Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Sunday, May 19
 

09:00

Cephalocon (Additional Registration + Fee Required)
Registration Fees: Standard Rate of $450 until March 15; Late Rate of $550 from March 15 – May 20

Cephalocon Barcelona aims to bring together more than 800 technologists and adopters from across the globe to showcase Ceph’s history and its future, demonstrate real-world applications, and highlight vendor solutions. Join us in Barcelona, Spain on 19-20 May 2019 for our second international conference event.

How to register: To register for Cephalocon, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to events@linuxfoundation.org.

Sunday May 19, 2019 09:00 - 17:00
Hall 8.1

11:00

14:00

14:00

Registration + Badge Pick-up at Porta Fira Hotel
Sunday May 19, 2019 14:00 - 20:00
Porta Fira Plaza Europa, 45 - 08908 - Hospitalet de Llobregat, provincia

14:00

Registration + Badge Pick-up at Renaissance Hotel
Sunday May 19, 2019 14:00 - 20:00
Renaissance Hotel Plaza Europa, 50-52, L’Hospitalet de Llobregat, Barcelona 08902 Spain

14:00

Registration + Badge Pick-up at SB Hotel
Sunday May 19, 2019 14:00 - 20:00
SB Hotel C/ Ciències, 11-13, 08908, Hospitalet de Llobregat, Spain
 
Monday, May 20
 

08:00

Anthos/GKE Workshop hosted by Google Cloud (Additional Registration + Fee Required)
Registration Fees: USD $50

Anthos is the new paradigm for infrastructure modernization from Google. Anthos empowers you to create a reliable, portable, and consistent infrastructure; across clouds and on-premises. Built on open-source technologies pioneered by Google, including Kubernetes and Istio, Anthos allows you to build once to run anywhere.

In this workshop, you will gain hands-on experience with the Anthos technologies, including the Hub for managing multiple clusters from different locations. You will set up an application across multiple environments and connect them using a multi-cluster service mesh. You’ll also learn about the advanced features of Google Kubernetes Engine (GKE).

Prerequisites: Laptop, basic Kubernetes experience

How to register: Pre-registration is required. To register for Anthos/GKE Workshop, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to meetusatkubecon@google.com.


Monday May 20, 2019 08:00 - 12:00
Hall 8.0 C1

08:00

Open Data Autonomy Mini Summit hosted by OpenSDS (Additional Registration + Fee Required)
Registration Fees: USD $50

The Open Data Autonomy Mini Summit is an all-day event focusing on data & storage challenges and solutions in cloud native era. The OpenSDS community is working to build an open autonomous data platform integrating all disparate data services, such as data migration, replication, life cycle, protection etc along with AI/ML. The platform is self-governed and intelligent. OpenSDS is a Linux Foundation project and its members include IBM, Fujitsu, Huawei, Intel, Western Digital, Dell-EMC, Hitachi, LINBIT, Vodafone, KPN, NTT Communications, China Unicom, Yahoo! JAPAN, Toyota Infotech, GMO, IIJ, Click2Cloud, Oregon State University. It is a great opportunity to learn and collaborate to build solutions for cloud native challenges of data autonomy.
The event is organized with Hands-on Workshop (BYOD), Demos, Deep Dive Sessions and End User Sessions. It can provide an end to end experience and networking opportunity during welcome breakfast and evening reception dinner.

The day will have a mix of technical sessions, end user case studies, interactive workshops, demos and roadmap discussions.
Take back learning on data management challenges, solutions and how to collaborate. Great opportunity for networking.
Win interesting goodies and of course enjoy food and beverages through the day! Collaborate | Engage | Contribute

Detailed Agenda and Details here.

How to register: Pre-registration is required. To register for Open Data Autonomy Mini Summit, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to info@opensds.io.

Monday May 20, 2019 08:00 - 17:00
Hall 8.0 F3

08:00

OpenShift Commons Gathering hosted by Red Hat (Additional Registration + Fee Required)
Registration Fees: $50.00

Join key stakeholders, customers, upstream project leads, and contributors that make up the Red Hat OpenShift ecosystem for a full day of talks, demos and case studies from stakeholders, customers, and contributors from across the OpenShift ecosystem.

The OpenShift Commons Gathering brings together experts from all over the world to discuss real-world implementations of container technologies, best practices for cloud native application developers and the upstream open source software projects that make up the OpenShift ecosystem.
Speakers come from the 475+ member organizations that now make up the OpenShift Commons ecosystem.

The Barcelona event will include case studies from Macquarie Bank, Six Group, MOD/Israel and other Commons members with production deployments of OpenShift, as well as talks by Kubernetes and other upstream project leads, deep dives into the current and future releases of OpenShift and Operator Framework by members of Red Hat’s OpenShift engineering and product management teams.

More speakers and panelists are being added, check out the full agenda here.

If you are interested in sponsoring the OpenShift Commons Gathering, please click here for more information.

How to register: Pre-registration is required. To register for OpenShift Commons Gathering, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to Alexa, ahollis@redhat.com.

Monday May 20, 2019 08:00 - 17:00
Hall 8.0 B1

08:00

AWS Container Day (Additional Registration Required)
Registration Fees: Complimentary

All the goodness of AWS, with the familiarity of Kubernetes. Begin your KubeCon 2019 in Barcelona by learning how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. This full-day event will feature keynote from Bob Wise, GM Amazon EKS, and Mark Shuttleworth - founder and CEO of Canonical Ltd. In addition, we'll discuss the EKS roadmap, talk about machine learning and deep learning on EKS, do a workshop to get you hands-on with EKS, and talk to customers and partners about how they're using and integrating with EKS. Please bring your laptops to help setup for the EKS workshop.
Learn more about the event here

How to Register: Pre-registration is required. Register here for AWS Container Day.

For questions regarding this event, please reach out to containers-pmm@amazon.com.

Monday May 20, 2019 08:00 - 18:00
Porta Fira Plaza Europa, 45 - 08908 - Hospitalet de Llobregat, provincia

08:00

08:00

Registration + Badge Pick-up at Porta Fira
Monday May 20, 2019 08:00 - 18:00
Porta Fira Plaza Europa, 45 - 08908 - Hospitalet de Llobregat, provincia

08:00

Registration + Badge Pick-up at Renaissance Hotel
Monday May 20, 2019 08:00 - 18:00
Renaissance Hotel Plaza Europa, 50-52, L’Hospitalet de Llobregat, Barcelona 08902 Spain

08:00

Registration + Badge Pick-up at SB Hotel
Monday May 20, 2019 08:00 - 18:00
SB Hotel C/ Ciències, 11-13, 08908, Hospitalet de Llobregat, Spain

08:30

Cloud Native Storage Day hosted by Cloud Native Storage ecosystem (Additional Registration + Fee Required)
Registration Fees: $75.00

Join us for a very special Cloud Native Storage Day! We have brought together users of cloud native storage technologies as well as experts from the top cloud native storage companies to bring you a fantastic day rich with thought-provoking sessions including technical demos, panel discussions, presentations, and a terrific networking opportunity for you to get to know the experts in Container Storage. Come learn all about the virtues of multi-cloud operations of stateful services with Kubernetes, running stateful applications in containers, cloud native data management, in short, all things cloud native storage! Twelve CNS companies partnered together to bring you this creative, community-oriented day.
Visit www.cloudnativestorageday.com to see the  full agenda.
How to register: Pre-registration is required. To register for Cloud Native Storage Day, add it on during your KubeCon + CloudNativeCon registration.
For questions regarding this event, please reach out to Lisa, lisa@portworx.com.


Monday May 20, 2019 08:30 - 17:00
Hall 8.0 C4

09:00

Intro to Containers and Kubernetes hosted by VMware (Additional Registration + Fee Required)
Registration Fees: $249, to be donated to diversity scholarships

Ready to dive a little deeper into the world of Kubernetes? Understand the first principles of a cloud native infrastructure, and then dig into our lab environment and deploy your first cluster. This training is designed for attendees who are early in their cloud native journey—you will walk out with more knowledge of basic concepts and greater comfort in working with containers.

How to register: Pre-registration is required. To register for Intro to Containers and Kubernetes, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to Dan Finneran, finnerand@vmware.com.

Monday May 20, 2019 09:00 - 15:30
Hall 8.0 E9

09:00

Cloud Native Network Services Day hosted by LFN (Additional Registration + Fee Required)
Registration Fees: USD $50

Cloud Native Network Services Day is about bringing open source networking projects together with cloud native developers looking to expand their reach in the networking space. Attendees will benefit from the perspectives of both communities around their latest innovations and strategies for accelerating CSP testing and deployment and reducing time-to-market for services.
The day will include a brief overview of the open source networking landscape of projects and will cover pressing industry use cases — such as a Cloud Native 5G Virtual Central Office (VCO). Other potential topic areas are:

– Cloud Native Orchestration
– Network Service Mesh Use Cases
– vRAN/vEPC
– CI/CD
– SDN/NFV
– Edge Automation

View the complete schedule here! 

How to register: Pre-registration is required. To register for Cloud Native Network Services Day, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to lfn-info@linuxfoundation.org.

Monday May 20, 2019 09:00 - 16:00
Hall 8.0 E4

09:00

Cloud Native Security Day hosted by Twistlock (Additional Registration + Fee Required)
Registration Fees: USD $100 donated to CNCF Diversity Scholarship Fund

DevSecOps is a term that’s thrown around these days, referring to the ability to not only automate the build and deployment pipeline of application development, but to also slipstream in security along the way. In this one day event, we will dive deep and show you various examples throughout that pipeline of how to make DevSecOps a reality in your organization. We will bring speakers from across the pipeline tooling continuum to discuss security throughout the automation process, as well as a few customers who have successfully implemented this in their own environments. You’ll come away with practical implementation recommendations of how to make DevSecOps a reality rather than a buzzword.

Visit http://go.twistlock.com/cloudnativesecurityday for more information.

How to register: Pre-registration is required. To register for Cloud Native Security Day, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to contact@twistlock.com.

Monday May 20, 2019 09:00 - 16:00
Hall 8.0 F5

09:00

Cephalocon - Cloud-Native Software-Defined Storage (Additional Registration + Fee Required)
Registration Fees: USD $100

Cephalocon Barcelona aims to bring together more than 800 technologists and adopters from across the globe to showcase Ceph’s history and its future, demonstrate real-world applications, and highlight vendor solutions. Join us in Barcelona, Spain on 19-20 May 2019 for our second international conference event.

How to register: To register for Cephalocon, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to events@linuxfoundation.org.

Monday May 20, 2019 09:00 - 17:00
Hall 8.1

09:00

Cloud-Native Transformation Summit 2019 hosted by Sysdig (Additional Registration + Fee Required)
Registration Fees: USD $149 if registered by April 15; Standard rate of USD $169 starting April 16

Cloud-Native Transformation Summit 2019 is a one-day event for the KubeCon community to look at how enterprise organizations are moving into production-level Kubernetes and transforming their applications and infrastructure operations into Cloud-Native technologies.

As many enterprises move from proof of concept to production, they face challenges in securing, maintaining visibility, scaling, and troubleshooting application development and infrastructure operations. But, it’s not just technology–there are important processes, organizational and cultural considerations to consider on the journey to a cloud-native enterprise.

Join fellow cloud-native practitioners from the user and technology ecosystem to hear real-world insights and learnings. You’ll walk away with a blueprint to address technology, process, organizational and cultural considerations, such as:
  • How containers and microservices have radically changed visibility and security requirements for enterprise applications
  • Challenges of scale and how to resolve them when you move from an application on a host to a sophisticated, dynamically orchestrated, multi-container architecture
  • Producing and implementing a comprehensive cloud-native security strategy among IT, Security teams, DevOps, DevSecOps
  • How visibility and monitoring at scale may be the missing links in reaching your goal of a resilient cloud-native infrastructure
If you want to be ahead of the shift and help lead change, you’ll want to attend this event.

Check out the agenda and speaker line up on our website!

How to register: Pre-registration is required. To register for Cloud-Native Transformation Summit 2019, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to Jennifer Pospishek, Jennifer@sysdig.com.

Monday May 20, 2019 09:00 - 17:00
Hall 8.0 D1

09:00

Continuous Delivery Summit hosted by CDF (Additional Registration + Fee Required)
Registration Fees: USD $50

The Continuous Delivery Summit is a one-day event that brings together the open source CI/CD community. The day will start with keynotes, project showcases and stories from end users. The afternoon will consist of BoF sessions around CI/CD themes, where attendees can collaborate, meet peers and drive the future direction of continuous delivery.

How to register: Pre-registration is required. To register for Continuous Delivery Summit, add it on during your KubeCon + CloudNativeCon registration.

Monday May 20, 2019 09:00 - 17:00
Hall 8.0 B3

09:00

FD.io (Fast Dataplane) Mini-Summit (Additional Registration + Fee Required)
Registration Fees: USD $50

Cloud Native provides application deployment speed and flexibility. Why burden it with cumbersome, sluggish networking?

Let FD.io deliver the data IO speed required for flexible and scalable cloud native networking and storage.
  • Hear FD.io community experts share project, use case, and capability insights
  • See how FD.io enables cloud native network functions, cross-community integration with Kubernetes and Envoy communities
  • Gain clarity on why enterprise developers need FD.io
Hear how FD.io can drive high-performance communication to scale-out and scale-up cloud-native micro-services deployments, the latest developments in Network Service Mesh and management and control agents for CNFs, including Cotiv-VPP and Ligato.

View the Schedule Here!

How to register: Pre-registration is required. To register for FD.io (Fast Dataplane) Mini-Summit, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to lfn-info@linuxfoundation.org.

Monday May 20, 2019 09:00 - 17:00
Hall 8.0 C2

09:00

Kubernetes Contributor Summit (Additional Registration Required)
The yearly Kubernetes Contributor Summits bring together new and current Kubernetes contributors alike to connect and share face-to-face. With each event having different goals, the Barcelona event is shaping up to focus on strengthening our contributor base in other regions outside of the U.S. and adding in some activities for our current contributors to get hallway conversations in with their distributed peers.

Visit the Kubernetes Contributor Summit website for additional information and to register.

Monday May 20, 2019 09:00 - 17:00
CC4+CC5

09:00

Kubernetes Operator Framework Workshop hosted by Red Hat (Additional Registration + Fee Required)
Registration Fees: Sold Out, Waitlist Available.

This is an entry-level workshop for both application developers and system administrators interested in building and managing Operators for Kubernetes environments. It is designed for those who have a basic knowledge of Kubernetes and want to learn how to apply domain or application-specific knowledge to automate common operational tasks.

From 9:00 am to 3:00 pm, we will be introducing Kubernetes operators and attendees gain an understanding the past difficulties with building Operators with existing client-libraries and discover how the Operator Framework can ease development workflow. Attendees will also receive step-by-step guidance on the process of creating real-world Operators with Go, Ansible, and Helm charts while mastering methodologies, design patterns, and strategies that can assist in avoiding common pitfalls.

Starting at 3:00 pm, we’ll open up the room to anyone who wants to learn how to discover and add your Operator to OperatorHub.io and utilize the Operator Lifecycle Manager (OLM) to control installation, upgrade, and role-based access control. Drop-ins welcome for the afternoon portion of the workshop especially if you have a operator that you’d like to get listed in OperatorHub.io.

All Operator Framework components are part of GitHub organization called “Operator Framework” located here: https://github.com/operator-framework under Apache License 2.0

How to register: Pre-registration is required. To register for Kubernetes Operator Framework Workshop, Sold Out, Waitlist Available, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to Alexa, ahollis@redhat.com.

Monday May 20, 2019 09:00 - 17:00
Hall 8.0 D2

09:00

Serverless Practitioners Summit hosted by CNCF (Additional Registration + Fee Required)
Registration Fees: $100

The goal is to unite the serverless community and present end users with comprehensive strategies to understand serverless in a cloud native context. To do that, we plan to create a half day single-track serverless conference that follows our initial successful work in the CNCF serverless working group and surrounding projects. The second half of the day will be dedicated to breakouts based on specific serverless projects or broad topics.

How to register: Pre-registration is required. To register for Serverless Practitioners Summit, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to events@cncf.io.

Monday May 20, 2019 09:00 - 17:00
Hall 8.0 D4

09:00

Your Path to Production Ready Kubernetes hosted by Weaveworks (Additional Registration + Fee Required)
Registration Fees: USD $200

Using a combination of instructor-led demonstrations and hands-on exercises, the workshop will enable the attendee to go into detail on the following topics:
  • Developing and operating your Kubernetes microservices at scale
  • DevOps best practices and the movement towards a “GitOps” approach
  • Building with Kubernetes in production: caring for your apps, implementing CI/CD best practices, and utilizing the right metrics, monitoring tools, and automated alerts
  • Operating Kubernetes in production: Upgrading and managing Kubernetes, managing incident response, and adhering to security best practices for Kubernetes
Prerequisites:
  • Basic knowledge of Kubernetes is required. At a minimum practical experience experimenting with Kubernetes is required
  • You have deployed a few applications to a test cluster, and now want a path forward of how to use Kubernetes in production
  • Familiarity with the Unix command line
  • A complete cloud lab environment will be provided, so bring laptop with a modern browser
This workshop doesn’t cover:
  • Deep knowledge of the Prometheus Query Language. We’ll be working through practical examples, but won’t cover the rest of PromQL
  • Kubernetes Introduction and concepts. We won’t be going through an overview of Kubernetes, instead we focus on application in the real world.

Light breakfast, Lunch and refreshments will be provided.

Please note you must be registered to attend KubeCon + CloudNativeCon Europe 2019 in Barcelona in order to attend this workshop.

How to register: Pre-registration is required. To register for Your Path to Production Ready Kubernetes, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to Sonja@weave.works.


Monday May 20, 2019 09:00 - 17:00
Fira Congress Hotel Polígono Industrial de la Pedrosa, Calle de José Agustín Goytisolo, 9-11, 08908 Hospitalet de Llobregat, Barcelona, Spain

09:00

KubeSec Enterprise Summit hosted by Aqua Security (Additional Registration + Fee Required)
Registration Fees: Early Bird Rate of $149 until April 1; After April 1, the standard rate of $179 applies.

Co-Hosts: AWS, Google, Microsoft, Red Hat

KubeSec Enterprise Summit is a full-day event that focuses on the challenges faced by larger organizations with demanding security and compliance requirements when deploying Kubernetes in production. Whether you are just now beginning to roll out your first production implementation of Kubernetes, or are an early adopter looking to learn from the experience of your peers, you are sure to get valuable insights from this educational event.

For more information on the event, please visit our website.

How to register: Pre-registration is required. To register for KubeSec Enterprise Summit, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to Tara.sullivan@aquasec.com.

Monday May 20, 2019 09:00 - 17:30
Renaissance Hotel Plaza Europa, 50-52, L’Hospitalet de Llobregat, Barcelona 08902 Spain

09:00

10:30

CNCF End User Partner Summit (Pre-registration and approval is required)
Registration Fees: USD $100 (which is donated to the diversity scholarship)

The CNCF End User Partner Summit brings together cloud native users to share best practices and lessons learned. The day will start with stories from end users, and their journey to overcome the challenges of adopting cloud native across different industries. It will continue with an unconference, where attendees can meet peers and learn how to navigate and contribute to the cloud native community.

Agenda
10:30 Kick off from Cheryl Hung, CNCF
11:00 Dave Zolotusky, Spotify
11:30 Break
12:00 Fernando Carnago, Adidas
12:30 Jeff Brewer, TOC End User Representative
13:00 Lunch
14:00 Announcement of unconference topics
14:15 Unconference session 1
15:00 Break
15:15 Unconference session 2
16:15 Closing remarks from Cheryl Hung, CNCF
16:30 End

Tickets cost $100 which is donated to the diversity scholarship. Your organization must be a member of the CNCF End User Community (https://www.cncf.io/people/end-user-community/) to attend. End user members may purchase up to four tickets, and end user supporters may purchase up to two. Contact chung@linuxfoundation.org with any questions.

How to register: Pre-registration and approval is required. To apply for this event, add it on during your KubeCon + CloudNativeCon Europe registration.

Monday May 20, 2019 10:30 - 16:30
Hall 8.0 F1

12:00

Get the Cert: Build Your Next App With Kubernetes + Istio hosted by IBM (Additional Registration Required)
Registration Fees: Complimentary

Do you need to select the right technologies to build the next productivity app in your application backlog? Get your hands dirty with those technologies before you start your build. Learn how Kubernetes and Istio make it easy to bind your app to advanced services like Watson, Blockchain, and IoT. Our developers will walk you through the step-by-step in this Hands-on-Lab, and you’ll walk away with a certification badge.

Kubernetes minimize outages and disruptions through self-healing, intelligent scheduling, horizontal scaling, and load balancing. Developers can easily roll out and roll back application versions, whether they’re collaborating in development and test environments or deploying to production. Even new application functionality is streamlined, when developers extend apps with cloud services.

The Result: Spend more time coding and less time with the infrastructure.

Lab Instructors:
Daniel Berg, Distinguished Engineer, IBM Cloud Kubernetes Service Architect, IBM
Ram Vennam, Lead Technical Manager, IBM Cloud Kubernetes Service, IBM
Lin Sun, STSM & Master Inventor, Istio, IBM
 
Agenda:
12:00PM-1:00PM: Lunch
1:00PM-4:00PM: Hands-on-Lab

How to Register: Pre-registration is required. Register here

For questions regarding this event, please reach out to rmelanco@us.ibm.com.

Monday May 20, 2019 12:00 - 16:00
The W Hotel Plaça Rosa Del Vents 1, Final, Passeig de Joan de Borbó, 08039 Barcelona, Spain

13:00

A Linkerd in Production Workshop hosted by Buoyant (Additional Registration + Fee Required)
Registration Fees: $499 (scholarships available)

This is a hands-on workshop that teaches how to use Linkerd in production, covering both Kubernetes and non-Kubernetes environments. This workshop is presented by Buoyant, the primary sponsors of the Linkerd project, and includes training by Linkerd maintainers.

How to register: Pre-registration is required. To register for A Linkerd in Production Workshop, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to events@buoyant.io.

Monday May 20, 2019 13:00 - 17:00
Hall 8.0 E5

13:00

Introduction to CRDs with Kubebuilder hosted by Google Cloud (Additional Registration + Fee Required)
Registration Fees: USD $50

Solly Ross (Google), Bob Killen and Jeffery Sica (community members)

Extending Kubernetes with Controllers and Custom Resource Definitions (CRDs) is quickly becoming commonplace. Users are now developing their own extensions to automate their applications and infrastructure. This emerging practice has been enabled by the growing set of tools designed to make developing these custom APIs easy.

Of these tools, Kubebuilder, a Kubernetes sub-project, has been adopted by the Kubernetes project and end-users alike. It serves as a framework for rapidly building and publishing Kubernetes APIs by providing simple abstractions and automation for the common components involved with a controller.

Attendees will learn how to approach development using best practices and methodologies for building Kubernetes Controllers. In the second half, attendees will use Kubebuilder to build, test, and deploy their own custom extension.

Prerequisites:
+ Laptop
+ Basic Golang Experience

How to register: Pre-registration is required. To register for Anthos/GKE Workshop, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to meetusatkubecon@google.com.

Monday May 20, 2019 13:00 - 17:00
Hall 8.0 C1

14:30

Harbor Community Reception hosted by CNCF and VMware (Additional Registration Required)
Registration Fees: Sold out, waitlist available. Complimentary with pre-registration, space is limited.

We invite the Harbor community to join us for an afternoon of networking with peers! Come exchange ideas, and share best practices in managing and securing container images and Helm charts. You'll also have the opportunity to provide feedback on the latest roadmap, which the maintainers of the project will share. Developers will learn how to contribute to Harbor, and end users of Harbor will share their use cases. This will be a casual event, so come and enjoy an afternoon with the Harbor community!

How to register: Pre-registration is required. To register for the Harbor Community Reception, add it on during your KubeCon + CloudNativeCon registration. Sold out, waitlist available.

For questions regarding this event, please reach out to Harbor@vmware.com.

Monday May 20, 2019 14:30 - 17:00
CC7.1

17:00

Lightning Talk Hosts - Frederic Lardinois, TechCrunch & Sean Michael Kerner, eWeek / InternetNews / eSecurity Planet
Speakers
avatar for Sean Michael Kerner

Sean Michael Kerner

Jedi
Sean Michael Kerner is a technology journalist and his coverage of the technology industry appears in multiple publications around the world. Kerner is also an IT consultant, technology enthusiast and tinkerer, and has been known to spend his spare time immersed in the study of the... Read More →
avatar for Frederic Lardinois

Frederic Lardinois

News Editor, TechCrunch


Monday May 20, 2019 17:00 - 17:01
Hall 8.0 A1

17:00

Lightning Talk: Back to the Future with eBPF - Beatriz Martínez Rubio, IBM
Is it possible that the future of networking and security in Microservices will be based on technology from the past?

Several open-source Kubernetes tools are already using eBPF. Mainly related to networking, monitoring, and security.
This talk will guide you from the understanding of Linux kernel BPF concept, through the advantages and features that bring to microservices environments, to some known tools that currently make use of it, such Cilium, Weave or Istio.
If you have ever wonder how the routing and filtering of traffic at the application level is implemented, or you are just looking for an overview on the topic, this is your talk.

Speakers
avatar for Beatriz Martínez Rubio

Beatriz Martínez Rubio

Cloud Engineer, IBM
Beatriz Martínez works at IBM’s Architecture and Innovation department, mainly focus on enterprise-grade cloud environments. Passionate about technology and innovation, she is an insatiable learner who loves getting involved with open-source communities.



Monday May 20, 2019 17:00 - 17:05
Hall 8.0 A1

17:06

Lightning Talk: Beyond Operators: Reimagine Distributed Applications on Kubernetes - Vladimir Vivien, VMware
Kubernetes runs the distributed replicas of an application completely independent with no mechanism provided for coordination between replicas. To minimize race conditions, and other side effects of distributability, applications are often deployed with a replica count limited one or use primitives like StatefulSet to influence pod scheduling stickiness. Unfortunately, these are not enough to create truly distributed applications that can gracefully react to changes in their environment at runtime. While the controller and operator patterns have helped, they tend to use raw API primitives that are not related to building distributed systems.

This presentation is a discussion that presents the features needed to create truly distributed applications that can react to changes in a distributed environment and including features such as leader election, synchronization, and coordination.

Speakers
avatar for Vladimir Vivien

Vladimir Vivien

Software Engineer, VMware
Vladimir Vivien has an extensive career as a software engineer. He currently works at VMware in the Cloud Native Application group where he is passionate about contributing upstream to the Kubernetes open source project. Vladimir also enjoys writing blogs on technology and he has... Read More →



Monday May 20, 2019 17:06 - 17:11
Hall 8.0 A1

17:12

Lightning Talk: Fake it Until You Make it: Unit Tests with Go-Client Fake Client - Fernando Diaz, IBM
Creating an application which makes Kubernetes calls, but not sure how to begin testing? That’s when Kubernetes Client-Go Fake Client comes to save the day.

This presentation will show real world examples on how your Kubernetes application can be properly unit tested using Go-Client’s Fake Client. After viewing, you will be able to mockup the creation, reading, editing, and removal of a particular Kubernetes resource and get on a path to Increased Unit-Test Coverage!!

Speakers
avatar for Fernando Diaz

Fernando Diaz

Software Engineer, IBM
Fernando Diaz is an active contributor to Kubernetes, mainly focusing on Ingress-Nginx. Fernando is currently a Cloud Developer for IBM and works on the IBM Cloud Service Optimization and Resiliency. In the past Fernando was an OpenStack Core Contributor, focusing on Barbican(Key... Read More →



Monday May 20, 2019 17:12 - 17:17
Hall 8.0 A1

17:18

Lightning Talk: Kubernetes Jobs and the Sidecar Problem - James Wen, Spotify
The popular sidecar pattern has influenced the way organizations integrate their infrastructure with Kubernetes. However, it can often be a challenge adapting the sidecar pattern for workload patterns like batch jobs that do not fall into the domain of Deployments and the traditional microservice paradigm.

This talk will describe the current problems and limitations with running Kubernetes Jobs in infrastructure setups that involve sidecar containers. We'll briefly cover how Spotify's use case with Jobs and sidecars conflicts with these issues. But more importantly, we'll cover what the roots of these Job and sidecar issues are, explain a few of the most popular workarounds in the community, and highlight the currently open Kubernetes Enhancement Proposal that presents a potential solution via new Kubernetes features.

Speakers
avatar for James Wen

James Wen

Senior Site Reliability Engineer, Spotify
James Wen is a senior site reliability engineer at Spotify, where he’s currently focused on revamping Spotify’s runtime infrastructure. Previously, James was the team lead (anchor) of the Cloud Foundry Buildpacks team at Pivotal and served as a core contributor and maintainer... Read More →



Monday May 20, 2019 17:18 - 17:23
Hall 8.0 A1

17:24

Lightning Talk: Reliability Engineering for Humans - Hannah Foxwell, Pivotal
The concepts and practices of site reliability engineering are changing the way we build and operate our platforms and enabling us to have more meaningful conversations about availability, service-level objectives, and cost. But what are the benefits for the engineer holding the pager? Can we add a human element to our error budgets?

Join Hannah Foxwell to look at site reliability engineering practices through a human lens. Hannah combines SRE with HumanOps and explains how to use SRE practices to improve the health and well-being of your team.

Speakers
avatar for Hannah Foxwell

Hannah Foxwell

Associate Director, Pivotal
Hannah Foxwell is Associate Director for Pivotal Cloud Foundry Solutions at Pivotal, based in the UK. She leads a team of Solution Architects and Product Managers who are focussed on building wildly successful Platform Teams with Pivotal’s customers across EMEA. Hannah is a champion... Read More →



Monday May 20, 2019 17:24 - 17:29
Hall 8.0 A1

17:30

Lightning Talk: Kubespray CI with KubeVirt on Baremetal - Antoine Legrand, Red Hat
Kubespray is one of the most used and contributed kubernetes installer. With thousands of contributions, in 2018 more than 15000 clusters have been deployed in the Cloud via the CI to ensure a certain level of stability. For performance and cost efficiency, the Kubespray infrastructure has been migrated to Baremetal machines.
This Lightning Talk will go through the challenges faced to migrate the CI from the Cloud to Baremetal, and how the project KubeVirt.io solved most of them building kubernetes-in-kubernetes clusters.

Speakers
avatar for Antoine Legrand

Antoine Legrand

Software Engineering Manager, Red Hat
Antoine Legrand is a software engineering manager at CoreOS/Red Hat. He co-founded Kubespray and works closely with major actors in the ecosystem to improve the user experience in managing application and Kubernetes clusters. Antoine is involved with open source and cloud-native software... Read More →


Monday May 20, 2019 17:30 - 17:35
Hall 8.0 A1

17:45

Lightning Talk: Developing Your Career While Working on Kubernetes - Piotr Szczesniak, Google
There are more than 2000 contributors to Kubernetes project and thousands working on related projects - many of them doing it as a full time job. In addition to having fun by working on a great project, they want to grow within their role, be promoted and get a rise. How to take advantage from being a member of Kubernetes community in order to empower your career? What are the common challenges while working on such large, distributed and open source project that may slow down your growth? During the talk we will try to answer how to develop your career while working on Kubernetes.

Speakers
avatar for Piotr Szczesniak

Piotr Szczesniak

Tech Lead/Manager, Google
Piotr is Tech Lead/Manager working at Google since 2014. He works on GKE/Kubernetes for 4+ years, joining the project in its early days. Piotr leads GKE Monitoring team and Special Interest Group “Instrumentation” in Kubernetes open source community. Piotr graduated from University... Read More →



Monday May 20, 2019 17:45 - 17:50
Hall 8.0 A1

17:51

Lightning Talk: Using Jupyter Notebooks To Gain Insight Of Your Cluster - Ruben D Orduz, VMware
For the last 7 years or so Jupyter Notebooks (formerly known as IPython) has revolutionized the way scholars, enthusiasts and data analysts look at, process and work with data. On the Kubernetes side, component (api-server, scheduler, controller manager, etc.) logs, events, etc. can be an indomitable fire hose of data that can rather difficult to analyze and work with in its raw form. However, as we'll demonstrate, with the right tools, you can create data pipelines so that it can observed, analyzed and visualized in an interactive way using Jupyter notebooks. Insight therein can then be used for any task from performance tuning to debugging.

The outline for this lightning talk is straightforward:

* Problem statement (~ 1 min.)
* Solution and tooling description (~45 sec.)
* How the tooling was used ( ~1 min.)
* Go over the data processing pipeline (~1 min.)
* Results (~45 sec.)

Speakers
avatar for Ruben D Orduz

Ruben D Orduz

Member Technical Staff, VMware
Ruben presently works at VMware Cloud Native Business Unit focusing on Kubernetes and more specifically cluster lifecycle and cluster API. Previously Ruben worked at Heptio where he played several roles from Field Engineer to Engineering QA.



Monday May 20, 2019 17:51 - 17:56
Hall 8.0 A1

17:57

Lightning Talk: When the Command Line is Not Enough: Why Your OSS Project Needs A GUI - Risha Mars, Buoyant
In the ops and infrastructure world, we often rely on command line interfaces to do most of our heavy lifting. What value can a proxy get out of having a dashboard? How can a GUI complement a CLI? In this talk we'll look at Linkerd's web dashboard and CLI, and examine ways in which a GUI improves the user experience. In particular we’ll explore ways that a GUI offers more flexibility or better presentation capabilities than a CLI, namely: better data aggregation, easier data entry, better data manipulation, easier annotation and explanations with tooltips and popups, and user customization. In this talk, we’ll spend time looking at how different GUI elements (tables, charts, graphs, diagrams, tooltips, colour) can help the user get the most value of of a product. Lastly, we will talk about how GUIs can increase OSS participation by letting front-end coders contribute.

Speakers
avatar for Risha Mars

Risha Mars

Software Engineer, Buoyant
Risha is a Software Engineer at Buoyant, and is a core contributor to the Linkerd project. She works on the CLI and controller (Golang) as well as the Linkerd dashboard.Previously, Risha worked on the Ads team at Twitter, building internal tools that helped Twitter’s salespeople... Read More →



Monday May 20, 2019 17:57 - 18:02
Hall 8.0 A1

18:00

EmpowerUs Reception, Sponsored by Red Hat (Additional Registration Required)
Pre-Registration Required
Join other attendees who identify as women or non-binary individuals at KubeCon + CloudNativeCon Europe for sparkling conversation and community at the Hotel Porta Fira in Nixe (1st floor.) Located across the street from the Fira Gran Via conference center, swing by to socialize and take in the impressive nighttime skyline view and tasty hors d'oeuvres.

You’ll have an opportunity to meet new people and network with friends from around the globe. Enjoy great conversation about all things cloud native, including your favorite projects and the evolving diversity, inclusivity and civility in our fast-growing ecosystem.

Space is limited, register here.



Monday May 20, 2019 18:00 - 20:00
Hotel Porta Fira @ Nixe on 1st Floor Plaça d'Europa, 45, 08908 L'Hospitalet de Llobregat, Barcelona, Spain

18:03

Lightning Talk: Using Istio's Mixer for Network Request Caching - Zach Arnold, Ygrene Energy Fund
Service Meshes (and Istio in particular,) have helped application developers off-load a good chunk of logic surrounding network requests. Our microservices should be as close to pure business logic as possible, but what happens when we add so many services that our network requests are dramatically slowing the application down? The natural result is to look for some caching of requests on either the client or service side. Enter Redis, Memcached, and other caching tools all to help reduce network calls and overall latency. All of this comes with implementation penalty reducing the purity of our services. We will demonstrate how Istio's Mixer component can be used to cache requests at the request level and how that can keep your application fast, without ruining the purity of your services.

Speakers
avatar for Zach Arnold

Zach Arnold

VP DevOps Engineering, MSCI, Inc
Zach is an active contributor in the CNCF ecosystem in multiple projects (including Kubernetes with a focus on security.) He lives in San Francisco, CA where he works at MSCI as a VP DevOps Engineer. He is currently pursuing his Masters in Computer Science from Georgia Tech.



Monday May 20, 2019 18:03 - 18:08
Hall 8.0 A1

18:09

Lightning Talk: Ready, Steady, CKA! - Olive Power, VMware
It’s a race with time to pass most exams, and the Certified Kubernetes Administrator (CKA) is no different. The CKA was developed by the CNCF, and is fast becoming one of the most strategic certifications to acquire in terms of establishing a credible posture in kubernetes standings. This talk covers topics on how best to combat the screaming passing of time during the exam. How to accelerate getting resources up and running in kubernetes with Kubectl command options, how to optimise the shell environment for speed, and also how to optimise the vim text editor for use with yaml files will all be covered. Some protips on study resources that help you prepare, and how to organise your time during the exam will also be presented.
This talk will cover as much as possible in the allocated time.
We will keep going until time runs out – just like in the exam.

Speakers
avatar for Olive Power

Olive Power

Kubernetes Architect, VMware
Olive is an ex-scientist who has found her way into the innovative and sometime experimental world of Kubernetes and its ecosystem - and feels right at home. She currently works at VMware , where she transitioned to as part of the Heptio acquisition. She is working on upstream Kubernetes... Read More →



Monday May 20, 2019 18:09 - 18:14
Hall 8.0 A1

18:15

Lightning Talk: Oh Sh*t! The Config Changed! - Joel Speed, Pusher
The majority of production incidents for Pusher's platform team during 2018 had the same root cause... a broken config!

Kubernetes doesn't have a sense of versioning for configmaps and secrets and, in a lot of cases, updating configuration won't even be reflected into running pods. So how can you make sure that your pods are always running the latest configuration?

We came up with a solution for this problem in late 2018 which will be the focus of this session. What is Wave? What does it do? How does it work?

Speakers
avatar for Joel Speed

Joel Speed

Cloud Infrastructure Engineer, Pusher
Joel is a Cloud Infrastructure engineer who has been working with Kubernetes for the last year. He has been working in DevOps for over 3 years and is currently helping Pusher build their internal Kubernetes Platform. Recently he has been focusing on projects to improve autoscaling... Read More →



Monday May 20, 2019 18:15 - 18:20
Hall 8.0 A1

18:30

Lightning Talk: Hot, Fresh Containers - How Containers Are Like Cookies! - Kaslin Fields, Oracle
Have you heard the container hype but don’t really get what it’s about? Have you ever had trouble explaining containers to someone unfamiliar with the technology? Analogies can help - and this one’s delicious! Come to this talk to learn how container technology - a topic which has gone from 0 to “Everybody’s doing it” in the last 5 years - and delicious fresh-baked cookies, aren’t really so different. You’ll walk away having gained a new way to frame your discussions around container technology, whether you’re explaining them to someone who’s hearing about it for the first time, or discussing them with someone who uses them on a daily basis.


Monday May 20, 2019 18:30 - 18:35
Hall 8.0 A1

18:36

Lightning Talk: Managing Drivers in a Kubernetes Cluster - Renaud Gaubert, NVIDIA
As a cluster operator, managing drivers (Mellanox networking, NVIDIA compute and graphics drivers, ...) at scale today is a real issue, from installation to upgrade every step you take brings you further away from Kubernetes.

Drivers are frequently needed for enabling users (e.g: run AI workloads) or reducing cost (RDMA over converged ethernet), yet there are no clear consensus or tools that allows you to solve the issues encountered by requiring drivers on your machines.

During this Lightning talk we’ll take a look at the different strategies you can use in Kubernetes to manage drivers (containers vs base image) and the available update strategies that will help you minimize disruption and maximize cost.

Finally we will take a look at the challenges and solutions that VM based runtimes introduce.

Speakers
avatar for Renaud Gaubert

Renaud Gaubert

Software Engineer, NVIDIA
Renaud Gaubert has been working since 2017 at NVIDIA on making GPU applications easier to deploy and manage in data centers. He focuses on supporting GPU-accelerated machine learning frameworks in container orchestration systems such as Kubernetes and Docker swarm. He is an active... Read More →



Monday May 20, 2019 18:36 - 18:41
Hall 8.0 A1

18:42

Lightning Talk: Slow Starting Containers, How to Check Their Health? - Matthias Bertschy, Swissquote Bank
Kubernetes uses probes to know when to send traffic to or restart a Container. For example, liveness probes could catch a deadlock, where an application is running, but unable to make progress. Restarting the Container in such a state can help to make the application more available despite bugs. When a Container is starting, the kubelet has no way to tell whether the startup is deadlocked or just taking longer than expected. This is problematic when deploying Java based application servers which can take several minutes to start. In this presentation, Matthias Bertschy will show you what are the risks of misconfigured probes, how to circumvent them and a possible solution to be implemented in the Kubernetes API.

Speakers
avatar for Matthias Bertschy

Matthias Bertschy

Lead DevOps Engineer, Swissquote Bank
Matthias Bertschy is a Lead DevOps Engineer at Swissquote Bank. Kubernetes community member, CKA and CKAD certified, he contributes regularly to test-infra and advocates for Kubernetes adoption in Switzerland participating in meetups and internal forums.



Monday May 20, 2019 18:42 - 18:47
Hall 8.0 A1

18:48

Lightning Talk: How to Regain the Trust of Your Users - Eduard Iacoboaia, Booking.com
Regaining the trust of your users is a hard task to accomplish. The secret is to know your infrastructure better and show that to your users. In this talk Eduard will show the approach Booking.com took during the migration from Openshift to a vanilla Kubernetes setup and how that turned into a success story.

Speakers
avatar for Eduard Iacoboaia

Eduard Iacoboaia

Senior System Administrator, Booking.com
Eduard is a Senior Systems Administrator working for more than 5 years at Booking.com. During the first years he worked on several teams, some of them managing infrastructure for more than a hundred services. Since then, his team built and went through two iterations of Booking.com's... Read More →



Monday May 20, 2019 18:48 - 18:53
Hall 8.0 A1

18:54

Lightning Talk: Cloud Native Wales: How We Contributed to the Community with No Code - Lewis Denham-Parry, learnk8s.io / CloudNativeWales
This time last year, two people from Wales, United Kingdom decried to bring the CNCF to their doorstep.

Previously, they were attending international conferences and national meetups to meet and be a part of the community.

Knowing that they were in a privileged position, they wanted to share it with others that, for whatever reason, were unable to make these events.

Cloud Native Wales will be soon celebrating a year of meetups, and best of all, we get to share this with the 100's of people within our meetup community.

This talk will inspire you to take the chance to branch the CNCF and build a community closer to home, help others learn, share and contribute to the world wide community.

Speakers
avatar for Lewis Denham-Parry

Lewis Denham-Parry

Instructor / Co-Founder, learnk8s.io / CloudNativeWales
Lewis works as a consultant with learnk8s.io in the world of Containers and Kubernetes travelling the world helping people get started on their Cloud Native journey. He recently co-founded Cloud Native Wales, an initiative to help people learn Cloud Native technologies and establish... Read More →


Monday May 20, 2019 18:54 - 18:59
Hall 8.0 A1
 
Tuesday, May 21
 

07:15

07:30

The New Stack Pancake Breakfast: Cloud Native: More Than the Sum of Its Parts, Sponsored by Oracle
Hear from industry analysts, startup innovators, and enterprises about cloud native adoption patterns, technology choices, and business impacts. We will see how AI creates real intelligence, DevOps teaches empathy, and cloud empowers new reach, and we will discuss what it means for us at the societal level.

Moderators
avatar for Joab Jackson

Joab Jackson

Reporter, The New Stack
avatar for Alex Williams

Alex Williams

Founder & Editor-in-Chief, The New Stack

Speakers
avatar for Bob Quillin

Bob Quillin

VP Developer Relations, Oracle Cloud
As Vice President of Developer Relations for Oracle Cloud Infrastructure (OCI), Bob Quillin leads OCI developer relations, advocacy, engagement, and lighthouse customer adoption. Bob joined Oracle as part of the StackEngine acquisition by Oracle in December 2015, where he was co-founder... Read More →
avatar for Jon Girven

Jon Girven

Co-Founder & CTO, Sauce
Jon completed a PhD in Astronomy & Astrophysics at the University of Warwick in 2012 with a thesis about the future of the sun and the earth after the sun dies and becomes a white dwarf star. He developed algorithms in Python to search billions of entries across multiple databases... Read More →
avatar for Ant Kennedy

Ant Kennedy

CTO, Gapsquare
Ant Kennedy is currently CTO at Gapsquare where he is currently focusing on growing the engineering team, establishing best practice in the processes being used, the future architecture and growing Gapsquare's AI/ML capabilities. Previously he has worked at JustEat, Adarga and Boeing... Read More →
avatar for Bola Rotibi

Bola Rotibi

Founder & Research Director, Creative Intellect Consulting
Bola Rotibi has over 25 years of industry experience spanning engineering, software development and IT analysis. She is a high-profile and highly experienced analyst focused on software development technologies, processes and market trends. In 2008 and 2009 Bola Rotibi was voted one... Read More →


Tuesday May 21, 2019 07:30 - 08:45
Hall 8.0 D1

08:00

Welcome Coffee
Tuesday May 21, 2019 08:00 - 09:00
Link Hall 6/7 Foyer space between Hall 6 & 7

08:00

Quiet Room
All attendees may feel free to use the Quiet Room as needed. It is a physical space where conversation and interaction are not allowed, where attendees can go if for any reason they can’t interact with other attendees at that time.

Tuesday May 21, 2019 08:00 - 18:00
CC8.30, Hall 8.1

09:00

Keynote: Stitching Things Together – Dan Kohn, Executive Director, Cloud Native Computing Foundation
Why are similar technologies often developed independently at the same time? Why has Kubernetes become so popular? Dan will take a very quick tour of some surprising science and technology history and suggest some answers. View Presentation Slides

Speakers
avatar for Dan Kohn

Dan Kohn

Executive Director, CNCF
Dan is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create the Linux Foundation's Core Infrastructure Initiative as an industry-wide response to the security vulnerabilities demonstrated by Heartbleed.He previously served as CTO of several startups, including Spreemo, a healthcare marketplace, and Shopbeam, a shoppable ads company. Earlier, he was a general partner at Skymoon Ventures, a seed-stage... Read More →



Tuesday May 21, 2019 09:00 - 09:15
Hall 6

09:15

Keynote: 2.66 Million - Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation
Over the last 4 years, Kubernetes has redefined what it means to run software. It empowers people to do more than they could do before - to ship faster, to use less resources, to understand the behaviour of thousands of applications running on tens of thousands of machines.

Now the CNCF is home to 36 projects, and growing. Cheryl will share some initiatives from the CNCF to ensure a happy and healthy community.


Speakers
avatar for Cheryl Hung

Cheryl Hung

Director of Ecosystem, Cloud Native Computing Foundation
Cheryl Hung is the Director of Ecosystem at the CNCF. Her mission is to increase the adoption of Kubernetes and cloud native by growing the community and advocating for end users. She founded and runs the Cloud Native London meetup. Previously Cheryl spent five years as a C++ engineer... Read More →



Tuesday May 21, 2019 09:15 - 09:25
Hall 6

09:25

09:51

Keynote: Linkerd Update – Oliver Gould, CTO, Buoyant
Speakers
avatar for Oliver Gould

Oliver Gould

Linkerd Creator, Buoyant


Tuesday May 21, 2019 09:51 - 09:52
Hall 6

09:52

Keynote: cri-o Update - Urvashi Mohnani, Software Engineer, Red Hat
Speakers
avatar for Urvashi Mohnani

Urvashi Mohnani

Software Engineer, Red Hat
Urvashi Mohnani is a Software Engineer at Red Hat on the Runtimes team. She has spent the past year developing emerging Open Source container technologies such as CRI-O, Buildah, and Podman.


Tuesday May 21, 2019 09:52 - 09:53
Hall 6

09:53

Keynote: OpenTelementry Update – Ben Sigelman, CEO and Co-founder, LightStep & Morgan McClean, Product Manager, Google
Speakers
avatar for Ben Sigelman

Ben Sigelman

Co-Founder and CEO, LightStep
Ben Sigelman is a co-founder and the CEO at LightStep, a co-creator of Dapper (Google’s distributed tracing system), and co-creator of the OpenTracing and OpenTelemetry projects (both part of the CNCF). Ben's work and interests gravitate towards observability, especially where microservices... Read More →
avatar for Morgan McLean

Morgan McLean

Product Manager, Google
Morgan is a co-founder of OpenCensus and OpenTelemetry, and has spent much of his career as an engineer and product manager working on distributed systems and developer tools. Morgan is responsible for Google's distributed tracing, profiling, and debugging tools, including Stackdriver... Read More →


Tuesday May 21, 2019 09:53 - 09:54
Hall 6

09:54

Keynote: Fluentd Update - Eduardo Silva, Principal Engineer, Arm / Treasure Data
Speakers
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, Arm Treasure Data
Eduardo is a Principal Engineer at ARM / Treasure Data. He currently leads the efforts to make logging and data processing more friendly and scalable in Embedded and Containerized systems such as Kubernetes. Maintainer of Fluent Bit, a Fluentd open source sub-project.


Tuesday May 21, 2019 09:54 - 09:55
Hall 6

09:57

Sponsored Keynote: Network, Please Evolve – Vijoy Pandey, VP/CTO Cloud, Cisco
Cloud native applications in planet-scale distributed systems are bound together by the network. How we think about application layer networking has evolved significantly over the years, enabling huge improvements in developer productivity. But we are still thinking about IP networks the same way we did 35 years ago - we are still building boxes, whether they are physical or virtual. This talk will focus on how to up-level IP networking into the zero-ops, application-first world of today, and what changes need to be made to the network consumption, service, and operational architectures to enable that.

Speakers
avatar for Vijoy Pandey

Vijoy Pandey

Vice President/CTO Cloud, Cisco
Vijoy Pandey is Vice President and CTO of Cisco’s Cloud Platform and Solutions Group. He is responsible for driving Cisco's design and production of new cloud technologies and architectures, which enable customers to create, consume, and compete in a multicloud, automated world.  Vijoy... Read More →



Tuesday May 21, 2019 09:57 - 10:02
Hall 6

10:04

Keynote: Getting Started in the Kubernetes Community - Lucas Käldström, CNCF Ambassador, Independent & Nikhita Raghunath, Software Engineer, Loodse
Kubernetes is its community. Kubernetes is where it is today only because of the people behind it. The foundation of this thriving community lies on the Kubernetes Community Values. In this talk, we will take a look at what they are, why they are so important and how they shaped our growing ecosystem.

 By first focusing on the core values, we’ll give the audience an idea of *what* it means to be involved and *why* they should contribute. After that, we will talk about *how* they can get started with contributing, move up the contributor ladder and become a regular contributor who serves the project. Lastly, we’ll look at some stories about how the existing contributors got started with their journey.

Speakers
avatar for Lucas Käldström

Lucas Käldström

Student, Contracting
Lucas is a cloud native enthusiast that just graduated from High School. Lucas is serving the Kubernetes community in various lead positions, e.g. as a co-lead for SIG Cluster Lifecycle shepherding kubeadm from inception to GA, porting Kubernetes to multiple platforms and by being... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Software Engineer, Loodse
Nikhita is a software engineer at Loodse and is a core contributor to Kubernetes. She is on the Kubernetes Steering Committee, a CNCF Ambassador and the technical lead for SIG Contributor Experience.



Tuesday May 21, 2019 10:04 - 10:24
Hall 6

10:20

Sponsor Showcase
Visit with sponsors, network with fellow attendees and enjoy food & drinks in the Sponsor Showcase.

Tuesday May 21, 2019 10:20 - 20:00
Sponsor Showcase, Hall 7

10:24

10:25

Coffee Break
Halal, Kosher, & Lactose, and Gluten-Free Request:  If you have requested a Halal, Kosher, Gluten or Lactose-Free meal, you will pick up your request from the Specialty Diet Pick Up Points. For all breaks, please pick up your specialty meal from the Hall 7 pick up points.  If you have any questions, please ask a member of the LF team.

Tuesday May 21, 2019 10:25 - 11:05
Sponsor Showcase, Hall 7

10:30

10:30

11:00

11:00

11:05

Building Images Efficiently and Securely on Kubernetes with BuildKit - Akihiro Suda, NTT Corporation
BuildKit is a modern container image builder that focuses on efficiency and security, mostly known as the backend of Docker 18.06+ and Jessie Frazelle's `img`. (But it is even useful as a standalone tool!)

In this talk, Akihiro Suda, one of founding maintainers of BuildKit, shows practical tips for running BuildKit on Kubernetes clusters.

His talk will contain:
* Quick introduction to BuildKit
* Why you should build images on your Kubernetes cluster
* Load balancing and distributed caching
* Deployment w/ and w/o Kubernetes Service
* Rootless mode w/ and w/o Kubernetes securityContext/PSP
* Build secret management (e.g. git and S3 credentials)
* Comparison with other image builder tools
* Buildpacks integration
* Knative integration

Speakers
avatar for Akihiro Suda

Akihiro Suda

Software Engineer, NTT
Akihiro Suda is a software engineer at NTT Corporation, a Japan-based telecommunication company. He has been a core maintainer of Moby (former Docker Engine) since November 2016. He has been also a maintainer of several opensource container software such as CNCF containerd and Moby... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 F3

11:05

Kubernetes Security and How to Fix K8s Cluster at Scale - Simon Pearce, SysEleven & Sebastian Scheele, Loodse
As a hosting provider, we have the challenge to run and manage multiple Kubernetes clusters for various customers on our infrastructure, similar to e.g. Google or Azure in a secure way. The majority of these clusters are fully managed by us. Our customers want to build and run containers. Not maintain and upgrade Kubernetes clusters. In this talk, we will give you a breakdown on how we help our customers to secure their clusters and how we can force Kubernetes upgrades to all clusters in a scalable way. We will use the Kubernetes API bug occurred in December as an example to show how we could fix all Kubernetes clusters in a very short time frame. This talk focus on the secure operation of multiple Kubernetes clusters and the requirements a Cloud Provider have to it.

Speakers
avatar for Sebastian Scheele

Sebastian Scheele

Co-founder and CEO, Loodse
Sebastian Scheele is the CEO and co-founder of Loodse. With Loodse, he wants to empower IT teams to focus on their core expertise: writing groundbreaking applications. Sebastian is passionate about the potential of container and cloud native technologies and has published several... Read More →
avatar for Simon Pearce

Simon Pearce

System Architect, SysEleven
Kubernetes, Clouds, docker, Storage, CI/CD, Nginx, Elasticsearch, web hosting



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 B3

11:05

Rootless, Reproducible, and Hermetic: Secure Container Build Showdown - Andrew Martin, Control Plane
Rootless container image builds (as distinct from rootless runtimes) have crept ever closer with orca-build, BuildKit, and img proving the concept. And they are desperately needed: a build pipeline with an exposed Docker socket can be used by an attacker to escalate privilege - and is probably a backdoor into most Kubernetes-based CI build farms.

With a slew of new rootless tooling emerging including Red Hat’s buildah, Google’s Kaniko, and Uber’s Makisu, will we see build systems that can securely build untrusted Dockerfiles? How are traditional build and packaging requirements like reproducibility or hermetic isolation being approached? In this talk we:
- Compare the strengths and weaknesses of modern container image build tools
- Explore the safety of untrusted image builds
- Live demo attacking container build pipelines
- Chart the history and future of container image build tooling

Speakers
avatar for Andrew Martin

Andrew Martin

Co-founder, ControlPlane
Andrew has an incisive security engineering ethos gained building and deploying high-traffic web applications. Proficient in systems development, testing, and operations, he is comfortable profiling and securing every tier of a bare metal or cloud native system, and has battle-hardened... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.1 G1

11:05

Mental Health in Tech - Dr. Jennifer Akullian, Growth Coaching Institute
According to research by Open Sourcing Mental Illness, 51% of individuals working in the tech community have been identified with a mental illness. This is disproportionate to the 20% prevalence in the general population. To compound the concern, many working in the tech community are at risk for burnout, a condition that often resembles mental illness. While lots of people in tech struggle with mental health, industry-specific research and advocacy in the community is disproportionately inadequate.

For organizations, awareness and advocacy around employee mental health is crucial, after all, happy employees are more productive and less likely to leave their job. For employees who are struggling, it is important they know that they are not alone and there is help. This talk is focused on reducing the stigma around mental illness and expanding education and awareness into how to help yourself and others in your community. Jennifer will provide mental health background as she reviews the research pertaining to the tech community. Industry-specific burnout will be discussed and strategies for improving one’s experience or helping a friend or colleague will be examined.

Participants will learn concrete steps for improving mental health in the workplace at an organizational, team, and individual level.

Speakers
avatar for Dr. Jennifer Akullian

Dr. Jennifer Akullian

Founder/IO Psychologist, Growth Coaching Institute
Jennifer is an industrial-organizational psychologist that works to grow individuals and organizations in the tech community.  Founder and executive coach at the Growth Coaching Institute, Jennifer works to support professionals through one-to-one coaching, and provides organizational... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 C4

11:05

Network Machinery: A United-Front for Network Troubleshooting with CRDs - Adel Zaalouk, SAP
The current state of network troubleshooting in Kubernetes is complicated. The knowledge of how to troubleshoot Kubernetes networking is scattered all over the place either in the heads of highly skilled network crafts-men or as a tool that has its own learning curve and usually forged at a time of disaster in a fire-and-forget fashion.

The goal of this talk is to propose and introduce a rather simpler way of pooling this common knowledge and tooling together into a well-defined, consistent and community-accepted set of resources that are available to the average Kubernetes user. These set of resources can be divided in NetworkingPerformanceTest, NetworkingDebuggingTest, NetworkSimulationTest all under the NetworkMachinery group.

 Finally, the resources might utilize common network knowledge and even some dark-art tooling (e.g. OpenFlow, OVS, OVN) to provide more insight on the network

Speakers
avatar for Adel Zaalouk

Adel Zaalouk

Senior Software Engineer, SAP
Adel is a Software Engineer @ SAP mainly working on the Gardener project. Before joining SAP, he jumped back and forth between research and industry with special focus on Software-Defined Networks and Storage in the cloud-native context. Currently, he is one of the Gardener project... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 F1

11:05

Intro: Autoscaling SIG - Marcin Wielgus, Google
Join members of SIG Autoscaling to learn how to automatically adjust your Kubernetes cluster and pods to match your current capacity needs. We'll discuss all available types of autoscaling - horizontal, vertical, and cluster. We will also explain ways to use them, when they are applicable and how they fit together.

Speakers
avatar for Marcin Wielgus

Marcin Wielgus

Staff Software Engineer, Google
Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the internet search giant in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kuberentes before the 1.0 release... Read More →


Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 E1

11:05

Intro: CNCF CI - Lucina Stricko & Denver Williams, Vulk Coop & CNCF
The new and improved CNCF CI status dashboard -- cncf.ci -- provides a third party validation of builds, deployments and end-to-end testing for CNCF’s Graduated and Incubating projects. The CNCF CI status dashboard continually validates each CNCF project, for any commit on stable and head, running on Kubernetes clusters which are provisioned to a bare metal environment. The results of each testing stage are published to the cncf.ci status dashboard. An Intro session will give an overview of the cncf.ci status dashboard’s key features, goals, technologies used, and allow time for Q&A.

Speakers
avatar for Lucina Stricko

Lucina Stricko

Partner / Product Manager, Vulk Coop
Lucina Stricko is a co-owner at Vulk Co-operative (vulk.coop) and Product Owner of the CNCF CI Status Dashboard (cncf.ci). Lucina uses her Certified Scrum Product Owner knowledge and empathy to combine features, priorities, and project plans to best serve the end user. When Lucina’s... Read More →
DW

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 E4

11:05

Intro: Cortex - Tom Wilkie, Grafana Labs & Bryan Boreham, Weaveworks
Cortex provides horizontally scalable, highly available, multi-tenant, long term storage for Prometheus metrics, and a horizontally scalable, Prometheus-compatible query API. Cortex allows users to deploy a centralised, globally aggregated view of all their Prometheus instances, storing data indefinitely. In this talk we will discuss a bit of Cortex's history, Cortex's architecture and how to get started with Cortex. Cortex is a CNCF sandbox project.

Speakers
avatar for Bryan Boreham

Bryan Boreham

Director of Engineering, Weaveworks
Bryan is Director of Engineering at Weaveworks, delivering deployment, observability and monitoring for containers and microservices. After first getting into programming as a kid, creating a video game called "Splat", Bryan's career has ranged from charting pie sales at a bakery... Read More →
avatar for Tom Wilkie

Tom Wilkie

VP Product, Grafana Labs
Tom is VP Product at Grafana Labs, but really he is a software engineer. Tom is a maintainer on the Prometheus project and a maintainer and the original author of Cortex, both CNCF projects. Previously Tom founded Kausal, a company working on Prometheus, and worked at companies such... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 E5

11:05

Intro: Kubernetes (Release) SIG - Tim Pepper, VMware & Claire Laurence, Pivotal
SIG Release and the Release Team are looking for volunteers! This session will feature past and current release team members describing what the Release Team does: We will discuss how Kubernetes project volunteers manage the quarterly release cadence of the project, give an overview of the release process, release team roles, and how these support the SIG Release goal of producing high quality Kubernetes releases on a reliable schedule. We will highlight the opportunities for both new and experienced community members (like you, including especially folks in Europe!) to get involved, across a broad range of specialties and technical work.

Speakers
avatar for Claire Laurence

Claire Laurence

Senior Technical Program Manager, Pivotal
Claire is a Senior Technical Program Manager at Pivotal Software. Claire helps manage releases for the Pivotal Container Service (PKS) offering. In the open source community, Claire is a member of SIG-Release and has participated on 3 Kubernetes release teams as an enhancements shadow... Read More →
avatar for Tim Pepper

Tim Pepper

Software Engineer, VMware
Tim is a Senior Staff Engineer in VMware's Open Source Technology Center with over 20 years in open source. He works as an open source developer advocate and contributor to Kubernetes (SIG Release chair; WG LTS organizer). Prior work includes Linux kernel/drivers/distributions, software... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 E9

11:05

Intro: Kubernetes WG for Multitenancy - Tasha Drew, VMware
This presentation will be an overview of the work the multitenancy group has been doing, defining soft and hard multitenancy and reviewing the project plan for addressing both that the working group is putting forward. We will explain how people new to the working group can get engaged and review the various KEPs that the working group is involved with.

Speakers
avatar for Tasha Drew

Tasha Drew

Product Manager, VMWare
Tasha Drew is a product line manager at VMware, working on vSphere, and is the co-chair for the Kubernetes Mulitenancy working group. Previously, she was the product manager for Habitat.sh, an open source framework for building, running and deploying applications in a 12-factor, cloud-native... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.1 G3

11:05

Intro: Service Catalog SIG - Jonathan Berkhahn, IBM
This is an introduction to the Kubernetes Service Catalog project. Service Catalog lets you provision cloud services, regardless of where they are hosted, directly from the comfort of native Kubernetes tooling. This works across platforms because we follow the Open Service Broker API, an open standard to provision and manage cloud services. Learn how you can use Service Catalog to access third-party services from your Kubernetes applications. We will walk through provisioning a database directly through Kubernetes and and then connect to it from an application running on the cluster.

Speakers
JB

Jonathan Berkhahn

Open Source Contributor, IBM
Jonathan Berkhahn is an open source contributor working on behalf of IBM. He co-chairs SIG Service Catalog and is a Member of the Open Service Broker API working group. He also manages his own open source project Blockhead, an OSB broker for provision blockchain nodes for use by cloud... Read More →



Tuesday May 21, 2019 11:05 - 11:40
CC8.27–28

11:05

Ingress V2 and Multicluster Services - Rohit Ramkumar & Bowei Du, Google
With app modernization, we’ve entered a new phase of structuring services. Services have evolved over time to span multiple clusters as well as hybrid deployments that encompass both on-prem and multiple clouds. There are several use cases for multiple Kubernetes clusters: canarying new versions of your app, or low latency access for your users across the globe.

In this session, we will present a new version of the Ingress and the Service APIs. These API’s form the foundational blocks for managing your global, scalable and reliable services close to your users using a single control plane. Moreover, we will compare these new API’s with different models for spreading services across multiple cluster (e.g Istio). We will demo a custom controller we have written that will configure multi-cluster HTTP(S) load balancing given these new API’s.

Speakers
avatar for Bowei Du

Bowei Du

Staff Software Engineer, Google
Bowei is a tech lead at Google working on GKE Networking. He is focused on Ingress, Services and Multi-cluster. Happy to chat about anything networking and Kubernetes related!
avatar for Rohit Ramkumar

Rohit Ramkumar

Software Engineer, Google
Rohit is a software engineer at Google working on GKE Networking. Lately, he has been working on Ingress, Services and multi-cluster use cases.Most recently, he spoke at Kubecon EU 2018 in Copenhagen on the topic of network troubleshooting.



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 B1

11:05

From Snowflake Servers to Snowflake Clusters - The GitOps Journey - Allison Richardet, Asteris, LLC & Fabio Giannetti, MasterCard
At MasterCard, we have a unique hard requirement of one dedicated cluster per application due to security and other challenges. In an effort to prevent snowflake clusters, we provided a base set of services for logging, monitoring, etc.; however, application teams inevitably want to customize their logging solution or add a monitoring dashboard. We realized this mix of standard and optional services could quickly get out of control and needed normalization. In early 2018, we exposed application teams to Kubernetes manifests; they were excited about control over deployments, but unprepared for the complexity. By late 2018, we needed to minimize complexity and find a way to express high-level application needs, while providing secure, scalable and redundant deployments. This is our journey of how we embraced GitOps, and the challenges we faced making deployment descriptions minimalistic.

Speakers
avatar for Fabio Giannetti

Fabio Giannetti

Senior Consultant, MasterCard
Fabio is a Senior Consultant in Mastercard. He is responsible for directing the internal build of Kubernetes platform and onboarding of application teams. Prior to that Fabio was at Cisco where he held a Director of Engineering position on DevNet and Cisco Cloud. Fabio has given several... Read More →
avatar for Allison Richardet

Allison Richardet

Software Engineer, OCI
Allison Richardet is a Software Engineer for OCI and Asteris, LLC. She began her career with real-time embedded systems development. She decided she needed more RAM, so she moved to the cloud. She helps companies adopt cloud native practices and move to Kubernetes. Allison has spoken... Read More →



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 D2

11:05

P2P Docker Image Distribution in Hybrid Cloud Environment with Kraken - Yiran Wang & Cody Gibb, Uber
Docker image is a foundational building block of container based infrastructure, but distributing high volume of docker images in a multi-zone, hybrid cloud system has been a scaling problem for many.


In this talk, we will walk through different approaches we investigated for distributing docker images and introduce Uber’s own solution, Kraken, a P2P docker registry loosely based on BitTorrent protocol, and capable of distributing terabytes of images within seconds.


This talk will cover:
- Image distribution solutions and their characteristics
- Whether you need a p2p solution
- Architecture, performance and security features of Kraken
- How to deploy Kraken in a Kubernetes cluster


Speakers
CG

Cody Gibb

Software Engineer, Uber
Working on image distribution and container orchestration systems at Uber. Most recently worked on p2p docker registry Kraken, and Uber’s unified resource scheduler Peloton.
avatar for Yiran Wang

Yiran Wang

Software Engineer, Uber
Works on container and docker image related tools and services at Uber. TL of docker image builder Makisu, P2P docker registry Kraken, and Kubernetes migration.



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.1 G2

11:05

Envoy SDS: Fortifying Istio Security - Yonggang Liu & Quanjie Lin, Google
In Istio 1.1, Citadel Agent is introduced to dynamically provision x.509 certificates and private keys to workloads through the Envoy Secret Discovery Service (SDS) API. Running on Kubernetes nodes as DaemonSets and standalone on VMs, Citadel Agents improve security by making sure the generated private keys never leave the node and can be securely delivered to workloads via UDS. Citadel Agent also offers flexibility on local workload identity attestation and various adapters to integrate with custom CAs.

In this talk we will demonstrate how SDS makes this model really efficient, and citadel working independently from other Istio components for both K8s and non-K8s workloads.

Speakers
avatar for Oliver Liu

Oliver Liu

Senior Software Engineer, Google
Dr. Oliver (Yonggang) Liu is a senior software engineer in Google. He is one of the early developers and core engineers of Istio. Oliver has 10 years of experience in research and development of distributed systems and service mesh. Oliver received his PhD degree from University of... Read More →
QL

Quanjie Lin

Software Engineer, Google
Quanjie is a software engineer from Google Istio team, she is currently working on the Istio workload identity provision system, end-user authentication etc. Before Istio, she worked in Google kubernetes team on the open service broker and service catalog.



Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 C2

11:05

Istio, We Have a Problem! Understanding and Fixing Bugs with a Service-Mesh - David Gageot, Google
Istio, we have a problem! We've just deployed a shinny new set of micro-services and it behaves in a strange manner. Hard to say why with so many moving parts...

Let's leverage the newly installed service mesh to understand what we've deployed, find the root problem, fix it with a bandaid and then do a proper, non trivial, blue-green deployment of a v2.

That will involve the Service Graph, Prometheus monitoring, Grafana Dashboards, Traffic mirroring, all orchestrated in a simple manner by Istio.

Speakers
avatar for David Gageot

David Gageot

Developer Advocate, Google
David is a Developer Advocate at Google Cloud.He's working on Containers Tools, especially on developer experience. He's a maintainer on Skaffold.Previously, he helped open the R&D office of Docker in Paris to work on Docker for Mac and Docker for Windows.


Tuesday May 21, 2019 11:05 - 11:40
Hall 8.0 A1

11:05

OpenTelemetry: Panel Discussion and Q&A - Ben Sigelman, LightStep, Morgan McClean & Bogdan Drutu, Google
This workshop will open with a 20-minute overview of the goals and structure of the new OpenTelemetry project, followed by a panel discussion and audience Q&A featuring leadership from OpenTelemetry, OpenTracing, and OpenCensus.

Speakers
avatar for Ben Sigelman

Ben Sigelman

Co-Founder and CEO, LightStep
Ben Sigelman is a co-founder and the CEO at LightStep, a co-creator of Dapper (Google’s distributed tracing system), and co-creator of the OpenTracing and OpenTelemetry projects (both part of the CNCF). Ben's work and interests gravitate towards observability, especially where microservices... Read More →
avatar for Morgan McLean

Morgan McLean

Product Manager, Google
Morgan is a co-founder of OpenCensus and OpenTelemetry, and has spent much of his career as an engineer and product manager working on distributed systems and developer tools. Morgan is responsible for Google's distributed tracing, profiling, and debugging tools, including Stackdriver... Read More →


Tuesday May 21, 2019 11:05 - 12:30
CC7.1

11:05

Tutorial: Back to Basics: Hands-On Deployment of Stateful Workloads on Kubernetes - David Zhu, Google & Jan Šafránek, Red Hat (Limited Availability; First-Come, First-Served Basis)
Ever wonder how to use a “volumeClaimTemplate”? Why you would choose a StatefulSet over a Deployment or vice versa?

Complicated stateful applications are normally deployed via operators; however, it is critical to have a firm grasp on the Kubernetes primitives to understand, fine-tune, and debug your applications.

In this tutorial you will learn about core Kubernetes storage and workloads concepts and how to use them to deploy stateful applications. You will get hands-on experience deploying both Cassandra and a test application on a Kubernetes cluster and learn how to debug some common errors in the process.

You will develop mental models to understand the workings of StatefulSets along with how to compare them with other Kubernetes workload models such as Deployments and DaemonSets to determine the right workload for your purposes.

Prerequisites:
Laptop
Basic UNIX command line experience

Speakers
avatar for David Zhu

David Zhu

Software Engineer, Google
David is a Software Engineer for Google Cloud. He has been working on the Kubernetes project for over a year. He is the owner and main contributor of the GCP Compute Persistent Disk CSI Driver, as well as an active contributor to the CSI Spec, Kubernetes CSI external components, and... Read More →
avatar for Jan Šafránek

Jan Šafránek

Principal Software Engineer, Red Hat
Jan is a Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 4 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →



Tuesday May 21, 2019 11:05 - 12:30
Hall 8.0 F5

11:05

Tutorial: Bullet-Proof Kubernetes: Learn by Hacking - Luke Bond, ControlPlane & Ana-Maria Calin, Paybase (Limited Availability; First-Come, First-Served Basis)
Learn how to attack, exploit, and hack Kubernetes clusters and application workloads. In this workshop attendees are divided into teams, given a crash-course in Kubernetes cluster security, and then set loose on a series of vulnerable clusters in a competitive capture the flag. Full methods, solutions, and vulnerabilities are revealed, along with actionable mitigation steps to enhance a cluster’s security and lock down common misconfigurations. It is designed to develop the kind of expertise only realised in production environments. Emphasis is placed on collaboration and communication, which are key to unlocking some of the advanced flags.

GitHub Required!

Speakers
avatar for Ana Calin

Ana Calin

Systems Engineer, Paybase
Ana is a Systems Engineer at Paybase, an emerging London FinTech. As a Systems Engineer Ana builds the infrastructure of Paybase’s service oriented platform, creates, updates and maintains monitoring and logging systems and incident response management systems. Previously Ana has... Read More →
avatar for Luke Bond

Luke Bond

Co-founder, ControlPlane
Luke Bond is a co-founder of ControlPlane, a Kubernetes security consultancy based in London. Luke has worked as a programmer for most of his career, and outside of tech he enjoys running and making beer.


Tuesday May 21, 2019 11:05 - 12:30
Hall 8.0 C1

11:05

Tutorial: Cloud-Agnostic Serverless - Sebastien Goasguen, TriggerMesh (Limited Availability; First-Come, First-Served Basis)
Serverless design patterns have grown in popularity because they allow developers to move faster by focusing on business logic without worrying about the underlying infrastructure where their code is run. However, many enterprises use diverse infrastructure including on-premises servers and multiple clouds.

In this tutorial, we will leverage Knative, Google's Kubernetes-based open source platform to build, deploy, and manage modern serverless workloads. We will push serverless functions and apps to production on any cloud of choice and switch the provider as necessary. We will leverage GitLab and TriggerMesh technology in the tutorial and also share how developers can use other options.

Speakers
SG

Sebastien Goasguen

Cofounder & CTO, TriggerMesh
Sebastien Goasguen built his first compute cluster in the late 90's when they were still called Beowulf clusters, while working on his PhD; He has been working on making computing a utility since then. Since 2013 he has focused on containers and container orchestration, creating a... Read More →



Tuesday May 21, 2019 11:05 - 12:30
Hall 8.0 D4

11:30

11:30

11:55

Intro to CNAB: Packaging Cloud Native Applications with Multiple Toolchains - Chris Crone, Docker
When you deploy a cloud native application, you probably use a variety of tools for each part of the application. Terraform or ARM templates for the infrastructure, Helm or Compose for containers, etc. No single tool handles all your needs and each one has its own package manager!

This talk will introduce the Cloud Native Application Bundle (CNAB) specification and tooling:
- duffle: Reference implementation of CNAB installer
- duffle-bag: GUI for installing CNABs
- cnab-to-oci: Convert CNAB to an OCI index

CNAB embraces the multi-tool world and allows one to package up multiple formats and their toolchains into a single artifact.

Imagine a single installable application package that uses Terraform to launch an RDS instance and Helm to deploy the application that uses it. CNAB allows you to package this all together, cryptographically sign it, and share it via any container registry.

Speakers
avatar for Chris Crone

Chris Crone

Engineering Manager, Docker
Chris Crone is the technical leader of the Application Definition team at Docker and is based in Paris. The team is responsible for creating tools to define and deploy applications. This includes Compose, Compose on Kubernetes, and Docker App. Prior to Docker he worked on distributed... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 D2

11:55

Databases on Kubernetes Using a Custom Operator: Day 1, Day 2, and Beyond - Johannes Unterstein, Neo4j
We started the journey of building a managed cloud version of the graph database Neo4j. A bit later we started developing an operator to manage multiple database clusters in k8s.

Handling persistence and Neo4j's own distributed consensus algorithm within k8s gave us a challenge. In this session we want to share the lessons we learned writing this operator and using it in production.

We will start with how to get started using the k8s controller tooling to create an operator to manage a CRD. We go beyond the "day 1" tasks of creating and deleting databases and discuss how we meet "day 2" concerns such as:
- Unit testing our operator using k8s fakes.
- Continuously deploying an operator into a GKE cluster.
- Automatic rolling updates of Neo4j databases with zero downtime and fault tolerance.
- Database administration (backup, restore, password resets etc.) via an operator.

Speakers
avatar for Johannes Unterstein

Johannes Unterstein

Software Engineer, Neo4j
Johannes (@unterstein) organises the java user group in his home town Kassel, teaches java at the DHBW Stuttgart and works as software engineer at Neo4j. He spent the last few years building distributed and containerised systems with focus on orchestration frameworks. Currently he... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 B1

11:55

Unit Testing Your Kubernetes Configurations Using Open Policy Agent - Gareth Rushgrove, Docker
Open Policy Agent provides a high-level declarative language to author and enforce policies on structured data, for instance Kubernetes configurations. OPA is typically used as a service to enforce authorization policy in a cluster. New configurations submitted to an API are filtered through OPA and accepted or rejected depending on the defined policy. But some types of policy violations can be caught even earlier in the development process. In this talk we’ll discuss:

- Why you might benefit from writing unit tests for your Kubernetes configuration
- Getting started with regol, OPAs declarative assertion language
- Integrating OPA-based tests with your continuous integration system
- Testing Kubernetes configurations when working with other ecosystem tools like Helm, Kustomize and Pulumi
- Extending the same approach to other structured configuration files

Speakers
avatar for Gareth Rushgrove

Gareth Rushgrove

Director Product Management, Snyk
Gareth works remotely from Cambridge, UK, helping to build interesting tools for people to better manage infrastructure and applications. He currently works at Snyk, working on developer-first security tooling. He has previously worked for the UK Government Digital Service focused... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 B3

11:55

Writing kubectl Plugins for Everyone: Develop, Package & Distribute - Ahmet Alp Balkan, Google & Maciej Szulik, Red Hat
Many users install extra tools for tasks they can't do with kubectl. Did you know you can write and distribute your own kubectl subcommands? kubectl had notion of plugins since 2016, but after listening to the community feedback, SIG CLI revisited the idea, and new and simpler plugin mechanism is now available in kubectl.

The new mechanism allows anyone to write and distribute their own subcommands to kubectl. This opens the door for community contributions to make kubectl better without having to propose a feature to the kubectl core.

During this session, Maciej (lead of SIG CLI) and Ahmet (developer of Krew plugin manager) will explain:

* how kubectl plugin mechanism works under the covers
* how does a good plugin look like, best practices & available libraries
* hands-on demo of developing a plugin
* how to package plugins for multiple OS/distros and make them discoverable

Speakers
avatar for Ahmet Alp Balkan

Ahmet Alp Balkan

Senior Developer Advocate, Google
Ahmet creates developer tools and designs developer experiences for Google Cloud. He works on GKE/Kubernetes, as well as Google’s serverless projects like Cloud Run and Knative.He is the maintainer of popular projects like kubectx.dev and krew.dev. Prior to Google, he has worked... Read More →
avatar for Maciej Szulik

Maciej Szulik

Software Engineer, Red Hat
Maciej is a passionate developer with over 10 years of experience in many languages. He's working on OpenShift and Kubernetes for Red Hat. In his free time he enjoys hacking on bugs.python.org and CPython's IMAP library. He's a frequent speaker at various events and meet ups, including... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 F3

11:55

Intro: Azure SIG - Stephen Augustus, VMware & Craig Peters, Microsoft
In the SIG Azure Intro, we’re going to tell you all about why SIG Azure exists and the team behind managing it. From there, we’ll talk about what’s happened over the last few releases, Kubernetes 1.14 and Kubernetes 1.15, as well as some of what’s planned for Kubernetes 1.16. Additionally, we’ll cover some user stories of implementing Kubernetes on Azure. Finally, and most importantly, we’ll talk all about some of the best ways to get involved with SIG Azure and all of the forums that we’re communicating on!

Speakers
avatar for Craig Peters

Craig Peters

Principal Program Manager, Microsoft
Craig is a Principal Program Manager on the Container Compute team at Azure focused on container infrastructure projects. Craig is active in many Kubernetes Special Interest Groups and contributing to Windows nodes in Kubernetes. He is a technology generalist interested in making... Read More →
avatar for Stephen Augustus

Stephen Augustus

Lead, Cloud Native Developer Strategy, VMware
Stephen Augustus is an active leader in the Kubernetes community. He currently serves as a Special Interest Group Chair (Release, PM), a Release Manager, and a subproject owner for Azure.Stephen leads the Cloud Native Developer Strategy team at VMware, driving meaningful interactions... Read More →



Tuesday May 21, 2019 11:55 - 12:30
CC8.27–28

11:55

Intro: CNCF Serverless WG/CloudEvents - Scott Nichols, Google & Klaus Deissner, SAP
This session will provide an introduction to the CNCF Serverless Working Group, the CloudEvents specification and the new Workflow sub-group. It will give an overview of our history, status of the work, demo of CloudEvents spec and future plans for the WG and CloudEvents project.

Speakers
avatar for Scott Nichols

Scott Nichols

Software Engineer 软件工程师, Google
Scott Nichols is a Googler focused on making it easy to create and understand portable event driven serverless workloads. This work is done through Knative Eventing and CloudEvents. Connect: https://github.com/n3wscott/ or @n3wscott
avatar for Klaus Deissner

Klaus Deissner

Development Architect, SAP SE
Klaus is an architect at SAP focusing on serverless architecture and eventing. He has over 16 years of experience in architecting and engineering software and has spent a large portion of his career with technology topics such as building messaging infrastructures, developer tools... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 E4

11:55

Intro: Helm - Michelle Noorali & Matt Fisher, Microsoft
In this session, we will introduce the basics of the CNCF Helm project. Helm is a Kubernetes package manager and it allows you to install and manages packages of Kubernetes configuration called Charts. Charts provide a way to deploy configurable, out-of-the-box applications and even package your own applications for Kubernetes. We will walk through how to get started with Helm and how to package your own applications as Charts. Helm was first introduced in 2015 and has since grown to meet the needs of its own rich ecosystem. We'll also discuss how Helm has evolved, why, and lessons we've learned along the way.

Speakers
avatar for Matt Fisher

Matt Fisher

Software Engineer, Microsoft
Matt is a core maintainer of the Helm project, and a Software Engineer at Microsoft. Off hours, Matt enjoys spending time camping, woodworking and spending time with his family.
avatar for Michelle Noorali

Michelle Noorali

Software Engineer, Microsoft
Michelle Noorali is a Sr. Software Engineer at Microsoft. She is a core maintainer on open source projects in the Kubernetes ecosystem including Helm and Draft. She has been involved in the Kubernetes community since 2015 and serves on the Kubernetes Steering Committee. She is passionate... Read More →


Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 C2

11:55

Intro: Kubernetes (Instrumentation) SIG - Frederic Branczyk, Red Hat
The intro to SIG Instrumentation is going to be a lightweight introduction to what sig-instrumentation is responsible for within Kubernetes and give guidance on how to contribute to SIG Instrumentation. Beyond that it will cover a high level overview of the work SIG instrumentation has done over the years and elaborate on current efforts including the sub projects being worked on.

Speakers
avatar for Frederic Branczyk

Frederic Branczyk

Principal Software Engineer, Red Hat
Frederic is an engineer at Red Hat (previously CoreOS) contributing to Prometheus and Kubernetes to build state of the art modern infrastructure and monitoring tools. He discovered his interest in monitoring tools and distributed systems in his previous jobs, where he used machine... Read More →


Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 E9

11:55

Intro: Linkerd - William Morgan, Buoyant
In this session, William Morgan and Linkerd maintainers, will provide an introduction to Linkerd and the service mesh model. We'll hear some lightning talks from current Linkerd production users, and finish with a brief Q&A.

Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist at MITRE... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.1 G3

11:55

Intro: Network Service Mesh (NSM) - Frederick Kautz, Doc.ai & Ed Warnicke, Cisco
Network Service Mesh (NSM) is a novel approach solving L2/L3 network use cases in Kubernetes that are tricky to address with the existing Kubernetes Network Model. Inspired by Istio, Network Service Mesh maps the concept of a service mesh to L2/L3 payloads.

Network Service Mesh enables a variety of types of Use Cases such as:

* Connecting Pods to:
-VPN Gateways
-Non-Kubernetes virtual bridge domains
-The *right* physical NIC or SR-IOV VF for their needs
-Multiple-interfaces
* Cloud-native NFV use cases

Network Service Mesh controls the L2/L3 data planes to deliver these types of use cases. Network Service Mesh enables users to express the context of their network needs in a Cloud Native manner, rather than manually stringing together disjoint interfaces, IPAM, and subnets.

Finally, we discuss how audience members can get involved and help drive the direction and development of NSM.


Speakers
avatar for Ed Warnicke

Ed Warnicke

Distinguished Consulting Engineer, Cisco
Ed Warnicke is a Distinguished Consulting Engineer in the Chief Technology and Architecture Office (CTAO) office at Cisco Systems. He has been working for over a decade in many areas of networking and Open Source. He was the longest serving founding TSC member at OpenDaylight TSC... Read More →
avatar for Frederick Kautz

Frederick Kautz

Head of Edge Infrastructure, doc.ai
Frederick Kautz is Head of Edge Infrastructure at Doc.ai. He was previously a Principal Software Engineer in the Office of Technology at Red Hat where he focused on improving the overall state of container networking and container+SDN integration. Frederick is an active contributor... Read More →


Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 E1

11:55

Intro: SPIFFE - Emiliano Bernbaum & Scott Emmons, Scytale
Modern software development relies on many microservices working together, that in production may be distributed over different middleware systems, container schedulers, PaaS platforms and even different cloud providers. As production environments become more complex, and dynamic - establishing trust between microservices is becomes more difficult, creating challenges for developers, operations teams, and security teams alike. Enter SPIFFE (Secure Production Infrastructure for Everyone) and which builds on designs first championed at Google, Twitter and elsewhere to provide robust authentication and trust between disparate micro-services. SPIFFE and SPIRE make it trivial to establish trust between workloads that may be elastically scaled and dynamically scheduled, and deployed in deeply heterogeneous environments. We'll walk through the design goals for SPIFFE (a specification) and SPIRE (a multi-cloud implementation of SPIFFE). We will go over all the developments and progress in SPIRE over the last few months. We will present an overview of how it can be used in conjunction with Kubernetes to build secure and scalable microservice architectures. We will also share our current roadmap with the community.

Speakers
SE

Scott Emmons

Principal Engineer, Scytale
avatar for Emiliano Berenbaum

Emiliano Berenbaum

CTO, Scytale
Before co-founding Scytale, Emiliano was a principal engineer at Splunk, where he helped lead the engineering effort to convert Splunk into an entirely SaaS offering and platform. Previously, he was Okta’s founding employee, where he worked on all aspects of the SaaS offering, culminating... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.1 G2

11:55

Extending Envoy with WebAssembly - John Plevyak & Dhi Aurrahman, Tetrate
Envoy is a high-performance proxy in the cloud-native landscape designed to be extensible at its core. There are several possible “extension points” in Envoy as outlined in https://github.com/envoyproxy/envoy/tree/master/source/extensions. However, the currently available approaches to extend it is rather limited. Since Envoy is written in C++, the primary way to introduce new extended functionality in Envoy is by writing an extension (e.g. filters, either network or HTTP filter, as one of the most relevant use-cases in Envoy), in C++. It is also possible to write an extension for Envoy using Lua, but the current scope of this extension is only for HTTP traffic. This talk introduces the possibility to extend Envoy with WebAssembly-based extension and report the current progression of it.

Speakers
JP

John Plevyak

Software Engineer, Google
avatar for Dhi Aurrahman

Dhi Aurrahman

Software Engineer, Tetrate
Dhi is a software engineer at Tetrate and an Envoy maintainer.



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 E5

11:55

Kubernetes Failure Stories and How to Crash Your Clusters - Henning Jacobs, Zalando SE
Bootstrapping a Kubernetes cluster is easy, rolling it out to nearly 200 engineering teams and operating it at scale is a challenge. In this talk, we are presenting our approach to Kubernetes provisioning on AWS, operations and developer experience for our growing Zalando developer base. We will walk you through our horror stories of operating 100+ clusters and share the insights we gained from incidents, failures, user reports and general observations. Our failure stories will be sourced from recent and past incidents, so the talk will be up-to-date with our latest experiences.

Most of our learnings apply to other Kubernetes infrastructures (EKS, GKE, ..) as well. This talk strives to reduce the audience's unknown unknowns about running Kubernetes in production.

Speakers
avatar for Henning Jacobs

Henning Jacobs

Head of Developer Productivity, Zalando SE
Henning joined Zalando in the beginning of 2010 and accompanied the transformation of Zalando’s technology department through the eras of PHP/MySQL and Java/PostgreSQL to the new world of "Radical Agility". He helped building the STUPS cloud infrastructure to make innovation scale... Read More →



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 A1

11:55

Benchmarking Cloud Native Storage - Josh Berkus, Red Hat
You can run your stateful apps on Kubernetes. You can even run your databases on Kubernetes. But what are you giving up in performance? Is it worth it, or should you stick to the hosting you know?

For the past several months, we've been benchmarking various forms of Kubernetes storage, including host storage, network storage, cloud storage and cloud-native storage systems like Rook. Let us share with you the results of running PostgreSQL, CockroachDB and filesystem benchmarks so that you can make the best possible tradeoffs. We'll even show you how to do your own, to test your own platform.

You will leave this talk with a much better idea of the quantitative tradeoffs between performance, reliability, data retention, and manageability.

Speakers
avatar for Josh Berkus

Josh Berkus

Community Lead at Red Hat, Red Hat
Josh Berkus is Red Hat's Kubernetes Community Manager, which is the reason he spends so much time working in SIG-Release and SIG-Contributor Experience. He's also a long-time database geek, and has done benchmarks for the TPC and SPEC. His real passion in the cloud native world is... Read More →


Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 C4

11:55

Kubernetes + Encrypted Memory = Security * Privacy - Harshal Patil & Pradipta Banerjee, IBM
The Memory Encryption on hardware is coming soon. From Intel's TME/MKTME[1] to IBM's Ultravisor[2], hardware manufacturers are aiming to make sure 'what's written by the process stays within the process'. Once the hardware is out, it will change the way we perceive the security and privacy in the cloud.

In this talk, we will discuss briefly on the upcoming memory encryption technologies and how we modified kata container runtime to handle kubernetes' Ephemeral Volumes (aka, EmptyDir volumes) to keep your data and application protected from the container image registry (encrypted at rest) to runtime (protected by memory encryption). For the demonstration, we run a container image with the encrypted TensorFlow model using kubernetes such that even the root user on the worker node won’t be able to read the model parameters.

[1] https://goo.gl/Xt3MJf
[2] https://goo.gl/X2A5yx

Speakers
avatar for Pradipta Banerjee

Pradipta Banerjee

Senior Technical Staff Member, IBM
Pradipta is a Senior Technical Staff Member in IBM Systems, where he leads cloud-native platform initiatives and works with customers to help them with their digital transformation journey. He comes with an extensive infrastructure and cloud background and has worked on many first... Read More →
HP

Harshal Patil

Advisory Systems Software Engineer, IBM
Advisory Systems Software Engineer at IBM, Linux Technology Center, works on containers and technologies around it. Currently works on Encryption in Container Images.



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.0 F1

11:55

Istio New Workload Identity Provision Pipeline Based on Envoy SDS - Quanjie Lin & Diem Vu, Google
Istio introduces a new workload identity provision system based on envoy SDS (secret discovery service) from release-1.1; as the main developer who works on this project, my talk covers:
1. Background topics like what is envoy SDS, the motivation why the
new system is introduced;
2. High level end-to-end architecture, deep dive into some design
decisions we made during development;
3. CNCF projects we leveraged during development (kubernetes,
envoy, helm, spiffe etc);
4. Real enterprise customers’ user cases that built on top of this new
system in production;
5. How to plug customer CA into the new system for your user case.

From this talk, audience will get better understanding of designing/using service mesh’s identity system from first-hand development experience, and how to build a system by leveraging CNCF projects.

[Note: I could demo if time allowed]

Speakers
DV

Diem Vu

Software Engineer, Google
Diem Vu is a software engineer at Google. He is currently working on Istio, leading the security policy area. Before joining Istio, he worked in Google shopping search for over 6 years. He earned his master degree from UCSD, and bachelor from Monash university.
QL

Quanjie Lin

Software Engineer, Google
Quanjie is a software engineer from Google Istio team, she is currently working on the Istio workload identity provision system, end-user authentication etc. Before Istio, she worked in Google kubernetes team on the open service broker and service catalog.



Tuesday May 21, 2019 11:55 - 12:30
Hall 8.1 G1

12:00

12:00

12:30

12:30

12:30

Lunch (Provided)
KubeCon + CloudNativeCon Europe is a NUT FREE event. All menu items have been verified with the venue as being 100% nut free. While we strive to ensure that there are no nuts in our menu items, we cannot prevent people from bringing items into the venue. If your allergy is airborne, please be sure to carry your Epi-Pen with you at all times.

Vegetarian Meal Request: Vegetarian options will be available at all meal functions including breaks. These meals will be included in the main buffets and will be clearly marked as vegetarian.

Halal, Kosher, & Lactose, and Gluten-Free Request: If you have requested a Halal, Kosher, Gluten or Lactose-Free meal, you will pick up your request from the Specialty Diet Pick Up Points. There are two locations throughout the conference to pick up your meal. The first is located in the back of Hall 7 (Sponsor Showcase), and the second is in Hall 8.1 near the main entrance. Breaks will be served from Hall 7 and lunch meals are available for pick up in both locations. If you have trouble finding these locations, please ask and LF staff member for assistance.


Tuesday May 21, 2019 12:30 - 14:00
Hall 7 + 8.1

13:00

13:00

13:30

13:30

14:00

14:00

14:00

Scavenging for Reusable Code in the Kubernetes Codebase - Kevin Lingerfelt, Buoyant
The magic of open source software and Go's support for remote import paths makes it trivial to import and run code from many of the most popular CNCF projects directly in your own project. Sometimes, however, the process of finding that one piece of code in a large codebase that’s just right for your use case can feel like a scavenger hunt. But the spoils of the hunt are vast. This talk explores how the Linkerd project has leveraged the Kubernetes codebase to replace their bespoke code with existing code that's more robust and better tested. Specific examples include switching the project to use Kubernetes' shared informers for caching API responses and adding rate limiting via work queues for TLS certificate distribution. Linkerd's Kevin Lingerfelt will show you how to undertake an effective Go scavenger hunt, and he'll discuss when you should skip the hunt and write it from scratch.

Speakers
avatar for Kevin Lingerfelt

Kevin Lingerfelt

Software Engineer, Buoyant
Kevin Lingerfelt is a software engineer at Buoyant and a core contributor to the Linkerd project, focusing mostly on the control plane, which is written in Go. Prior to working at Buoyant, Kevin was a senior staff software engineer at Twitter, working on infrastructure and decomposition... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 C4

14:00

Kubernetes the New Research Platform - Lindsey Tulloch, Brock University & Bob Killen, University of Michigan
Academic research institutions are at a precipice. They have historically been constrained to supporting classic “job” style workloads. With the growth of new workflow practices such as streaming data, science gateways, and more “dynamic” research using lambda-like functions, they must now support a variety of workloads.

In this talk, Lindsey and Bob will discuss some difficulties faced by academic institutions and how Kubernetes offers an extensible solution to support the future of research. They will present a selection of projects currently benefiting from Kubernetes enabled tools, like Argo, Kubeflow, and kube-batch. These workflows will be demonstrated using specific examples from two large research institutions: Compute Canada, Canada’s national computation research consortium and the University of Michigan, one of the largest public Universities in the United States.

Speakers
avatar for Bob Killen

Bob Killen

Research Cloud Administrator, University of Michigan
Bob is a Research Cloud Administrator with the Advanced Research Computing Technology Services (ARC-TS) group at the University of Michigan. He has been with the University for more than 15 years, serving in various capacities within the Health System and ARC-TS. As a CNCF Ambassador... Read More →
avatar for Lindsey Tulloch

Lindsey Tulloch

Student, Brock University
Lindsey is a student at Brock University where she is finishing a BSc in Computer Science and researching potential academic uses for Kubernetes. She previously worked at Red Hat as a software engineering intern where she was part of the multi-cluster team and demoed the federation-v2... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 F1

14:00

Panel Discussion: GitOps & Best Practices for Cloud Native CI/CD - Allison Richardet, Asteris, LLC; Laura Tacho, CloudBees; Ivan Pedrazas, State Street; Tracy Miranda, CloudBees; and Alexis Richardson, Weaveworks
Cloud native technologies enable organisations to scale rapidly and deliver software much faster than before. To do this, organisations need to rethink their CI/CD systems and the best practices their teams use with Kubernetes. GitOps, operation by pull request, is a new paradigm and set of best practices for cloud native. But what does it mean and how can organisations go about adopting it for their CI/CD needs? This panel provides insights into GitOps, best practices for CI/CD for cloud native and tooling that can help automate these practices. It also features end user stories of their experiences learning the best ways to setup CI/CD for their specific applications and needs.

Moderators
avatar for Allison Richardet

Allison Richardet

Software Engineer, OCI
Allison Richardet is a Software Engineer for OCI and Asteris, LLC. She began her career with real-time embedded systems development. She decided she needed more RAM, so she moved to the cloud. She helps companies adopt cloud native practices and move to Kubernetes. Allison has spoken... Read More →

Speakers
avatar for Ivan Pedrazas

Ivan Pedrazas

Solutions Architect, State Street
Ivan has a background in development and architecture. He has been helping companies like the UK Home Office, Soho House, or currently at State Street to adopt Kubernetes and release better software, more often. He enjoys designing and building distributed systems. Ivan has been running... Read More →
avatar for Alexis Richardson

Alexis Richardson

Founder & CEO, Weaveworks
Alexis is the CEO of Weaveworks and the chairman of the TOC for CNCF. Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for resetting the product direction of Spring and transitioning the vFabric business... Read More →
avatar for Laura Tacho

Laura Tacho

Director of Engineering, CloudBees
As the Director of Engineering at CloudBees and a Docker Captain, Laura's primary focus is making tools for other developers. At CloudBees, she works on improving the Docker infrastructure of the Codeship product and overall experience for all users of the CI/CD platform. Previously... Read More →
avatar for Tracy Miranda

Tracy Miranda

Director of Open Source Community, CloudBees
Tracy Miranda is director of open source community at CloudBees, where she works closely with the Jenkins & Jenkins X communities. A developer and open source veteran, Tracy is on the board of directors for the Eclipse Foundation.Tracy has a background in electronics system design... Read More →


Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 A1

14:00

Kanary - Automated and Integrated Canary Testing Using CRD and an Operator - David Benque, Amadeus & Cédric Lamorinière, Datadog
The Kubernetes ecosystem provides primitives to easily deploy applications. Now, how might we simplify validation of a new application version before triggering its complete rollout? Canary testing is a popular answer.

There are solutions to pilot canary testing from outside Kubernetes. How about driving it from inside Kubernetes instead?

Kanary is a new Operator proposing an easy, automated and integrated way to orchestrate the canary testing phase, while controlling the traffic, the validation, and the rollout of a new version.

After a quick recap of challenges in managing canary deployments within Kubernetes, this talk will present how Kanary offers a fully integrated and automated canary solution by assembling several cloud-native solutions: Prometheus, Istio, K8s resources and CRD.
 The talk will end with a demo!

Speakers
avatar for David Benque

David Benque

Senior Software Engineer, Amadeus
Area of expertize: PaaS. Working on: application development, automation, system operability at scale, distributed systems. Languages: Go, C++ mainly. Like: sharing experience, learn and teach. My mission at Amadeus is to implement the transition from our legacy distributed system... Read More →
avatar for Cédric Lamorinière

Cédric Lamorinière

Principal Software Engineer, Datadog
Cedric Lamoriniere is an Open-source software engineer who worked on the migration of legacy applications to Kubernetes. He takes part in the development of several K8s operators (Redis-Operator, Kubervisor). Cedric is specialized in distributed systems development. He as the chance... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 B3

14:00

Intro: CLI SIG - Maciej Szulik, Red Hat & Phillip Wittrock, Google
This "intro" session will provide basic information to facilitate new SIG CLI contributors. This session will present an overview of the "kubectl" code base, as well as the basics of the development process. We will give a short history of this project. We will leave a significant amount of time for Q&A.

Speakers
avatar for Phillip Wittrock

Phillip Wittrock

Software Engineer, Google
Phillip Wittrock is Staff Software Engineer at Google, a member of the Kubernetes Steering Committee, and a Kubernetes SIG CLI Technical Lead. Phillip’s hobbies include debating how kubectl is pronounced and talking about Kubernetes at social events. Positions Held: Kubernetes... Read More →
avatar for Maciej Szulik

Maciej Szulik

Software Engineer, Red Hat
Maciej is a passionate developer with over 10 years of experience in many languages. He's working on OpenShift and Kubernetes for Red Hat. In his free time he enjoys hacking on bugs.python.org and CPython's IMAP library. He's a frequent speaker at various events and meet ups, including... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 E1

14:00

Intro: CoreDNS - Daniel Garcia, Infoblox & Michael Grosser, Okkur Labs
CoreDNS is a flexible and extensible DNS server with a focus on service discovery. Best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is now the default DNS and part of the Kubernetes release since 1.13. The flexibility and extensibility of CoreDNS comes from its unique plugin-based architecture and its easy to use Corefile configurations. In this Intro session, we will update the current state and the road map of CoreDNS for the near future. We will share feedbacks from the community about CoreDNS intergration in Kubernetes 1.13. The progress of DNS resolver support will be discussed heavily as well, since there are lots of interests from the community. At the end of the session we will show several Corefile examples that is commonly configured and used in different scenarios to help getting started with CoreDNS.

Speakers
avatar for Daniel Garcia

Daniel Garcia

SaaS Architect, Infoblox
Daniel Garcia is an architect at Infoblox who works on the Atlas project. He’s been developing software for 20+ years. He’s worked on Oracle’s Container Engine (managed Kubernetes).  Previously, he developed an orchestration engine at StackEngine which was acquired by Oracle... Read More →
avatar for Michael Grosser

Michael Grosser

Founder, Okkur Labs
Michael Grosser has contributed to Kubernetes and CoreDNS for some time. As a Google Developer Expert for Kubernetes and GCP he is excited about technology and reading DNS RFCs. He is the founder of Okkur Labs and Rekkur Solutions. Okkur Labs is an open source lab researching, contributing... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 E4

14:00

Intro: Fluentd - Masahiro Nakagawa, ARM Treasure Data
Logging for cloud-native applications and environments is a continuous challenge from an operational perspective. Fluentd offers a full logging layer than can be accommodated and extended as required to solve any logging need. In this Fluentd session, you will learn about its administration and log processing from a general perspective.

Speakers
MN

Masahiro Nakagawa

Principal Engineer, Arm Treasure Data
Fluentd maintainer


Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 E5

14:00

Intro: KubeEdge - Cindy Xing, Futurewei & Dejan Bosanac, Red Hat
Recently KubEdge was accepted as a CNCF sandbox project. As one of the reference architecture, KubeEdge provides customers a way to manage Edge nodes from cloud and build fundamental infrastructure targeted for IOT/Edge.Developers and end users can be empowered to build & run all kinds of potentials through KubeEdge. We welcome communities to join us and make innovations in IOT/Edge computing. In this talk, Dejan Bosanac from Redhat will share background and design principles for KubeEdge. The technical challenges in IOT/Edge computing and how KubeEdge tackle the problems will be discussed. Through real life use cases, Dejan Bosanac, the lead of Kubernetes IOT/Edge workgroup, will share the WG vision and how KubeEdge aligns.

Speakers
avatar for Dejan Bosanac

Dejan Bosanac

Software Engineer, Red Hat
I'm an engineer at Red Hat with broad expertise in messaging and integration technologies. I’ve been an active member of open source communities for many years and a contributor to various projects. My latest interests revolve around developing open source IoT cloud platform so... Read More →
avatar for Cindy Xing

Cindy Xing

Senior Cloud Software Architect 高级云软件架构师, Futurewei
Cindy Xing currently works at Futurewei as a Senior Cloud Software Architect.She focuses on building public Cloud Service infrastructure.Her interest area includes Kubernetes, container, Windows and Edge technologies.Before Futurewei, Cindy worked as a Senior software engineer and... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.1 G2

14:00

Intro: Kubernetes (VMware) SIG - David vonThenen & Steven Wong, VMware
Intro to the vSphere CSI Volume Driver The Container Storage Interface (CSI) is a specification designed to enable persistent storage volume management, using a plugin maintained independently of Kubernetes. Kubernetes CSI support recently advanced to GA. In the longer term, there is a plan to deprecate existing legacy storage plugins. New storage-related functionality, such as snapshot support, is now being targeted for CSI only. The “in-tree” vSphere storage plugin remains fully supported at this time. but users running Kubernetes on vSphere may wish to change to CSI to gain new features. At some point in the future, migration to the CSI plugin will become mandatory. This session will explain and demonstrate deployment, configuration and use of the new vSphere CSI driver. We will also cover migration and the roadmap for new functionality including snapshots, and other topics (e.g. interaction with scheduling and zones).

Speakers
avatar for David vonThenen

David vonThenen

Cloud Native Engineer, VMware
David vonThenen is a Cloud Native Engineer at VMware working in the container orchestrator space specifically around the Kubernetes and CNCF ecosystems. Some of his contributions have been in the Jaeger, Helm, Open Tracing, Prometheus, and cloud providers just to name a few. Prior... Read More →
avatar for Steven Wong

Steven Wong

Open Source Community Relations Engineer, VMware
Steve Wong has been active in the Apache Mesos and Kubernetes communities since 2015. He is chair of the VMware SIG on the Kubernetes project. He is a past speaker at KubeCon, MesosCon, Open Source Summit, SCALE, and meetups in the Los Angeles area where he lives. While not working... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 E9

14:00

Intro: NATS - Waldemar Quevedo, Synadia Communications, Inc
NATS is a high performance publish/subscribe messaging system that has as one of its main goals connecting services in the simplest, most secure and reliable way possible. The project has a long history of being part of production deployments as the core component for the internal communication of a distributed system, and in its latest release NATS v2.0, its feature set was enhanced so that it can also be used to create a global and decentralized communication network. In this talk, you will learn about the multiple communication patterns that NATS offers and how it can help you simplify and decouple the architecture of your cloud native application.

Speakers
avatar for Waldemar Quevedo

Waldemar Quevedo

Synadia, Senior Engineer
Waldemar Quevedo is a Software Engineer at Synadia, where he works on the NATS project and the ecosystem around it. He is author of the "Practical NATS" book, which is one of the first books about the project. Before he was at Apcera where he worked on a container orchestration system... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.1 G3

14:00

Intro: Testing SIG - Cole Wagner & Aishwarya Sundar, Google
The Kubernetes test infrastructure schedules and executes all of the tests which validate pull requests and repositories in the Kubernetes ecosystem every day. This presentation will explore how job authors can make use of new job configuration options to write jobs that execute identically inside and outside of the test infrastructure while requiring a minimal set of configuration to be provided. Jobs defined in this manner have reproducible behavior for local debugging and do not require job authors to adopt test-infrastructure-specific frameworks or workflows.

Speakers
CW

Cole Wagner

Software Engineer, Google
I've been working on GKE Engprod for a little over a year now. I primarily work on testing infrastructure, process automation, and automated PR merging for the Kubernetes Github org. I specifically focus on Prow and Tide
avatar for Aishwarya Sundar

Aishwarya Sundar

GKE /OSS Test Engineer, Google
I am Test Engineer with Google in the GKE/OSS EngProd team. I work on improving and maintaining test coverage, tooling and infra. A newbie in the k8s world and quickly ramping up.



Tuesday May 21, 2019 14:00 - 14:35
CC8.27–28

14:00

Authentication and Security in gRPC Microservices - Jan Tattermusch, Google
Authenticating RPCs and securing them properly is crucial for building modern microservices.
The talk will walk you through what gRPC has to offer in terms of authenticating and securing RPCs.
It will explain the principles behind gRPC secure communication and show various approaches to authenticate your calls. It will also discuss the challenges of each approach. The principles will then be applied to demonstrate authentication in several scenarios in different kinds of deployment (including service-mesh). The examples will be focused on gRPC-based microservices in Kubernetes.

Speakers
JT

Jan Tattermusch

Senior Software Engineer, Google
Jan is a long-time member of gRPC team at Google as Senior Software Engineer. He is the owner of gRPC C# implementation and leads a few other gRPC team's efforts related to open-source and testing.


Tuesday May 21, 2019 14:00 - 14:35
Hall 8.1 G1

14:00

Operating kube-apiserver Without Hiccups - Stefan Schimanski & David Eads, Red Hat
Kube-apiserver is the central component of every Kubernetes cluster. Keeping it available at all times is crucial for reliable operation. At the same time we want to restart kube-apiserver, for version upgrades, key rotation or just configuration changes. How can this be done without dropping a single request on the floor?

Outline:
- overview and problem statement
- graceful termination
- health and readiness checks
- rolling upgrades
- reliable use of informers in client apps
- self-hosting done right, without self-references.


David and Stefan are both the builders and the consumers of core apiserver infrastructure used in kube-apiserver, maintaining most of the code behind those features.

Speakers
DE

David Eads

Senior Principal Software Engineer, Red Hat
David Eads is a senior principal software engineer at Red Hat and co-lead for Kubernetes sig-apimachinery and an emeritus lead for sig-auth.
avatar for Stefan Schimanski

Stefan Schimanski

Prinicpal Software Engineer, Red Hat
Stefan is a Principal Software Developer at Red Hat working on Kubernetes and OpenShift, with a focus on API machinery, extension points and developer tools as part of Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 D4

14:00

Scale Kubernetes Service Endpoints 100x - Minhan Xia & Wojciech Tyczynski, Google
Service and endpoints have been core primitives in K8s since 1.0. As k8s deployments gets larger, the scalability of k8s service endpoints has become a bottleneck, causing high overhead on network, cpu and memory across the cluster. In addition, the size of the endpoints object will be larger than what can be stored in the Etcd database. This talk will deep dive into the internals of k8s service endpoints API and sort out the associated scalability challenges in the current design. Minhan and Wojtek will introduce a new K8s endpoints API design that aims to improve Endpoint scalability by 100x, as well as an overview of the ongoing effort to revamp K8s Service.

Speakers
avatar for Wojciech Tyczynski

Wojciech Tyczynski

Staff Software Engineer, Google
Wojciech is working on Google Technical Infrastructure & Cloud since 2012. Since February 2015 he works on Kubernetes and Google Kubernetes Engine, focusing mainly on scalability, performance and scheduling. Before that, he was working on Omega project, where for the last year he... Read More →
avatar for Minhan Xia

Minhan Xia

Software Engineer, Google
Minhan Xia has been a member of Kubernetes networking team at Google since K8s 1.0 2015. He has contributed to various aspects of K8s networking, including pod networking, K8s service and K8s ingress.



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 C2

14:00

Fine-Grained Permissions in Kubernetes: What’s Missing, and How to Fix That - Vallery Lancey, Lyft & Seth McCombs, Triller
In this talk, we will walk through a number of common scenarios where Kubernetes lacks sufficient access control tools, or where access control is often not properly applied. For example, it is common for a team to own a subset of services in a namespace, yet RBAC permissions grant that team access to other pods within the namespace.

We will demonstrate a number of solutions available for specific problems, such as pod network policies, the open policy agent, custom controllers that gate API functionality.

We will also discuss problems with the namespace permission model, and possible alternatives. Namespaces create an arbitrary boundary around resources, which creates the need to then bridge those boundaries. We will demonstrate ideas for bridging namespace networks, and posix-style objection permissions within a namespace.

Speakers
avatar for Vallery Lancey

Vallery Lancey

Infrastructure Software Engineer, Lyft
Vallery Lancey is a self-described Systems Witch (more formally, an Infrastructure Software Engineer at Lyft). She works on developing upstream Kubernetes, as well as downstream Kubernetes implementation and platforms. Vallery has spoken about a wide range of Kubernetes content... Read More →
avatar for Seth McCombs

Seth McCombs

Site Reliability Engineer, -
Seth McCombs is an "OpsDev Wizard" (an engineer from a background more IT Ops than Dev), he strives to bring a unique perspective to his work, never afraid to poke fun at mistakes he’s made, always with the goal of learning and growing as an engineer.



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 B1

14:00

What WePay Learned From Processing Billions of Dollars on GKE Using Linkerd - Mohsen Rezaei, WePay
WePay processes billions of dollars worth of payments each year. As the number of services that process payment requests grow in WePay’s infrastructure, so does the challenge of monitoring, debugging, and tracing call paths and service internals that run on GKE.

This session focuses on how the Platform Infrastructure & Tools team at WePay utilized monitoring services like Prometheus and Grafana to migrate their ever growing infrastructure and all of their production traffic (REST and gRPC) to service mesh on top of Linkerd in 2018. In addition, we will show how we used Namerd to bring all services together using discovery, Linkerd to power the data plane where the payments are processed and parsed behind WePay’s payment APIs, and Prometheus and NewRelic to monitor all infrastructure services' and microservices' activities in our production environment.

Speakers
avatar for Mohsen Rezaei

Mohsen Rezaei

Staff Software Engineer, WePay
Mohsen is a staff software engineer at WePay. While at WePay, he's worked on introducing some of the latest CNCF and Google Cloud technologies to WePay's infrastructure, including Kubernetes, Prometheus, and Linkerd, while contributing to some open source projects for improvements... Read More →



Tuesday May 21, 2019 14:00 - 14:35
Hall 8.0 F3

14:00

OpenTelemetry: Backwards Compatibility with OpenTracing and OpenCensus - Ben Sigelman, LightStep, Bogdan Drutu, Google & Spiros Xanthos, Omnition
This workshop will open with a 20-minute overview of the goals and structure of the new OpenTelemetry project, followed by two 30-minute presentations describing the backwards-compatibility strategies for both OpenTracing and OpenCensus end-users respectively.

Speakers
avatar for Ben Sigelman

Ben Sigelman

Co-Founder and CEO, LightStep
Ben Sigelman is a co-founder and the CEO at LightStep, a co-creator of Dapper (Google’s distributed tracing system), and co-creator of the OpenTracing and OpenTelemetry projects (both part of the CNCF). Ben's work and interests gravitate towards observability, especially where microservices... Read More →
avatar for Spiros Xanthos

Spiros Xanthos

Founder and CEO, Omnition
Spiros Xanthos is the CEO and Founder of Omnition, an Observability platform for Cloud Native Applications. Omnition is one of the companies building OpenCensus.io and now OpenTelemetry.io that is replacing OpenCensus and OpenTracing to become the standard instrumentation and collection... Read More →


Tuesday May 21, 2019 14:00 - 15:25
CC7.1

14:00

Tutorial: A Day in the Life of a Cloud Native Developer - Randy Abernethy, RX-M, LLC (Limited Availability; First-Come, First-Served Basis)
In this 90 minute, hands on tutorial, attendees will get a chance to work with a comprehensive set of modern cloud native tools from the CNCF software stack. The tutorial will take users on an end to end journey through some of the most important tools and processes involved in constructing, packaging, deploying and managing a working microservices application. Each lab step will introduce a new CNCF project and demonstrate how that project adds value in a cloud native tool chain. Participants will leave with an overarching understanding of the benefits associated with a fully cloud native developer experience. Projects used in this practical field trip include: Kubernetes, Prometheus, Envoy, Fluentd, gRPC, Containerd, Helm, Harbor and Telepresence. Attendees will need a laptop and an ssh client to complete the hands on labs.

Speakers
avatar for Randy Abernethy

Randy Abernethy

Managing Partner, RX-M, LLC
Randy Abernethy is a Managing Partner at RX-M, a cloud native advisory and training firm in the founding classes of Kubernetes Certified Service Providers (KCSP) and Kubernetes Training Providers (KTP). Randy is a tech entrepreneur, startup advisor, financial technology pioneer, CKA... Read More →



Tuesday May 21, 2019 14:00 - 15:25
Hall 8.0 D2

14:00

Tutorial: Building Security into Kubernetes Deployment Pipelines - Michael Hough, IBM & Sam Irvine, ControlPlane (Limited Availability; First-Come, First-Served Basis)
How secure is your deployment pipeline? Is image integrity verified or can any user deploy any image to production? Are those images scanned for known CVEs? And are security policies enforced to harden the cluster at runtime?

This tutorial covers current best practices for enhanced Kubernetes cluster security. It is led by core contributors and subject matter experts, and provides hands-on experience with Notary, admission controllers, and vulnerability scanning.

It teaches integrating image signing and vulnerability scanning into a pipeline through live examples, and demonstrates how to configure Kubernetes to enforce security policies and image integrity.

Attendees should expect to learn how to utilise state-of-the-art CNCF and OS tooling, and frustrate potential attackers throughout the deployment lifecycle.

Speakers
avatar for Michael Hough

Michael Hough

Software Engineer, IBM
Michael is a Software Engineer on the IBM Cloud Container Registry team, delivering and operating code using Kubernetes in production, and a contributor to Notary and Portieris. He has presented and led labs about Kubernetes and IBM Cloud Container Service at IBM Technical Universities... Read More →
avatar for Sam Irvine

Sam Irvine

Infrastructure Engineer, ControlPlane
Sam Irvine is an Infrastructure Engineer at ControlPlane, a Kubernetes and pipeline security startup in London, UK. Sam works on delivering Kubernetes platforms and secure pipelines in high compliance environments. Previously, Sam has experience delivering scientific outreach and... Read More →



Tuesday May 21, 2019 14:00 - 15:25
Hall 8.0 C1

14:00

Tutorial: Introduction to Kubeflow Pipelines - Michelle Casbon, Dan Sanche, Dan Anghel, & Michal Zylinski, Google (Limited Availability; First-Come, First-Served Basis)
In this session, you will learn how to install and use Kubeflow Pipelines to create a full machine learning application on Kubernetes.

Starting with an empty environment, you will create a Kubernetes cluster and install Kubeflow from scratch. Then you will build and run a full pipeline that first trains a model using TensorFlow, then serves the model, and finally deploys a web front-end for interacting with the resulting predictions. You will then move into a notebook to build and run your pipeline using the Python SDK.

You will become familiar with Google Cloud Platform tools such as Cloud Shell and Kubernetes Engine.

Prerequisite: fundamental knowledge of Kubernetes.
Setup: must bring own laptop. Qwiklab/GCP credits will be provided.

Note: this session showcases Kubeflow features newly released since the Seattle workshop.

Speakers
avatar for Michelle Casbon

Michelle Casbon

Senior Engineer, Google
Michelle Casbon is a Senior Engineer at Google, where she focuses on open source for machine learning and big data tools. Prior to joining Google, she was at Qordoba as Director of Data Science and Idibon as a Senior Data Science Engineer. Within these roles, she built and shipped... Read More →
avatar for Dan Anghel

Dan Anghel

Strategic Cloud Engineer, Google
Dan joined Google Paris 3 years ago after a more than 10 years long adventure in Retail. Specialized in Big Data and Machine Learning, he is helping the largest Google customers accelerate their journey into the Cloud.
MZ

Michal Zylinski

Cloud Customer Engineer, Google
avatar for Dan Sanche

Dan Sanche

Developer Programs Engineer, Google
Dan is a DevRel Enginner at Google focused on improving the developer experience of GCP DevOps products, with a particular interest in Machine learning infrastructure



Tuesday May 21, 2019 14:00 - 15:25
Hall 8.0 F5

14:30

14:50

Reproducible Development and Deployment with Bazel and Telepresence - Christian Roggia, Engel & Völkers Technology GmbH
As the system grows in size and complexity the pain of maintaining an up-to-date local environment becomes less and less sustainable. Developers will eventually have to deal with large docker-compose YAMLs and strict build guidelines, slowing down the development process and encouraging build-push-deploy cycles instead. This talk will explore a better approach to the issue by making both development and deployment fully reproducible, reducing required efforts and allowing for more reliable releases.

Attendees will be introduced to the Bazel ecosystem combined with Telepresence’s proxying capabilities. The final goal is to understand how Bazel can help developers achieve a fully hermetic and reproducible build environment, and how locally produced images can be connected from developers’ machines to the remote cluster through the two-way communication proxy offered by Telepresence.

Speakers
avatar for Christian Roggia

Christian Roggia

Backend Software Engineer, Engel & Völkers Technology GmbH
Christian is a Software Engineer at Engel & Völkers currently leading the team responsible for the technology stack used internally for development operations. He is an official member of the Kubernetes open source project and is a maintainer of multiple official Helm charts. In... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 C2

14:50

Laying the Foundation: Real World Kubernetes Deployment Patterns - Josh Rosso & Craig Tracey, VMware
Enterprise deployments often find themselves gridlocked in debates concerning the "correct" approach for deploying Kubernetes. Should we use immutable images or a complex configuration management solution? What about leveraging one of the managed service offerings? Or even one of the opinionated open source projects? The possibilities are endless but can also be dizzying.

In this talk, Josh and Craig provide an overview of both the successful (and sometimes not so successful) deployment patterns they have encountered across dozens of production Kubernetes users in nearly every industry vertical. They will identify the critical decision making processes that will enable "Day 2" operations, empower stakeholders, and ultimately yield successful Kubernetes outcomes.

Speakers
JR

Josh Rosso

Staff Field Engineer, VMware
I have spent multiple years working in the field, helping Fortune 500 organizations, with a focus on distributed systems and Kubernetes. I was the first field engineer at CoreOS, worked on OpenShift by way of Red Hat acquisition, joined Heptio to help make pure open source Kubernetes... Read More →
CT

Craig Tracey

Staff Field Engineer, VMware
For the past 20 years, Craig has helped build the infrastructure that powers the Internet. In this time, he has had the opportunity to develop everything from kernel device drivers to massive-scale cloud storage services and even built a few distributed compute platforms in between... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 B1

14:50

Streamlining Kubernetes Application CI/CD with Bazel - Gregg Donovan, Etsy.com, Inc. & Chris Love, CNM Consulting
Creating a repeatable Kubernetes application deployment pipeline with the Bazel build system offers a number of advantages over traditional Kubernetes application CI/CD approaches. We will describe how Etsy uses Bazel, along with its container and Kubernetes support, to deploy many different services to multiple different clusters and environments.

Using a repeatable build process maximizes container layer caching and takes advantage of Kubernetes built in pod template hashing. With this caching in place, it becomes feasible to deploy all services in a large repo reliably without under-deploying -- not deploying changed components, leaving them unvalidated on master -- or over-deploying, waiting for a potentially expensive rollout despite not having made changes.

Bazel's rules_docker also allow you to build deterministic container images without the Docker daemon, simplifying CI/CD.

Speakers
avatar for Gregg Donovan

Gregg Donovan

Staff Software Engineer, Etsy.com, Inc.
Gregg Donovan is a Staff Software Engineer for Search at Etsy, where he has worked since 2010. He has spoken three times at LuceneSolr Revolution on search, designing distributed systems to be resilient to garbage collection, and sharding in large fanout systems. He spoke in 2018... Read More →
avatar for Chris Love

Chris Love

Founder, CNM Consulting
Chris Love has been coding for over 20 years, as well as contributing to OSS. Currently, he contributes to Google Helmsman (github.com/topics/gke-helmsman), kops, and other things K8s. Chris has architected projects with companies such as Google, Motorola, Inuit, and CenturyLink... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 F3

14:50

Panel Discussion: From User to Member: Becoming a Kubernetes Contributor - Jason Murray, iNNOVO Cloud GmbH; Cyrine Jabri, iNNOVO Cloud GmbH; James Munnelly, Jetstack.io; Kris Nova, Independent; and Nikhita Raghunath, Loodse
While the reasons for contributing to Kubernetes are diverse, we share a passion for the community. This session will cover the participants journey in becoming a member of Kubernetes, and share anecdotes on how to start contributing to Kubernetes, eventually obtain membership, and beyond.

Moderators
avatar for Jason Murray

Jason Murray

Cloud Infrastructure Engineer, iNNOVO Cloud GmbH
Jason Murray is a Cloud Infrastructure Engineer at iNNOVO Cloud . He is a Kubernetes member focusing on SIG Cluster Lifecycle and SIG OpenStack. Jason is also the host of the weekly Cluster API Provider Implementers EMEA SIG Cluster Lifecycle meeting. Prior to joining iNNOVO, Jason... Read More →

Speakers
avatar for Nikhita Raghunath

Nikhita Raghunath

Software Engineer, Loodse
Nikhita is a software engineer at Loodse and is a core contributor to Kubernetes. She is on the Kubernetes Steering Committee, a CNCF Ambassador and the technical lead for SIG Contributor Experience.
avatar for Kris Nova

Kris Nova

Independent
Kris Nova is currently independent focusing on security, intrusion detection, and the Linux kernel with Kubernetes. Nova is also an ambassador for the Cloud Native Computing Foundation. Previously, she was a developer advocate and an engineer on Kubernetes at Heptio/VMware. She also... Read More →
avatar for James Munnelly

James Munnelly

Solutions Engineer, Jetstack
James is a Solutions Engineer at Jetstack, which involves helping customers bend and break Kubernetes to their will. He helps maintain a number of extensions to Kubernetes, including cert-manager (a Kubernetes native x509 certificates platform), kubernetes-sigs/kind (Kubernetes-in-Docker... Read More →
avatar for Cyrine Jabri

Cyrine Jabri

Cloud Infrastructure Engineer, iNNOVO Cloud GmbH
Cyrine has recently joined the Kubernetes community, and works as a Cloud Infrastructure Engineer at iNNOVO Cloud. Cyrine recently completed her masters studies in Computer science. She focuses primarily on SIG Cluster Lifecycle projects, specifically Cluster API.


Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 D4

14:50

The Kubernetes Control Plane for Busy People Who Like Pictures - Daniel Smith, Google
Let’s dive into the modular design of the Kubernetes control plane together. We’ll talk about the specific resources and controllers which make Kubernetes what it is, and how this pattern generalizes--which problem domains are well solved by the Kubernetes control plane architecture? This talk will speak to people ready for a 201-level introduction to the Kubernetes control plane, and also to people contemplating using Kubernetes API Machinery for their own purposes.

Speakers
avatar for Daniel Smith

Daniel Smith

Staff Software Engineer, Google
Daniel has been working on Kubernetes since before it was open sourced, contributing enough in the early days that he’s still one of the top contributors overall. Currently, he is co-Chair and co-TL of the Kubernetes API Machinery SIG, and TL of the corresponding Google team. Before... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 B3

14:50

Intro: Cloud Native Buildpacks - Terence Lee, Heroku & Stephen Levine, Pivotal
You're great at running containers but you shouldn't have to be great at building them. In this talk, you'll learn about Cloud Native Buildpacks, a higher-level abstraction for building apps compared to Dockerfiles. Buildpacks are a standardized tool for creating images in a secure, reproducible, and efficient manner. As an app developer, you don't need to know best practices around ordering commands for layer reuse. As an operator, you don't need to worry about exposing developers to the responsibilities that come with Dockerfile. Come learn how buildpacks meet developers at their source code, automate the delivery of both OS-level and application-level dependency upgrades, and help you efficiently handle day-2 app operations.

Speakers
TL

Terence Lee

Principal Languages Engineer, Heroku
SL

Stephen Levine

Engineering Lead / Principal Software Engineer, Pivotal
Stephen Levine is an Engineering Lead at Pivotal. He is the Cloud Foundry Project Lead for CF Local, CF Dev, and the core CF Buildpacks, as well as a co-owner of the Cloud Native Buildpacks project in the CNCF's Cloud Native Sandbox.


Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 E1

14:50

Intro: Falco - Jorge Salamero Sanz, Sysdig
Host intrusion detection (HID) has been around for some time. What if we rethought the problems HID solves in the context of Cloud Native platforms? What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well? In this talk, we’ll present Falco, a CNCF Sandbox project for runtime security. We will show how Falco taps Linux system calls & the Kubernetes API to provide low level insight into application behavior, & how to write Falco rules to detect abnormal behavior. We’ll show how to collect & aggregate alerts using an EFK stack (Elasticsearch, Fluentd, Kibana). Finally we will show how Falco can trigger functions to stop abnormal behavior, & isolate the compromised Pod or Node for forensics. Attendees will leave with a better understanding of what problems runtime security solves, & how Falco can provide runtime security & incident response.

Speakers
JS

Jorge Salamero Sanz

Director of Technical Marketing, Sysdig


Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 E4

14:50

Intro: Harbor - Henry Zhang & Steven Ren, VMware
As container technology become widely adopted in the industry, how to manage containerized applications poses new challenges to platform engineers. One of the challenges is to securely and efficiently manage containerized application packages with either container image or Helm Chart format. Project Harbor is an open source trusted cloud-native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. In this presentation, we will focus on the management of container images and Helm Charts through Harbor. We will review and provide solutions to the challenges faced by organizations, including RBAC (Role Based Access Control), vulnerability scanning, large scale content distribution, content replication, content trust (notary) and DevOps integrations etc.. Real world use cases will be discussed in the session. Of course, fantastic demos will be shown to let you easily understand the related use cases.

Speakers
avatar for (Haining Henry) Zhang

(Haining Henry) Zhang

Technical Director, VMware
Henry Zhang is the Chief Architect of China R&D, VMware. His primary role is to lead the development and incubation of projects on emerging technologies, including container, blockchain and AI. He was the founder of CNCF’s Project Harbor. Henry was the first evangelist in China... Read More →
SR

Steven Ren

Senior Manager, VMware



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 E5

14:50

Intro: Kubernetes Architecture SIG - Jaice Singer DuMars, Google
This will introduce the core areas of architectural governance for the Kubernetes project. This will include an introduction to the KEP process, the API review process, conformance testing review, and code organization. Attendees will have a better understanding of how to contribute and participate, as well as what concerns are specific to the SIG.

Speakers
avatar for Jaice Singer DuMars

Jaice Singer DuMars

Open Source Strategy Program Manager, Google
Jaice Singer DuMars is an active servant leader within the cloud native ecosystem. As the Cloud Native OSS Program Manager at Google, they are focused on building and sustaining healthy, inclusive, diverse, and scalable open source communities. As a former Kubernetes release leader... Read More →


Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 E9

14:50

Intro: Open Policy Agent - Rita Zhang, Microsoft & Max Smythe, Google
Come to this session to learn about the OPA Gatekeeper project! Gatekeeper integrates OPA with Kubernetes to provide new features like parameterized CRD-based policies, auditing, policy library, and more. Gatekeeper is being jointly developed by Microsoft, Google, and Styra (the creators of OPA). During the session Rita Zhang (Microsoft) and Max Smythe (Google) will explain what Gatekeeper is, how it works, how to get involved, and where the project is going.

Speakers
avatar for Rita Zhang

Rita Zhang

Principal Software Engineer, Microsoft
Rita Zhang is a software engineer at Microsoft, based in San Francisco. She is on the Azure Cloud Native Compute team building features for Kubernetes upstream and for Azure Kubernetes Service. Rita is passionate about open source and running distributed workloads at scale.
avatar for Max Smythe

Max Smythe

Software Engineer, Google
Max Smythe is a Software Engineer at Google working to make Kubernetes easier to manage at scale. He is excited about the potential Gatekeeper has to streamline compliance and make life easier on cluster admins. Previously he worked at a startup as a backend developer and in the VFX... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.1 G3

14:50

Intro: TUF / Notary - Justin Cappos, NYU & Justin Cormack, Docker
Software distribution and packaging systems are rapidly becoming the weak link in the software lifecycle. This talk provides an accessible overview of two CNCF projects (Notary and TUF), that provide what has been roundly described as the most secure mechanism for distributing software. Notary, which implements the TUF specification, signs and transparently validates metadata to enable the system to recover from the compromise of servers, theft of keys, insider attacks, etc. Notary / TUF are surprisingly easy to use and used to provide cutting edge security not only across major cloud companies, but a diverse set of adopters, including automobiles. WARNING: Attending this talk may cause (justifiable) fear in the software update mechanism on your devices!

Speakers
avatar for Justin Cappos

Justin Cappos

Professor, NYU
Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →
avatar for Justin Cormack

Justin Cormack

Security Lead, Docker
Justin Cormack is security lead at Docker, a maintainer on the CNCF's Notary project, and a contributor to the CNCF SIG Security. He is particularly interested in container security, application isolation, authentication, policy and supply chain security. He has spoken at several... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.1 G2

14:50

Es-operator: Building an Elasticsearch Operator From the Bottom Up - Mikkel Larsen, Zalando SE
Operating stateful applications is a challenge and Elasticsearch clusters are no exception. At Zalando, the search infrastructure heavily rely on large scale Elasticsearch clusters consisting of 100s of nodes.

In this talk Mikkel present how Zalando utilize Kubernetes and the operator pattern as introduced by CoreOS, to reliably and cost efficiently operate large scale Elasticsearch clusters.

The talk will walk through how the Elasticsearch operator was designed, what problems it solves and how building it from the bottom up allowed getting it in production fast, gather more learnings and later extending the featureset to make it less manual to operate and reducing the cost of the overall infrastructure.

While the talk revolves around running Elasticsearch, the ideas presented also apply to running other types of stateful applications in Kubernetes.

Speakers
avatar for Mikkel Larsen

Mikkel Larsen

Senior Software Engineer, Zalando SE
Mikkel is a Senior Software Engineer working at Europe's leading online Fashion platform, Zalando since 2016. He works in the Platform Infrastructure team focusing on Kubernetes and AWS infrastructure and has a big interest in Continuous Delivery and automation.



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.1 G1

14:50

Portable, Universal Single Sign-On for Your Clusters - Miguel Martinez, Bitnami
In order to enable Single Sign-On in your cluster you need to configure the Kubernetes API server. This is an issue if you are using services where the control plane is managed for you. Some managed services like GKE support SSO out of the box, but are not configurable. Others like AKS allow you to configure it, but only with Active Directory. These options might not fit some of your requirements such as using your company’s existing Identity provider, to use other protocols such as LDAP or SAML or when applications (e.g the Kubernetes Dashboard) need access to the API server.

In this session, I will present some workarounds that leverage other native AuthN/AuthZ mechanisms such as service accounts or impersonation via auth proxies. I will also demo how to use these methods to enable SSO for the Kubernetes dashboard that can be used across different managed and on-prem environments.

Speakers
avatar for Miguel Martinez

Miguel Martinez

Senior Software Engineer, Bitnami
Miguel Martinez is a member of the engineering team at Bitnami and core contributor of the Helm and Monocular projects. He is currently working on Kubeapps, an open source application dashboard for Kubernetes. He loves Ruby, describes himself as a full stack engineer and complains... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 F1

14:50

Building an Enterprise-ready Lambda Experience (with Hands-On Demo) - Alexandre González Rodríguez, BBVA Next Technologies & Héctor Rodes López, Adhara
To create a lambda experience is easy, to do that in a mission-critical environment is not that easy. We will talk about two parallel journies: how we implemented this at BBVA (an international 100 years old bank with more than 130 thousand employees, 10% of them being IT professionals). We´ll cover all the main decisions that we took in our path to serverless and the tradeoffs that we accepted. As a complement to this, we will implement in stage a simpler version of this experience using out of the box Kubernetes features like CRDs.

There are certain thoughts that you need to keep in mind when you are planning a serverless solution in your company: usability, extensibility, security, resiliency, to use a market solution or build our own, logs, metrics… in the end, how do we make this tool part of our toolset seamlessly and production ready from the first minute.

Speakers
avatar for Álex González

Álex González

Tech lead, BBVA Next Technologies
Currently working at BBVA as tech lead for the PaaS team, he spends his free time playing around with Go & everything that smells as a container. He is now back in Spain after one year living in Milán but he managed to survive without learning any Italian, so if you are Italian please... Read More →
avatar for Héctor Rodes López

Héctor Rodes López

CTO, Adhara
Passionate developer since I discover Basic language at the age of 8. I’ve spent most of my working live building, deploying and operating distributed systems at scale in different countries in private data centers and public clouds. In my last three years I’ve been involved in... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 C4

14:50

Istio Multi-Cluster Service Mesh Patterns Explained - Daniel Berg & Ram Vennam, IBM
This session will review the various multi-cluster service mesh deployment patterns that are available with Istio. We will explain the pros and cons of each approach to ensure that you have the information necessary to properly apply one or more of these patterns for your own needs. We will provide a demonstration to show how one would setup a multi-cluster Istio mesh using Kubernetes clusters. This session is a must see if you currently are, or considering, implementing a hybrid cloud solution. Even if you are not yet using a service mesh, this session will provide valuable information to help you on your own hybrid journey.

Speakers
avatar for Dan Berg

Dan Berg

Distinguished Engineer, IBM
Daniel is an IBM Distinguished Engineer responsible for the container and service mesh technical strategy within IBM Cloud. He has direct responsibility for the technical architecture and delivery of the IBM Cloud Kubernetes Service providing managed Kubernetes clusters worldwide... Read More →
avatar for Ram Vennam

Ram Vennam

Product Manager for IBM Cloud and Istio, IBM
Ram Vennam is a Product Manager and Developer Advocate for IBM with deep experience in the landscape of web application technology. He has worked in a number of development roles at IBM, with his current focus being on IBM Cloud Kubernetes Service and Istio. He is passionate about... Read More →



Tuesday May 21, 2019 14:50 - 15:25
Hall 8.0 A1

15:00

15:00

15:25

Coffee Break
Tuesday May 21, 2019 15:25 - 15:55
Sponsor Showcase, Hall 7

15:30

15:55

Learn how to Leverage Kubernetes to Support 12 Factor for Enterprise Apps - Brad Topol & Michael Elder, IBM
“12 Factor” is a software methodology for building scalable microservice applications that provides best practices designed to enable applications to be built with portability, resilience, and scalability when deployed to the web. In this talk we provide an overview of the 12 Factor methodology and describe how the core constructs provided by Kubernetes can be leveraged to support the 12 factors for scalable web apps. In this talk we will provide live demonstrations of how Kubernetes can support 12 Factor for not only newer cloud native applications, but also for legacy enterprise middleware applications that include stateful and transactional workloads.

Speakers
avatar for Michael Elder

Michael Elder

Distinguished Engineer, IBM
Michael is the IBM Distinguished Engineer for the IBM Multicloud Platform. Michael holds an M.S. in Computer Science from the University of North Carolina-Chapel Hill. He has numerous awarded patents and has been honored with three IBM Outstanding Technical Achievement awards. He... Read More →
avatar for Brad Topol

Brad Topol

Distinguished Engineer, IBM
Dr. Brad Topol is an IBM Distinguished Engineer leading efforts focused on Open Technologies and Developer Advocacy. In his current role, Brad leads a development team focused on contributing to and improving Kubernetes. Brad is a Kubernetes contributor, serves as a member of the... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 B1

15:55

Birds of a Feather: Radio Access Network LTE/CBRS Edge - John Studarus, Packet Host
Discussion on deploying and running Kubernetes clusters across micro datacenters supporting edge applications. In specific, we'll be talking about how Packet Host has architected its Kubernetes deployment to support these cell tower collocated clusters. We'll talk briefly about this new ecosystem of ultra-low latency networking via LTE and CBRS (Citizen Broadband Radio Service). We're interested in sharing our experience and then letting the conversation flow to hear how others are adapting to use this new ecosystem.

Speakers
avatar for John Studarus

John Studarus

Software Architect, JHL Consulting
John merges his interests in computing infrastructure, networking, and software security. His background includes leading product teams, writing prototype code and examining distributed systems at Fortune 500s and startups alike. He brings a rare combination of technical expertise... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 F1

15:55

Kubectl Apply 2019: Defense Against the Dark Arts - Phillip Wittrock & Jennifer Buckley, Google
Kubectl Apply (loved and hated by users) is the canonical way to manage Kubernetes Resources, and the building block for systems performing continuous delivery.

Originally written in 2015, the inner workings of Apply have been referred to as the “dark arts” and have been accused of “making peoples eyeballs bleed”. The Apply maintainers took this feedback, and embarked on a journey to completely rearchitect Apply, this time without unleashing a primordial evil.

In 2019 Apply received its first major architectural overhaul, addressing long standing issues and bringing a cornucopia of new functionality to users and platform developers. Phillip Wittrock and Jenny Buckley will review both the changes in architecture and the new functionality that will usher in a delivery renaissance for Kubernetes.

Speakers
JB

Jennifer Buckley

Software Engineer, Google
Jennifer Buckley is a Software Engineer at Google, a member of Kubernetes SIG API Machinery, and a member of the Apply Working Group, which is focused on redesigning Kubectl Apply. She has also worked on the server-side dry-run feature, and improving dynamic admission webhooks. Owner... Read More →
avatar for Phillip Wittrock

Phillip Wittrock

Software Engineer, Google
Phillip Wittrock is Staff Software Engineer at Google, a member of the Kubernetes Steering Committee, and a Kubernetes SIG CLI Technical Lead. Phillip’s hobbies include debating how kubectl is pronounced and talking about Kubernetes at social events. Positions Held: Kubernetes... Read More →


Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 B3

15:55

KEPs: Evolving Kubernetes at the Speed of Trust - Caleb Miles, Google
What is Kubernetes?

Every now and again we try to enumerate the scope of the Kubernetes Project; but this only represents a snapshot of our best understanding of the value that Kubernetes provides to our community. With the Kubernetes Enhancement Proposal (KEP) Process we have been working on a mechanism to evolve Kubernetes at the Speed of Trust™.

 Learn what the KEP process is, how to use it, how it connects to the API Review Process and Enhancement Tracking processes; and how we are employing KEPs to solve our own ship of Theseus problem. ¡Todos a bordo!

Speakers


Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 D4

15:55

The Multicluster Toolbox - Adrien Trouillaud, Admiralty
The Kubernetes community has been talking about "multicluster" for several years. The topic is often associated with the Federation (v2) project. While Federation offers a solution to a problem (top-down resource declaration with templates, placements, and overrides), multicluster is about more than that. As Adrien was working on a different problem—peer-to-peer scheduling—he soon realized that some of the building blocks were missing: how to authorize requests from pods in a cluster to the Kubernetes APIs of other clusters; how to watch resources in a cluster to control resources in other clusters; how to garbage-collect objects in a cluster owned by objects in other clusters. Adrien started assembling an open-source "multicluster toolbox", composed of multicluster-service-account and multicluster-controller. This talk explains how to use them to solve unique multicluster problems.

Speakers
avatar for Adrien Trouillaud

Adrien Trouillaud

Founder and CEO, Admiralty
Adrien Trouillaud is the founder and CEO of Admiralty, a Seattle-based startup developing open-source and managed multicluster solutions for Kubernetes. Adrien is the main author of multicluster-controller, multicluster-service-account, and multicluster-scheduler. Adrien is also a... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.1 G1

15:55

Birds of a Feather: Financial Services User Group - Cheryl Hung, CNCF
This session is open to those interested in running Kubernetes and cloud native platforms in a regulated financial services context.

The CNCF Financial Services User Group (FSUG) is a brand new group of banks, fintech startups and more. The primary aim is to foster interest and engagement from the finance industry to address security, regulatory and compliance related issues when using cloud native platforms. This would include the preparation of agreed best practices for the use of cloud native technologies in a regulated financial services context including interaction with common regulators and auditors.

Full mission statement: https://docs.google.com/document/d/16ml2DunsBNz1eJYeEjXaYbG0ylX_Wbw5LWhbiLNYWkE/edit#


Speakers
avatar for Cheryl Hung

Cheryl Hung

Director of Ecosystem, Cloud Native Computing Foundation
Cheryl Hung is the Director of Ecosystem at the CNCF. Her mission is to increase the adoption of Kubernetes and cloud native by growing the community and advocating for end users. She founded and runs the Cloud Native London meetup. Previously Cheryl spent five years as a C++ engineer... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 C1

15:55

BoF Deep Dive: Chaos Engineering - Sylvain Hellegouarch, ChaosIQ
Can we actually learn in production are we doomed to remain in panic mode?
In this session, we will be exploring how Chaos Engineering can help us learn and improve our production system
by experimenting against it from various angles. We will be using the Open Source Chaos Toolkit
CLI to initially codify our experiments before using the Chaos Platform to schedule them and collaborate on our
learnings.

Speakers


Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 F5

15:55

Intro: Cluster Lifecycle SIG - Lucas Käldström, Independent & Tim St. Clair, VMware
SIG Cluster Lifecycle is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Since the group's formation we have focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience, and building a Cluster API to provide an abstraction of machines across different deployment environments and a common control plane configuration. In this introduction session, we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes' cluster lifecycle management.

Speakers
avatar for Timothy St. Clair

Timothy St. Clair

Senior Staff Engineer, VMware
Timothy St. Clair is a Senior Staff Software Engineer at VMware and is a core contributor to the Kubernetes project, a Steering Committee member, and a lead on SIG-Cluster-Lifecycle. Timothy has worked on the development and integration of various open source distributed systems projects... Read More →
avatar for Lucas Käldström

Lucas Käldström

Student, Contracting
Lucas is a cloud native enthusiast that just graduated from High School. Lucas is serving the Kubernetes community in various lead positions, e.g. as a co-lead for SIG Cluster Lifecycle shepherding kubeadm from inception to GA, porting Kubernetes to multiple platforms and by being... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 E1

15:55

Intro: CNCF Security SIG – Sarah Allen & Jeyappragash Jeyakeerthi, Tetrate.io
CNCF Security SIG representing cross-cutting concerns including authentication, authorization, auditing, policy enforcement, privacy and compliance.  The SAFE WG has transformed into CNCF SIG, and this presentation will share the history of the group, accomplishments, on-going efforts and plans for 2019.

Speakers
avatar for Jeyappragash Jeyakeerthi

Jeyappragash Jeyakeerthi

tetrate.io
Jeyappragash previously built the team and lead the technical roadmap for Twitter's Cloud Infrastructure Management Platform. This platform helps developers manage their services and provides detailed visibility to the infrastructure and the services that use the infrastructures... Read More →
avatar for Sarah Allen

Sarah Allen

Co-chair, CNCF SIG-Security
Sarah was a founding co-chaired the SAFE WG, now renamed to CNCF SIG-Security. She has been worrying about security concerns, since first building Shockwave in the mid-90s (Netscape plug-in and ActiveX control). In early 2000s, she started developing open source as part of the OpenLaszlo... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.1 G2

15:55

Intro: Contributor Experience SIG - Elsie Phillips, Red Hat & Paris Pittman, Google
n this 30 minute session, we will explore the projects we have been working on with Contributor Experience and the future work we have on deck. We will provide an update to the following [projects](https://git.k8s.io/sig-contributor-experience/projects.md) and have information on how to get involved.

Speakers
avatar for Elsie Phillips

Elsie Phillips

Product Marketing Manager, Red Hat
Elsie herds the CoreOS Community and Co-Leads the Kubernetes Contributor Experience SIG. She's a northwest native who got her start in open source working at the Oregon State University Open Source Lab. In her free time she throws wild one woman dance parties and makes a mean vegan... Read More →
avatar for Paris Pittman

Paris Pittman

Kubernetes OSS Strategy, Google
Paris is a Developer Relations Program Manager on Google Cloud's Open Source Strategy team focusing on the Kubernetes Community. She is a co-chair of the special interest group for Contributor Experience and an organizer of Bay Area Kubernetes Meetup with 4,000 members. She has 14... Read More →


Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 E4

15:55

Intro: Dragonfly - Allen Sun & Zuozheng Hu, Alibaba Cloud
As cloud native becomes more and more popular in industry, how to distribute images efficiently and safely is a new challenge for enterprises. Dragonfly is an open source intelligent P2P based image and file distribution system. Its goal is to tackle all distribution problems in cloud native scenarios. Dragonfly focuses on: • Simple: well-defined user-facing API (HTTP), non-invasive to all container engines • Efficient: CDN support, P2P based file distribution to save enterprise bandwidth • Intelligent: host level speed limit, intelligent flow control due to host dection • Secure: block transmission encrytion, HTTPS connection support we will focus on the introduction and live demo of Dragonfly, review and provide solutions for enterprises, including mass distribution, secure transmission, bandwidth cost. Real use cases will be discussed in the session.

Speakers
ZH

Zuozheng Hu

Senior Software Engineer, Alibaba Group
Zuozheng Hu, a Senior Engineer at Alibaba Group, is the founder of dragonfly and the primary member of SRE Team in Alibaba. I have been involved in devops for five years and have very rich experience in this field. At present, I am mainly responsible for the construction of hybrid... Read More →
AS

Allen Sun

Senior Software Engineer, Alibaba Cloud
Allen Sun, a Senior Engineer at Alibaba Group, is currently responsible for the open source construction of the PouchContainer project at Alibaba. I have been involved in cloud computing for over 5 years and is one of the first batch of researchers and practitioners of container technology... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 E5

15:55

Intro: Kubernetes (PM) SIG - Ihor Dvoretskyi, CNCF & Stephen Augustus, VMware
Kubernetes is one of the most high-velocity open source projects in the world, and one of the most unique features of this community project - that it has it's own PM team and PM process. SIG-PM, originally established as a Product Management Group, today covers multiple aspects of Product, Program and Project Management of Kubernetes. In this session, the SIG-PM co-chairs will provide a brief overview of SIG-PM history and basic principles, the areas of interaction with the Kubernetes community, together with the information on how to start contributing to Kubernetes as a PM.

Speakers
avatar for Stephen Augustus

Stephen Augustus

Lead, Cloud Native Developer Strategy, VMware
Stephen Augustus is an active leader in the Kubernetes community. He currently serves as a Special Interest Group Chair (Release, PM), a Release Manager, and a subproject owner for Azure.Stephen leads the Cloud Native Developer Strategy team at VMware, driving meaningful interactions... Read More →
avatar for Ihor Dvoretskyi

Ihor Dvoretskyi

Developer Advocate, Cloud Native Computing Foundation
Ihor Dvoretskyi is a Developer Advocate at Cloud Native Computing Foundation, focused on Kubernetes-related efforts in the open source community.Ihor is a co-founder and co-lead of the Kubernetes Product Management Special Interest Group (SIG-PM), focused on enhancing Kubernetes as... Read More →


Tuesday May 21, 2019 15:55 - 16:30
CC8.27–28

15:55

Intro: Rook - Alexander Trost, Cloudibility & Travis Nielsen, Red Hat
In this talk, we will be introducing the Rook project to attendees of all levels and experience. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. Rook turns storage software into self-managing, self-scaling, and self-healing storage services. It does this by automating deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. We will explore the benefits and use cases of Rook, and we will also walk through the architecture that the project is built on. Rook was accepted as the first storage project hosted by the Cloud Native Computing Foundation in January 2018.

Speakers
avatar for Travis Nielsen

Travis Nielsen

Red Hat, Senior Principal Software Engineer
Travis Nielsen is a Senior Principal Software Engineer at Red Hat where he works on “the future of storage” as part of the Ceph distributed storage system team. Before joining Red Hat, Travis helped found the Rook project as a Principal Software Engineer at Quantum Corporation... Read More →
avatar for Alexander Trost

Alexander Trost

DevOps Engineer, Cloudical Deutschland GmbH
Currently Alexander is working for Cloudical Deutschland GmbH as a DevOps Engineer mostly focused on containerization and the Rook project. He is a Rook maintainer and works on several smaller Golang projects, such as the Dell Hardware Exporter for Prometheus (galexrt/dellhw_exporter... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.1 G3

15:55

Intro: Virtual Kubelet - Ria Bhatia, Microsoft & Anubhav Mishra, HashiCorp
Virtual Kubelet has most recently been accepted into the CNCF as a sandboxed project. In this session we will go through the benefits of the project and the landscape of providers that contribute to VK in the open. We will highlight the HashiCorp Nomad provider and the Azure provider for Azure Container Instances. Folks can expect to learn about three different use-cases for Virtual Kubelet including, burst capacity, abstraction of infrastructure, and translating any APIs into Kubernetes APIs. We hope to spark new ideas, and conversation by bringing up a new way to connect Kubernetes to "any" service or technology.

Speakers
avatar for Ria Bhatia

Ria Bhatia

Program Manager, Microsoft
Ria Bhatia is a Program Manager for Azure within Microsoft. She's been working with the community on different ways to scale in Kubernetes. She actively maintains Virtual Kubelet and has spoken at multiple meetups and conferences, including LinuxCon in Shanghai. She's also helped... Read More →
avatar for Anubhav Mishra

Anubhav Mishra

Developer Advocate, HashiCorp
Anubhav Mishra is a Developer Advocate at HashiCorp. He created Atlantis - An Open Source project that helps teams collaborate on Infrastructure using Terraform. He previously worked at Hootsuite where he built distributed systems and micro service delivery platform. He loves Open... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 E9

15:55

KubeFlow BoF (Birds of a Feather): David Aronchick, Microsoft & Yaron Haviv, Iguazio
Speakers
avatar for David Aronchick

David Aronchick

Program Manager, Microsoft
David leads Open Source Machine Learning Strategy at Azure. This means he spends most of his time helping humans to convince machines to be smarter. He is only moderately successful at this. Previously, David led product management for Kubernetes at Google, launched GKE, and co-founded... Read More →
avatar for Yaron Haviv

Yaron Haviv

CTO, Iguazio
Yaron Haviv is a serial entrepreneur who has deep technological experience in the fields of ML, big data, cloud, storage and networking. Prior to Iguazio, Yaron was the Vice President of Datacenter Solutions at Mellanox, where he led technology innovation, software development and... Read More →


Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 D2

15:55

Using K8s Audit Logs to Secure Your Cluster - Mark Stemm, Sysdig
K8s Audit Logs are a new feature in K8s 1.11/1.13 which allow an operator to see a stream of events from the API server that show the changes being made to your cluster. In this talk, we’ll describe how auditing works and how to get it working it for popular K8s variants. Then we’ll dive into specific security-oriented use cases, showing how you can use audit logs to enforce security best practices, detect misuse, and fill the gap between what you think the cluster is running and what's actually running. Some specific use cases we’ll discuss include misuse of configmaps to hold sensitive data, overly loose permissions on pods/services, and abuse of cluster role bindings that grant too many (or the wrong) permissions. Attendees should come away with the ability to enable K8s Audit Support in their cluster and what to look for in their audit logs to ensure that their cluster is secure.

Speakers
avatar for Mark Stemm

Mark Stemm

Senior Software Engineer, Sysdig
Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. He's worked at Fast Forward Networks on the first generation of internet-based live video broadcasting... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 A1

15:55

Using eBPF to Bring Kubernetes-Aware Security to the Linux Kernel - Dan Wendlandt, Isovalent
eBPF is a powerful Linux kernel technology that has recently become available in mainstream Linux distributions, enabling radically deeper visibility into and control over many aspects of operating system behavior.

In this talk, we will cover the basics of eBPF and then dive into a hands-on exploration of use cases where eBPF-based technologies like Cilium and BCC can enable security visibility and isolation well beyond what is possible with traditional Linux security primitives, Examples include:

1. Auditing the set of syscalls made by users who access pods via "kubectl exec".
2. Network visibility and access control that distinguishes between a sidecar and primary container inside a single pod.
3. API-layer visibility into inter-service connectivity, even if the connection is encrypted using TLS.

Speakers
DW

Dan Wendlandt

CEO, Isovalent
Dan has been a leader in open source networking and security since helping start the Open vSwitch (OVS) project while at Nicira. OVS became the most popular software-defined networking platform for Linux and as part of that work Dan created and acted at the project technical lead... Read More →



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 C2

15:55

Serverless is Interesting But FaaS is Not Enough - Jonas Bonér, Lightbend Inc.
Serverless is interesting because it emphasizes automation of infrastructure, but current Function-as-a-Service implementations are not suited for building general purpose apps. What’s missing is a way to model and manage stateful services. Can we make stateful apps run as if they were stateless?

We’ll investigate the inherent challenges with serving stateful services from a scaling perspective while preserving responsiveness by designing for resilience and elasticity, using Akka—an OSS library for distributed stateful apps—as a concrete example.

We’ll discuss design principles needed to address problems around data consistency, system integrity, and data locality, why they are key to maintain overall system behavior under failure and load and discuss pitfalls and requirements needed to understand when operating the infrastructure fabric—f.e. Knative—which orchestrates the services.

Speakers
avatar for Jonas Bonér

Jonas Bonér

Founder & CTO, Lightbend Inc.
Jonas Bonér is founder and CTO of Lightbend, long-term contributor to Open Source, inventor of the Akka project, initiator and co-author of the Reactive Manifesto, and a Java Champion. Learn more at http://jonasboner.com



Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 F3

15:55

Panel Discussion: Ask Us Anything: Microservices and Service Mesh - Lin Sun, IBM; Jason McGee, IBM; William Morgan, Buoyant; Zack Butcher, Tetrate; and Louis Ryan, Google
Have you heard the buzz around microservices and service mesh lately? With containers becoming the new standard to building microservice based applications for production, users are leveraging service mesh to solve common issues with routing, re-routing for graceful degradation as services fail, secure inter-service communication and rate limiting between services. Join us for a live interactive session where our panel of experts from IBM, Google, Lyft, Linkerd will address your most challenging inquiries around microservice and service mesh!

Moderators
avatar for Lin Sun

Lin Sun

STSM & Master Inventor, Istio, IBM
Lin is an Istio maintainer, a member of the Istio steering committee and technical oversight committee. She is passionate about new technologies and loves to play with them. She is an IBM master inventor, holds 150+ patents issued with USPTO.

Speakers
avatar for Zack Butcher

Zack Butcher

Founding Engineer, Tetrate
Zack is core contributor @IstioMesh and a founding engineer at Tetrate. Prior to Tetrate, he worked at Google as one of the earliest engineers on Istio. Before that he worked on a variety of teams across Google Cloud Platform, focusing on authorization, policy, data retention, and... Read More →
avatar for Jason McGee

Jason McGee

IBM Fellow, VP and CTO, IBM Cloud Platform, IBM
Jason is currently responsible for the IBM Cloud’s platform services, including Kubernetes, Functions, Cloud Foundry, Kafka event streams, Logging, Monitoring, Container Registry, Schematics, Terraform and Activity Tracker. Jason is also responsible for the technical strategy and... Read More →
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist at MITRE... Read More →
avatar for Louis Ryan

Louis Ryan

Principal Software Engineer, Google
Louis Ryan is a Principal Engineer at Google working on APIs and microservices. Prior to working on Istio he co-authored the GRPC spec and ran the infrastructure that supports Google's consumer-facing APIs.


Tuesday May 21, 2019 15:55 - 16:30
Hall 8.0 C4

16:00

16:00

16:30

16:45

Keynote: Welcome Remarks - Janet Kuo, Software Engineer, Google
Speakers
avatar for Janet Kuo

Janet Kuo

Software Engineer, Google
Janet is a Software Engineer for Google Cloud. She's joined the Kubernetes project since before the 1.0 launch in 2015. She is Kubernetes project maintainer, SIG Apps chair, and KubeCon emeritus chair. In her free time, she likes to travel and take photos.


Tuesday May 21, 2019 16:45 - 16:46
Hall 6

16:46

16:51

Keynote: Kubernetes Project Update - Janet Kuo, Software Engineer, Google
Speakers
avatar for Janet Kuo

Janet Kuo

Software Engineer, Google
Janet is a Software Engineer for Google Cloud. She's joined the Kubernetes project since before the 1.0 launch in 2015. She is Kubernetes project maintainer, SIG Apps chair, and KubeCon emeritus chair. In her free time, she likes to travel and take photos.



Tuesday May 21, 2019 16:51 - 17:11
Hall 6

17:13

Sponsored Keynote: Recursive Kubernetes: Cluster API and Clusters as Cattle - Joe Beda, Principal Engineer, VMware
If Kubernetes is the gold standard for managing fleets of applications, what’s the gold standard for managing fleets of Kubernetes clusters? Cluster Lifecycle SIG is taking that challenge head on with Cluster API. Let’s talk about how we improve the upstream experience by bringing declarative APIs to cluster creation, configuration and management.  

Speakers
avatar for Joe Beda

Joe Beda

Principal Engineer, VMware
Doing cloud native stuff at VMware



Tuesday May 21, 2019 17:13 - 17:18
Hall 6

17:20

Keynote: Reperforming a Nobel Prize Discovery on Kubernetes - Ricardo Rocha, Computing Engineer & Lukas Heinrich, Physicist, CERN
Back in 2012, CERN announced one of its most important achievements, the discovery of the Higgs boson leading to the 2013 Nobel Prize in Physics.

In this presentation, we will redo the data analysis that led to it, this time on top of Kubernetes, the new infrastructure stack growing in popularity in the laboratory.

The analysis submission will be done via a jupyter notebook into a small cluster on our private cloud, and both the application and the cluster itself will automatically scale out to exhaust resources - we will detail our setup and deployment decisions on the way. Then we will show how the work being done in the Multicluster SIG helps us define a set of placement and scheduling policies to scale out to external clouds.

 The end result will be a physicist’s dream: a histogram with a spike that back in 2012 indicated the discovery of a new particle.

Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a software engineer at CERN currently part of the CERN cloud team, focusing primarily on networking and container based deployments. Previously he helped develop and deploy several components of the Worldwide LHC Computing Grid, a network of ~200 collaborating sites around... Read More →
avatar for Lukas Heinrich

Lukas Heinrich

Physicist, CERN
Lukas Heinrich is a particle physicist working on the ATLAS Experiment. He focuses on introducing modern cloud computing tools to more systematically search for phenomena beyond the Standard Model of Particle Physics.



Tuesday May 21, 2019 17:20 - 17:40
Hall 6

17:30

17:42

Sponsored Keynote: Expanding the Kubernetes Operator Community - Rob Szumski, Principal Product Manager for OpenShift, Red Hat
Operators enable you run those “tricky” stateful services and complex distributed systems on Kubernetes. Kubernetes Operators are embedded with all of the special knowledge for running an app, from the experts in the open source community, so that every end user doesn’t need to be one. Discover Operators ready to use on your cluster with OperatorHub.io and learn about the tools at your disposal to build, test and ship an Operator.

Speakers
avatar for Rob Szumski

Rob Szumski

Principal Product Manager for OpenShift, Red Hat
Rob Szumski is Principal Product Manager for OpenShift at Red Hat. Focused on product design from open source to commercial offerings, Rob has deep experience in UX, web interfaces, and CLI. Rob likes to experiment with the technology he works on to understand it from both the developer's... Read More →



Tuesday May 21, 2019 17:42 - 17:47
Hall 6

17:49

Keynote: End User Awards - Cheryl Hung, Director of Ecosystem, CNCF
Speakers
avatar for Cheryl Hung

Cheryl Hung

Director of Ecosystem, Cloud Native Computing Foundation
Cheryl Hung is the Director of Ecosystem at the CNCF. Her mission is to increase the adoption of Kubernetes and cloud native by growing the community and advocating for end users. She founded and runs the Cloud Native London meetup. Previously Cheryl spent five years as a C++ engineer... Read More →



Tuesday May 21, 2019 17:49 - 17:59
Hall 6

17:59

Keynote: Closing Remarks - Janet Kuo, Software Engineer, Google
Speakers
avatar for Janet Kuo

Janet Kuo

Software Engineer, Google
Janet is a Software Engineer for Google Cloud. She's joined the Kubernetes project since before the 1.0 launch in 2015. She is Kubernetes project maintainer, SIG Apps chair, and KubeCon emeritus chair. In her free time, she likes to travel and take photos.


Tuesday May 21, 2019 17:59 - 18:00
Hall 6

18:00

18:00

18:00

K8s Boothday Party
Come celebrate Kubernetes' 5th birthday with fellow attendees and sponsors while enjoying food and drinks in the Sponsor Showcase.

Tuesday May 21, 2019 18:00 - 20:00
Sponsor Showcase, Hall 7

18:30

 
Wednesday, May 22
 

06:15

Fun Run – Running/Walking Tour of Barcelona (RSVP Required - Link in Description)
Time: Meet at 06:15, the run/walk will go from 06:30 - 08:00. The run should take 45 minutes to 1 hour to complete. All paces are welcome!  

Location: Meet at the HotelPorta Fira at 06:15 to form pace groups for a 06:30 start!

We are pleased to offer a complimentary Running/Walking Tour during KubeCon + CloudNativeCon Europe 2019 in Barcelona, Spain. We have planned a scenic run around the downtown and the Montjuic Mountain areas. This will be the perfect way to wake up and get your energy going for the day.

Sign up now! Registration closes at 23:59 (CET) on Friday, May 17.
                                    
Regular running is linked to a myriad of health benefits, can help people lose weight, and improve mood and self-esteem. The experience can be quite spiritual, especially when running early in the morning. There’s something magical about being up before the rest of the world, taking special time for yourself to boost your health and energize yourself for the day ahead.
                        
A morning run is a much easier commitment, are rarely dark or too hot and can give you an early- morning energy buzz. Running burns more calories than most exercises, it can lower stress and improve mood.

Wednesday May 22, 2019 06:15 - 08:00
Porta Fira Plaza Europa, 45 - 08908 - Hospitalet de Llobregat, provincia

07:15

07:30

The New Stack Pancake Breakfast, Sponsored by VMware
Service mesh has arguably been the hottest topic in the open source and cloud native communities over the past two years. KubeCon+CloudNativeCon Europe 2019 continues the enthusiasm with close to 20 sessions and talks about service mesh this week. At this breakfast our panel of experts will discuss the latest service mesh technology developments, lessons learned and best practices for adopting service mesh, challenges and opportunities that lie ahead for Istio and Envoy open source projects, and what’s next for service mesh in the coming year.

Moderators
avatar for Joab Jackson

Joab Jackson

Reporter, The New Stack
avatar for Alex Williams

Alex Williams

Founder & Editor-in-Chief, The New Stack

Speakers
avatar for Pere Monclus

Pere Monclus

CTO, Network & Security, VMware


Wednesday May 22, 2019 07:30 - 08:45
Hall 8.0 D1

08:00

Welcome Coffee
Wednesday May 22, 2019 08:00 - 09:00
Link Hall 6/7 Foyer space between Hall 6 & 7

08:00

Quiet Room
All attendees may feel free to use the Quiet Room as needed. It is a physical space where conversation and interaction are not allowed, where attendees can go if for any reason they can’t interact with other attendees at that time.

Wednesday May 22, 2019 08:00 - 17:20
CC8.30, Hall 8.1

09:00

09:05

Keynote: How Spotify Accidentally Deleted All its Kube Clusters with No User Impact - David Xia, Infrastructure Engineer, Spotify
During Spotify's Kubernetes migration, David's team deleted most of their production Kubernetes clusters. Accidentally. Twice. With little to no user impact. David shares how they recovered and learned to operate many clusters automatically and safely.

In 2017, Spotify planned the migration of hundreds of teams, thousands of services, and tens of thousands of hosts to Google Kubernetes Engine (GKE). In the last half of 2018, Spotify migrated 50 teams and hundreds of services, including critical ones, onto multiple production clusters.

 David describes what led to the cluster deletions and how they barely affected users. Since the postmortem, Spotify has minimized downtime and human error by declaratively defining clusters in code with Terraform, backing up and restoring clusters with Ark, and increasing scalability and availability by running many more clusters.

Speakers
avatar for David Xia

David Xia

Infrastructure Engineer, Spotify
David Xia is an infrastructure engineer at Spotify who works on deployment tooling. His team is currently upgrading Spotify’s infrastructure to use Kubernetes. Previously, David helped build Spotify’s in-house Docker tools and platforms. He dreams of a more livable and just world... Read More →



Wednesday May 22, 2019 09:05 - 09:25
Hall 6

09:27

Sponsored Keynote: Building a Bigger Tent: Cloud Native, Cultural Change and Complexity - Bob Quillin, VP Developer Relations, Oracle Cloud
The Cloud Native ecosystem continues to expand dramatically but many enterprises and traditional development teams are being left behind. The top two issues facing our industry are cultural change for developers and complexity – thus we need to find ways to build a bigger cloud native tent that is more inclusive of modern and traditional applications, cloud and on-premises users. This keynote focuses on the challenges and opportunities to create a more inclusive, sustainable cloud native
community.


Speakers
avatar for Bob Quillin

Bob Quillin

VP Developer Relations, Oracle Cloud
As Vice President of Developer Relations for Oracle Cloud Infrastructure (OCI), Bob Quillin leads OCI developer relations, advocacy, engagement, and lighthouse customer adoption. Bob joined Oracle as part of the StackEngine acquisition by Oracle in December 2015, where he was co-founder... Read More →



Wednesday May 22, 2019 09:27 - 09:32
Hall 6

09:34

Keynote: A Journey to a Centralized, Globally Distributed Platform – Katie Gamanji, Cloud Platform Engineer, Condé Nast International
For over a century Condé Nast International has set the benchmark for print and digital publishing. With brands like Vogue, GQ, Wired, Condé Nast Traveller under our umbrella we are operating in more than 12 markets across different geographies, including Russia and China. Whilst serving content to million of customers daily (220m unique users per month), it has become paramount to have a scalable, fault tolerant and highly available infrastructure, combined with a robust delivery process. Originating with a fragment technological ladscape, Condé Nast International is progressing with a remarkable project to embrace cloud native principles and deliver a centralized, globally distributed platform that will further emancipate our international teams.

This talk aims to highlight Condé Nast International's journey to deliver a multi-cluster distributed Kubernetes platform, with a centralized management mechanism and self-service CI/CD process.

Speakers
avatar for Katie Gamanji

Katie Gamanji

Cloud Platform Engineer, Condé Nast



Wednesday May 22, 2019 09:34 - 09:49
Hall 6

09:51

Sponsored Keynote: What I Learned Running 10,000+ Kubernetes Clusters - Jason McGee, IBM Fellow, IBM
After years of running Kubernetes, I've learned a few things about scale. When you have one cluster, you can manage it by hand. For 2-10 clusters, familiar tools work OK. But for more than 10, it's time for help. In my Kubernetes journey, I've seen stable tools fail under pressure. Even with good intentions, developers can throw a wrench into ideal consistent ops. This keynote covers how to scale to thousands of clusters worldwide. You'll also hear why observability for every cluster change is critical. And don't forget about policy enforcement for cluster declarations. Bonus! A demo of Open Razee (a new open source project) shows how you can control and scale daily cluster updates.

Speakers
avatar for Jason McGee

Jason McGee

IBM Fellow, VP and CTO, IBM Cloud Platform, IBM
Jason is currently responsible for the IBM Cloud’s platform services, including Kubernetes, Functions, Cloud Foundry, Kafka event streams, Logging, Monitoring, Container Registry, Schematics, Terraform and Activity Tracker. Jason is also responsible for the technical strategy and... Read More →



Wednesday May 22, 2019 09:51 - 09:56
Hall 6

09:58

Keynote: Debunking the Myth: Kubernetes Storage is Hard - Saad Ali, Senior Software Engineer, Google
We often hear “Storage on Kubernetes is hard” or “Don’t deploy stateful applications on Kubernetes!” Is there any truth to these statements? In this talk I separate fact from fiction.

Storage on Kubernetes can mean a lot of things. First I will start by separating three layers: 1) consuming block and file storage from a pod running in Kubernetes, 2) deploying a stateful app (like a database) on Kubernetes using storage and workload primitives, and 3) deploying a software defined storage system on top of Kubernetes to provide block or file storage. Each of these areas has a different set of challenges that are often conflated to make storage on Kubernetes appear much harder than it is.

 After separating these layers, I will help you understand what the challenges are with each of them, and how you work around them to effectively deploy stateful applications on Kubernetes.

Speakers
avatar for Saad Ali

Saad Ali

Staff Software Engineer, Google
Saad Ali is a staff software engineer at Google where he works on the open-source Kubernetes project. He joined the project in December 2014, and has led the development of the Kubernetes storage and volume subsystem. He serves as a lead of the Kubernetes Storage SIG, and is co-author... Read More →



Wednesday May 22, 2019 09:58 - 10:18
Hall 6

10:18

10:20

Coffee Break
Halal, Kosher, & Lactose, and Gluten-Free Request:  If you have requested a Halal, Kosher, Gluten or Lactose-Free meal, you will pick up your request from the Specialty Diet Pick Up Points. For all breaks, please pick up your specialty meal from the Hall 7 pick up points.  If you have any questions, please ask a member of the LF team.

Wednesday May 22, 2019 10:20 - 11:05
Sponsor Showcase, Hall 7

10:20

Sponsor Showcase
Visit with sponsors, network with fellow attendees and enjoy food & drinks in the Sponsor Showcase.

Wednesday May 22, 2019 10:20 - 17:00
Sponsor Showcase, Hall 7

10:30

11:00

11:05

Create Visually Compelling Developer Experiences for Kubernetes on VS Code - Ivan Towlson & Ralph Squillace, Microsoft
Great command-line developer tools are widely available for the Kubernetes ecosystem, but fabulous visual developer environments are coming along more slowly, hindering uptake among application developers who are new to container orchestration or who prefer visually rich development environments.
This session will show how to build upon the free Kubernetes extension for the open-source Visual Studio Code (VS Code) editor to provide your own custom, developer-oriented experience for use with any kind of Kubernetes cluster.
We’ll show how you add to the behaviors and views in the VS Code k8s extension and demonstrate several different extensions built on it, each illustrating a different way to make Kubernetes application development easier, faster, and more effective for an ever-wider array of developers. You’ll leave empowered to create your own new visual experiences for Kubernetes.

Speakers
avatar for Ralph Squillace

Ralph Squillace

Principal Program Manager, Microsoft
Ralph Squillace is a Principal Program Manager for Microsoft, helping the team supporting Helm, Draft, Brigade, CNAB, and the Visual Studio Code Kubernetes extension in the Cloud Compute Team. He's worked in distributed computing for far too many years, and it shows. He's presented... Read More →
avatar for Ivan Towlson

Ivan Towlson

Principal Software Engineer, Microsoft
Ivan Towlson is the maintainer of Visual Studio Code extensions for Kubernetes, Helm and Duffle. He is an engineer at Microsoft focusing on cloud native developer tools and experience, and previously worked on projects from 3D rendering in the cloud to civil engineering software on... Read More →


Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 B3

11:05

How We Used Kubernetes to Host a Capture the Flag (CTF) - Ariel Zelivansky & Liron Levin, Twistlock
CTF competitions are now commonly used for cybersecurity education purposes, and are solved by many enthusiast researchers looking for a challenge. In Twistlock, we decided to host an online CTF competition with unique challenges that required a live, dedicated persistent machine, for each participant. Using Kubernetes, we managed to successfully host the challenge, publicly open, without sacrificing the security of our infrastructure.

We will discuss:
Introduction to the CTF and why we choose to run it on Kubernetes
Attack vectors for giving users untrusted shells to pods
Container isolation technologies such as gvisor and network policies.
Patterns for dynamically scaling pods and routes for new CTF participates

In the end, attendees will learn the security building blocks of Kubernetes, and how it can be used for non conventional purposes such as hosting a one time live challenge.

Speakers
avatar for Liron Levin

Liron Levin

Chief software architect, Palo alto networks
Liron is the Chief Software Architect at Twistlock, where he focus on scaling, engineering methodologies and security . Before that, he worked as a tech lead at Microsoft on cloud computing and machine learning projects. He is an active contributor to popular open source go projects... Read More →
avatar for Ariel Zelivansky

Ariel Zelivansky

Security Research Team Lead, Palo Alto Networks
Ariel Zelivansky is a security researcher and the head of Twistlock's research team, dealing with hacking and securing anything related to containers.



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 F1

11:05

Navigating the Cloud Native Community for End Users - Cheryl Hung, CNCF
As Director of Ecosystem at the CNCF, my mission is to foster the End User community, ensure end users' voices are well represented and ultimately, that organizations can adopt cloud native successfully.

Through 45 interviews conducted in December 2018, I found that end users face three broad challenges:

* Solving an immediate technical need
* Growing an engineering team
* Building business strategy around cloud native

I will describe how to overcome these challenges with the help of the CNCF, and the CNCF's strategy for end users in 2019.

Attendees will learn how to participate in and contribute to the cloud native community, and how to be good open source citizens.

Speakers
avatar for Cheryl Hung

Cheryl Hung

Director of Ecosystem, Cloud Native Computing Foundation
Cheryl Hung is the Director of Ecosystem at the CNCF. Her mission is to increase the adoption of Kubernetes and cloud native by growing the community and advocating for end users. She founded and runs the Cloud Native London meetup. Previously Cheryl spent five years as a C++ engineer... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 D4

11:05

OpenAPI Specs – Towards Native User Experience of CRDs - Stefan Schimanski, Red Hat
Whenever kubectl creates or changes resources, OpenAPI is involved in the background. OpenAPI is a core technology for client-side validation, docs (kubectl explain), intelligent Kubernetes manifest completion in IDEs and the starting point for client generation in other languages than Go.

With 1.14, we start publishing OpenAPI specs for CRDs, kubectl explain for CRDs will start working. Providers of CRDs will want to create OpenAPI specs for their resources for a native user experience.

The talk will cover:
- Intro to OpenAPI specs
- CRD validation using OpenAPI
- OpenAPI based client generation
- Typical Kubernetes API patterns expressed in OpenAPI
- Towards a standard openapi-spec-gen to extract specs from Golang types
- Expressivity and limits of OpenAPI

Stefan is a core contributor to API machinery, client-go and CRDs, and maintainers of the OpenAPI code in Kubernetes.

Speakers
avatar for Stefan Schimanski

Stefan Schimanski

Prinicpal Software Engineer, Red Hat
Stefan is a Principal Software Developer at Red Hat working on Kubernetes and OpenShift, with a focus on API machinery, extension points and developer tools as part of Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.1 G1

11:05

GPU Machine Learning From Laptop to Cloud - Mark Puddick, Pivotal
In this session Mark will talk about how to setup and build containers to run GPU accelerated Machine Learning workloads on your laptop and move these easily to cloud. The session will cover setting up a local GPU accelerated environment, which can be great for testing on smaller data, then moving this over to run on larger sets in the cloud. Although the concepts in this session will focus on Python and Kersas workloads this can easily be applied to other machine learning technologies.

Speakers
avatar for Mark Puddick

Mark Puddick

Advisory Platform Architect, Pivotal
Mark is a technologist with over 20 years experience in architecting and engineering software at the leading edge of technology. Currently working as a Platform Architect at Pivotal, he has spent a large part of his career building software and now spends his time working with infrastructure... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 C2

11:05

Deep Dive: CNCF CI - Lucina Stricko & Denver Williams, Vulk Coop & CNCF
The CNCF CI status dashboard -- cncf.ci -- provides a third party validation of builds, deployments and end-to-end testing for CNCF’s Graduated and Incubating projects. CNCF welcomed Arm as Gold member in February 2019. The cncf.ci dashboard helps ensure that Kubernetes and other CNCF-hosted projects run well on Arm-based platforms. Attendees will leave this deep dive with an understanding of how the cncf.ci dashboard builds and tests projects on Arm and x86 architectures.

Speakers
avatar for Lucina Stricko

Lucina Stricko

Partner / Product Manager, Vulk Coop
Lucina Stricko is a co-owner at Vulk Co-operative (vulk.coop) and Product Owner of the CNCF CI Status Dashboard (cncf.ci). Lucina uses her Certified Scrum Product Owner knowledge and empathy to combine features, priorities, and project plans to best serve the end user. When Lucina’s... Read More →
DW

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 E4

11:05

Deep Dive: CNCF Security SIG – Justin Cappos, New York University & Zhipeng Huang, Huawei
CNCF Security SIG representing cross-cutting concerns including authentication, authorization, auditing, policy enforcement, privacy and compliance.  This session will present the state of cloud native authentication, authorization, policy controls and verification, highlighting CNCF projects that can help reduce risks for cloud native deployments and the ecosystem of tools and services.

Speakers
avatar for Zhipeng Huang

Zhipeng Huang

Principle Engineer, Huawei
Zhipeng Huang currently serve as open source operation manager for Huawei. Zhipeng have been involved with various major open source communities and is now the PTL of OpenStack Cyborg project, co-chair of OpenStack Public Cloud WG, and co-lead of the Kubernetes Policy WG.Zhipeng Huang... Read More →
avatar for Justin Cappos

Justin Cappos

Professor, NYU
Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →



Wednesday May 22, 2019 11:05 - 11:40
CC7.1

11:05

Deep Dive: Kubernetes (Release) SIG - Tim Pepper & Stephen Augustus, VMware
Kubernetes is built through a motley collection of tools used in parallel and redundant ways on different cadences by a decentralized, global developer community. This runs counter to the established quality software engineering practice of a constantly exercised single build/test/release workflow. Our Release Engineering subproject aspires to a unified, deterministic, reproducible, verifiable build system used continually for dev/test as well as periodic official releases. In this SIG Release Deep Dive session we will briefly discuss the history of release engineering in Kubernetes and the build tooling and workflows present today, and then move on to our plans and progress towards commonizing build tooling and workflows, the positive benefits we expect will come in the next few release cycles from this effort, and how you can engage to better the future of Kubernetes.

Speakers
avatar for Stephen Augustus

Stephen Augustus

Lead, Cloud Native Developer Strategy, VMware
Stephen Augustus is an active leader in the Kubernetes community. He currently serves as a Special Interest Group Chair (Release, PM), a Release Manager, and a subproject owner for Azure.Stephen leads the Cloud Native Developer Strategy team at VMware, driving meaningful interactions... Read More →
avatar for Tim Pepper

Tim Pepper

Software Engineer, VMware
Tim is a Senior Staff Engineer in VMware's Open Source Technology Center with over 20 years in open source. He works as an open source developer advocate and contributor to Kubernetes (SIG Release chair; WG LTS organizer). Prior work includes Linux kernel/drivers/distributions, software... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 E9

11:05

Deep Dive: Open Policy Agent - Torin Sandall & Tim Hinrichs, Styra
Come to this session to hear from Tim Hinrichs and Torin Sandall, the co-creators of the OPA project. This session will provide a quick overview of OPA and then dive into recent developments and plans for the future. If you want to learn more about OPA or get involved, this session is for you!

Speakers
avatar for Tim Hinrichs

Tim Hinrichs

CTO, Styra
Tim Hinrichs is the CTO and Co-founder of Styra. For the last 15 years, he designed and built policy languages across different domains, most recently the CNCF Open Policy Agent and prior to that OpenStack Congress. Before Styra he worked as a software developer at VMware on Nicira's... Read More →
TS

Torin Sandall

Software Engineer, Styra



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.1 G3

11:05

Intro: Auth SIG - Mo Khan, Red Hat & Mike Danese, Google
We will present a high level overview of the SIG with an emphasis on recent accomplishments. Furthermore we will discuss immediate goals for the next few releases to help prospective individuals understand where they can get involved. This structure of presentation is similar to what we did in KubeCon NA 2018 - we received generally positive feedback from the community members.

Speakers
avatar for Mike Danese

Mike Danese

Software Engineer, Google
Mike is a software engineer at Google. He has worked on Kubernetes and GKE for over four years and is currently the lead of the GKE Identity Team. He is a chair and TL of the Kubernetes Auth Special Interest Group. He develops and maintains authentication infrastructure in Kubernetes... Read More →
avatar for Mo Khan

Mo Khan

Software Engineer, VMware
Mo Khan currently serves as a chair for Kubernetes SIG Auth and has made contributions to SIG API Machinery.


Wednesday May 22, 2019 11:05 - 11:40
CC8.27–28

11:05

Intro: Envoy - Lizan Zhou, Tetrate
Envoy is a high-performance proxy in the cloud-native landscape designed to be extensible at its core. There are several possible “extension points” in Envoy as outlined in https://github.com/envoyproxy/envoy/tree/master/source/extensions. However, the currently available approaches to extend it is rather limited. Since Envoy is written in C++, the primary way to introduce new extended functionality in Envoy is by writing an extension (e.g. filters, either network or HTTP filter, as one of the most relevant use-cases in Envoy), in C++. It is possible to write an extension for Envoy using Lua (https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/lua_filter.html), but the current scope of this extension is only for HTTP traffic.

Speakers
LZ

Lizan Zhou

Software Engineer, Tetrate
Lizan Zhou is a Founding Engineer at Tetrate leading traffic management. He is a senior maintainer of Envoy and one of core contributors of Istio. Previously he was working at Google Cloud, during his time at Google he worked on security and networking on Istio and Cloud Endpoints... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 E5

11:05

Intro: Vitess - Sugu Sougoumarane & Deepthi Sigireddi, PlanetScale
This session will cover a high level overview of all the Vitess features. Following this, we'll go over a tutorial on how to bring up a fully functional Vitess cluster in Kubernetes. Once up, we'll go through the steps to reshard the database while it's serving live traffic. Following this, we'll demonstrate the newest and most exciting feature of Vitess: VReplication, which allows you to materialize sharded views and rollups in real-time.

Speakers
avatar for Deepthi Sigireddi

Deepthi Sigireddi

Software Engineer, Planetscale, Inc.
Deepthi is a Software Engineer at PlanetScale, where she focuses on support and new feature development for Vitess, a CNCF project. She is an active Vitess maintainer who loves to talk about how technology is changing the world.
avatar for Sugu Sougoumarane

Sugu Sougoumarane

CTO, PlanetScale
Sugu is CTO at PlanetScale. He is also the lead developer and community leader of the Vitess open source project which he co-created at Youtube in 2010. Vitess has helped multiple companies scale MySQL massively. Prior to Vitess, he worked on various scaling and infrastructure projects... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 E1

11:05

Building HA Multi-Cloud Clusters Using WireGuard as a Network Overlay - Lucas Servén Marín, Red Hat
Kubernetes abstracts away infrastructure, enabling the community to leverage a single, powerful interface anywhere we like, from bare-metal to public clouds like AWS or GCP. However, not all infrastructure is alike: some clouds do not provide GPUs, while others do not offer data-centers in certain regions. As a result, users often have to choose between running their entire workload on a single cloud provider or region, and managing multiple clusters in different clouds. In this presentation, Lucas Servén explains how to solve this issue at the network level and create a single cluster that spans cloud providers and regions, facilitating high availability and avoiding lock-in, by using WireGuard as a network overlay.

Speakers
LS

Lucas Serven

Senior Software Engineer, Red Hat
I am a Spanish software engineer currently working for Red Hat in Berlin. By trade I am an electrical engineer, with a Masters in robotics. After two years at CoreOS, I joined Red Hat where I work on Prometheus. Outside of work, I am passionate about deep learning and hack on machine... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 F3

11:05

M3 and Prometheus, Monitoring at Planet Scale for Everyone - Rob Skillington, Uber
For the past few years Prometheus has solved the monitoring needs of many and it is exceptional at what it does. Prometheus has exploded in popularity and now many wish to store more metrics, at longer retention and establish a single pane of glass on top of Prometheus for their monitoring needs across regions.

M3 is an open source metrics platform that you can deploy and run using Kubernetes and Helm that integrates with Prometheus. It can store petabytes of metrics data with replication for high availability in a cost efficient manner, with compaction averse time series storage and index that can efficiently index and run dimension based regexp queries on billions of metrics.

Using a real world example we will cover in this talk how to deploy M3Coordinator and M3DB using the M3 Kubernetes operator and connect your Prometheus instances together into a single global monitoring system.

Speakers
RS

Rob Skillington

Staff Software Engineer, Uber
Rob helps run computers at Uber and leads the development of the open source metrics platform M3. He is the creator of M3DB, the time series database built for M3 to scale to the needs of Uber's ever growing metrics footprint, now more than ten billion metrics. He is also a member... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 A1

11:05

Restart-Free Vertical Scaling for Kubernetes Pods - Vinay Kulkarni, Futurewei
Currently, vertical scaling of Kubernetes pod CPU or memory resources requires pod restarts. This is disruptive to services, and expensive for long-running applications or jobs. It is very important to have the ability to scale pod resources without restarts.

In this talk, Vinay and Peng will present a design for restart-free scaling of pod resources, with container restart as a policy-controlled choice rather than a necessity. They will illustrate a customer use case, a gene-sequencing application where pod restart is expensive. They will go over the changes to Kubernetes components that made this feature possible. They will discuss how they addressed some unique challenges such as multiple scheduler race conditions, and respecting pod disruption budget if pod restart is needed. They will talk about how failures are handled via smart retries, and conclude with a demo.

Speakers
avatar for Vinay Kulkarni

Vinay Kulkarni

Sr. Architect, Futurewei
Vinay works as Senior Lead Architect, Cloud BU in the Seattle Research Center of Futurewei R&D Labs. He contributes to the advancement of Kubernetes cluster resource management, container runtime, and K8s networking areas. Before Futurewei, Vinay worked for VMware, contributing to... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 C1

11:05

Zero Trust Service Mesh with Calico, SPIRE, and Envoy - Shaun Crampton, Tigera & Evan Gilman, Scytale
The promise of a service mesh is to be able to delegate the hard networking problems to a uniform set of proxies and controllers. An extremely important networking problem is securing traffic within the mesh. Service meshes based on the Envoy proxy are very popular and there is a large diversity of implementations, including many home-grown solutions that focus on routing but may not include security. Shaun and Evan will demonstrate how to enhance your service mesh to follow the Zero Trust network security model using SPIRE and Calico.

A Zero Trust Network emphasizes resilience to compromised services, hosts, and the network itself by treating every network connection as potentially hostile. Secure connections are established only when backed by strong cryptographic identity and approved by fine grained policies---provided by SPIRE and Calico respectively.

Speakers
avatar for Evan Gilman

Evan Gilman

Engineer, Scytale
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author... Read More →
avatar for Shaun Crampton

Shaun Crampton

Senior Software Engineer, Tigera
Shaun is a Senior Software Engineer at Tigera, working as a core developer on Project Calico. Before joining the Tigera team, Shaun worked on a number of Software Defined Networking products and cloud scale applications. He holds a BA in Computer Science from Cambridge University... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 B1

11:05

Accelerating the Journey of an AI Algorithm to Production with OpenFaaS - Joost Noppen, BT PLC & Alex Ellis, OpenFaaS Ltd
At BT it used to take us 2-3 years to get from a research idea to an AI algorithm that can be consumed by an end-user in production. We needed to reduce the risk and the investment required to bring our products to market and get essential feedback.
We addressed three key areas to improve: having a diverse range of developer skills amongst us researchers, a lack of modern packaging & CI/CD practice, a need for a cloud-native model to shrink-wrap and run our code in production at scale.
Our journey lead us to Serverless Functions, come to our talk to hear how we implemented our pipeline for development and deployment of AI algorithms using OpenFaaS. We can now ship to production in just two months improving the rate of delivery by 90%.
The talk will also cover how BT built their platform using the UNIX-like primitives made available through the OpenFaaS eco-system and include a live demo.

Speakers
avatar for Alex Ellis

Alex Ellis

Founder, OpenFaaS Ltd
Alex is a respected expert on serverless and cloud native computing. He founded OpenFaaS, one of the most popular open-source serverless projects, where he has built the community via writing, speaking, and extensive personal engagement. As a consultant and CNCF Ambassador, he helps... Read More →
avatar for Joost Noppen

Joost Noppen

Principal Researcher, BT PLC
Joost Noppen is a Principal Researcher, Software at BT Technology and brings an end-user perspective with many years of research experience and execution in academia and enterprise. His work centres on streamlining development practice in a highly dynamic organisation, with a primary... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 F5

11:05

JustFootball’s Journey to gRPC + Linkerd in Production - Ben Lambert, JustFootball & Kevin Lingerfelt, Buoyant
Ben (Just Football) will talk about their journey with Kubernetes and microservices from the world of HTTP/1.1 to HTTP/2.0 and gRPC. He will talk about the reasons for moving, and the best practices Just Football adopted for using gRPC in production, including monitoring + design decisions and distribution of gRPC proto + clients. Kevin (Buoyant) will cover how Linkerd provides Just Football with observability and load balancing for their gRPC services. He'll also describe how the Linkerd project itself employs multiple gRPC features to facilitate robust communication between its control plane and its data plane.

Speakers
avatar for Ben Lambert

Ben Lambert

CTO, Just Football
Ben Lambert is the CTO of Just Football. A Stockholm based startup creating a game to get more active and playing more football. Originally from the UK, Ben worked as a Senior Developer for BBC Sport, where he helped create a platform which enabled BBC Sport (and now most of the BBC... Read More →
avatar for Kevin Lingerfelt

Kevin Lingerfelt

Software Engineer, Buoyant
Kevin Lingerfelt is a software engineer at Buoyant and a core contributor to the Linkerd project, focusing mostly on the control plane, which is written in Go. Prior to working at Buoyant, Kevin was a senior staff software engineer at Twitter, working on infrastructure and decomposition... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 C4

11:05

Data Without Borders - Using Rook Storage Orchestration at a Global Scale - Jared Watts, Upbound
The Rook project has established robust and reliable patterns for orchestrating storage systems running on-top of Kubernetes clusters. However, storage systems often need to extend beyond a single cluster to provide data to end users in many different locations. How can these globally distributed storage systems best be orchestrated and managed to meet the needs of their users on a global scale?

In this talk, we will examine the key concepts of storage orchestration for cloud native applications in multicloud environments, as well as the major benefits of these types of deployments. We will learn about the challenges that arise and best practices to address them, such as replication, mirroring, snapshots, and disaster recovery. All of these lessons will be in the context of the Rook project, including a live demonstration of storage orchestration on a global scale.

Speakers
avatar for Jared Watts

Jared Watts

Founding Engineer, Upbound
Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by "freeing the cloud". He is also a senior maintainer for the open source Rook (https://rook.io/) and Crossplane (https://crossplane.io/) projects. Prior to Upbound, Jared worked... Read More →



Wednesday May 22, 2019 11:05 - 11:40
Hall 8.0 D2

11:05

Intro + Deep Dive: CNCF Storage WG - Alex Chircop, StorageOS
The CNCF Storage Working Group and SIG collaborates to explore and understand
how different storage technologies are used in cloud-native environments. Topics include block stores, file systems, object stores, key-value stores and databases, amongst others. Different
architectural approaches (centralized, distributed, sharded etc) are compared in terms of key attributes like availability, scalability, performance, data consistency, durability, fault tolerance, ease of
development and operational complexity.

In the intro we'll provide an overview of the work currently underway and on the roadmap. You'll get the meet the people leading these efforts, and find out how best to get involved and contribute.
We also welcome any other input you might have related to cloud-native storage.

Then we'll dive deeper! We'll present our work thus far, and host detailed discussions around the findings of our recent end-user surveys covering how cloud native storage is approached in the real world, including some representative successes and failures. Our hope is that others can learn from, and expand upon those experiences.

Speakers
avatar for Alex Chircop

Alex Chircop

Founder and CTO, StorageOS
Alex is a founder and CTO of StorageOS, building software defined solutions for cloud native environments. Alex is also a co-chair of the CNCF Storage SIG. Before embarking on the startup adventure he spent over 25 years engineering infrastructure platforms for companies like... Read More →


Wednesday May 22, 2019 11:05 - 12:30
Hall 8.1 G2

11:55

Build a Kubernetes Based Cloud Native Storage Solution From Scratch - Sheng Yang, Rancher Labs
When it comes to cloud-native and container-ready storage, most industry discussions focus on how to make existing storage systems work with Kubernetes/Docker. But the rapid development of SSD technology, along with container and Kubernetes, make it possible to create a more elegant solution from scratch, compared to the storage technologies exist tens of years ago.

So they have created a storage solution based on Kubernetes.

In Longhorn, control flow is driven by Kubernetes's controller model; deployment is done using Kubernetes workload; HA is backed by Kubernetes's HA capability. Though sometimes it's easy to say than done. As a result, lots of insights were gained on how to write an application based on Kubernetes. In this talk, Sheng Yang will give a talk about the experience and insights he has gained as a part of building a Cloud Native storage solution on Kubernetes.

Speakers
avatar for Sheng Yang

Sheng Yang

Software Architect, Rancher Labs
Sheng Yang is a Software Architect at Rancher Labs. He currently leads Project Longhorn, Rancher's open source Cloud Native distributed block storage solution. Before Rancher Labs, he joined Citrix through the Cloud.com acquisition, where he worked on CloudStack project and CloudPlatform... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.1 G1

11:55

The Story of Why We Migrate to gRPC and How We Go About It - Matthias Grüter, Spotify
At Spotify, we have historically built services based on our own proprietary messaging protocol and framework. Last year we finally kicked off the daunting multi-year task of migrating everything to gRPC.

Migrating over 1000 services to gRPC poses interesting challenges, many of them are not only technical in nature: they boil down to questions of engineering culture and leadership at scale: How do you get 200 autonomous engineering teams to align on something as fundamental and cross-cutting as a new RPC framework? How do you roll-out gRPC at scale whit minimal disruption to both the organization and to the end-user?

This presentation will address these questions alongside more technical discussions of advanced gRPC concepts such as interceptors, deadlines, and effective schema management and how they are essential in large distributed systems.

Speakers
avatar for Matthias Grüter

Matthias Grüter

Engineering Manager, Spotify
Matthias works as an engineering manager in Spotify's infrastructure and operations group.His team is driving the exciting process of transitioning Spotify's backend to cloud-native technologies such as Kubernetes, gRPC and services meshes. As a manager by trade and engineer by heart... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 B3

11:55

Merging Quickly in a Cloud Native World - Lucas Roesler, Contiamo
You are really excited by a new project, you have a great idea to contribute, you click submit ... and wait. The latest StackOverflow community report states that 80% of surveyed developers are coding in their free time but only 44% are contributing to open source projects. While this number seems good, can we do better? How can we ensure that both contributors and maintainers enjoy and benefit from participating?

In this presentation Lucas goes behind the scenes of the OpenFaaS project to share his knowledge from contributing to OpenFaaS and becoming a core contributor. We will walk through the standard git flow to understand what the maintainers of a large open-source project are looking for in new contributions, what we are doing to improve the experience, what the Kubernetes community at large is working on to help, and what you can do to get your pull request merged more quickly.

Speakers
avatar for Lucas Roesler

Lucas Roesler

Contiamo
Lucas Roesler is a Software Architect and Team Lead at Contiamo where he focuses on how cloud-native technologies can empower data scientists. In his free time he is a Core Contributor to OpenFaaS. He is the 2nd overall contributor to OpenFaaS https://kenfdev.o6s.io/github-stats-page... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 D4

11:55

Resize Your Pods w/o Disruptions aka How to Have a Cake and Eat a Cake - Karol Gołąb & Beata Skiba, Google
Whether you’re using Vertical Pod Autoscaler or controlling Pod resources on your own, one thing is certain: applying new settings is disruptive as it requires Pods to be killed and recreated.
Why should you change those setting you might ask?
Stale settings, incompatible with your current load, might cause CPU starvation and Out Of Memory events or hinder cluster utilization.

In this talk we’ll present In-Place Resources Update (planned) feature which allows changing Pod resources on the fly, without restarting the Pod or its containers. This way you can have the best of two worlds: up-to-date resource settings and stable workloads.

You’ll learn the whys and hows of this feature, including how various core components like scheduler, kubelet or admission plugins are involved. We’ll also show the avenues it opens due to significantly lower cost of applying new resource settings.

Speakers
KG

Karol Gołąb

Software Engineer, Google
Karol is a software engineer at Google. He's been working on various autoscaling features for around a year, his current focus concentrating on and around Vertical Pod Autoscaling.
avatar for Beata Skiba

Beata Skiba

Software Engineer, Google
Beata is a Software Engineer at Google and has been working on Kubernetes autoscaling for the last 2 years, contributing to Cluster Autoscaling and Horizontal Pod Autoscaling with her current focus on Vertical Pod Autoscaling which she has been instrumental in graduating to Beta... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 F3

11:55

Towards Kubeflow 1.0, Bringing a Cloud Native Platform For ML to Kubernetes - David Aronchick, Microsoft & Jeremy Lewi, Google
In December of 2017, a small number of folks from a handful of companies introduced Kubeflow; an open, cloud native platform for machine learning. The project has gained a lot of momentum with hundreds of committers, thousands of commits and stars. With the traction, many companies are asking if can Kubeflow help them bring their ML practices to the next level, and where Kubeflow is going next.

This talk will discuss the growth of the Kubeflow ecosystem and its place in the lifecycle of ML development. We will provide concrete examples of how Kubeflow is developing new applications such as Katib for hyperparameter tuning and Kubeflow pipelines to address gaps in the landscape. We will also show how we are using Kubernetes and Cloud Native technologies to glue these applications into a cohesive platform, and where Kubeflow will be going next.

Speakers
avatar for David Aronchick

David Aronchick

Program Manager, Microsoft
David leads Open Source Machine Learning Strategy at Azure. This means he spends most of his time helping humans to convince machines to be smarter. He is only moderately successful at this. Previously, David led product management for Kubernetes at Google, launched GKE, and co-founded... Read More →
avatar for Jeremy Lewi

Jeremy Lewi

Senior Software Developer, Google
Jeremy Lewi is a co-founder and lead engineer at Google for the Kubeflow project, an effort to help developers and enterprises deploy and use ML cloud-natively everywhere. He's been building on Kubernetes since its inception starting with Dataflow and then moving onto Cloud ML Engine... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 F1

11:55

Deep Dive: CNCF Serverless WG/CloudEvents - Clemens Vasters, Microsoft & Vlad Ionescu, Independent
This session will provide a more in-depth discussion of the Serverless working group, the CloudEvents specification and the new Workflow sub-group. It will include a more interactive discussion with the audience around some of the technical challenges we're facing and to solicit feedback as to the needs of the community.

Speakers
avatar for Clemens Vasters

Clemens Vasters

Principal Architect, Microsoft
Clemens Vasters is Lead Architect in Microsoft’s Azure Messaging team that builds and operates a fleet of hyper-scale messaging services, including Event Grid, Service Bus, and Event Hubs. Clemens represents Microsoft in messaging standardization in OASIS (AMQP) and CNCF (CloudEvents... Read More →
avatar for Vlad Ionescu

Vlad Ionescu

DevOps Consultant, Independent
Vlad is a DevOps Consultant helping companies deliver more reliable software faster and safer. With a focus on observability and reliability, his work is predominantly focused on Kubernetes and Serverless. Before rising to the clouds he was a software developer, with a background... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 E4

11:55

Deep Dive: Falco - Michael Ducy, Sysdig
In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream. Finally, we will cover how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain deep understanding of Falco’s architecture, and how it custom Falco for additional events sources.

Speakers
avatar for Michael Ducy

Michael Ducy

Director of Open Source, Sysdig
Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. His first workbench was given to him at the age of 5. His first programming... Read More →


Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 E5

11:55

Deep Dive: Kubernetes Architecture SIG - Timothy St. Clair, VMware
This will go into deep coverage of SIG Architecture's subprojects including the KEP process, the API review process, conformance testing review, and code organization. Other topics may include the evolving definition of what is in and out of scope for the project, as well as the latest visualizations of the ecosystem. Attendees should have a much better understanding of project architectural layering, governance, and goals.

Speakers
avatar for Timothy St. Clair

Timothy St. Clair

Senior Staff Engineer, VMware
Timothy St. Clair is a Senior Staff Software Engineer at VMware and is a core contributor to the Kubernetes project, a Steering Committee member, and a lead on SIG-Cluster-Lifecycle. Timothy has worked on the development and integration of various open source distributed systems projects... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 E9

11:55

Deep Dive: Network Service Mesh (NSM) - Nikolay Nikolaev, VMware & Frederick Kautz, Doc.ai
Network Service Mesh (NSM) is a young and ambitious project, offering solutions to many current problems around Cloud-Native Networking Connectivity in the L2/L3 layers. In this talk, we walk the audience through the process of solving practical problems with NSM using three scenarios:
Enabling an existing service-based solution to run on top of NSM with no code changes
Building a Network Service with the existing tools, with minimum coding
Using composition to build complex Network Services out of a collection of simple ones

The focus is on explaining the principles and offering practical advice on how to design for and integrate with NSM. Some source code and YAML manifest excerpts may be shown to illustrate the ideas.

Finally, a quick demo of a pre-implemented example will be show a link to all examples and materials will be shared for further exploration by the audience.


Speakers
avatar for Frederick Kautz

Frederick Kautz

Head of Edge Infrastructure, doc.ai
Frederick Kautz is Head of Edge Infrastructure at Doc.ai. He was previously a Principal Software Engineer in the Office of Technology at Red Hat where he focused on improving the overall state of container networking and container+SDN integration. Frederick is an active contributor... Read More →
avatar for Nikolay Nikolaev

Nikolay Nikolaev

Open Source Networking Team Lead, VMWare
Nikolay Nikolaev is an Open Source Networking Team Lead in the Open Source Technology Center at VMware. For the last 15 years, he has been implementing networking software ranging from hardware boxes to powerful server applications and virtualized data planes. He spent some time in... Read More →



Wednesday May 22, 2019 11:55 - 12:30
CC7.1

11:55

Deep Dive: Rook - Jared Watts & Bassam Tabbara, Upbound
In this talk, we will be taking a deep-dive through both the architecture and some of the more recent developments of the Rook project. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. We will learn in more depth about the recently added support for new storage providers, such as Cassandra and EdgeFS. We will also explore how Rook can implement new abstractions of storage to enable dynamic provisioning of more persistent resources in your applications, making them more portable and able to deploy consistently no matter what the environment is. Rook was accepted as the first storage project hosted by the Cloud Native Computing Foundation in January 2018.

Speakers
avatar for Bassam Tabbara

Bassam Tabbara

Founder & CEO, Upbound
Bassam Tabbara is the founder and CEO of Upbound, the company behind the Rook and Crossplane projects. Prior to Upbound Bassam was the CTO @ Quantum, co-founder and CTO @ Symform (a P2P storage startup acquired by Quantum), and Partner Architect @ Microsoft.
avatar for Jared Watts

Jared Watts

Founding Engineer, Upbound
Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by "freeing the cloud". He is also a senior maintainer for the open source Rook (https://rook.io/) and Crossplane (https://crossplane.io/) projects. Prior to Upbound, Jared worked... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.1 G3

11:55

Intro: Brigade - Radu Matei, Microsoft
Brigade is a lightweight, Kubernetes-native framework which allows the creation of event-driven workflows. Using JavaScript, Brigade chains together containers and controls their execution in an in-cluster scripting environment that enables easy error handling and data sharing. In this session, you will learn how to get started with Brigade, how to use the existing GitHub, CloudEvents and generic event support and integrate them in your workflow, and how different companies are using Brigade to automate their internal workflows (from code quality assessment and security scanning, to automatically generating preview environments for each pull request), and ultimately allow teams to build massively distributed workflows using a few lines of JavaScript.

Speakers
avatar for Radu Matei

Radu Matei

Software Engineer, Microsoft
Radu is a Software Engineer at Microsoft Azure, working on Kubernetes and open source developer tools for distributed systems. He is a core maintainer of Brigade, as well as of the Cloud Native Application Bundles (CNAB) project.When he is not working on open source, he loves playing... Read More →



Wednesday May 22, 2019 11:55 - 12:30
CC8.27–28

11:55

Intro: Telepresence - Richard Li, Datawire
We'll talk about development workflows for Kubernetes. We'll discuss the differences between traditional development, and different approaches people take to building Kubernetes services. We'll then introduce Telepresence and discuss how it integrates with different organizational development workflows. Finally, we'll talk about the evolution of Telepresence and how we are actively moving Telepresence forward from its heritage as a VPN-type approach into a more sophisticated L7 routing layer for developers.

Speakers
avatar for Richard Li

Richard Li

CEO, Datawire
Richard is a founder of datawire.io. He's worked with open source software since 1999. Prior to Datawire, Richard was responsible for product and strategy at Duo Security, a cloud authentication company. Prior to Duo, Richard was responsible for product at Rapid7, a security software... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 E1

11:55

Treating Network Assets as Scheduleable Resources - Vinothkumar Siddharth, Amazon
Several cloud-providers now offer a managed Kubernetes solution. Customers launch their worker nodes within a Virtual Private Cloud (VPC) and in majority of these environments, Container Network Interface (CNI) is the preferred networking solution.

While the default scheduler tracks CPU and Memory as resources and allocates pods to nodes based on the availability of the required resources, it does not natively track network resources such as IP addresses. This session will describe a centralized cluster networking solution built using custom resource controllers, admission webhooks and CNI plugins to enable network assets to be treated as cluster wide Kubernetes resources.

The controller and webhook are re-usable platform agnostic components that can support Linux, Windows and ARM64 worker nodes. They also serve as the foundational blocks for building special purpose extensions.

Speakers
avatar for Vinothkumar Siddharth

Vinothkumar Siddharth

Software Engineer, Amazon
Siddharth is a software engineer at Amazon who currently works for the Amazon EKS team. He used to work on the Amazon ECS agent and has contributed several key features to the project. Prior to this he used to work at Citrix Systems and was a maintainer of the open-source XAPI pr... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 C2

11:55

From New Cluster to Insight. Deploying Monitoring and Logging to Kubernetes - Eddie Zaneski, DigitalOcean
The question that most people ask after spinning up their first Kubernetes cluster is "how do I do monitoring and logging".

In this session we'll utilize open source tools like Prometheus, Helm, Grafana, and Loki to quickly go from being in the dark to having full visibility into the happenings of our clusters and workloads. We'll deploy an entire monitoring and logging stack to a fresh cluster live and discuss the pros and cons of such tools.

You'll leave this session with a playbook on how to bootstrap your cluster observability and some gotchas and lesson's learned from our monitoring of large workloads at DigitalOcean.

Speakers
avatar for Eddie Zaneski

Eddie Zaneski

Manager, Developer Relations, DigitalOcean
Eddie serves the developer community at DigitalOcean from Denver, CO. He is a lover of JavaScript, infrastructure tools, and automating things in his apartment. When not hacking on random things you'll most likely find him climbing rocks somewhere.



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 A1

11:55

Koping with Change: What kops Learned Adopting etcd3, cluster-api and CRDs - Justin Santa Barbara, Google & Mike Splain, Sonos
Kubernetes continues to adds features rapidly, but this makes it hard to install and operating a reliable kubernetes cluster. kops is an official OSS installation tool that makes kubernetes installation and operation turn-key.

But doing that requires that kops manage that complexity. We’ve had a busy year, migrating to etcd3, moving from an aggregated-apiserver to CRDs, starting to adopt the cluster-api. At the same time we’re taking the best pieces of kops and contributing them "upstream" into reusable modules - contributing to etcd-management and addon-management tools, as well as to the cluster-api.

We’ll give an overview of these changes and some of the challenges we faced, and share our strategies for dealing with the relentless pace of kubernetes change. We’ll also talk about how the upcoming roadmap for kubernetes, kops and for the components we’re spinning out of kops.

Speakers
JS

Justin SB

Software Engineer, Google
Justin has been contributing to kubernetes since 2014, acting as one of the primary developers and maintainers for the AWS support, and serves as a lead on sig-aws. He started the kops project, for managing and operating kubernetes clusters, and is a maintainer on kops. He joined... Read More →
avatar for Mike Splain

Mike Splain

Senior DevOps Engineer, Sonos
Mike Splain has been hacking on Kubernetes since the pre-1.0 days, and has taken multiple companies from Kubernetes project inception to full production employments. He has written multiple kubernetes deployment frameworks and is an approver for Kubernetes kops. Mike founded the Kubernetes... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 C1

11:55

Crafty Requests: Deep Dive Into Kubernetes CVE-2018-1002105 - Ian Coldwater, Heroku
You may have heard about CVE-2018-1002105, one of the most severe Kubernetes security vulnerabilities of all time. But how does this flaw work? How can it be exploited, and what does it all mean?

This deep dive will walk the audience through the Kubernetes back end, going over relevant concepts like aggregated API servers, the kubelet API, and permissions for namespace-constrained users. We will explain the details of how this flaw works, how a cluster’s moving parts can fit together to create a vulnerable context, and the risks involved in leaving this CVE unpatched in the wild.

A live demonstration will show the audience exactly how easy it is to exploit this vulnerability. After explaining the attack pathways, the audience will leave with practical advice about mitigation and how to protect their clusters.

Speakers
avatar for Ian Coldwater

Ian Coldwater

Lead Platform Security Engineer, Heroku
Ian Coldwater is a grown teenage hacker turned Lead Platform Security Engineer at Heroku, who specializes in hacking and hardening Kubernetes, containers and cloud-native infrastructure. In their spare time, they like to go on cross-country road trips, participate in Capture the Flag... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 C4

11:55

FaaS is Not Only the Serverless: Stream Processing with Serverless - Jun Makishi & Kensaku Komatsu, NTT Communications
Function as a Service is the popular solution of Serverless, which runs a short-lived function. In contrast, we will show a new Serverless: run long-lived function to deal with stream data. Our proposal is unique since it starts multiple Serverless functions for single stream, and let them keep processing the stream one after another. This enables a new use case like enriching an application with AI-powered analytics using video stream in real-time.
NTT Communications has developed a new platform with Kubernetes and gRPC. We will throw a live demo to send voice stream from browser to this platform and run media processing functions in real-time. The functions will be open sourced, and all participants can try it out from tomorrow.

Speakers
KK

Kensaku Komatsu

Technical Manager, NTT Communications
Kensaku Komatsu works as a research and development engineer in Department of Technology Development at NTT Communications. His expertise is in the innovative real-time communication service, focusing on WebRTC. He is one of the representative of a communication PaaS service, SkyWay... Read More →
avatar for Jun Makishi

Jun Makishi

Senior Architect, NTT Communications
Jun Makishi is a senior architect at NTT Communications. Leading multiple NTT's SDN projects for 6 years, he has archived to create a software defined networking platform for enterprise cloud. Leveraging this experience, he has joined a serverless media processing project as a platform... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 F5

11:55

Service Meshes: At What Cost? - Lee Calcote, Layer5 & Girish Ranganathan, SolarWinds
“What is the performance impact that a service mesh has?"

"What overhead does being on the mesh incur?”

By far, this is the most common questioned by engineers coming to with the value of functionality provided by a service mesh. Generally, this question goes unanswered.

We will share methodology and results of performance testing research done in collaboration with a university, through the lens an open source service mesh benchmark tool - a tool used to provide a common benchmark across service meshes (their control planes, like Istio) and modern proxies (their data planes, like Envoy).

Over 10 service meshes projects will be reviewed. In addition to performance, we’ll take an in-depth look at the landscape of service meshes, characterize and contrast their functionality as well as their data plane and control plane architectures.

Speakers
avatar for Lee Calcote

Lee Calcote

Founder, Layer5
Lee Calcote is an innovative product and technology leader, passionate about developer platforms and management software for clouds, containers, functions and applications. Advanced and emerging technologies have been a consistent focus through Calcote’s tenure at SolarWinds, Seagate... Read More →
avatar for Girish Ranganathan

Girish Ranganathan

Principal Architect, SolarWinds
Girish is a software technologist who has played a pivotal role in architecting and developing a variety of large scale distributed systems on a range of platforms including microservices and serverless. He strongly believes that simple ideas can go a long way into building efficient... Read More →


Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 B1

11:55

Benchmarking Cloud Native Databases Performance on Kubernetes - Iqbal Farabi & Tara Baskara, GO-JEK
CNCF defines cloud native technologies as, "technologies that empower organizations to build and run scalable applications in modern and dynamic environments. Cloud native technologies enable loosely coupled systems that are resilient, manageable, and observable”.

According to Kubernetes Application Survey 2018, SQL and NoSQL databases are the second and third most deployed types of software deployed to Kubernetes. However, currently there are only few benchmarking results available on cloud native databases as per CNCF definition.

Therefore, in this talk, we will present our findings on experiments to benchmark various cloud native databases such as Vitess, CockroachDB, FoundationDB, TiDB and YugaByte DB. The experiments try to benchmark scalability and elasticity of each databases when they’re running on Kubernetes.

Speakers
avatar for Tara Baskara

Tara Baskara

System Engineer, GO-JEK
Tara works at GO-JEK, one of the biggest startups in Southeast Asia which made it into the list of 56 Companies That Change the World according to Fortune magazine (http://fortune.com/change-the-world/2017/go-jek/). He is a system engineer in SRE team and also a core member of Barito... Read More →
avatar for Iqbal Farabi

Iqbal Farabi

Product Engineer, GOJEK
Iqbal is a teacher, developer, and now a system engineer at GOJEK. Before joining GOJEK, Iqbal worked for 8 years a Ruby developer and taught Ruby to fresh graduates on pro-bono basis in Indonesia. Now, at GOJEK he works as part of Cloud Foundation team which focuses on developing... Read More →



Wednesday May 22, 2019 11:55 - 12:30
Hall 8.0 D2

12:00

12:30

12:30

Lunch (Provided)
KubeCon + CloudNativeCon Europe is a NUT FREE event. All menu items have been verified with the venue as being 100% nut free. While we strive to ensure that there are no nuts in our menu items, we cannot prevent people from bringing items into the venue. If your allergy is airborne, please be sure to carry your Epi-Pen with you at all times.

Vegetarian Meal Request: Vegetarian options will be available at all meal functions including breaks. These meals will be included in the main buffets and will be clearly marked as vegetarian.

Halal, Kosher, & Lactose, and Gluten-Free Request: If you have requested a Halal, Kosher, Gluten or Lactose-Free meal, you will pick up your request from the Specialty Diet Pick Up Points. There are two locations throughout the conference to pick up your meal. The first is located in the back of Hall 7 (Sponsor Showcase), and the second is in Hall 8.1 near the main entrance. Breaks will be served from Hall 7 and lunch meals are available for pick up in both locations. If you have trouble finding these locations, please ask and LF staff member for assistance.

Wednesday May 22, 2019 12:30 - 14:00
Hall 7 + 8.1

12:30

Diversity Lunch + Hack, Sponsored by Google Cloud (Additional Registration Required)
Register here, Space is limited.

Join us for a luncheon and program back by popular demand! The luncheon will feature round table discussions, opportunities to get hands on with Kubernetes or pair programming on your problem of choice in a safe space. There’s something for everyone – newcomers, experts, women, non-binary, female-identifying indiviuals, and male allies welcomed.

You’ll have the chance to get to connect with others in the community and build relationships with both novice and open source experts in the tech industry from around the globe.

Registration for the Diversity Lunch + Hack is Required. Register here, Space is limited.

Wednesday May 22, 2019 12:30 - 14:00
Hall 8.0 D1

13:00

13:00

13:30

13:30

14:00

14:00

14:00

Hacking Helm - Paul Czarkowski, Pivotal & Scott Rigby, Codeacademy
Helm is the best way to build, package, and run Kubernetes manifests. However it has been considered by some as a fairly insecure way to deploy software, mostly due to its server component Tiller. Let’s put that to the test and hack (and then protect from those hacks) Helm.

Paul will talk about the architecture behind Helm (v2) and how it is seen as particularly vulnerable to hacks designed to either gather information about deployed applications and even access the kubernetes cluster itself. Paul will then demonstrate several hacks in growing sophistication that do exactly that and then show how to protect yourself from those attacks. Paul will finish with a summary of how you can use Helm as securely as possible.

Speakers
avatar for Scott Rigby

Scott Rigby

Senior DevOps Engineer, Codecademy
Scott is a Brooklyn based interdisciplinary artist and open source software engineer, co-developing experimental cultural projects and emerging technologies. he co-founded the Basekamp art and research group in 1998 and the massively collaborative Plausible Artworlds international... Read More →
avatar for Paul Czarkowski

Paul Czarkowski

Developer Advocate, Pivotal
Paul Czarkowski is a recovering Systems Administrator who has run infrastructure for longer than he cares to admit. After cutting his teeth in the ISP and Gaming industries Paul changed his focus to using (and contributing to) Open Source Software to improve the Operability of complex... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 A1

14:00

Panel Discussion: Democratizing HPC & AI: Startups Scale Up with Cloud Native - Emily Tanaka-Delgado, Oracle; Charlie Davies, iGeolise; Priya Shah, Sauce; Ant Kennedy, Gapsquare; and Alfonso Santiago, ELEM
Innovativeness, resourcefulness, and responsiveness are all part of the startup DNA, and with the aid of the cloud native era and ecosystem, they are unstoppable. Hear how these European startups are leveraging technologies such as Kubernetes, containers, GPUs, Singularity and more to gain efficiencies across architecture, time, and team to reach global scale, reshape user interactions, and even, save lives.

In this panel, startups from Barcelona and the UK will discuss how cloud native technologies have helped unlock access to unlimited potential across such diverse case studies as identifying and fixing gender pay gap issues, creating computational models of virtual patients, reinventing cloud-based video collaboration, and interpreting travel and navigation based on time, all to transform their businesses to match behavioral patterns within their industries.

Moderators
avatar for Emily Tanaka-Delgado

Emily Tanaka-Delgado

Director of DevRel Engagement, Oracle
Emily Tanaka-Delgado leads cloud native DevRel Engagement at Oracle, where she has trail blazed content and programs designed to enable, enrich, and accelerate end users. She has a long tenure in the tech industry with a heavy concentration in cloud and open source technologies. Before... Read More →

Speakers
avatar for Ant Kennedy

Ant Kennedy

CTO, Gapsquare
Ant Kennedy is currently CTO at Gapsquare where he is currently focusing on growing the engineering team, establishing best practice in the processes being used, the future architecture and growing Gapsquare's AI/ML capabilities. Previously he has worked at JustEat, Adarga and Boeing... Read More →
avatar for Priya Shah

Priya Shah

Co-Founder, Sauce
Priya is the Co-founder and CMO of Sauce, the video creation platform that enables businesses to collaborate and co-create with their global communities of employees, customers and fans. Priya and her Co-founders developed Sauce when they discovered the huge barriers that brands were... Read More →
CD

Charlie Davies

CTO and Co-Founder, iGeolise
Charlie Davies is the co-founder and CTO of iGeolise, a location-based software company based in London. Charlie began iGeolise when he noticed that all map data was searched by distance (miles radius), but everyone around him discussed travel using time (minutes). iGeolise developed... Read More →
avatar for Alfonso Santiago

Alfonso Santiago

R&D Engineer, ELEM Biotech
Alfonso Santiago is a Biomedical Engineer that is helping to develop a computational tool to model and simulate the heart. With this tool, device manufacturers -and in a future clinicians- can reproduce a patient's pathology and treatment to aid the design of the devices and optimise... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 F1

14:00

2 Years of TGIKubernetes - Joe Beda, VMware
2 years ago Joe Beda tweeted about a Friday afternoon “Hacking on Kubernetes with Joe”. The overall interest with overwhelming. The sessions serve as an archive of Kubernetes and cloud native knowledge that we share with the broader open source community. What started out as a fun carefree afternoon with Joe, later turned into one of the most prized cloud native resources on the internet. Join us as we talk about the lessons we learned, and talk about the struggle to get to where we are today.

We learn about how Kubernetes empowers engineers to “test drive” open source software at faster iteration cycles than ever before. With TGIK8s we have inadvertently discovered that sharing technology can cost an organization less in resources than encouraging independent evaluation of tooling.

Speakers
avatar for Joe Beda

Joe Beda

Principal Engineer, VMware
Doing cloud native stuff at VMware


Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 D4

14:00

Lifecycle of a kubectl Command: Harden Kubernetes Setup with Automation - Sanjary Rahman, Booking.com
We at Booking.com run tens of on-premise multi-tenant Kubernetes clusters at scale. To automate integration with our existing bare-metal infrastructure and for running kubectl auth pipeline, we run an ecosystem using custom Kubernetes Controllers, Pod Security Policies and Kubernetes Auth & Admission Webhooks.

Kubernetes provides end users with limitless possibilities of automation to harden cluster setup, secure authentication and authorization pipelines and validate workload definition as per organization requirements which most of the users are not aware of or make use of. Most of the time hardening Kubernetes setup in a multi-tenant cluster with per namespace based setup itself can turn into a huge toil for the operators.

In this talk, you will see how we at Booking.com have achieved the aforementioned features in a fully automated fashion with zero human intervention involved.

Speakers
avatar for Sanjary Rahman

Sanjary Rahman

Site Reliability Engineer, Booking.com
Sanjary Rahman is a Site Reliability Engineer at Booking.com where he works with Kubernetes infrastructure to provide a PaaS for the developers to have a rapid product development ecosystem. The projects that he worked on includes building and hardening managed on-prem PaaS built... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.1 G1

14:00

Building Cross-Cloud ML Pipelines with Kubeflow with Spark & Tensorflow - Holden Karau, Google & Trevor Grant, IBM
Data Science, Machine Learning, and Artificial Intelligence has exploded in popularity in the last five years, but the nagging question remains, “How to put models into production?” In this talk, we present KubeFlow- an open source project aims to answer this.

This talk will examine how the intricacies involved in taking your pipeline and running it between clouds, mixing data from multiple sources, and building multi-component pipelines. We’ll examine how to tie together multiple tools to prepare your data and train the final model, as well as how to create a serving system to match.

The audience will learn how to use kubernetes as a replacement for YARN simplifying your big data stack and empowering your data scientists to self-serve libraries and avoid being responsible for maintaining 20 different incompatible conda environments.

Speakers
avatar for Trevor Grant

Trevor Grant

Open Source AI / IoT Evangelist, IBM
Trevor is an open source evangelist at IBM in Watson IoT. He is also a PMC on the Apache Mahout, Apache Streams, and Apache Community Development projects. He has spoken at conferences and Meetups internationally.
avatar for Holden Karau

Holden Karau

Developer Advocate, Google
Holden Karau is a transgender Canadian open source developer advocate at Google focusing on Apache Spark, Beam, and related big data tools. Previously, she worked at IBM, Alpine, Databricks, Google (yes, this is her second time), Foursquare, and Amazon. Holden is the coauthor of Learning... Read More →


Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 C4

14:00

Deep Dive Fluent Bit: Logging & Stream Processing - Eduardo Silva, ARM Treasure Data
Fluent Bit is a Fluentd sub-project that aims to solve hard data challenges in the cloud space. On this deep dive session, we will talk about its architecture, how data workflows operate and the ability to perform advanced data transformation. Also, we will demonstrate the new ability to perform Stream Processing on the Edge.

Speakers
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, Arm Treasure Data
Eduardo is a Principal Engineer at ARM / Treasure Data. He currently leads the efforts to make logging and data processing more friendly and scalable in Embedded and Containerized systems such as Kubernetes. Maintainer of Fluent Bit, a Fluentd open source sub-project.


Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 E5

14:00

Deep Dive: Contributor Experience SIG - Elsie Phillips, Red Hat & Paris Pittman, Google
Join us for a live session of the weekly contributor experience meeting! Meet members of the SIG in person and learn how you can contribute. Check out the agenda [here] (https://docs.google.com/document/d/1qf-02B7EOrItQgwXFxgqZ5qjW0mtfu5qkYIF1Hl4ZLI/edit)

Speakers
avatar for Elsie Phillips

Elsie Phillips

Product Marketing Manager, Red Hat
Elsie herds the CoreOS Community and Co-Leads the Kubernetes Contributor Experience SIG. She's a northwest native who got her start in open source working at the Oregon State University Open Source Lab. In her free time she throws wild one woman dance parties and makes a mean vegan... Read More →
avatar for Paris Pittman

Paris Pittman

Kubernetes OSS Strategy, Google
Paris is a Developer Relations Program Manager on Google Cloud's Open Source Strategy team focusing on the Kubernetes Community. She is a co-chair of the special interest group for Contributor Experience and an organizer of Bay Area Kubernetes Meetup with 4,000 members. She has 14... Read More →


Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 E4

14:00

Deep Dive: Kubernetes (Instrumentation) SIG - Frederic Branczyk & Max Inden, Red Hat
The SIG Instrumentation deep dive is going to cover some of the details of performance optimizations we have recently been working on, both on a technical level of how they were achieved, but also the results of said optimizations. Beyond that we will dive into advanced topics of how to make use of the data Kubernetes exposes for advanced querying in order to perform monitoring and alerting on Kubernetes clusters.

Speakers
avatar for Max Inden

Max Inden

Senior Software Engineer, Red Hat
Max is a software developer at Red Hat and member of the upstream Prometheus project, working both on Prometheus and Kubernetes. Previously hacking on data quality analysis, he decided to stop suppressing his interest for distributed systems at scale and joined CoreOS (now Red Ha... Read More →
avatar for Frederic Branczyk

Frederic Branczyk

Principal Software Engineer, Red Hat
Frederic is an engineer at Red Hat (previously CoreOS) contributing to Prometheus and Kubernetes to build state of the art modern infrastructure and monitoring tools. He discovered his interest in monitoring tools and distributed systems in his previous jobs, where he used machine... Read More →


Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 E9

14:00

Deep Dive: Service Catalog SIG - Jonathan Berkhahn, IBM
Join us for a deep dive into how the Kubernetes Service Catalog works under the covers. Starting with a quick overview of Service Catalog and some of the challenges we faced while bridging the different processing models between Kubernetes and the Open Service Broker API, we will then look at more advanced scenarios and new features from the perspective of cluster operators, application developers and helm chart authors. You’ll come away with a solid understanding of how Service Catalog works and recommended workflows and practices for using it. Finally we would love for anyone considering contributing to stop by and get an introduction to all the parts of Service Catalog, meet the maintainers and learn how to become a contributor!

Speakers
JB

Jonathan Berkhahn

Open Source Contributor, IBM
Jonathan Berkhahn is an open source contributor working on behalf of IBM. He co-chairs SIG Service Catalog and is a Member of the Open Service Broker API working group. He also manages his own open source project Blockhead, an OSB broker for provision blockchain nodes for use by cloud... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.1 G3

14:00

Deep Dive: Virtual Kubelet - Jeremy Rickard, Microsoft & Lei Zhang, Alibaba Cloud
Virtual Kubelet has most recently been accepted into the CNCF as a sandboxed project. As the project continues to grow in contributors and users we are always looking for ways to educate folks on how to contribute back to Virtual Kubelet. In this talk we will focus on the core interface of Virtual Kubelet and how a developer could get started with building his/her first provider! The talk will include an engineer from Alibaba who contributed the Elastic Container Instance provider and a maintainer of Virtual Kubelet, so we have a spectrum of perspectives represented.

Speakers
avatar for Lei Zhang

Lei Zhang

Staff Engineer, Alibaba
Staff Engineer of Alibaba. Lei is a co-maintainer of Kubernetes community, mainly focus on Cloud Native App Mgmt, CRI, scheduling, and secure container runtime. Lei is now co-leading engineering effort in Alibaba’s including Kubernetes and large-scale cluster management system... Read More →
avatar for Jeremy Rickard

Jeremy Rickard

Senior Software Engineer, Microsoft
Jeremy Rickard is a software engineer on the Cloud Native Compute Microsoft in Colorado working on Virtual Kubelet, Open Service Broker for Azure and Service Catalog. Before that, he worked at VMware and helped build infrastructure and services that support VMware Cloud Services... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 E1

14:00

Intro: Scheduling SIG - Da Ma & Shivram Srivastava, Huawei
In the past years, sig-scheduling incubated four projects to meet different scheduling scenario, e.g. batch workload, resource rebalance. We'd like to give an introduction for those incubator projects, so please join us for understanding of them. In this presentation, we'll give an introduction on its background, user case, tutorial and so on. We will also cover the feature interaction with kube-scheduler for better resource utilization. This session is most useful for cluster admins or those who want to start contributing to Kubernetes scheduler.

Speakers
avatar for Klaus Ma

Klaus Ma

Expert, Huawei
Kubernetes Maintainer, SIG-Scheduling Co-Leader, CNCF Research User Group Tech Lead, Volcano/kube-batch creator. Jilin University master’s degree, majoring in grid computing and distributed system. After graduation, he focus on resource management, resource scheduling in distributed... Read More →
SS

Shivram Srivastava

System Engineer, Huawei Technologies
Working with Huawei Technologies building next generation scheduler for cloud.Active in developing new scheduler for PaaS platform.Involved in 'Poseidon/Firmament' and 'kube-batch/volcano' projects.Co-Owner of the 'Poseidon' incubation/sig-scheduling project.


Wednesday May 22, 2019 14:00 - 14:35
CC8.27–28

14:00

gRPC Load Balancing and Service Mesh - Vishal Powar, Google
Service mesh architecture proposes a unique approach for control plane management (including load balancing). This talk goes over the options available for gRPC load-balancing in the context of a gRPC integration in a service mesh.

 In this talk, we will cover:
  • various load balancing options available for gRPC and the tradeoff associated with each one of them.
  • load balancing at scale with and without gRPC lookaside load balancing.
  • proxy based load balancing and Service Mesh along with considerations when using them as an alternative to lookaside gRPC load balancing.
  • how unified endpoint management can be achieved for Health check and load metric reporting for both gRPC load balancing and Service Mesh.

Speakers
avatar for Vishal Powar

Vishal Powar

Senior Software Engineer, Google
Vishal is passionate about working (and trying to solve) scalable distributed systems problems. He currently works at Google, where he is helping build general load balancing solutions for gRPC and Cloud.



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 C2

14:00

Deep Dive: Kubernetes Metric APIs Using Prometheus - Matthias Loibl & Sergiusz Urbaniak, Red Hat
Kubernetes traditionally uses metrics for its core scheduling decisions - in the beginning all of this started with an opinionated internal stack. Since then Kubernetes has introduced 3 orthogonal standardized metrics APIs. As of today many implementations exist - i.e. for cloud providers and on premise.

In this talk we will first show the community process around metrics in Kubernetes, how the Special Interest Group (SIG) for instrumentation works and how to get involved. We will do an overview and deep dive in all 3 metric APIs, with a concrete fully open source Prometheus based deployment example. Once we have Prometheus running we will show how to bridge the gap between Prometheus and Kubernetes to use these APIs. Finally, we will conclude the talk with an example on scaling your deployments based on custom metrics served by your Prometheus with the Horizontal Pod Autoscaler.

Speakers
avatar for Matthias Loibl

Matthias Loibl

Software Engineer, Red Hat
Matthias Loibl is a Software Engineer working on monitoring at Red Hat. He loves working on Distributed Systems with Go, Docker, Kubernetes and Prometheus. In his free time, he contributes to numerous open source projects related to Prometheus and Drone.
avatar for Sergiusz Urbaniak

Sergiusz Urbaniak

Software Engineer, Red Hat
Sergiusz Urbaniak is a Software Engineer at Red Hat. He is enthusiastic about modern infrastructure software while still enjoying minimalistic networking techniques like morse code. He worked on Mesos, Kubernetes, rkt, Tectonic and is now working on all things Prometheus in Kuber... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 B3

14:00

The Magic of Kubernetes Self-Healing Capabilities - Saad Ali, Google
Kubernetes is used to manage large-scale clusters with hundreds or thousands of nodes. Components will inevitably fail at this scale, but human intervention to detect and correct these failures is unsustainable. This is where Kubernetes shines. With a declarative API and guarantees of eventual consistency, Kubernetes is able to continuously monitor the system and take actions to keep the cluster healthy.

This talk provides an architectural overview of the self-healing capabilities of Kubernetes. We will discuss how these capabilities are born from the declarative API, and how Kubernetes components work together to drive to the desired state. We will provide detailed examples from the volume subsystem which automatically makes storage available to containers. We will end by revealing edge cases that Kubernetes currently doesn’t handle well, and explain the plans to address these issues.

Speakers
avatar for Saad Ali

Saad Ali

Staff Software Engineer, Google
Saad Ali is a staff software engineer at Google where he works on the open-source Kubernetes project. He joined the project in December 2014, and has led the development of the Kubernetes storage and volume subsystem. He serves as a lead of the Kubernetes Storage SIG, and is co-author... Read More →


Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 B1

14:00

Inside the CNCF Project Security Reviews - Justin Cormack, Docker
Last year the CNCF started funding security reviews for its projects. This talk examines the review process from the inside and looks at the outcomes and lessons from the reviews that have been performed so far. What vulnerabilities were found? What types of problem are common across projects? How should you prepare for a review?

The talk will cover how to make the most of a security review, what to expect from it, what to bring to the review process, and how to maximise the benefits of a review. It will be illustrated with details of the review process for the Notary and TUF audits from the inside as I was involved in this process, and with a detailed analysis of the public reports, including Prometheus, CoreDNS, Envoy, Containerd and more. The talk will look at the issues found in the different projects, the areas in which issues were not found, and common themes.

Speakers
avatar for Justin Cormack

Justin Cormack

Security Lead, Docker
Justin Cormack is security lead at Docker, a maintainer on the CNCF's Notary project, and a contributor to the CNCF SIG Security. He is particularly interested in container security, application isolation, authentication, policy and supply chain security. He has spoken at several... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 F5

14:00

The Serverless Landscape and Event Driven Futures - Dee Kumar, CNCF & Arun Gupta, AWS
Serverless design patterns have grown in popularity amongst developers and enterprises alike and the ecosystem is exploding. Developers like moving faster by focusing on business logic without worrying about the underlying infrastructure. Today, there are umpteen solutions and OSS projects in the market and the space needs some organization to maximize effort.
There is a lot of curiosity and confusion around serverless computing. What is it? Who is it for? Is it a replacement for IaaS, PaaS, and containers? Does that mean the days of servers are over? The CNCF created the Serverless Working Group to explore the intersection of cloud native and serverless technology. The first output of the group was creation of serverless landscape. The landscape lists some of the more common/popular Serverless projects, platforms, tooling, and services.

Speakers
avatar for Arun Gupta

Arun Gupta

Principal Open Source Technologist, Amazon Web Services
Arun Gupta is a Principal Technologist at Amazon Web Services. He is responsible for CNCF strategy within AWS,and participates at CNCF Board and technical meetings actively.He works with different teams at Amazon to help define their open source strategy. He has built and led developer... Read More →
avatar for Dee Kumar

Dee Kumar

Vice President, Developer Marketing, Linux Foundation
Dee Kumar has more than 15 years of cloud computing experience. Her work at CNCF is focused on working with the developer and IT pro communities to advance open source projects at scale. Most recently, Kumar was Director of Product Marketing at Docker where she built and launched... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 C1

14:00

Benefits of a Service Mesh When Integrating Kubernetes with Legacy Services - Stephan Fudeus & David Meder-Marouelli, 1&1 Mail & Media Development & Technology GmbH
Having Kubernetes for your service landscape is great. Having a service mesh technology inside is even better - but there are legacy services, too. Leveraging the benefits of a service mesh is possible even without migrating all your legacy services into your kubernetes cluster - you can integrate them into the mesh.

We'll give a brief overview of the properties and benefits of service meshes in general and specifically how they are configurable in Istio. Then we'll have a look at the expansion of the mesh to services outside of kubernetes. We'll go into how the expansion is done, what needs to be done in the legacy systems and what obstacles we had to overcome.
On a sidetrack we'll show a "service mesh light", a mechanism to make legacy services protected by IP ACLs accessible from your kubernetes cluster, without deploying a full fledged service mesh implementation.

Speakers
avatar for Stephan Fudeus

Stephan Fudeus

Expert Continuous Delivery, 1&1 Mail & Media Development & Technology GmbH
Stephan Fudeus is an Evangelist for Continuous Delivery by title and a backend and infrastructure engineer by heart. He has a background of developing scalable multi-tenant applications for up to a million customers and their infrastructure in a DevOps fashion for the last 13 years... Read More →
avatar for David Meder-Marouelli

David Meder-Marouelli

Systems Architect, 1&1 Mail & Media Development & Technology GmbH
David Meder-Marouelli currently has the position of a systems architect with 1&1 Mail & Media, one of the largest E-Mail providers in Germany (including brands like GMX & WEB.DE). In this position he is responsible for all projects related to automation. After his PhD in physics... Read More →



Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 D2

14:00

Kubernetes Storage 101 - Jan Šafránek, Red Hat & David Zhu, Google
Just getting started with Kubernetes? In this introductory talk we’ll cover usage of persistent storage in Kubernetes so you can avoid its steep learning curve and common gotchas.

Why does it look so complicated? What is a PersistentVolume? What is a PersistentVolumeClaim? Why are there two separate objects instead of just one? How is storage presented into my containers? How do I write scalable persistent applications? Where do I look to debug when storage is not working? How do I connect Kubernetes to my storage backend? What is this Container Storage Interface (CSI) thing that everybody is talking about???

We will answer all of these questions and more. You will leave this talk with a solid foundation for thinking about storage in Kubernetes as well as a greater understanding of how you can put the various pieces together to fit your unique use case.

Speakers
avatar for David Zhu

David Zhu

Software Engineer, Google
David is a Software Engineer for Google Cloud. He has been working on the Kubernetes project for over a year. He is the owner and main contributor of the GCP Compute Persistent Disk CSI Driver, as well as an active contributor to the CSI Spec, Kubernetes CSI external components, and... Read More →
avatar for Jan Šafránek

Jan Šafránek

Principal Software Engineer, Red Hat
Jan is a Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 4 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →


slides pdf

Wednesday May 22, 2019 14:00 - 14:35
Hall 8.0 F3

14:30

14:50

Strategies to "Kubernetify" Legacy Applications - Sai Vennam, IBM
Microservice-based architectures have seen large-scale adoption and have become the industry standard for developing cloud-native applications. This growth is supplemented by key technologies like Docker, Kubernetes, Istio and many more.

When modernizing legacy apps, migrating everything to a cloud-native architecture in a "Big Bang" approach is not feasible as it can be time consuming and prone to failure. In this talk, I'll outline key strategies to modernize legacy applications without sacrificing agility, quality and high-availability. In addition, I'll walk through a modernization path with a sample app.

Speakers
avatar for Sai Vennam

Sai Vennam

Developer Advocate, IBM
Sai Vennam is a Developer Advocate at IBM with expertise on managed Kubernetes, Serverless, Hybrid Cloud, App Modernization, Node.js, Go and API Management. He creates developer-friendly content, videos, and samples to showcase the latest and greatest cloud technology. He’s passionate... Read More →



Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 A1

14:50

Deconstructing Apache Hadoop: A Dialogue About a Cloud-Native Refactor - Anu Engineer & Marton Elek, Cloudera
Many existing applications like the Big Data stack is in a community debate over moving to K8s. They see it as the future, but there are lots of unknowns and complex problems to solve. This is a dialogue between two developers who are exploring and trying to finding the true path to becoming Cloud Native.

In this talk, we will discuss in detail our experiences and issues that we have faced in moving the Hadoop Object store Ozone as a Cloud native storage solution that runs on top of K8s.

We will take a deep dive into the advantages and challenges that we faced during this journey — having a cluster manager like K8s allows us to move away from managing physical details and instead focus on the storage part. Some of the challenges were things like security and how we tackle that.

Speakers
avatar for Marton Elek

Marton Elek

Engineer, Cloudera
Marton Elek is am Open Source Engineer at Cloudera. He is an Apache committer in Apache Hadoop project and PMC member of Apache Ratis. He has an experimental containerization project for Hadoop, Spark and other bigdata components which includes docker containers, and configuration... Read More →
AE

Anu Engineer

Principal Software Engineer, Cloudera
Anu Engineer is a Principal Software Engineer at Cloudera. He is a PMC member of Apache Hadoop and Ratis projects. He is one of the core contributors of Apache Hadoop Ozone. He was part of the original Windows Azure team, principal author of VMware Certificate Authority.



Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 F1

14:50

5 Steps to Building Inclusive Communities - Ashlynn Polini, Docker
5 Steps to Building an Inclusive Communities

The drive to connect is fundamental to human nature. But how do you build a community that your users want to be a part of? With 10 DockerCon’s under her belt, Ashlynn Polini shares the secrets behind creating inclusive events and programs for developers and operator communities, including:

- How to create an inclusive and welcoming community that users want to be a part of
- What to prioritize for a great user experience
- How virtual and in person events should be fundamental to your community strategy

Attendees will leave this talk with a checklist of tried and true methods to help them build experiences and programs for their next meetup or conference.

Speakers
avatar for Ashlynn Polini

Ashlynn Polini

Sr Manager, Events, Docker
Ashlynn Polini runs the user conference known as DockerCon, where she helps awesome Docker community members inspire, connect and learn from each other. Prior to Docker, Ashlynn worked at startups helping to build marketing and operations programs. Ashlynn is a recovering soccer athlete... Read More →


Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 D4

14:50

Ready? A Deep Dive into Pod Readiness Gates for Service Health Management - Minhan Xia, Google & Ping Zou, Intuit
This talk will be a deep dive on “pod readiness gates”, a new Kubernetes API for extending pod readiness with custom external controllers and introduce its usage in real world scenarios with service health management. Kubernetes clusters that integrate with external network infrastructure (such as a cloud provider) need a way to coordinate Kubernetes Pod “readiness” with setup latencies in the network fabric. Not tackling this problem causes lost packets and dropped connections OR requires inserting worst-case delays to pod startup to account for external setup. It allows Foremast, an open source engine to maintain the health of applications running on K8s, to remediate similar problems in a much smoother way.
 
Minhan and Ping will cover the coordination problem, how the new pod readiness gate API fixes the issue and experiences from both Google and Intuit using the API with real workloads. At Google, this API is used to ensure no traffic disruption occurs for user service across changes to the workload. At Intuit, this API is used to maintain application health during canary deployment using Foremast.

Speakers
avatar for Ping Zou

Ping Zou

Principal Software Engineer, Intuit
Ping Zou and her coworkers started Intuit open-source platform for observability to maintain application health during deployment via ML anomaly detection called foremast. Before that she is Sr. Principal Engineer at PayPal and eBay led, designed and implemented Unified Monitoring... Read More →
avatar for Minhan Xia

Minhan Xia

Software Engineer, Google
Minhan Xia has been a member of Kubernetes networking team at Google since K8s 1.0 2015. He has contributed to various aspects of K8s networking, including pod networking, K8s service and K8s ingress.



Wednesday May 22, 2019 14:50 - 15:25
Hall 8.1 G1

14:50

Managing Machine Learning in Production with Kubeflow and DevOps - David Aronchick, Microsoft
Kubeflow has helped bring machine learning to Kubernetes, but there’s still a significant gap relative to how to productize these workloads. While DevOps and GitOps have made huge traction in recent years, many customers struggle to apply these practices to ML workloads.

This talk will focus on ways to effectively infuse AI into production-grade applications through establishing practices around model reproducibility, validation, versioning/tracking, and safe/compliant deployment.

We will demonstrate how to run an E2E machine learning system using nothing more than Git. This will integrate DevOps, data and ML pipelines together, and show how to use multiple workload orchestrators together.

While the examples will be run using Azure Pipelines and Kubeflow, we will also show how to extend these platforms to any orchestration tool.

Speakers
avatar for David Aronchick

David Aronchick

Program Manager, Microsoft
David leads Open Source Machine Learning Strategy at Azure. This means he spends most of his time helping humans to convince machines to be smarter. He is only moderately successful at this. Previously, David led product management for Kubernetes at Google, launched GKE, and co-founded... Read More →



Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 C2

14:50

Deep Dive: CLI SIG - Maciej Szulik, Red Hat & Phillip Wittrock, Google
The "deep dive" session will focus on the vision and strategy for the "kubectl" project. There have been multiple efforts to evolve "kubectl" to be more de-coupled and maintainable. We will report the progress of these efforts. We will leave some of the time for Q&A.

Speakers
avatar for Phillip Wittrock

Phillip Wittrock

Software Engineer, Google
Phillip Wittrock is Staff Software Engineer at Google, a member of the Kubernetes Steering Committee, and a Kubernetes SIG CLI Technical Lead. Phillip’s hobbies include debating how kubectl is pronounced and talking about Kubernetes at social events. Positions Held: Kubernetes... Read More →
avatar for Maciej Szulik

Maciej Szulik

Software Engineer, Red Hat
Maciej is a passionate developer with over 10 years of experience in many languages. He's working on OpenShift and Kubernetes for Red Hat. In his free time he enjoys hacking on bugs.python.org and CPython's IMAP library. He's a frequent speaker at various events and meet ups, including... Read More →


Wednesday May 22, 2019 14:50 - 15:25
CC8.27–28

14:50

Deep Dive: CoreDNS - Yong Tang, MobileIron & John Belamaric, Google
CoreDNS is a flexible and extensible DNS server with a focus on service discovery. It is written in Go and has a unique plugin-based architecture. This means CoreDNS could be easily extended with customized plugins for new functionalities. If some functionality is not provided out of the box, you can add it if you know how to write in Go. In this deep dive session, we take a detailed look at the service discovery and plugin system of CoreDNS. We will demo a simplified version of a plugin that achieves source IP based service discovery. By walking through the complete code base of this demo plugin, we will showcase the ease of convenience to implement a custom plugin for serving new functionalities.

Speakers
avatar for John Belamaric

John Belamaric

Senior Staff Software Engineer, Google
John Belamaric is an experienced software engineer and architect with over 20 years of software design and development experience. He works on the Google Cloud team, focused on Kubernetes and GKE. He is a co-chair of SIG Architecture and an active participant in SIG Network.He is... Read More →
avatar for Yong Tang

Yong Tang

Director of Engineering, MobileIron
Yong Tang is the Director of Engineering at MobileIron working on cloud infrastructure. He contributes to different container and machine learning projects for the open source community. He is a maintainer of CoreDNS and Docker/Moby projects, and had multiple talks in KubeCon before... Read More →



Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 E4

14:50

Deep Dive: Harbor - Steven Zou & Daniel Jiang, VMware
Harbor is an open source trusted cloud-native registry project that stores, signs, and scans content. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this session, we will cover some advanced features of using Harbor, such as OIDC support, improved content replication among Harbor and other non-Harbor registries, content management in a cloud environment, unified management of Helm Chart and container images, highly-available deployments and DevOps supporting etc.. Additionally, we'd like to share some Harbor community-related things like the governance model and contributing guide the Harbor community following with you in case you want to deeply participate in the regular contributing and/or maintaining activities of Harbor community in future. Furthermore, the team would love to get feedback from users and contributors about current features and future roadmap.

Speakers
avatar for Tan Jiang

Tan Jiang

Staff Engineer, VMware
I'm a software engineer from VMware, who joined the company around the end of 2015. Currently working on a open source registry project called Harbor. I'm one of the founding member of this project. I have been giving speech in different meet-ups talking about docker image management... Read More →
avatar for Steven Zou

Steven Zou

Staff Engineer, VMware
Jia Zou (Steven) is a staff engineer of VMware China R&D. He is primarily working on the open-source Project Harbor which is an enterprise-class container image registry as lead engineer and core maintainer. Moreover, he’s doing innovation and incubation of projects on the Kubernetes... Read More →



Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 E5

14:50

Deep Dive: Kubernetes WG for Multitenancy - Sanjeev Rampal, Cisco & Ryan Bezdicek, Cray, Inc.
The deep dive will be an interactive session to discuss the status of multitenancy in kubernetes, run unconference style, with attendees proposing topics of conversation and participating in a group conversation about the most popular topics. We will discuss the on-going work the multitenancy working group is working on and more future focused issues around the various SIGs that have a vested interest in multitenancy.

Speakers
avatar for Sanjeev Rampal

Sanjeev Rampal

Principal Engineer, Cisco
Sanjeev Rampal, PhD, is a Principal Engineer in the Cloud Platforms and Solutions group at Cisco Systems where he works on the Cisco Container Platform, an enterprise multi-cloud platform based on Kubernetes and cloud native technologies. He has over 20 years of experience in development... Read More →
avatar for Ryan Bezdicek

Ryan Bezdicek

Software Engineer, Cray Inc.
Ryan Bezdicek is using Kubernetes to build the next generation of supercomputer at Cray Inc. He’s active in several Kubernetes working groups including multi-tenancy and conformance. A tester and DevOps consultant by background, Ryan has experienced first hand the benefits of adding... Read More →



Wednesday May 22, 2019 14:50 - 15:25
Hall 8.0 E9

14:50

Deep Dive: Scalability SIG - Shyam Jeedigunta, Amazon Web Services & Wojciech Tyczynski, Google
This session will focus on the vision and strategy for the scalability effort. We will touch upon work the Scalability Special Interest Group has been doing over the past year. This involves work done along various fronts like improvements to scale-testing tooling, introduction of newer and more user-focused SLOs and performance/scalability improvements to Kubernetes. Following that, we will discuss what’s next in our roadmap. We will leave time for Q&A and receive input from the audience that can help guide our priorities.

Speakers