Loading…
Simple
Expanded
Grid
By Venue
CI/CD [clear filter]
Tuesday, May 21
 

11:05 CEST

Rootless, Reproducible, and Hermetic: Secure Container Build Showdown - Andrew Martin, Control Plane
Rootless container image builds (as distinct from rootless runtimes) have crept ever closer with orca-build, BuildKit, and img proving the concept. And they are desperately needed: a build pipeline with an exposed Docker socket can be used by an attacker to escalate privilege - and is probably a backdoor into most Kubernetes-based CI build farms.

With a slew of new rootless tooling emerging including Red Hat’s buildah, Google’s Kaniko, and Uber’s Makisu, will we see build systems that can securely build untrusted Dockerfiles? How are traditional build and packaging requirements like reproducibility or hermetic isolation being approached? In this talk we:
- Compare the strengths and weaknesses of modern container image build tools
- Explore the safety of untrusted image builds
- Live demo attacking container build pipelines
- Chart the history and future of container image build tooling
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

ControlPlane Rootless, Reproducible & Hermetic Secure Container Build Showdown (KubeCon Barcelon, May 2019) pdf
Tuesday May 21, 2019 11:05 - 11:40 CEST
Hall 8.1 G1
  CI/CD

11:55 CEST

Unit Testing Your Kubernetes Configurations Using Open Policy Agent - Gareth Rushgrove, Docker
Open Policy Agent provides a high-level declarative language to author and enforce policies on structured data, for instance Kubernetes configurations. OPA is typically used as a service to enforce authorization policy in a cluster. New configurations submitted to an API are filtered through OPA and accepted or rejected depending on the defined policy. But some types of policy violations can be caught even earlier in the development process. In this talk we’ll discuss:

- Why you might benefit from writing unit tests for your Kubernetes configuration
- Getting started with regol, OPAs declarative assertion language
- Integrating OPA-based tests with your continuous integration system
- Testing Kubernetes configurations when working with other ecosystem tools like Helm, Kustomize and Pulumi
- Extending the same approach to other structured configuration files
Speakers
avatar for Gareth Rushgrove

Gareth Rushgrove

VP Product, Snyk
Gareth Rushgrove is VP of Product at Snyk, working remotely from Cambridge, UK, helping to build interesting tools for people to better secure their applications. He has previously worked for the UK Government Digital Service focused on infrastructure, operations and information security... Read More →

KubeCon Unit Testing Your Kubernetes Configuration Using Open Policy Agent pdf
Tuesday May 21, 2019 11:55 - 12:30 CEST
Hall 8.0 B3
  CI/CD

14:00 CEST

Panel Discussion: GitOps & Best Practices for Cloud Native CI/CD - Allison Richardet, Asteris, LLC; Laura Tacho, CloudBees; Ivan Pedrazas, State Street; Tracy Miranda, CloudBees; and Alexis Richardson, Weaveworks
Cloud native technologies enable organisations to scale rapidly and deliver software much faster than before. To do this, organisations need to rethink their CI/CD systems and the best practices their teams use with Kubernetes. GitOps, operation by pull request, is a new paradigm and set of best practices for cloud native. But what does it mean and how can organisations go about adopting it for their CI/CD needs? This panel provides insights into GitOps, best practices for CI/CD for cloud native and tooling that can help automate these practices. It also features end user stories of their experiences learning the best ways to setup CI/CD for their specific applications and needs.
Moderators
avatar for Allison Richardet

Allison Richardet

Software Engineer, OCI
Allison Richardet is a Software Engineer for OCI and Asteris, LLC. She began her career with real-time embedded systems development. She decided she needed more RAM, so she moved to the cloud. She helps companies adopt cloud native practices and move to Kubernetes. Allison has spoken... Read More →

Speakers
avatar for Ivan Pedrazas

Ivan Pedrazas

Software Engineer, InfluxData
Ivan has a background in development and architecture. He has been helping companies like the UK Home Office, State Street, Soho House, or currently at InfluxData to adopt Kubernetes and release better software, more often. He enjoys designing and building platforms on distributed... Read More →
avatar for Alexis Richardson

Alexis Richardson

CEO & Founder, Weaveworks
Alexis is CEO and co-founder of Weaveworks, and was the first chair of the CNCF TOC.  He is also known for popularising the terms and practices of GitOps.Previously, at Pivotal, as head of products for Spring, RabbitMQ, Redis and vFabric, he "rebooted" Spring and transitioned the... Read More →
avatar for Laura Tacho

Laura Tacho

Director of Engineering, CloudBees
As the Director of Engineering at CloudBees and a Docker Captain, Laura's primary focus is making tools for other developers. At CloudBees, she works on improving the Docker infrastructure of the Codeship product and overall experience for all users of the CI/CD platform. Previously... Read More →
avatar for Tracy Miranda

Tracy Miranda

Head of Open Source, Chainguard
Tracy Miranda is the executive director of the Continuous Delivery Foundation (CDF) where she leads the mission to improve the world's capacity to deliver software with security and speed. Prior to CDF, Tracy was the Director of Open Source at CloudBees. Tracy is a veteran of the... Read More →

Tuesday May 21, 2019 14:00 - 14:35 CEST
Hall 8.0 A1
  CI/CD

14:50 CEST

Streamlining Kubernetes Application CI/CD with Bazel - Gregg Donovan, Etsy.com, Inc. & Chris Love, CNM Consulting
Creating a repeatable Kubernetes application deployment pipeline with the Bazel build system offers a number of advantages over traditional Kubernetes application CI/CD approaches. We will describe how Etsy uses Bazel, along with its container and Kubernetes support, to deploy many different services to multiple different clusters and environments.

Using a repeatable build process maximizes container layer caching and takes advantage of Kubernetes built in pod template hashing. With this caching in place, it becomes feasible to deploy all services in a large repo reliably without under-deploying -- not deploying changed components, leaving them unvalidated on master -- or over-deploying, waiting for a potentially expensive rollout despite not having made changes.

Bazel's rules_docker also allow you to build deterministic container images without the Docker daemon, simplifying CI/CD.
Speakers
avatar for Gregg Donovan

Gregg Donovan

Staff Software Engineer, Etsy.com, Inc.
Gregg Donovan is a Staff Software Engineer for Search at Etsy, where he has worked since 2010. He has spoken three times at LuceneSolr Revolution on search, designing distributed systems to be resilient to garbage collection, and sharding in large fanout systems. He spoke in 2018... Read More →
avatar for Chris Love

Chris Love

Founder, CNM Consulting
Chris Love has been coding for over 20 years, as well as contributing to OSS. Currently, he contributes to Google Helmsman (github.com/topics/gke-helmsman), kops, and other things K8s. Chris has architected projects with companies such as Google, Motorola, Inuit, and CenturyLink... Read More →

Bazel Kubecon 2019 pdf
Tuesday May 21, 2019 14:50 - 15:25 CEST
Hall 8.0 F3
  CI/CD

15:55 CEST

Kubectl Apply 2019: Defense Against the Dark Arts - Phillip Wittrock & Jennifer Buckley, Google
Kubectl Apply (loved and hated by users) is the canonical way to manage Kubernetes Resources, and the building block for systems performing continuous delivery.

Originally written in 2015, the inner workings of Apply have been referred to as the “dark arts” and have been accused of “making peoples eyeballs bleed”. The Apply maintainers took this feedback, and embarked on a journey to completely rearchitect Apply, this time without unleashing a primordial evil.

In 2019 Apply received its first major architectural overhaul, addressing long standing issues and bringing a cornucopia of new functionality to users and platform developers. Phillip Wittrock and Jenny Buckley will review both the changes in architecture and the new functionality that will usher in a delivery renaissance for Kubernetes.
Speakers
JB

Jennifer Buckley

Software Engineer, Google
Jennifer Buckley is a Software Engineer at Google, a member of Kubernetes SIG API Machinery, and a member of the Apply Working Group, which is focused on redesigning Kubectl Apply. She has also worked on the server-side dry-run feature, and improving dynamic admission webhooks. Owner... Read More →
avatar for Phillip Wittrock

Phillip Wittrock

Software Engineer, Google
Phillip Wittrock is Staff Software Engineer at Google, a member of the Kubernetes Steering Committee, and a Kubernetes SIG CLI Technical Lead. Phillip’s hobbies include debating how kubectl is pronounced and talking about Kubernetes at social events. Positions Held: Kubernetes... Read More →

Tuesday May 21, 2019 15:55 - 16:30 CEST
Hall 8.0 B3
  CI/CD
 
Thursday, May 23
 

11:05 CEST

Testing your K8s apps with KIND - Benjamin Elder, Google & James Munnelly, Jetstack.io
Part of the promise of Docker is being able to run tests in the same environment as production. For applications running on Kubernetes, though, development and testing is still a challenge. Developers of these applications have to choose between three poor options: an external, stateful cluster, spinning up a cluster for each test, or running tests outside of Kubernetes. All of these have significant drawbacks that hinder the acceptance of Kubernetes in new environments. kind presents a fourth option: a small, compliant Kubernetes that comes up in one minute, not twenty. Using kind, CI signal can be more reliable, integration tests faster, and local development streamlined.
Speakers
avatar for James Munnelly

James Munnelly

Solutions Engineer, Independent
James is a Solutions Engineer at Jetstack, which involves helping customers bend and break Kubernetes to their will. He helps maintain a number of extensions to Kubernetes, including cert-manager (a Kubernetes native x509 certificates platform), kubernetes-sigs/kind (Kubernetes-in-Docker... Read More →
avatar for Benjamin Elder

Benjamin Elder

Software Engineer, Google
Ben first worked on Kubernetes around the 1.0 launch, implementing the initial version of the iptables kube-proxy for Google Summer of Code 2015. He later started working full time on Kubernetes in the summer of 2017, focusing on the test-infra, local clusters, build, and test with... Read More →

Thursday May 23, 2019 11:05 - 11:40 CEST
Hall 8.0 B3
  CI/CD

11:55 CEST

Repeatable Deployments with Kubernetes, Helm & Bazel - Rohan Singh, Hustle Inc
Can you run a single command to build your applications, generate the appropriate Kube manifests, and deploy everything to each of your clusters?

If you've tried to set this up, you know that you can quickly end up with a rat's nest of custom scripts and repetitive YAML blobs. Even tools like Helm don't completely solve the problem.

In this talk, we'll cover how to wrangle this complexity with Bazel, a multi-platform build tool from Google. With Bazel, we can build Docker images, generate Kube objects, and deploy to a live cluster in a single step.

We'll also see how to use Bazel to parameterize YAML files and deploy slightly different configurations to different environments, without having to repeat and duplicate entire manifests. Finally, we'll cover how Bazel can be extended to compile and deploy Helm charts as well.
Speakers
avatar for Rohan Singh

Rohan Singh

Lead Infrastructure Engineer, Hustle Inc
Rohan Singh is an infrastructure lead at Hustle, a texting platform used by political campaigns and non-profits to reach voters & volunteers. In the past, he was a core contributor to Spotify's containerization efforts and its open-source container orchestration framework (Helios... Read More →

Kube + Bazel + Helm Rohan Singh pdf
Thursday May 23, 2019 11:55 - 12:30 CEST
Hall 8.0 B3
  CI/CD

14:00 CEST

Modern CI/CD with Tekton and Prow Automated via Jenkins X - James Rawlings, Cloudbees & Christie Wilson, Google
There’s been lots of innovation in the CI/CD space around the Kubernetes ecosystem, with the introduction of Tekton (formerly Knative) Pipeline and it's deep integration with Prow from the Kubernetes testing sig. This session will show you how to get started with Pipeline on your own clusters for your CI/CD needs, leveraging Prow for webhooks and powerful ChatOps capabilities on pull requests and issues. The live demo will also show we can use Jenkins X to orchestrate and automate building applications leveraging both Pipeline and Prow, so that we can all benefit from the awesome innovation.
Speakers
avatar for James Rawlings

James Rawlings

Engineer, CloudBees
James Rawlings is a co-creator of the open source project Jenkins X and works for CloudBees, where he aims to help developers and teams move to the cloud.James is passionate about automation and continuous improvement, always looking for new ways to help productivity or provide a... Read More →
avatar for Christie Warwick

Christie Warwick

Software Engineer, Google
Christie Wilson (Warwick) (she/her) is a software engineer with a passion for building quality software and having fun doing it. During her career she has worked in a wide range of domains from currency exchange to AAA games and is currently working on continuous delivery tools at... Read More →

Modern CI CD with Tekton and Prow Automated via Jenkins X pdf
Thursday May 23, 2019 14:00 - 14:35 CEST
Hall 8.0 B3
  CI/CD

14:50 CEST

How Intuit Does Canary and Blue Green Deployments with a K8s Controller - Daniel Thomson & Alex Matyushentsev, Intuit
GitOps has taken Kubernetes by storm, but the default kubernetes deployment is missing strategies such as canary and blue green. How do you run two versions of one application at the same time in a GitOps manner? Do you need to make multiple commits to orchestrate those strategies? Isn’t that redundant for a single deployment? The onus is on the user to orchestrate these industry standard strategies often using error prone scripts. To address this need, Intuit open sourced a deployment controller called Argo Rollouts that codifies these industry standard strategies into an custom resource called Rollout. This session will discuss how Intuit leverages rollouts of hundreds of apps in a GitOps style to implement these missing strategies, the challenges in converting inherently imperative strategies into a declarative configuration, and envisioning the future for GitOps based deployments.
Speakers
avatar for Alexander Matyushentsev

Alexander Matyushentsev

Principal Software Engineer, Intuit
Alexander Matyushentsev is a Principal Engineer in the Intuit Modern SaaS team. Alexander is focused on building tools which makes it easier to use Kubernetes. He is one of the core contributors to "Argo Workflows" and "Argo CD" projects. Alexander is passionate about open source... Read More →
avatar for Daniel Thomson

Daniel Thomson

Software Engineer, Stytch
Danny Thomson is a software engineer at Stytch working to build the future of user authentication through passwordless options. Previously, Danny worked at Intuit on their Modern Saas platform and contributed to their open-source project: Argoproj. He believes that developer services... Read More →

KubeCon Europe 2019 pdf
Thursday May 23, 2019 14:50 - 15:25 CEST
Hall 8.0 B3
  CI/CD

15:55 CEST

Peribolos: How Kubernetes Uses GitOps to Manage GitHub Communities at Scale - Christoph Blecker, Red Hat & Erick Fejta, Google
With 6 organizations, 150+ repositories, 400+ GitHub teams, and 800+ unique members, the Kubernetes project has a massive GitHub footprint. Scaling this footprint without excessive manual toil or impacting project velocity is a challenge.

We addressed this challenge by defining our GitHub organization as configuration in a GitHub repository. We wrote tooling, which we called peribolos, that continually applies this config, including whenever we merge changes to it.

Peribolos is built on top of prow, the CI system the Kubernetes project built and runs on. We will show how it works, discuss some of its design decisions around delegation and safety and help you decide whether it can benefit your organization.
Speakers
avatar for Christoph Blecker

Christoph Blecker

Senior Principal Site Reliability Engineer, Red Hat
Christoph is an Architect and Senior Principal SRE at Red Hat. He's a long time maintainer of the Kubernetes project, an emeritus member of the Kubernetes Steering Committee, and sits on the CNCF Governing Board.
EF

Erick Fejta

Staff Software Engineer, Google
Erick works at Google. He writes tooling for the kubernetes community and helps chair sig-testing. He helps create and maintain a lot of community infrastructure such as peribolos, prow, testgrid, kubetest and gubernator. He is also the lesser-known human face behind fejta-bot, which... Read More →

Peribolos Slides pdf
Thursday May 23, 2019 15:55 - 16:30 CEST
Hall 8.0 B3
  CI/CD

16:45 CEST

How Does Google Release Kubernetes in GKE - Kobi Magnezi & Josh Hoak, Google
Working on the GKE, we have been releasing new versions of Kubernetes since before Kubernetes was 1.0. Although closely related to the Kubernetes release, the release of Kubernetes in GKE involves ensuring fleet-wide consistency through upgrades, qualification and customer feedback. We will talk about the history of the GKE Release process and the lessons we have learned working with Kubernetes. We will close with open source improvements we're making to systems and tooling so that others can benefit from what we have learned.
Speakers
avatar for Josh Hoak

Josh Hoak

Software Engineer, Google
Josh has been a software engineer at Google for the last 7 years, the 3 of which have been on Google Kubernetes Engine. Most recently, Josh has led efforts to improve the GKE release systems and provide better reliability for managing GKE's fleet of Kubernetes clusters.
avatar for Kobi Magnezi

Kobi Magnezi

Product Manager, Google
Kobi is a product manager for GKE. He is a seasoned product and technology management professional with years of experience in digital digitalchannels and advanced technology. Kobi is focusing on running K8s at scale on GCP while meeting customer demands. Most recently, Kobi has led... Read More →

Kubecon EU 2019 Final pdf
Thursday May 23, 2019 16:45 - 17:20 CEST
Hall 8.0 A1
  CI/CD
 
Filter sessions
Apply filters to sessions.
Sunday, May 19
Monday, May 20
Tuesday, May 21
Wednesday, May 22
Thursday, May 23
CC4+CC5
CC7.1
CC8.25 + CC8.26, Hall 8.1
CC8.27–28
CC8.30, Hall 8.1
CNCF Answer Bar, Sponsor Showcase
Fira Congress Hotel
Hall 6
Hall 7 + 8.1
Hall 8.0 A1
Hall 8.0 B1
Hall 8.0 B3
Hall 8.0 C1
Hall 8.0 C2
Hall 8.0 C4
Hall 8.0 D1
Hall 8.0 D2
Hall 8.0 D4
Hall 8.0 E1
Hall 8.0 E4
Hall 8.0 E5
Hall 8.0 E9
Hall 8.0 F1
Hall 8.0 F3
Hall 8.0 F5
Hall 8.1
Hall 8.1 G1
Hall 8.1 G2
Hall 8.1 G3
Hotel Porta Fira @ Nixe on 1st Floor
Link Hall 6/7
North Access Foyer
Poble Espanyol
Porta Fira
Renaissance Hotel
SB Hotel
Sponsor Showcase, Hall 7
Terminal 1 - Baggage Claim
The W Hotel
  • Application + Development
  • Breaks + Meals
  • Case Studies
  • CI/CD
  • Community
  • Customizing + Extending Kubernetes
  • Keynote Sessions
  • Lightning Talks
  • Machine Learning + Data
  • Maintainer Track
  • Meet the Maintainer + Ambassador
  • Networking
  • Networking + Mentoring
  • Observability
  • Operations
  • Performance + Scalability
  • Pre-Conference Co-Located Events
  • Registration + Badge Pick-up
  • Runtimes
  • Security + Identity + Policy
  • Serverless
  • Service Mesh
  • Social Events
  • Sponsor Showcase
  • Storage
  • Tutorials
  • Wellbeing Activities
  • Skill Level
  • Advanced (Expert level experience)
  • Any (All levels of expertise would benefit from this session)
  • Beginner (Very basic information)
  • Intermediate (Mid-level experience)
  • Popular