrics can help me better understand my services? What’s the difference between an UpDownCounter and a Histogram? If you find these terms baffling, don’t worry. I will help you gauge when to use one over the other with this introduction to metrics using OpenTelemetry! In this session, you will get clarity around these concepts and the value different metrics and types of metrics can provide, with fun analogies and real world examples.

Speakers
avatar for Reese Lee

Reese Lee

Developer Relations Engineer, New Relic
Reese Lee joined the OpenTelemetry team at New Relic in 2021, bringing along her enthusiasm for providing quality technical support and enablement for observability end users. She primarily works in the OpenTelemetry End User Working Group to help increase awareness and adoption of... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track

17:25 CEST

Creating a Culture of Documentation - Alanna Burke, amazee.io
Picture this: you’ve found a new project on GitHub. It does exactly what you’re looking for, and it’s open-source. Amazing! So you roll up your sleeves and get to it. But then, you run into an error. You Google it. You find similar queries, but never the answer. You pour over the code. You search for anything documenting this project, but keep coming up empty. This project would be perfect, but no one ever documented it. Far too often, the information we need is never found. It stays locked in the minds of the engineers who wrote the code. But what good is code that no one knows how to use? Documentation is every bit as important as making sure the project works. That buy-in can be hard. Stakeholders don’t want to pay for the time. Project managers don’t prioritize the work. Engineers don’t want to do it. The only way to solve this problem is to create a culture around documentation. In this session, we’ll talk about how to elevate the status of the humble documentation to its rightful place alongside your code. We’ll cover how to integrate the documentation process into your existing processes so that your engineers are on board, and how to show stakeholders and others who push back that documentation is not only worthwhile, but essential to the success of your project.

Speakers
avatar for Alanna Burke

Alanna Burke

Community Manager & Developer Advocate, amazee.io
Alanna is passionate about empowering people through technology. After ten years as a back-end Drupal developer, she decided a change of pace was in order, and has been happily working at amazee.io as a community manager, developer advocate, and documentation writer since 2020. Alanna... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
G106-107 | First Floor | Congress Centre
  Community
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

17:25 CEST

Let’s Go Backstage: IDP Security for Platform Engineers - Rotem Refael, ARMO & Suzanne Daniels, Spotify
Backstage is gaining wide adoption for platform engineering teams looking to build internal development platforms. It does an excellent job of enabling dev teams to manage a well-known inventory from creating clusters to adding them to the inventory and even rescans. Backstage coupled with Kubescape can provide you with the end to end Kubernetes security coverage you need across your entire pipeline through a rich plugin ecosystem. All of these together enable you to scan your known inventory and cluster, have a better understanding of your security posture, and visualize the results in your customized Backstage dashboard. In this talk we’ll provide real code examples for how to DIY, and build a full open source and fully secure IDP.

Speakers
avatar for Suzanne Daniels

Suzanne Daniels

Developer Relations, Backstage, Spotify
Suzanne's passion is finding ways to help developers and engineers get the tools and skills to do what they do best: creating the software this world runs on while trying to innovate and make sense of buzzwords at the same time. Suzanne is Microsoft MVP in Developer Technologies... Read More →
avatar for Rotem Refael

Rotem Refael

ARMO's Director of Engineering and Open Source Security Advocate with Profound Expertise in Kubernetes, Prometheus, and Infrastructure as Code, ARMO
Rotem is Director of Engineering at ARMO, where she contributes to the Kubescape open source project, as a staunch and passionate supporter of making open source security better and more accessible for everyone. Rotem is an engineering veteran, with experience as a software developer... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes

17:25 CEST

Cilium Updates, News, Roadmap, and in the Wild - Liz Rice, Isovalent; Andy Allred, EfiCode; Richard Hartmann, Grafana Labs
Welcome to Cilium! In this session you'll get an update on how Cilium has been progressing as a project and on the road towards graduation. You'll hear about the latest developments and future roadmap. We will cover how Cilium is bringin eBPF powered data to the world of observability and why Cilium has become the CNI of choice in the wild. In this session you'll hear from Cilium contributors and users Isovalent, Grafana Labs, and Eficode.

Speakers
avatar for Liz Rice

Liz Rice

Chief Open Source Officer, Isovalent
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium project. She was chair of the CNCF's Technical Oversight Committee 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of O'Reilly books "Learning eBPF" and... Read More →
avatar for Richard Hartmann

Richard Hartmann

Director of Community, Grafana Labs
Richard "RichiH" Hartmann is the Director of Community at Grafana Labs, a member of the Office of the CTO of Grafana Labs, Prometheus team member, OpenMetrics founder, OpenTelemetry member, CNCF Technical Oversight Committee member, CNCF Governing Board member, and more. He also leads... Read More →
avatar for Andy Allred

Andy Allred

Lead devops consultant, Eficode
Andy started his career as an electronic warfare and operations specialist in fast attack submarines. After ten years there, he spent several years working in the telecoms industry, working with various providers, vendors, and cloud use cases. Currently, he is consulting and helping... Read More →


Wednesday April 19, 2023 17:25 - 18:00 CEST
Forum | Ground Floor | Congress Centre

17:25 CEST

Defining A Common Observability Query Language and Other Observability TAG Updates - Alolita Sharma & Matt Young, Apple
The CNCF Technical Advisory Group (TAG) on Observability serves as a discussion forum for topics related to observability of cloud native systems and workloads. We also produce supporting material and best practices for end users and provide guidance and coordination for CNCF observability projects working within the TAG’s scope. In this session the TAG co-chairs will provide an update on major observability projects in the CNCF, technology updates from these projects and opportunities to get involved in the TAG to build momentum on cross-collaboration across observability projects and the latest areas of discussion in the TAG meetings such as defining a specification for a general observability query language. We also invite observability practitioners, developers and contributors to join in for this session to discuss features, gaps and open source solutions for end-users.

Speakers
avatar for Alolita Sharma

Alolita Sharma

Apple AIML Observability Engineering, Apple
Alolita Sharma is an OpenTelemetry Governance Committee member, CNCF Observability TAG co-chair and CNCF Governing Board member from Apple. She leads Apple’s AIML observability teams. She contributes to open source and open standards at OpenTelemetry, Unicode and W3C. She has served... Read More →
avatar for Matt Young

Matt Young

TAG Observability co-chair., Apple
TAG Observability co-chair, nerd for: graphs data science, ai, k8s, distributed systems, languages, understanding OSS projects and communities.


Wednesday April 19, 2023 17:25 - 18:00 CEST
G001-G002 | Ground Floor | Congress Centre

17:25 CEST

Keeping the Lights on and the Bugs Away - Patrick Ohly, Intel
SIG Testing is responsible for the tools that drive the continuous testing of Kubernetes. Sooner or later, all Kubernetes developers will encounter those, whether it is through failure reports for PRs that they have submitted or directly when writing tests for a new feature. In this talk, we will focus on recent changes in the support packages for end-to-end (E2E) and integration tests. In Kubernetes 1.26, the test/e2e/framework was migrated to Ginkgo v2. This added new primitives for cleaning up after test execution (DeferCleanup) and for aborting a running test suite. For Kubernetes 1.27, most tests were modified to support that. The approach for polling objects and reporting failures is in the process of being overhauled. With the infrastructure and new guidelines in place, now is a good time for other contributors to get involved.

Speakers
avatar for Patrick Ohly

Patrick Ohly

Cloud Software Architect, Intel GmbH
Patrick Ohly is a software engineer at Intel GmbH, Germany. In the past he has worked on performance analysis software for HPC clusters ("Intel Trace Analyzer and Collector") and cluster technology in general (PTP and hardware time stamping). Since January 2009 he has worked for Intel... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
G109 | First Floor | Congress Centre
  Maintainer Track, SIG Testing

17:25 CEST

Keycloak: The Open-Source IAM for Modern Applications - Alexander Schwartz, Red Hat & Yuuichi Nakamura, Hitachi
An Open-Source identity and access management solution that is feature-rich, flexible, passes compliance tests and has a vibrant community? Keycloak is all of this: It supports flexible flows for user registration, password reset, strong authentication, the Financial-Grade API security profile, and other features out of the box. It's also fully scriptable for automation and has dozens of SPIs to extend its functionality.

Keycloak builds on top of industry security standard protocols supporting OAuth2, OpenID Connect and WebAuthn. It can also bridge to existing security infrastructures like SAML2 based IdPs, LDAP servers, and Kerberos/SPNEGO. Since the first release eight years ago, it has grown its community, with major players using and contributing to it. In 2023, the Keycloak project joined the CNCF as an incubating project.

Join this talk to learn how to use it, what’s ahead for the project, and how to contribute.

Speakers
avatar for Yuichi Nakamura

Yuichi Nakamura

Director, Hitachi,Ltd.
Yuichi Nakamura,Ph.D works for Hitachi,Ltd. He has been engaged with OSS over 20 years, gave presentations in many OSS events such as Linux Security Summit and Embedded Linux Conference, is a board of the Linux Foundation. He launched API management solution using Keycloak, and his... Read More →
avatar for Alexander Schwartz

Alexander Schwartz

Principal Software Engineer, Red Hat
Alexander Schwartz is a Principal Software Engineer at Red Hat working on the Keycloak team. At work and in his spare time he codes for Open Source projects. In a previous job he worked as a software architect and IT consultant. At conferences and at user groups he talks about JavaScript... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
E103-104 | First Floor | Congress Centre
  Maintainer Track, Keycloak

17:25 CEST

Kubernetes Code of Conduct: Working for the Community - Xander Grzywinski & Jeremy Rickard, Microsoft; Danielle Lancashire, Fermyon; Jason DeTiberus, Cisco; Hilliary Lipsig, Red Hat
The Kubernetes code of conduct exists to create and maintain a safe and respectful community. Have you ever wondered how the code of conduct is applied, what the incident response process looks like, or what it means to report an incident? In this session, a panel of members from the committee will discuss how the code of conduct is used to try and foster a safe space for community members. They will also answer questions submitted from the community about the process and application of the code of conduct. This is a chance to grow a better understanding of how the Kubernetes community operates, and learn what you can do to contribute.

Speakers
avatar for Jeremy Rickard

Jeremy Rickard

Principal Software Engineer, Microsoft Azure
Jeremy Rickard is a principal software engineer at Microsoft, where he works on supply chain security projects in the Azure Container Upstream team. He is also a chair for SIG Release, a co-chair for the Long Term Support (LTS) working group, and was the release lead for Kubernetes... Read More →
avatar for Jason DeTiberus

Jason DeTiberus

Technical Leader, OSPO, Cisco
Jason is a Technical Leader within Cisco's Open Source Program Office. Jason lives in Eastern North Carolina and enjoys collecting various hobbies and projects that rarely see completion. He can often be found daydreaming what hobby to start next, watching the Geese fly by, or honking... Read More →
avatar for Danielle Lancashire

Danielle Lancashire

Principal Software Engineer, Fermyon
Danielle is a principal engineer at Fermyon where she mostly works on the Fermyon Cloud. She is also a co-chair of the CNCF wasm-wg, member of the Kubernetes Code Of Conduct Committee, and a Kubelet maintainer. When not at a computer she can often be found riding bikes and taking... Read More →
avatar for Hilliary Lipsig

Hilliary Lipsig

Principal Site Reliability Engineer, Red Hat
Hilliary is an autodidact and start-up veteran who has frequently learned and applied technologies to get a job done. She’s had her hand in every part of the application delivery process, honing in her skills originally as a QE engineer. Hilliary is an IT polyglot able to talk the... Read More →
avatar for Xander Grzywinski

Xander Grzywinski

Open Source Product Manager, Microsoft
Xander is an open source product manager at Microsoft focusing on container security and policy projects. Previously he worked in various roles on platform and open source teams at Twitter, Apple, and HashiCorp. When not at a computer, you'd most likely find him at a pottery whee... Read More →


Wednesday April 19, 2023 17:25 - 18:00 CEST
E105-106 | First Floor | Congress Centre

17:25 CEST

Experience with “Hard Multi-Tenancy” in Kubernetes Using Kata Containers - Shuo Chen, Databricks
Databricks is building a serverless platform for performance-sensitive workloads such as Data Lakehouse on Kubernetes clusters. Because each cluster runs code on behalf of multiple customers, we need “hard multi-tenant” container isolation. After considering various options we chose Kata Containers, an open-source container runtime that provides strong isolation by running containers in micro-VMs. This case study discusses how we build a hard compute and network isolation layer among untrusted workloads in Kubernetes clusters leveraging Kata Containers, network policy and network security group. We will share the first-hand experience on how we integrate Kata Containers with Kubernetes in production, highlighting the challenges we faced, difficult trade-offs among security, performance and cost, and how to work around the heterogeneity across different public cloud providers.

Speakers
SC

Shuo Chen

Sr Software engineer, Databricks
Shuo Chen is a software engineer at Databricks platform team, whose domain area is focusing on high performance computing infrastructure. With the industrial experience of building the underlying network and disk infrastructure for multiple cloud provider companies, Shuo is currently... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
In Virtual Platform
  Multi-tenancy

17:25 CEST

Making Sense of Your Vital Signals: The Future of Pod and Containers Monitoring - David Porter, Google & Peter Hunt, Red Hat
It’s critical for users and cluster administrators to understand the health of their containers and pods and be able to monitor them. Despite of the fact that the health monitoring of the cluster is critical, it is still a mystery for many k8s users. How can these signals help to keep the clusters running or pinpoint the issues before it is too late? We will going in depth to describe where those metrics originate, how they are measured, and what components are involved to make this space less complicated. This presentation will outline the full pipeline of how these signals are collected and processed for pods and containers work starting from the cgroups in the linux kernel ending with prometheus metrics and dashboards. We will discuss future work in this space. The kubernetes community is currently ongoing a large effort to move container metrics away from cAdvisor into the container runtime as part of Kubernetes Enhancement 2371, “CRI Pod Container Stats” which aims to move metrics into the container runtime. We will discuss the goals of this effort and how it will impact the monitoring pipeline. This work will unlock new features and improve performance helping users and cluster administrators to be in control of their deployments.

Speakers
avatar for Peter Hunt

Peter Hunt

Senior Software Engineer, Red Hat
Peter Hunt is a Senior Software Engineer working at Red Hat. Passionate about free software, Peter focuses on maintaining CRI-O, attending SIG node, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, gardening, and dancing.
DP

David Porter

Senior Software Engineer, Google
David Porter is a Senior Software Engineer at Google on Kubernetes GKE node team. David’s focus is on the kubelet node agent and the resource management area. He is primary maintainer of cAdvisor, a resource monitoring library widely used in kubernetes, reviewer of a SIG Node, and... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Observability

17:25 CEST

Highly Available Routing with Multi Cluster Gateways - Rob Scott, Google & Liwen Wu, AWS
Deploying applications across multiple clusters can improve availability and reduce latency. Until recently, connecting clusters together was quite challenging and often required manual configuration that varied across environments. Fortunately, we can use two of the newest Kubernetes APIs to dramatically simplify this. In this talk, Liwen and Rob will show how Gateway API and Multi-Cluster Services can be combined to create Multi-Cluster Gateways, enabling advanced routing across clusters. This talk will cover some important use cases for multi-cluster routing, including examples of how multi-cluster routing can improve the availability of your application. They will demonstrate how to achieve high availability on your applications using multiple clusters, showing how failover from one cluster to another can work. Finally, they will put the pieces together to show end to end demos of multi-cluster routing using the same Gateway API and MultiCluster Service configuration. You will see how these APIs can be used to provide portable multi-cluster routing configuration, even when they are mapped to different underlying cloud infrastructure. They will show how advanced features of Gateway API can be combined with the multi-cluster capabilities of the Multi-Cluster Services API.

Speakers
avatar for Rob Scott

Rob Scott

Software Engineer, Google
Rob is an open source enthusiast currently working on Kubernetes Networking at Google. He's been a maintainer of Gateway API since the very early days of the project and led the development of other Kubernetes networking APIs like EndpointSlices.
LW

Liwen Wu

Software Engineer, AWS
Liwen is a Software Engineer at AWS focused on improving AWS VPC networking for Kubernetes. Her first major Kubernetes project was design and development of AWS VPC CNI plugin for Kubernetes networking over AWS VPC. She is an active member of the Gateway API community and implemented... Read More →


Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7, Room D | Ground Floor | Europe Complex

17:25 CEST

Adopting Network Policies in Highly Secure Environments - Raymond de Jong, Isovalent
In the world of distributed computing, everything goes over the network, but not everything should be public. Unfortunately, Kubernetes networking is open by default and it is up to you to adopt network policies to secure it. Using our knowledge of implementing network policies in complex regulated environments, we will introduce the fundamentals of Cilium Network Policies and the basics of application-aware and Identity-based Security. With these building blocks in place, we will compare a default-allow with a default-deny policy and how a risk-based approach helps you focus on securing the most sensitive workloads first. We will then discuss various exposure types and strategies for securing your workloads. Applying this theoretical knowledge to the real world, we will explore how observability tools Cilium, Hubble, and Grafana provide you with Network Policy superpowers, like showing how ingress and egress connections are visualized, enabling you to configure the Network Policies using the Network Policy editor. Finally, we will discuss how Network Policy Guardrails allow for keeping control while granting teams self-service management of Network Policies. The audience will learn how to secure their network effectively and efficiently, even for highly sensitive workloads.

Speakers
avatar for Raymond de Jong

Raymond de Jong

Field CTO EMEA, Isovalent
Raymond de Jong is Field CTO for EMEA at Isovalent, the originators of the Cilium project, providing networking, observability, and security for cloud-native applications using eBPF. In this role, he is supporting and enabling customers and partners to be successful with Cilium in... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity

17:25 CEST

🦝 RBAC to the Future: Untangling Authorization in Kubernetes - Jimmy Mesta, KSOC
Role-based access control (RBAC) is an unavoidable part of the Kubernetes developer experience. Whether it is engineers managing cluster resources via kubectl or internal service accounts interacting with the Kubernetes API directly, development teams will need to understand how to build and distribute effective, least permissive RBAC policies. This session will first go back in time to help attendees understand exactly how RBAC works under the hood and explore some lesser-known RBAC gotchas. We will then cover the essential pillars of designing an effective RBAC strategy for the enterprise including automation and observability opportunities. After this session, attendees can expect to have a better understanding on how to build and monitor least privilege RBAC configurations within Kubernetes.

Speakers
avatar for Jimmy Mesta

Jimmy Mesta

Co-Founder, KSOC
Jimmy Mesta is the Co-Founder and CTO at KSOC. He is a veteran security engineering leader focusing on building cloud-native security products. Prior to KSOC, Jimmy held senior leadership positions at a number of enterprises including Signal Sciences (acquired by Fastly) where he... Read More →



Wednesday April 19, 2023 17:25 - 18:00 CEST
Emerald Room | First Floor | Congress Centre

17:25 CEST

Life Without Sidecars - Is eBPF's Promise Too Good to Be True? - Zahari Dichev, Buoyant
The recent popularity of eBPF has triggered a number of discussions of whether this technology will revolutionize the service mesh space. The promise of all the benefits that a service mesh can bring to your cloud-native infrastructure at a fraction of the performance and operational cost seems tantalizing. eBPF is said to be the tool that can help us build a native and highly efficient service mesh implementation and free us from the sidecar model. Could this all be true? In this talk, Zahari will go down the rabbit hole and try to explore what is and is not possible with an eBPF-powered service mesh. Are proxies really going away and if yes what does that really mean for the security, resilience, and operational complexity of your infrastructure?

Speakers
avatar for Zahari Dichev

Zahari Dichev

Mr, Buoyant
Zahari Dichev is a software engineer working at Buoyant, the creator of Linkerd. He is passionate about performance, distributed systems and cloud-native technology.



Wednesday April 19, 2023 17:25 - 18:00 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  Service Mesh

18:00 CEST

KubeCrawl + CloudNativeFest sponsored by Gitpod
KubeCrawl + CloudNativeFest sponsored by Gitpod
One party to rule them all!

Been to KubeCon + CloudNativeCon before? You’ve undoubtedly come to the Welcome Reception + Booth Crawl or the All-Attendee Party (or both!) and had an amazing time connecting with fellow #TeamCloudNative members and the local culture. Together we’ve been to Tivoli Gardens, piano-dualed, watched an artist spill coffee to create his works, crawled the haunts of Rainey Street, and dipped our toes in a pool by the Valencian palms. As our community has grown, so too have our events, and we're working hard to create new opportunities for everyone to connect, collaborate, and have fun.

We are thrilled to announce that we'll be providing an enhanced, integrated experience for everyone by combining the Welcome Reception + Booth Crawl and All-Attendee Party into one big celebration on the first official night of KubeCon + CloudNativeCon! Combining these parties means:
  • Fewer long event days 
  • More opportunities for sponsor parties
  • A one-stop-shop for mingling with sponsors while also experiencing the flavor of the city

Don’t miss out on the latest and greatest party at your favorite tech event! We’ll see you in Amsterdam!

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Wednesday April 19, 2023 18:00 - 21:00 CEST
Halls 1 + 5 | Ground Floor | Europe Complex

19:00 CEST

CNCF End User Reception (For active or applying CNCF End User Members only)
The CNCF End User Reception brings together cloud native users for food, beverages, and a casual setting to discuss best practices and lessons learned. Join us to meet peers and learn helpful tactics to help with navigating the cloud native community! Note: This event is reserved exclusively for active or applying CNCF end user members.

Wednesday April 19, 2023 19:00 - 20:30 CEST
Café Amsterdam | Ground Floor | Congress Centre
 
Thursday, April 20
 

06:30 CEST

Group Fun Run
Squeeze in your daily cardio with a casual / informal group run! Meet at the nhow Amsterdam RAI hotel (right next to RAI Amsterdam) at 06:30 for a 06:45 departure. The run will last one hour at the group's pace. 

Thursday April 20, 2023 06:30 - 07:45 CEST
nhow Amsterdam RAI | Hotel Lobby Europaboulevard 2b, 1078 RV Amsterdam, Netherlands

08:00 CEST

08:00 CEST

09:00 CEST

09:10 CEST

Sponsored Keynote: Open Source in Bloom 🌼 at AWS - Nathan Taber, Senior Product Manager, Amazon
Nathan Taber, AWS Head of Product for Kubernetes, joins us to highlight what AWS is doing to nurture open source, Kubernetes, and the CNCF

Speakers
avatar for Nathan Taber

Nathan Taber

Head of Product, Amazon Web Services
Nathan is the Head of Product for AWS Kubernetes Nathan has been part of the launch teams for several AWS container services and currently helps to set the vision and direction for Amazon Elastic Kubernetes Service, AWS’ managed Kubernetes service. He works closely with AWS customers... Read More →


Thursday April 20, 2023 09:10 - 09:15 CEST
Hall 12 | First Floor | Holland Complex

09:15 CEST

09:30 CEST

Sponsored Keynote: Total Clarity on Your Application Security - Guillaume Sauvage de Saint Marc, Vice President, Engineering, Emerging Technologies and Incubation, Cisco
Cloud Architects and Application Security teams stand, on a daily basis, in front of difficult questions: Where is my application vulnerable? Which of my assets are at risk? Where can I be hacked? What are the most critical security flaws in my applications that put my CPU, application logic, and data assets at immediate risk?

The industry and the open source community need a suite of tools that can be used to understand those risks across the entirety of an application development, deployment, and production runtime, across on-premises and cloud resources, over monolithic as well as cloud native architectures.

We will share latest updates on Open Clarity, an open source suite effort that aims at addressing the entire cloud security and application security stack, and making it practical and useable for developers, cloud architects, and security teams alike.

Speakers
avatar for Guillaume Sauvage de Saint Marc

Guillaume Sauvage de Saint Marc

Vice President, Engineering, Emerging Technologies and Incubation, Cisco


Thursday April 20, 2023 09:30 - 09:35 CEST
Hall 12 | First Floor | Holland Complex

09:35 CEST

Keynote: Tales from the Cloud Native Community - Nikhita Raghunath, Staff Software Engineer, VMware & Ricardo Rocha, Computing Engineer, CERN
You have likely seen the CNCF landscape that shows the full extent of projects under the CNCF umbrella. With the scale of the landscape, ensuring the health of these projects and strengthening the ecosystem to meet the needs of end users and contributors is not an easy job. Especially when projects span a myriad of areas - security, testing, observability, storage, networking and more!

In this session, learn how the community works together to address this complexity. We will also shine a long-overdue light on the invaluable contributions of a number of contributors who continue to help shape the mission of making cloud native computing ubiquitous.

Whether you are just getting started in the cloud native community or are a long time member, through stories of amazing individuals and their contributions, we will show you the countless opportunities where you can learn, contribute and collaborate!

Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer at CERN IT focusing on containerized deployments, networking and more recently machine learning platforms. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Staff Software Engineer, CNCF TOC Member, VMware
Nikhita is a staff software engineer at VMware and a maintainer of the Kubernetes project. She is a member of the CNCF Technical Oversight Committee and has won the CNCF Top Committer Award in 2021 for her technical contributions. She is currently the technical lead for Kubernetes... Read More →


Thursday April 20, 2023 09:35 - 09:50 CEST
Hall 12 | First Floor | Holland Complex

09:50 CEST

Keynote: Gardens and Glaciers: Saving Knowledge Through Succession - Emily Fox, Security Engineer, Apple
Founded in 2015, the Cloud Native Computing Foundation is designed to empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. In the past 8 years, we’ve seen technical innovation in cloud native garden grow by leaps and bounds. However, with each technical innovation we compact the depths of knowledge that were necessary for that innovation to occur. Kubernetes exists to orchestrate containerized workloads, we use a service mesh like Linkerd or Istio to simplify and secure communications between containerized microservices. Every project in the landscape is designed to create a layer or layers of abstraction to simplify the complexity in cloud native architectures. When compacted and concentrated this information forms knowledge glaciers — an accumulation and compaction of deep knowledge built over time that provides foundational understanding as community knowledge expands. Unless we take steps to preserve and transfer information, the more knowledge we lose with each generation of technologists as those lessons learned (like surviving day two operations) are lost to history. This emphasizes the importance in active succession planning and building-the-bench of community leaders and maintainers. We need to dedicate time to save the glaciers, transfer institutional and technical knowledge within the ecosystem, plant the seeds of tomorrow’s leaders, and make room for our community to grow and bloom.

Speakers
avatar for Emily Fox

Emily Fox

Security Lead - Emerging Technologies, Security Community Architect - OSPO, Red Hat
Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She has worked in security for over 13 years to drive a cultural change where security is unobstructive, natural, and accessible to everyone. Serving as chair on the Cloud Native Computing Foundation’s... Read More →



Thursday April 20, 2023 09:50 - 10:05 CEST
Hall 12 | First Floor | Holland Complex
  Keynote Sessions
  • Presentation Slides Attached Yes

10:05 CEST

Keynote: MLOps on Highly Sensitive Data - Strict Confinement, Confidential Computing, and Tokenization Protecting Privacy - Maciej Mazur, Principal AI/ML Engineer, Canonical & Andreea Munteanu, AI/ML Product Manager, Canonical
MLOps is used in various organizations, that operate on very sensitive datasets. Pharmaceutical and life science companies handling human DNA samples, healthcare institutions training models on patient data, or highly regulated environments like telecom and financial companies. Many users are afraid that cloud-native would expose them more to vulnerabilities, data leaks, or other security issues. In reality, it's just the opposite. With Kubernetes and its ecosystem - Kubeflow, strict confinement for K8s using AppArmor profiles, confidential computing in case you run your workloads on the public cloud and blockchain-based tokenization you can achieve very safe and compliant setup. On the talk you will see a case study of a LifeSciences company creating customized treatments based on DNA, utilizing above mentioned technologies to run complex hybrid/multi-cloud MLOps using Kubernetes and Kubeflow.

Speakers
avatar for Maciej Mazur

Maciej Mazur

Principal AI Engineer, Canonical / Ubuntu
I'm a technical leader with 10+ years of experience in machine learning, telecommunication, and solution architecture. My specialties are: ▪ Machine Learning and Data Engineering ▪ Solutions Architecture ▪ Public Clouds: AWS, Azure and GCP ▪ Kubernetes at scale for AI and... Read More →
avatar for Andreea Munteanu

Andreea Munteanu

AI Product Manager, Canonical
Andreea Munteanu is a Product Manager at Canonical, leading the MLOps area. With a background in Data Science in various industries, she used AI techniques to enable enterprises to benefit from their initiatives and make data-driven decisions. Nowadays, Andreea is looking to help... Read More →


Thursday April 20, 2023 10:05 - 10:20 CEST
Hall 12 | First Floor | Holland Complex

10:20 CEST

10:30 CEST

10:30 CEST

Capture The Flag Experience
The Capture The Flag (CTF) experience runs concurrently to KubeCon + CloudNativeCon Europe 2023!
Delve deeper into the dark and mysterious world of Cloud Native security! Exploit a supply chain attack and start your journey deep inside the target infrastructure, utilize your position to hunt and collect the flags, and hopefully learn something new and wryly amusing along the way!

Attendees can play three increasingly treacherous and demanding scenarios to bushwhack their way through the dense jungle of Cloud Native security. Everybody is welcome, from beginner to seasoned veterans, as we venture amongst the low-hanging fruits of insecure configuration and scale the lofty peaks of cluster compromise! Want to know more about the CTF? Review the details hereConnect with the CTF team on Slack.

Thursday April 20, 2023 10:30 - 16:30 CEST
G102-103 | First Floor | Congress Centre
  Capture The Flag
  • Content Experience Level Any

10:30 CEST

Project Pavilion
Attending in-person? Swing by the Project Pavilion located in the Solutions Showcase in Hall 5 to connect with project maintainers to learn more about the project, ask questions, or exchange ideas. 

See more information about Project Engagement at KubeCon + CloudNativeCon Europe 2023.

Thursday April 20, 2023 10:30 - 17:30 CEST
Hall 5 | Ground Floor | Europe Complex

10:30 CEST

Solutions Showcase
Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Thursday April 20, 2023 10:30 - 17:30 CEST
Halls 1 + 5 | Ground Floor | Europe Complex

11:00 CEST

The Life and Times of a Kubernetes Feature - Swati Sehgal & Francesco Romani, Red Hat
Have you been looking for an opportunity to contribute a feature to Kubernetes and feeling intimidated? Not sure where to start and wondering about things like: How do I share my ideas and get feedback? Who should I talk to, and where? What do reviews look like? Actually, what does the process look like? How do I even start? Worry not, and first of all, welcome to the community, we are delighted to have you! It is natural to feel daunted, but there are resources! This talk will help you navigate through the processes and empower you to find answers, paving your way to success. We will see examples of features made into kubernetes ranging from all degrees of maturity, from new and exciting alpha features to maturing beta features up to trusted and dependable GA. We will demystify the contribution process and provide insights on how to navigate through the Kubernetes processes, with real examples from existing features.

Speakers
avatar for Francesco Romani

Francesco Romani

Principal Software Engineer, Red Hat
Principal software engineer, joined Red Hat in late 2013, involved in open source projects since 2006. Worked in Red Hat about all things virtualization, then moved to the cloud native virtualization and now on cloud-native network functions. Currently works in the resource management... Read More →
avatar for Swati Sehgal

Swati Sehgal

Principal Software Engineer, Red Hat
Swati Sehgal is a Principal Software Engineer in the Ecosystem Engineering Group at Red Hat. She works to enhance OpenShift and its platform to deliver best-in-class networking applications, leading edge solutions and innovative enhancements across the stack. Her work includes working... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track

11:00 CEST

Unlocking Argo CD’s Hidden Tools for Chaos Engineering - Featuring VCluster and More - Dan Garfield & Brandon Phillips, Codefresh
Running large scale GitOps operations with Argo CD is not only possible, but very fun! With almost every cloud-native tool there are pain points that come with scale, bumps that need to be planned around, or settings that need to be made. What if there was a way to easily simulate and plan out your large scale rollout so you could head off any issues before they happen? In this session, an Argo Maintainer will show you the hidden tools inside Argo CD that make this kind of performance testing easy and how different scenarios change the way you scale with Argo CD along with the tweaks and things to look out for. We’ll irreverently break Argo by hammering it with vCluster, apps, resources, and show dangerous misconfigurations that could cause chaos – and how to fix them! Plus, how to simulate users creating chaos in a GitOps environment.

Speakers
avatar for Dan Garfield

Dan Garfield

Chief Open Source Officer and Co-Founder, Codefresh
Dan Garfield is the Co-founder and Chief Open Source Officer of Codefresh, a CI/CD platform powered by GitOps and Argo. He helped launch the GitOps Working Group and helped lead the creation of the Open GitOps principles. As an Argo Maintainer, Kubernaut, Google Developer Expert... Read More →
avatar for Brandon Phillips

Brandon Phillips

Principal Technologist, Codefresh
Brandon Phillips is an engineer with a passion for all things electronic, motorized, and software related. Brandon has architected and built everything from factory automation lines to massive enterprise software deliveries. He particularly enjoys embracing new technology and sharing... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  CI/CD

11:00 CEST

Story of Our Transition to a Custom Kubernetes Operator for an API Gateway - Vincent Behar, Ubisoft
At Ubisoft, we're building an internal platform to provide managed services - such as Kubernetes clusters, databases, ... - through a unified experience. Any team can contribute to the platform by bringing their own services, which will need to be integrated at the API Gateway level. This talk is the story of our transition from a manually managed API Gateway - configuration and rules - to a self-service one, using a custom Kubernetes Operator. We'll go through the challenges we faced with our initial setup while scaling the platform, and our reasons for writing our own operator, instead of relying on existing solutions. We'll explain our platform's conventions, and how we are using OpenAPI as a central point of entry for our APIs. And we'll detail the features we needed - and implemented - to automatically configure our API Gateway based on the OpenAPI documents provided by the different services. While doing so, we'll also relate some organizational challenges, such as switching responsibilities, as well as technical benefits from using the controller pattern: the reconciliation loop, dry-run - with server-side apply. And we'll highlight what we learned along the way. Our technical stack is based on Kong, Kubebuilder/controller-runtime, testcontainers, Kind, Telepresence...

Speakers
avatar for Vincent Behar

Vincent Behar

Senior Engineer, Ubisoft
Senior Engineer at Ubisoft, Vincent has 15+ years of development experience, caring about Continuous Delivery and Observability. He started using - and sometimes contributing to - OpenShift & Kubernetes in 2015, more often than not with a focus on extending its API to build a platform... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:00 CEST

Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.

Speakers
XY

Xiangqian Yu

Software Engineer, Google
Xiangqian Yu is a Software Engineer at Google. He is also a co-chair of the Data Protection WG in Kubernetes and a co-lead of the Volume Snapshot project in SIG Storage.


Thursday April 20, 2023 11:00 - 11:35 CEST
In Virtual Platform

11:00 CEST

Life of a CVE with Ingress-Nginx; Understanding the Project's Release Cycle - James Strong, Chainguard & Dylen Turnbull, Nginx INC
In 7 years, Ingress-nginx has had 221 releases, with over 6800 commits. To ensure stability and to test this highly configurable controller, the project has grown to over 400 e2e tests and helm chart tests across various kubernetes versions and deployment landscapes. We were 3/4 through our stabilization project in the last maintainer track we presented. The ironic thing about OSS and software, in general, is that it is never really completed, nor should the stabilization and security of the project. In this talk, we discuss how we work to improve the release process of ingress-nginx to keep Ingress-nginx CVE-free with real-world examples. We will discuss the current release process and how we are working with sig-release and sig-security to increase release velocity, reduce complexity and increase the security of ingress-nginx. Please join us for this presentation if you want to hear about the ingress-nginx controller getting released & how we continue to improve it.

Speakers
avatar for Dylen Turnbull

Dylen Turnbull

Developer Advocate, NGINX Part of F5
Throughout his career, Dylen Turnbull, has worked for several companies Symantec, Veritas, F5 Networks and now F5's NGINX business unit. This time represents an accumulation of over 25 years of enterprise & open source software and solution development experience. Working with NGINX... Read More →
avatar for James Strong

James Strong

Solution Architect, Isovalent
James has been working in the cloud for 7 years. He helped build a private cloud at GE Appliances and developed and supported REST API's in AWS on docker. Recently he has passed the CNCF's CKA exam and helps companies migrate their applications to Kubernetes.



Thursday April 20, 2023 11:00 - 11:35 CEST
G109 | First Floor | Congress Centre
  Maintainer Track, Sig-Network Ingress-nginx Subproject

11:00 CEST

Revamping Kubernetes with Contextual and Structured Logging, a Deep Dive - Shivanshu Raj Shrivastava, Independent
Kubernetes is undergoing fundamental changes in its logging infrastructure to emit structured logs containing references to Kubernetes objects and the context of a log entry, making logging in Kubernetes uniform and machine-readable, bringing more automation to Kubernetes monitoring. Much effort has gone into enhancing klog and migrating Kubernetes components to achieve structured and contextual logging. We aim to cover a deep dive into the changes, a demo comparing performances and seamless log ingestion with log collection agents like Fluent Bit. It affects the complete code base of Kubernetes and needs collaboration between maintainers of different SIGs. This talk will make adopting best practices easy as we advance. We welcome everyone contributing to Kubernetes or interested in understanding the modern way of Kubernetes logs collection. New contributors are most welcome as it gives a good starting point to familiarize themselves with the Kubernetes code base.

Speakers
avatar for Shivanshu Raj Shrivastava

Shivanshu Raj Shrivastava

Software Engineer, Adyen
Shivanshu is a software engineer at Adyen, working on building observability infrastructure for end-to-end payment systems. He's a member of OpenTelemetry, Kubernetes and Istio and loves contributing to OSS.He has presented his work at various conferences, including KubeCon, IstioCon... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
E107-108 | First Floor | Congress Centre
  Maintainer Track, Kubernetes Structured Logging WG

11:00 CEST

State of the Mop: Cloud Custodian in 2023 - Jorge Castro & Kapil Thangavelu, Stacklet Inc.
2022 has been an impactful year for Cloud Custodian as the intersection of compliance and finops continues to grow. This session will cover the past year's worth of development and discuss where we're planning on going for 2023: - General project health updates - Overview of Kubernetes usage with c7n - Overview of c7n-left, a new module to enforce policies at the planning stage of deployment The bulk of the session will be dedicated to a tour/outline of how the project is laid out and organized so that attendees can understand the contribution process: - Project architecture and organization - Overview of the testing processes and pipelines - Release processes - Contribution and review examples and tutorial We will also cover our progress in other project goals as they relate to project graduation: - Dedicated maintainer process and workflow - Governance model All skill levels welcome, knowledge of Python and typical cloud stacks (AWS, Azure, GCP, and K8s) helps.

Speakers
avatar for Kapil Thangavelu

Kapil Thangavelu

Co-Founder & CTO, Stacklet
Kapil is a Co-Founder and CTO at Stacklet, building products to help companies be well managed in the cloud. Prior to that he was a Principal Open Source Technologist at Amazon working on various opensource projects. As a Senior Director at Capital One he focused on accelerating best... Read More →
avatar for Jorge Castro

Jorge Castro

Community Manager, Stacklet Inc.
Jorge is a Community Manager at Stacklet, working on growing the Cloud Custodian project. He resides in Ann Arbor, Michigan with his lovely wife Jill, their son Rafael, and their beagle Oscar. Hobbies and interests include heavy metal, passport renewal, paleontology, gaming, technology... Read More →


Thursday April 20, 2023 11:00 - 11:35 CEST
Forum | Ground Floor | Congress Centre

11:00 CEST

The Ins and Outs of the Cloud Provider in Kubernetes - Michael McCune & Joel Speed, Red Hat & Bridget Kromhout, Microsoft
How do Kubernetes clusters interact with cloud services? In this session, the maintainers of SIG Cloud Provider will take a deep dive into the cloud provider framework, including how to implement an external cloud provider using the cloud provider interface, the cloud controller manager responsibilities, and an overview of the Kubelet image credential provider. We will also discuss the migration to external cloud providers in an HA configuration. We will identify trouble spots and processes that you should be aware of as you plan your migrations, and we will walk through the steps you can take to ensure zero downtime Kubernetes clusters as you perform this migration. Expect to walk away from this session with newfound knowledge about how Kubernetes interacts with cloud providers, an understanding of how to build an external cloud controller manager, and a solid plan of action for how you can migrate to external cloud controller managers without downtime.

Speakers
avatar for Michael McCune

Michael McCune

Michael McCune, Red Hat
Michael McCune is a software developer creating open source infrastructure and applications for cloud platforms. He has a passion for problem solving and team building, and a lifelong love of music, food, and culture.
avatar for Bridget Kromhout

Bridget Kromhout

Principal Product Manager, Microsoft
Technologist, podcaster, conference speaker, devopsdays organizer. Herds cats and wrangles docs; still team #opslife.
avatar for Joel Speed

Joel Speed

Principal Software Engineer | OpenShift, Red Hat, Inc.
Joel is a Software Engineer working on the OpenShift Machine API and Kubernetes Cluster API projects. Joel has been working with Kubernetes since 2017, previously at Pusher as a Cloud Infrastructure Engineer and now at Red Hat. As well as his interest and involvement in the Kubernetes... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
E105-106 | First Floor | Congress Centre
  Maintainer Track, SIG Cloud Provider

11:00 CEST

The RPC Revolution: Getting the Most Out of gRPC - Richard Belleville & Kevin Nilson, Google
gRPC has changed the way people design and deploy their APIs. But many people have just scratched the surface of the depth gRPC has to offer. In this talk, we'll cover advanced gRPC topics including atomicity concerns, custom code generation, and many others. We'll then cover recent updates in the gRPC ecosystem.

Speakers
avatar for Richard Belleville

Richard Belleville

Software Engineer, Google LLC
Richard Belleville is a software engineer on the gRPC team at Google. He is a contributor to the Gateway API project, focusing on the GRPCRoute resource. In his free time, he tinkers on a server rack at home running Kubernetes.
avatar for Kevin Nilson

Kevin Nilson

Software Engineering Manager, Google
Kevin works at Google as a Software Engineer Manager on the gRPC team. At Google Kevin has worked on projects such as Chromecast, Google Home, Stadia and now gRPC. Kevin is a Java Champion and four time JavaOne Rock Star. Kevin has spoken at conferences such as Google I/O, JavaOne... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
E103-104 | First Floor | Congress Centre
  Maintainer Track, gRPC

11:00 CEST

Using CNCF Projects for Adding Music and Announcements to My Home Elevator - Erwin de Keijzer, Fullstaq
Erwin's house has an elevator, you might think it's an apartment, but no, it's a family home with an elevator. Since moving in Erwin has wanted to upgrade the elevator experience. In this talk Erwin explains how he used open source projects like NATS, Grafana, Prometheus, AlertManager and protocol buffers to track elevator performance and add awesome elevator music and floor announcements to an otherwise mundane elevator ride. Erwin will show how he made the system resilient and performant and show some epic dashboards with insights into the elevator performance. This talk will not feature a live demo, Erwin thought about bringing the elevator with him, but it was not accepted by his family.

Speakers
avatar for Erwin de Keijzer

Erwin de Keijzer

DevOps Engineer, Fullstaq
Erwin has been fascinated by CNCF ever since its Inception, having made it a personal goal to try as many products as possible. Both in his personal as professional work he embraces the cloud native mindset. Pet projects, or as he likes to call it: side quests are a perfect playing... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)
  Open Interfaces + Interoperability

11:00 CEST

Kubernetes Database Operators Landscape - Xing Yang, VMware; Melissa Logan, Constantia.io; Sergey Pronin, Percona; Alvaro Hernandez, OnGres
To handle Day-2 operations for data workloads on Kubernetes, organizations rely heavily on operators, but they present a number of challenges – including lack of integration with existing tools; lack of interoperability with the rest of their stack; varying degrees of quality; and lack of standardization. And yet – a majority of people are using at least 20 operators according to the 2022 Data on Kubernetes Report. For those evaluating their options, the challenge is further complicated by choice; the number of operators continues to grow with Operator Hub currently listing 270+. Without operator standards, how can end users possibly evaluate each one to know whether it meets their needs? This panel unites the Data on Kubernetes Community Operator SIG and Kubernetes Storage SIG to discuss key features of Kubernetes database operators -- what works, what doesn’t, and where the industry is going. Panelists will also present a feature matrix to help end users compare a multitude of database operators.

Speakers
avatar for Xing Yang

Xing Yang

Tech Lead, VMware by Broadcom
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware by Broadcom. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect... Read More →
avatar for Melissa Logan

Melissa Logan

Director, Data on Kubernetes Community
Bio.
avatar for Alvaro Hernandez

Alvaro Hernandez

Founder, OnGres
Álvaro is a passionate database and software developer. Founder of OnGres ("ON postGRES"), he has been dedicated to Postgres and R&D in databases for more than two decades.Álvaro is at heart an open source advocate and developer. He has created software like StackGres, a Platform... Read More →
avatar for Sergey Pronin

Sergey Pronin

Group Product Manager, Percona
Sergey is a product leader at Percona focusing on delivering robust open-source database and cloud-native solutions. Prior to Percona Sergey led product management and engineering teams in other organizations with a primary focus on products in infrastructure and platforms space... Read More →


Thursday April 20, 2023 11:00 - 11:35 CEST
Hall 7, Room D | Ground Floor | Europe Complex

11:00 CEST

Cloud-Native Quantum: Running Quantum Serverless Workloads on Kubernetes - Paul Schweigert & Michael Maximilien, IBM
We’ve all heard about the changes that quantum computing will cause, among them faster algorithms, new solutions to complex problems, and threats to the cryptography that the modern web is based on. But more specifically, what does the rise of quantum computing mean to the cloud-native landscape? In this talk, Paul and Max will show how the Kubernetes ecosystem will play a crucial role as quantum computing moves from the laboratory to mainstream. In particular, they will present on how to manage and run quantum workloads in a serverless manner by utilizing Kubernetes and Knative and the open source toolkit Qiskit; in the process in this presentation they will demonstrate that quantum serverless will constitute an important part of of the future of cloud computing.

Speakers
avatar for Michael Maximilien

Michael Maximilien

Distinguished Engineer, IBM
My name is Michael Maximilien, better known as max or dr.max, and I am a currently a Distinguished Engineer with IBM. I am the leader for IBM’s Open Source team contributing to all things Serverless and Platform-as-a-Service (PaaS). I have worked at various divisions of IBM. At... Read More →
avatar for Paul Schweigert

Paul Schweigert

Senior Software Engineer, IBM Quantum
Paul Schweigert works on quantum and serverless technologies at IBM. He is a Qiskit Advocate, a member of the Knative Technical Oversight Committee, and a Kubernetes contributor. He has also led various platform engineering and data science teams. In a previous life, he studied French... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
G106-107 | First Floor | Congress Centre
  Research + Academia + HPC + Advanced Concepts

11:00 CEST

Setting up Etcd with Kubernetes to Host Clusters with Thousands of Nodes - Marcel Zięba, Isovalent & Laurent Bernaille, Datadog
Setting up clusters that need thousands of nodes can be challenging especially when it comes to etcd architecture and configuration. It’s especially common in use cases like large processing farms for AI/ML/HPC workloads,or in case of internet scale serving applications. In this session you’ll be able to learn best practices around etcd deployments architecture and configuration from tech leads from DataDog and Google Cloud. DataDog has been running their own Kubernetes clusters with thousands of nodes for many years already. Google Cloud has been offering managed clusters up to 15000 nodes since 2020. You’ll be able to hear from practitioners in the space how to squeeze performance, reliability and scale from etcd instances in your clusters. You'll be able to hear about topics like handling disk io or network throughput bottlenecks or how to handle api server restarts and their impact on etcd.

Speakers
avatar for Laurent Bernaille

Laurent Bernaille

Principal Engineer, Datadog
Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud and adopt containers. He is now Principal Engineer at Datadog and works closely with infrastructure teams, which are responsible... Read More →
avatar for Marcel Zięba

Marcel Zięba

Senior Software Engineer, Isovalent
Marcel Zięba is a Senior Software Engineer at Isovalent and is leading SIG Scalability in the Kubernetes open-source community. Previously, Marcel worked on Kubernetes and Google Kubernetes Engine since 2020 focusing mainly on performance and scalability. Now he is focusing on the... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
G104-105 | First Floor | Congress Centre

11:00 CEST

Back to the Future: Next-Generation Cloud Native Security - Matt Jarvis, Snyk & Andrew Martin, Control Plane
Cloud native security moves quickly: what will be the compounded effects of today’s emerging technologies on future architectural patterns? In this talk we’ll explore what security might look like in the cloud ecosystem of the future - from hardware, cryptography, architecture and software development patterns, to build an almost certainly fuzzy picture of what the coming years might bring. Bringing defence through an offensive lens, we model the ecosystem and look at how the industry can stride forward into the unknown. Peering into the void of uncertainty, we will: Appraise the state of tomorrow’s emergent cloud native security landscape Model an idealised security pipeline using next-generation technologies Highlight the challenges we need to overcome as an industry Call for community contributions to cut through the noise and define the future

Speakers
avatar for Matt Jarvis

Matt Jarvis

Director, Developer Relations, Snyk
Matt Jarvis is a Director of Developer Relations at Snyk. Matt has spent more than 15 years building products and services around open source software, on everything from embedded devices to large scale distributed systems. Most recently he has been focused on the open cloud infrastructure... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
Emerald Room | First Floor | Congress Centre
  Security + Identity

11:00 CEST

Improve Vulnerability Management with OCI Artifacts – It Is That Easy! - Itay Shakury, Aqua Security & Toddy Mladenov , Microsoft
In the past couple of years supply chain security rose to mainstream attention and the industry has been devoted to address related concerns. Managing vulnerabilities and software dependencies is an integral part of this process. One of the most dominant advancements was the popularization of standard SBOMs (Software Bill of Materials) as well as signed attestations. While SBOM generation and validation is a non-issue today, efficiently utilizing it at scale is still a challenge. It relies on custom solutions or proprietary integrations. OCI artifacts specification is a new specification, which solves this challenge in an elegant and efficient manner. With it, you can sign images, store and sign SBOMs, scan results and other important supply chain related attestations alongside the relevant artifacts in the registry. In this talk, the audience will learn how to improve their vulnerability management practices by employing the new registry capabilities and using open-source tools like Trivy, Notary and ORAS. Same practices could be utilized for any OCI artifact including WASM, packages, and libraries.

Speakers
avatar for Itay Shakury

Itay Shakury

VP Open Source, Aqua Security
Itay Shakury is the VP of Open Source at Aqua Security, where he leads engineering for open source, cloud native security solutions. Itay has some 20 years of professional experience in various software development, architecture and product management roles. Itay is also a CNCF Cloud... Read More →
avatar for Toddy  Mladenov

Toddy Mladenov

Principal Product Manager, Microsoft
Toddy has over 25 years of experience in software engineering and design, consulting, and product management for companies like Microsoft, T-Mobile, and SAP. He started his cloud journey 14 years ago as part of the Azure team. Since then, Toddy worked on large-scale cloud implementations... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity

11:00 CEST

Rotate Roots Right Round: Using Cert-Manager for Safer Private PKI - Ashley Davis, Jetstack
There are plenty of benefits when you control your own certificate authority (CA), whether for just one Kubernetes cluster or for your whole organization. Putting a service mesh into production might require rolling your own CA, for example, but there are other use cases where a private PKI makes sense to avoid the headaches of rate limits, issuance costs or relying on third party services. Luckily for us, the concepts behind Public Key Infrastructure (PKI) have been around since at least the 70s and there are there's a tonne to learn from existing PKI deployments which we can apply to today's cloud native landscape. Plus, cert-manager is here to help! In this talk we'll discuss how to use cert-manager to safely deploy a private PKI at organizational scale and some the things we need to think about to ensure that we can run it safely - without causing a major outage down the road by failing to plan for rotation! Ash is a public key cryptography nerd with prior experience in administering PKI at large scale. As a cert-manager maintainer he's committed to improving the experience of anyone that runs private PKI in cloud native projects and beyond!

Speakers
avatar for Ashley Davis

Ashley Davis

Staff Software Engineer, Venafi
As a teenager, Ash taught himself to program after wondering how exactly video games were made. That led to adventures trawling through open source codebases, sparking an interest in computers spanning from bare-metal machine code right up to scalable distributed platforms like Kubernetes... Read More →



Thursday April 20, 2023 11:00 - 11:35 CEST
In Virtual Platform
  Security + Identity

11:00 CEST

Open Space Session: Cloud Native WASM Education
As WASM becomes more mainstream in Cloud Native space, let's discuss how to make WASM more accessible for everyone who is looking to get into it.

Goal:
1. How to make WASM more accessible
2. How to make courses, tutorials and a roadmap to make it easier for new devs to get started
3. Discuss clear usecases for WASM in Cloud Native ecosystem

Thursday April 20, 2023 11:00 - 11:45 CEST
Open Space Session 1 | Solutions Showcase

11:00 CEST

CNCF Code of Conduct Working Group: Presenting a new structure for incident resolution
We are almost across the finish line in launching a new structure for resolving Codes of Conduct in the CNCF community! Join us for an overview of the proposed new incident resolution framework that has resulted from the Code of Conduct Working Group's efforts over the last 9 months. This session will be valuable for projects or individuals looking to adopt a similar framework or any community member interested or already working on a code of conduct committee. Additionally, the public comment period is still open, so feel free to share your feedback during this live session, or via the Working Group repository: https://github.com/cncf/wg-coc.

Speakers
avatar for Christoph Blecker

Christoph Blecker

Senior Principal Site Reliability Engineer, Red Hat
Christoph is an Architect and Senior Principal SRE at Red Hat. He's a long time maintainer of the Kubernetes project, an emeritus member of the Kubernetes Steering Committee, and sits on the CNCF Governing Board.
avatar for Joanna Lee

Joanna Lee

VP of Legal and Strategic Programs, CNCF
Joanna Lee is the Vice President of Strategic Programs and Legal at CNCF and the Linux Foundation, where she manages strategic programs that are designed to support the health, growth, and sustainability of open source ecosystems. Joanna also oversees legal and policy initiatives... Read More →
avatar for Arun Gupta

Arun Gupta

Vice President/General Manager, Intel
Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation. He is an open source strategist, advocate, and practitioner for over two decades. He has taken companies such as Apple, Amazon, and Sun through systemic changes to embrace open source... Read More →
avatar for Alena Prokharchyk

Alena Prokharchyk

Software Engineer, Apple
Alena is a Software Engineer at Apple. She drives the architecture and implementation of Kubernetes and CNCF technologies within Apple’s cloud infrastructure team. Alena has more than 10 years of experience developing open source cloud infrastructure software and more than 5 years... Read More →
avatar for Andres Vega

Andres Vega

Founder, M42
avatar for Emily Fox

Emily Fox

Security Lead - Emerging Technologies, Security Community Architect - OSPO, Red Hat
Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She has worked in security for over 13 years to drive a cultural change where security is unobstructive, natural, and accessible to everyone. Serving as chair on the Cloud Native Computing Foundation’s... Read More →


Thursday April 20, 2023 11:00 - 12:00 CEST
D203-204 | Second Floor | Congress Centre (Elicium Building)

11:00 CEST

From Community to Customers - Kelsey Hightower, Google Cloud
An open discussion on building a business around open source projects. In this discussion Kelsey will share his learnings from Puppet Labs, CoreOS, Google, and advising startups behind some of the most successful open source projects in the Cloud Native space.

Speakers
avatar for Kelsey Hightower

Kelsey Hightower

Distinguished Engineer, Google Cloud
Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go... Read More →


Thursday April 20, 2023 11:00 - 12:30 CEST
Elicium Building | Elicium Ballroom 1 + 2

11:00 CEST

TechDocs Office Hours
We’re taking the TechDocs Office Hours on the road! If you have any questions about documentation, the writing process, or how the CNCF TechDocs team can help your project, come by and chat with us!

Speakers
avatar for Nate Waddington

Nate Waddington

Developer Advocate, CNCF
Nate is a Developer Advocate with the Cloud Native Computing Foundation, focusing primarily on the CNCF landscape’s documentation efforts. Before joining the CNCF, Nate worked as a Creative Technologist at AKQA, helping build, install, and support interactive installations for retail... Read More →


Thursday April 20, 2023 11:00 - 12:30 CEST
E101 | First Floor | Congress Centre

11:00 CEST

🚨 ContribFest: Etcd - Work on Improving Etcd with Maintainers - (Limited Availability; First-Come, First-Served)
Download the code ahead of time. DCO required.

Join the contributors to Etcd, the most popular cloud-native database that backs Kubernetes. We'll be working on improving key features and testing for Etcd, and in the process we’ll teach those new to the project how to contribute. Etcd is a very useful, fun, and essential project, and welcomes both new contributors and those who want to “level
up”.

Attendees should be familiar with programming in Go, using GitHub, and should bring a laptop on which they can do cloud-native development: either a Linux laptop, your own Github Devcontainer setup, or some equivalent.Etcd maintainers will organise work to improve reliability of Etcd. We will focus on improving etcd robustness testing and paying technical depth.

This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.

Speakers
avatar for Marek Siarkowicz

Marek Siarkowicz

Senior Software Engineer, Google
Marek is a Software Engineer working at Google in Etcd team. He began his career in local startups where he loved open source and extreme programming. Currently he is a etcd maintainer and active member of SIG-instrumentation leading structured logging effort in Kubernetes. In his... Read More →
avatar for James Blair

James Blair

Specialist Solution Architect, Red Hat
James Blair is a Specialist Architect at Red Hat who works with organisations to design and implement solutions leveraging cloud native technologies. He specialises in operating cloud native infrastructure in a secure, scalable and automated manner. He is a vivid open source advocate... Read More →
SB

Samba Bandari

Microsoft
avatar for Bogdan Kanivets

Bogdan Kanivets

Senior Software Engineer, Apple
Bogdan works as a senior software engineer on the Coordination Infra team at Apple. Bogdan is an active member of etcd community. Bogdan is passionate about distributed systems and has extensive experience developing and running large-scale systems, including Zookeeper at Apple, search... Read More →


Thursday April 20, 2023 11:00 - 12:30 CEST
K101-102 | First Floor | Congress Centre

11:55 CEST

Container Is the New VM: The Paradigm Change No One Explained to You - Marga Manterola, Isovalent & Rodrigo Campos Catelin, Microsoft
Before containers took over the world, a VM was the atomic unit that we used for firewalls, for load balancers and for auto-scaling. Today, some tools and cloud provider services are still centered around VMs, like load balancers that mostly support forwarding traffic to VMs, creating an additional challenge to adopt containers. So, what do you do when you need to configure the cloud load balancer to forward traffic to VMs, but you don’t know on which VMs your container will be running? Or how do you limit connectivity between two apps, if your firewalls rules limit connectivity between VMs and you don’t know on which VM your container will be scheduled? Is all your previous knowledge obsolete now? What new security measures do you need to implement when doing the switch? During this talk we will guide you through the paradigm changes you need to accept to successfully migrate to containers and let go of VMs. Based on our experience of doing this for several companies, we will go through the biggest challenges a cluster administrator faces when migrating to containers in the cloud, including load-balancing, managing firewalls, autoscaling while running them securely. By the end of this talk, you'll be ready to embrace containers as the new VM.

Speakers
avatar for Rodrigo Campos Catelin

Rodrigo Campos Catelin

Software Engineer, Microsoft
Rodrigo studied Computer Science at the University of Buenos Aires (Argentina). He has been involved in Kubernetes since 2016 and has been a free software developer for 20 years. He is currently working on user namespaces support in Kubernetes. Previously, he worked on support for... Read More →
avatar for Marga Manterola

Marga Manterola

Director of Engineering, Isovalent
A Debian Developer and Open Source enthusiast, Marga has been working with Linux for 20 years. She worked as an SRE at Google, in the team maintaining the internal Linux distribution used by Google engineers. She later joined the cloud native world, working on Flatcar, a container... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track

11:55 CEST

How We Migrated Over 1000 Services to Backstage Using GitOps and Survived to Talk About It! - Shahar Shmaram & Ran Mansoor, AppsFlyer
We decided to go ALL IN with GitOps and Terraform so all developers in AppsFlyer now manage their cloud resources in their git repository, later we realized it was time to have a single source of truth catalog for the entire company’s assets that can be self-extended by any of AppsFlyer's developers, we decided to choose Backstage as our service catalog platform. But how do we integrate them both together? AppsFlyer has over 1000 services and processes HUGE amounts of data daily (over 200 Billion events per day). Our customers depend on us to help them make good choices, so while we knew that this needed to be done, we also knew that the migration process was not going to be an easy task. As if things weren't complicated enough, we needed to integrate GitOps and Terraform into that process. In this talk, we will demonstrate how we managed to enable GitOps in the migration process within Backstage. We’ll discuss different approaches we took, the challenges we faced, and most importantly, our unique approach to solving them.

Speakers
avatar for Shahar Shmaram

Shahar Shmaram

Senior Software Developer, AppsFlyer
Shahar holds 10+ years of experience developing large-scale, widely distributed web applications. He specializes in JavaScript, NodeJS, and Go. Prior to working at AppsFlyer, Shahar was a Software Engineer and Tech Lead at Intel for 11 years and holds a B.Sc. in Software Engineering... Read More →
avatar for Ran Mansoor

Ran Mansoor

Software Developer, Appsflyer
Ran has 6+ years of experience developing large-scale server-side software, focused on distributed systems, cloud platforms and infrastructure management. He specializes in Go, Kubernetes, and anything cloud native. Prior to working at AppsFlyer, Ran was a Software Engineer at Intel... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Application + Delivery

11:55 CEST

Tips from the Trenches: GitOps at Adobe - Larisa Andreea Danaila & Ionut-Maxim Margelatu, Adobe
At Adobe, Larisa and Ionut have spent a big part of 2022 investing in GitOps, learning how to model a deployment system which encompasses stringent organisational CI/CD standards. They onboarded new concepts, rethought deployment automation flows and got creative in the process, when community resources proved insufficient. They migrated off of Spinnaker and rebuilt deployment pipelines from scratch using the Argo projects. In the process, they had to tackle challenges such as promotion of code across environments, automated rollbacks or deployment validation through functional tests. Over time, they refactored these deployment pipelines to serve an increasing number of applications, adding new patterns to accommodate web, streaming and batch services alike. New practices have emerged from this experience, tackling challenges such as: * testing infrastructure changes; * eliminating duplication of manifests; * auditing; * getting visibility into deployments. This journey has left Larisa and Ionut feeling like they're getting GitOps right and that these patterns and practices are ready for company-wide adoption. Join them to hear how they overcame the concerns of moving to a GitOps paradigm and adopted Argo at Adobe.

Speakers
avatar for Ionut-Maxim Margelatu

Ionut-Maxim Margelatu

Architect, Adobe
Ionut works as a Senior Computer Scientist with the Adobe Experience Platform team. He has been developing middleware and back-end services for 16 years. He has spent the last 7 years designing, developing and operating various services with stringent high-throughput low-latency requirements... Read More →
avatar for Larisa Andreea Danaila

Larisa Andreea Danaila

Software Development Engineer, Adobe
Larisa works as a Software Development Engineer with the Adobe Experience Platform team. She’s been developing back-end services for 4 years while being interested in developer productivity and making it safe for developers to fail. Apart from work, she enjoys reading, theater and... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7, Room B | Ground Floor | Europe Complex
  CI/CD

11:55 CEST

Building a Globally Accessible Community - Kaitlyn Barnard, Kong & Hannah Ouellette, NGINX
Building a diverse community is an aspiration for many open source professionals but doing so takes more than mission statements and boilerplate Code of Conducts. With many marketing, developer relations, and engineering resources focused in North America and Europe, community is often underserved in other regions, effectively closing the door to a large swath of talented developers around the world. It takes active effort to foster globally accessible communities but momentum is possible with dedicated steps. This talk will cover the benefits of a globally accessible community and ways to build momentum for geographical and cultural inclusion. We’ll explore: - How to communicate the value of investing in inclusive programs & global communities - How to build globally accessible programs and common pitfalls - How to advocate for an inclusion, both internally and externally We’ll illustrate these points with real-life examples from some of the largest global tech communities.

Speakers
avatar for Kaitlyn Barnard

Kaitlyn Barnard

Senior Manager, Developer Marketing, Kong
Kaitlyn leads Developer Marketing at Kong, one of the most downloaded open-source API Gateways and the creators of Kuma, an open source service mesh and Sandbox project of CNCF. Prior to joining Kong, Kaitlyn worked at The Linux Foundation where she focused on developer outreach... Read More →
HO

Hannah Ouellette

Sr. OSS Community Manager, NGINX
Hannah Ouellette is the Sr. OSS Community Manager for NGINX, part of F5 Inc. They discovered their passion for OSS community at Kong before serving as technical community manager at Postman. They believe that Diversity, Equity, Inclusion & Belonging are crucial to a healthy community... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
G106-107 | First Floor | Congress Centre
  Community

11:55 CEST

Use Knative When You Can, and Kubernetes When You Must - David Hadas & Michael Maximilien, IBM
Knative extends Kubernetes. It lowers costs and improves the security of the deployed services. …and yes! it also helps you become greener and save energy. This talk provides a fresh view of Knative. Forget about Serverless, consider Knative simply as an Opinionated Kubernetes. Knative advantages include Automation, Simplification, Auto-Scaling, Controlled-Revisions, and An Application Backbone. Deploying services via Knative is therefore a better choice than deploying the same services using Kubernetes directly. Knative requires each deployed service to work in a certain way. We show that many existing microservices are already built to run as Knative services offering an immediate benefit to users. Since Knative extends Kubernetes, it allows a mix and match between Knative services and Kubernetes microservices. We analyze the security benefits of deploying your services via Knative and show how Knative help protect users against configuration drift. We also show that even when users deploy vulnerable services, Knative protects such services from being exploited. Last, we show how using Knative reduces the energy footprint of your services and discuss what the future holds to continuing on this path of making Kubernetes energy efficient.

Speakers
avatar for Michael Maximilien

Michael Maximilien

Distinguished Engineer, IBM
My name is Michael Maximilien, better known as max or dr.max, and I am a currently a Distinguished Engineer with IBM. I am the leader for IBM’s Open Source team contributing to all things Serverless and Platform-as-a-Service (PaaS). I have worked at various divisions of IBM. At... Read More →
avatar for David Hadas

David Hadas

Cyber @IBM Research | Security WG Lead @Knative, IBM Research
Knative Security WG Lead. Knative Technical Oversight Committee member. Owner of Knative’s Security-Guard. TAG Security whitepaper on “Zero Trust using Cloud Native Platforms” contributor. IBM Research since 2008 - Cloud workload security. Prior to IBM, 15 years in the Israeli... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7, Room E | Ground Floor | Europe Complex
  Customizing + Extending Kubernetes
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:55 CEST

InSPIREing Progress: How We're Growing SPIFFE and SPIRE in 2023 and Beyond - Daniel Feldman, Hewlett Packard Enterprise & Andrés Vega, ControlPlane
SPIFFE/SPIRE keeps your data safe and hackers away by automatically assigning unique, secure credentials based on the unique properties of your software. It's a bit like a fingerprint scanner, but for code. In the last year, we've: * Added Windows support, SIGSTORE integration, and a new Kubernetes controller * Greatly improved hardware security support * Deployed SPIFFE/SPIRE at more than a dozen of the largest enterprises in the world * Started working hard on support for extended tokens which enable powerful new security insights * And finally, we graduated from the CNCF after four years in sandbox and incubation! Come visit some of the project team and learn how you can use SPIFFE/SPIRE to keep your infra secure!

Speakers
avatar for Daniel Feldman

Daniel Feldman

Principal Software Engineer, Hewlett Packard Enterprise
Daniel Feldman is a principal software engineer focusing on open source security technologies. He is on the SPIFFE Steering Committee, has deployed SPIFFE/SPIRE infrastructure at more than 10 large companies, coauthored a book on SPIFFE/SPIRE, and is spearheading zero trust security... Read More →
avatar for Andres Vega

Andres Vega

Founder, M42


Thursday April 20, 2023 11:55 - 12:30 CEST
G109 | First Floor | Congress Centre

11:55 CEST

Introducing CloudEvents Discovery - Clemens Vasters, Microsoft & Klaus Deissner, SAP
CloudEvents Discovery is a metadata document format and metadata API for creating, publishing, discovering, and connecting event flows. It defines a schema registry, a message and event catalog and an declarative model for defining producer, consumer, and subscriber endpoints. The core focus of CloudEvents Discovery is on providing a metaschema for CloudEvents, but the specification also defines metaschemas for AMQP and MQTT messages and is extensible for further metaschemas. In this session you will learn about CloudEvents discovery and the existing tooling, including code generators and transformation of endpoint information into AsyncAPI and OpenAPI.

Speakers
avatar for Klaus Deissner

Klaus Deissner

Development Architect, SAP
Klaus is an architect at SAP focusing on event-driven architecture. He has over 20 years of experience in architecting and engineering software and has spent a large portion of his career with technology topics such as building messaging infrastructures, developer tools, as well as... Read More →
avatar for Clemens Vasters

Clemens Vasters

Principal Architect, Microsoft
Clemens Vasters is Lead Architect in Microsoft’s Azure Messaging team that builds and operates a fleet of hyper-scale messaging services, including Event Grid, Service Bus, and Event Hubs. Clemens represents Microsoft in messaging standardization in OASIS (AMQP) and CNCF (CloudEvents... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
Forum | Ground Floor | Congress Centre
  Maintainer Track, CloudEvents

11:55 CEST

Kubernetes Security Response Committee: Intro & Deep Dive - Monis Khan, Microsoft & Micah Hausler, AWS
The Kubernetes Security Response Committee (SRC) is responsible for the security release process for Kubernetes. In this talk, we will go over what that involves such as the lifecycle of a vulnerability, all the way from the initial report to the public disclosure. The overall responsibilities of SRC will be discussed, with highlights around the differences between SRC, SIG Auth, and SIG Security. Finally, we will also discuss some of the interesting findings from 2022 security audit, and how they impacted the community, as well as the changes that were made to help prevent similar issues in the future. We hope to increase awareness within the community as we have seen multiple instances where folks have not known about the existence of SRC or the process for reporting a vulnerability.

Speakers
avatar for Mo Khan

Mo Khan

Software Engineer, Microsoft
Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair, technical lead and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor... Read More →
avatar for Micah Hausler

Micah Hausler

Principal Engineer, AWS
Micah is a Kubernetes contributor, a member of the Kubernetes Security Response Committee, and a Principal Engineer working on EKS at Amazon Web Services.


Thursday April 20, 2023 11:55 - 12:30 CEST
E105-106 | First Floor | Congress Centre

11:55 CEST

Notes from the Field: A Discussion with the KubeVirt End Users - Alona Paz, Red Hat; Ryan Hallisey, Nvidia; Dinesh Majrekar, Civo; Kim Wüstkamp, Killercoda; Peter Salanki, CoreWeave
Since joining the CNCF as a sandbox project in 2019, KubeVirt has steadily grown in size, features, and stability. But developing a project is different from how it is used. As we approach our milestone v1.0 release, we wanted to have an open discussion with our end users. In this panel discussion, we will hear from representatives for ARM, Civo, CoreWeave, Killercoda, and NVIDIA. This will be a free-flowing conversation but we expect attendees will learn about how these companies deploy KubeVirt, and any other CNCF projects, to cover their use cases and address their customers' needs, how they interact with and contribute back to the project, and how we can learn from and grow with each other.

Speakers
avatar for Alona Paz

Alona Paz

Principal Software Engineer, Red Hat
Alona is a Principal Software Engineer, specializing in networking. Maintainer of  KubeVirt. Former mainainer of oVirt. She is part of the Red Hat container-native virtualization team.
avatar for Kim Wuestkamp

Kim Wuestkamp

Founder, Killercoda
Kim is the founder of killercoda.com and killer.sh. He is deep into everything regarding DevOps, Kubernetes, Cloud, Software Development and Infrastructure Architecture.
avatar for Dinesh Majrekar

Dinesh Majrekar

CTO, Civo
Dinesh is a visionary CTO at Civo, fast growing tech company focused on cloud-native technologies. As a proven entrepreneur with years of experience, Dinesh has a track record of building successful tech companies from the ground up. Dinesh has vast experience in building highly scalable... Read More →
avatar for Ryan Hallisey

Ryan Hallisey

Senior Software Engineer, Nvidia
Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.
PS

Peter Salanki

Director or Engineering, CoreWeave
Peter is the Director of Engineering at CoreWeave.


Thursday April 20, 2023 11:55 - 12:30 CEST
E107-108 | First Floor | Congress Centre

11:55 CEST

Yesterday, Today … Project Harbor - The Maintainers Track - Vadim Bauer, 8gears & Yan Wang, VMware
In this session, maintainers are going to highlight the benefits of new features towards better image management, a short overview of v2.7 and v2.8 release and show some of the new features like “Replication by chunk”, Job dashboar.... Next we will discuss the effort on topics such as Edge usage and ongoing implementation of harbor-operator and newly adopted Terraform provider for Harbor We will also talk about the Harbor community, including ways to contribute and areas(work groups) where we need help, such as in the Technical Documentation WG. We will also thank the contributors for their work in version 2.8 and share some of the adoption statistics for Harbor. Finally, we will discuss the roadmap and for the future of Harbor, including planned updates and improvements as we will provide an opportunity for participants to provide feedback.This is a great opportunity to learn about Harbor and how you can get involved in the community.

Speakers
avatar for Yan Wang

Yan Wang

Staff Engineer, VMWare
Yan Wang is a Staff engineer working on VMWare. As one of the core maintainer of CNCF project Harbor and the maintainer of CNCF project distribution, his main work focuses on technology research and innovation in the cloud native field.
avatar for Vadim Bauer

Vadim Bauer

Harbor Maintainer, 8gears Container Registry
Vadim Bauer is a Container Silverback with over a decade of experience in running containers in production. As a maintainer of the CNCF project Harbor, he focuses on extending the boundaries of OCI artifact management, adoption, and developer experience. At 8gears, Vadim helps cloud... Read More →


Thursday April 20, 2023 11:55 - 12:30 CEST
E103-104 | First Floor | Congress Centre

11:55 CEST

Safe, Dynamic Middleware with Dapr and WebAssembly - Mauricio Salatino, Diagrid & Adrian Cole, Tetrate
Join us for a practical talk on how the Dapr event-driven runtime implements dynamic extensions with WebAssembly. We'll cover how things work in general as well rationale and a peek into implementation. When you leave, you'll have a good idea of how WebAssembly lets you extend cloud native architecture without RPC. Dapr allows custom processing pipelines to be defined by chaining a series of middleware components. A request goes through all defined middleware components before it’s routed to user code, and backwards through the same components before a response is returned to the client. This talk shows how custom HTTP middleware can used without changing the Dapr binary, using WebAssembly technology. Dapr loads these dynamically and without requiring any system dependencies or RPC services. Specifically, we'll review the http-wasm application binary interface (ABI) which SDKs implements, and how this relates to other ABI like proxy-wasm or waPC. Well cover how the middleware works, including the wazero runtime which Dapr embeds to run wasm without system dependencies. Finally, we'll chat about how this fits into Dapr's long-term strategy in extensibility.

Speakers
avatar for Mauricio Salatino

Mauricio Salatino

Software Engineer, Diagrid
Mauricio works as an Open Source Software Engineer at @Diagrid, contributing to and driving initiatives for the Dapr OSS project. Mauricio also serves as a Steering Committee member for the Knative Project and Co-Leading the Knative Functions initiative. He published a book titled... Read More →
avatar for Adrian Cole

Adrian Cole

Open Source Engineer, Tetrate
Adrian works at Tetrate on Open Source projects. He spends most time on wazero: the zero dependency WebAssembly runtime for Go developers. Past notable project work includes Zipkin, OpenFeign and Apache jclouds.


Thursday April 20, 2023 11:55 - 12:30 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)
  Open Interfaces + Interoperability

11:55 CEST

Archetypes for Reliable Systems - Steve McGhee & Ameer Abbas, Google
We present a model and implementation for designing and running cloud-based internet services at various levels of intended reliability, based on "Deployment Archetypes for Cloud Applications" [Berenberg, Calder, 2022] https://dl.acm.org/doi/full/10.1145/3498336# This model allows cloud customers to describe the reliability needs (availability, failure domain resilience, RTO/RPO) of an application and then provides a kubernetes-based deployment strategy that implements that archetype. Our implementation provides a multi-tenant, multi-application, multi-cluster strategy, with CI/CD, micro-segmentation, policy management, traffic routing, SLOs and application + infrastructure monitoring. This allows for application teams to own their services, while allowing infrastructure teams to perform updates without service interruption.

Speakers
avatar for Ameer Abbas

Ameer Abbas

Product Manager, Google
Ameer Abbas is a Google product manager focused on application modernization and cloud native platforms. He is also part of the Istio steering committee.
avatar for Steve McGhee

Steve McGhee

Reliability Advocate, Google
Steve was an SRE at Google for about 10 years, then left to help a company move to the Cloud. He's back at Google, helping more companies do that.



Thursday April 20, 2023 11:55 - 12:30 CEST
Hall 7, Room D | Ground Floor | Europe Complex
  Reliability + Operational Continuity

11:55 CEST

Taming Tactical Cluster Federation at the Edge - Anna Magdalena Kosek, TNO & Stefan van Gastel, Dutch Ministry of Defence
Cluster federation sounds easy: you take several k8s clusters and treat them as one. Right? Easy! What if the network is unstable? What if clusters are resource-diverse and on the move? What if clusters join, unjoin, and re-join spontaneously? What if a cluster running a stateful application leaves the federation? Cluster federation does not sound so easy anymore. Join us on an adventure of bringing cloud federation to the edge and uncovering just how far a mesh of elastic mobile clouds can stretch. See the use Liqo for distributed federation; a combination of TAS (Telemetry Aware Scheduler) and OLSR (Optimized Link State Routing) for network aware scheduling; and Chaos Mesh to simulate network effects. We will show you a tactical cloud concept developed together by TNO and the Dutch Ministry of Defence, where manned or unmanned vehicles join spontaneously in ad-hoc cloud constellations to deliver a resilient, distributed, and collaborative computation.

Speakers
avatar for Stefan van Gastel

Stefan van Gastel

Head of Innovation and Research at JIVC, Dutch Ministry of Defence
Starting his career as a web developer, Stefan van Gastel has seen and joined the rise of innovative technologies, methods, and principles. Being responsible for starting movements to implement CI/CD, DevOps, containerization, and other modern software development practices within... Read More →
avatar for Anna Magdalena Kosek

Anna Magdalena Kosek

Lead Developer, Helin Data
PhD Anna Magdalena Kosek is a Lead Developer at Helin Data and previously a senior software engineering and integration expert at TNO, Netherlands Organization for Applied Scientific Research . She has a background in mathematics and computer science and is an experienced software... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
G104-105 | First Floor | Congress Centre
  Runtime Performance + Constrained Environments

11:55 CEST

Automated Cloud-Native Incident Response with Kubernetes and Service Mesh - Matt Turner, Tetrate & Francesco Beltramini, Control Plane
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain. Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world. In this talk, Francesco and Matt will * Recap incident response 101 * Introduce some cloud-native tech including Kubernetes, Istio, and GitOps * Show an Operator built by Matt for dynamically adding complex layer-7 traffic rules in response to changes in the environment, which will be used as part of the demo * Walk you through a response to a log4shell attack against a workload in a k8s cluster: sensor alert, SIEM analysis, IRP automation (honeypots, isolation), building the IoC, and killing the attack.

Speakers
avatar for Matt Turner

Matt Turner

Software Engineer, Tetrate
Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over a decade. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's given many... Read More →
avatar for Francesco Beltramini

Francesco Beltramini

Security Engineering Manager, ControlPlane
Francesco is a Security Professional with 10+ years of working experience and deep technical competence matured on a number of high-end projects for both public and private sector organizations. He had the opportunity of working on a variety of technology stacks in designing and implementing... Read More →



Thursday April 20, 2023 11:55 - 12:30 CEST
Emerald Room | First Floor | Congress Centre
  Security + Identity

11:55 CEST

Kubernetes Defensive Monitoring with Prometheus - David de Torres Huerta & Mirco De Zorzi, Sysdig
A great ecosystem of applications and open source projects has emerged to cover different needs and use cases. However, most of the time we always think about using these applications in the use case that they have been designed for. One example is Prometheus, which is the graduated monitoring project in the CNCF. However, monitoring can become a complementary defensive tool for other projects like Falco. Its access via metrics to other kinds of information that is not available in the kernel calls and the ability to look back in the past, allows Prometheus to cover some blindspots that can be exploited by potential attackers. In this talk, David and Mirco will explore some interesting use cases and practical examples where Prometheus can be used for defensive monitoring, giving some ready to use examples and comparing the pros and cons of this approach with runtime security.

Speakers
avatar for David de Torres Huerta

David de Torres Huerta

Engineer Manager, Sysdig
David is Manager of Engineering at Sysdig and has studies on Computer Science and Cultural and Social Anthropology. Previously he worked as CTO in a company specialized in IoT for energy metering and Industry 4.0. He is a computer engineer and collaborates with open source projects... Read More →
avatar for Mirco De Zorzi

Mirco De Zorzi

Software Engineer, Sysdig
Mirco is a Software Engineer at Sysdig. Although he currently works on the data platform team he’s also passionate about security, often participating in cybersecurity competitions, and tutoring new students on network security at Ca’ Foscari University.



Thursday April 20, 2023 11:55 - 12:30 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity

12:30 CEST

Lunch 🍲
Thursday April 20, 2023 12:30 - 14:30 CEST
Halls 1 + 5 | Ground Floor | Europe Complex

12:30 CEST

Diversity + Equity + Inclusion Lunch
Special lunch featuring table discussions around diversity, equity, and inclusivity.

Thank you to our sponsor, Intel!


Seating is limited and will be provided on a first come, first served basis.

Thursday April 20, 2023 12:30 - 14:30 CEST
Europe Foyer 1 | Ground Floor | Congress Centre

13:00 CEST

14:30 CEST

Hacking and Defending Kubernetes Clusters: We'll Do It LIVE!!! - Fabian Kammel & James Cleverley-Prance, ControlPlane
Ever wondered about the security of your own Kubernetes cluster, but new to Kubernetes security and not sure where to start? In this talk Fabian and James will, via a series of live demos, demonstrate both common attacks and offensive techniques against Kubernetes clusters and workloads, and the runtime controls to protect against them. Scenarios include:
  • Leveraging a compromised Container to attack the underlying node, pivot across the network, or abuse accessible secrets and tokens.
  • A Malicious Insider exploiting common RBAC misconfigurations.
  • Using a single node to hijack the entire cluster.
Each attack will be contextualised via mapping to the threat model resources available to the community today, such as the MITRE ATT&CK® Containers Matrix and CNCF Financial Services User Group attack trees. Fabian and James will explain how to use these resources, and the demonstrated attacks and controls to threat model, security test and defend your own Kubernetes Clusters.

Speakers
avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. He spends his days focusing on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and security architecture. He has reviewed the security posture of numerous... Read More →
avatar for Fabian Kammel

Fabian Kammel

ControlPlane
Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud native) world a safer place. After graduating from Ruhr-University Bochum with a Master's in IT-Security, he worked for 5 years in automotive security, transforming old & shaping new security... Read More →


Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track

14:30 CEST

Telepresence Case Studies: From First Experience to Fast Feedback at Scale - Edidiong Asikpo, Ambassador Labs
Building and testing your microservice-based application becomes difficult when you can no longer run everything locally due to resource requirements. Moving to the cloud for testing is a no-brainer, but how do you synchronize your local changes against your remote Kubernetes environment? Following the usual container build-push-test cycle makes your inner development loop slower because you’d have to wait for minutes, sometimes hours, before seeing the impact of your code changes, and this dramatically reduces the number of iterations you can perform, the features you can ship to your end-users and negatively impacts the developer experience. Using three companies as a case study, this talk highlights how adopting the open source CNCF tool Telepresence improved their developer experience, accelerated their inner dev loop, and reduced staging environment compute costs. An explanation of what Telepresence is and a demo of how to implement it will also be covered in this talk.

Speakers
avatar for Edidiong Asikpo

Edidiong Asikpo

Senior Developer Advocate, Independent
Edidiong Asikpo is a Senior Developer Advocate based in Lagos, Nigeria. She is passionate about sharing her knowledge of DevOps through technical articles, videos, and social media. Edidiong has given over 100+ talks at tech events worldwide and continues to play a significant role... Read More →


Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7, Room C | Ground Floor | Europe Complex
  Application + Delivery

14:30 CEST

Scaling Databases at Activision - Greg Smith & Vladimir Kovacik, Activision/Blizzard
A brief story of how we came to use Vitess/Kubernetes to power some of the biggest entertainment franchises on the planet A few years ago we started thinking about: “What would it look like to run a database on Kubernetes?” We had just migrated most of our workloads from VMs to Linux system containers. This unlocked a lot of performance potential, while being a mostly drop-in replacement. As our fleet grew and the on-call burden started to rear its head, we did some requirements gathering for running these databases using our new Kubernetes-based platform. We ended up testing a parallel track using several open source technologies. Months into the testing there was a very clear winner which met our requirements: Vitess. We spent the last few months of the year building a proof of concept for one of our smaller services, and launched it with that year’s major titles. The success of this spurred an increased interest in Vitess across Demonware/Activision leading to many larger services adopting it for the following year. This talk will mainly be about the transitional phases of moving from our classic database stack to Vitess. We will give a high level overview of the experience, what we learned, and some interesting points worth sharing to the wider community.

Speakers
avatar for Vladimir Kovacik

Vladimir Kovacik

Senior SRE, Activision/Blizzard
Vladimir Kovacik is a Senior SRE at Activision, working from Vancouver, Canada. He’s worked in a variety of roles during his 20 years of experience. Vlad started as a software engineer in Slovakia, then transitioned to a systems engineer. Later he worked as a cloud engineer in Ireland... Read More →
avatar for Greg Smith

Greg Smith

Principal Architect, Activision/Blizzard
Greg Smith is a Principal Architect at Activision, based out of Vancouver, Canada. He has been working at Activision for around 10 years, and has been a key person for many AAA game launches. With over 20 years of experience, ranging from being a pen tester in Japan to a systems engineer... Read More →



Thursday April 20, 2023 14:30 - 15:05 CEST
G104-105 | First Floor | Congress Centre
  Business Value

14:30 CEST

Community Leaders Tell All: Everything You Wanted to Know and Were Too Afraid to Ask - Kim McMahon, Kyverno / Nirmata; Lisa-Marie Namphy, Cockroach Labs; Sharone Zitzman, RTFM Please Ltd; Bart Farrell, Consultant/Content Creator
There is no doubt that community, visibility, and marketing is a key component to the health and growth of open source projects. There are many approaches you can choose, and of course many missteps can happen along the way to building your community tribe. The important thing is to listen, learn, and try new things. In this presentation, community leaders Kim McMahon, Lisa Marie-Namphy, Sharone Zitzman, and moderator Bart Farrell will share their top pieces of advice on how they have built inclusive, sustainable, and healthy communities. To give you a sneak peek… Inclusivity, empathy, and assume positive intent. The big tent and be ready to chop wood and carry water. There are no silver bullets. Community building is one user at a time with personal connections and attention to details. Metrics. Which ones matter and how to measure? Join us for this panel if you are looking to kickstart your own open source community, or are part of an open source community and would like to learn how to optimize and grow it, and make a greater impact.

Speakers
avatar for Lisa-Marie Namphy

Lisa-Marie Namphy

Developer Relations & CNCF Ambassador, N/A
Lisa is a developer advocate, community architect, and CNCF Ambassador with 20+ years of experience, at cloud native software companies and start-ups. Lisa runs the SF Bay Cloud Native Platforms User Group (one of the largest CNCF groups), personally hosting meetups for the past ten... Read More →
avatar for Kim McMahon

Kim McMahon

Senior Director, Advocacy and Community, FreeBSD Foundation
Kim McMahon is well-known in the open source ecosystem as a marketer of open source and growing healthy and productive communities. She is currently at The FreeBSD Foundation leading the Foundation’s advocacy, marketing, and community efforts to develop a go-to-market plan, long... Read More →
avatar for Bart Farrell

Bart Farrell

Vivacious Voice of KubeFM, Learnk8s
Bart Farrell is a CNCF Ambassador and Freelance Content Creator, event host, and community consultant. He brings creativity and passion to everything he does, whether it's rapping about Kubernetes or producing creative videos to bring technical concepts to life. Bart engages with... Read More →
avatar for Sharone Zitzman

Sharone Zitzman

Chief DevRel, RTFM Please
Sharone Zitzman, is a developer relations professional and an open source community builder, who likes to work with engineering teams that are building products that developers love. Having built both the DevOps Israel and Cloud Native & OSS Israel communities from the ground up... Read More →


Thursday April 20, 2023 14:30 - 15:05 CEST
G106-107 | First Floor | Congress Centre
  Community

14:30 CEST

How to Develop a Robust Operator for Day-2 (Lesson Learned on KubeVirt/HCO) - Simone Tiraboschi, Red Hat
Developing a new Operator for day 1 operations (deployment, initial configuration) is nowadays quite easy. But from our experience, and from our mistakes, developing the Hyperconverged Cluster Operator for the KubeVirt project we know that this is just the tip of the iceberg. KubeVirt manages VMs and VMs are a strange beasts: they should not simply be destroyed and restarted on a different node but they should be migrated and this takes time so so the upgrade is long and complex. This presentation will share what we learned developing, over the years, an operator that manages a rich product that hosts stateful applications. You will learn about: - Control plane vs workload upgrade - Long running upgrades - Reliability concerns: canary