KubeCon + CloudNativeCon North America 2024: Full Schedule

In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

arrow_back View All Dates

7:30am MST

Badge Pick-Up

Wednesday November 13, 2024 7:30am - 6:00pm MST

West Temple Entrance (East)

Wednesday November 13, 2024 7:30am - 6:00pm MST
West Temple Entrance (East)

Registration

7:30am MST

Badge Pick-Up

Wednesday November 13, 2024 7:30am - 6:00pm MST

200 South Entrance (South)

Wednesday November 13, 2024 7:30am - 6:00pm MST
200 South Entrance (South)

Registration

9:00am MST

Keynotes To Be Announced

Wednesday November 13, 2024 9:00am - 10:45am MST

Salt Palace | Level 1 | Hall DE

Wednesday November 13, 2024 9:00am - 10:45am MST
Salt Palace | Level 1 | Hall DE

Keynote Sessions

10:45am MST

Coffee Break ☕

Wednesday November 13, 2024 10:45am - 11:15am MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Wednesday November 13, 2024 10:45am - 11:15am MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

10:45am MST

Solutions Showcase

Wednesday November 13, 2024 10:45am - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Wednesday November 13, 2024 10:45am - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Solutions Showcase

10:55am MST

Project Pavilion Tour with Jorge Castro

Wednesday November 13, 2024 10:55am - 11:15am MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Explore the Project Pavilion, a hub of innovation and discovery! Take part in daily tours, interact with project maintainers at their kiosks, gain insights on community engagement and KCD event organization, and learn more about certification opportunities to showcase your expertise.

Join cloud veteran Jorge Castro as he takes you on a guided tour of our cloud native projects. This tour will include an introduction to the Pavilion, making introductions, interacting with maintainers, and ensuring you end up talking to the right projects!

Wednesday November 13, 2024 10:55am - 11:15am MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

11:15am MST

Advanced Model Serving Techniques with Ray on Kubernetes - Andrew Sy Kim, Google & Kai-Hsun Chen, Anyscale

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 2 | 255 EF

With the proliferation of Large Language Models, Ray, a distributed open-source framework for scaling AI/ML, has developed many advanced techniques for serving LLMs in a distributed environment. In this session, Andrew Sy Kim and Kai-Hsun Chen will provide an in-depth exploration of advanced model serving techniques using Ray, covering model composition, model multiplexing and fractional GPU scheduling. Additionally, they will discuss ongoing initiatives in Ray focused on GPU-native communication, which, when combined with Kubernetes DRA, offers a scalable approach to tensor parallelism, a technique used to fit large models across multiple GPUs. Finally, they will present a live demo, demonstrating how KubeRay enables the practical application of these techniques to real-world LLM deployments on Kubernetes. The demo will showcase Ray’s powerful capabilities to scale, compose and orchestrate popular open-source models across a diverse set of hardware accelerators and failure domains.

Speakers

Andrew Sy Kim

Software Engineer, Google

Andrew Sy Kim is a software engineer at Google working on Kubernetes and GKE.

Kai-Hsun Chen

Software Engineer, Anyscale

Kai-Hsun Chen is a software engineer on the Ray Core team at Anyscale and the primary maintainer of KubeRay. He is also an open-source enthusiast, as well as a committer and PMC member of Apache Submarine.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 2 | 255 EF

AI + ML

Content Experience Level Advanced

11:15am MST

Behind Schedule: Pod Resource Configuration from Beginning to... Huh? - Joe Thompson, Platform9

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 2 | 251

Pod resource requests, limits and priority are some of the most fundamental concepts of Kubernetes clusters, and they're easy to understand: if nodes have the resources you need, you get scheduled, and if not, you don't... right? Joe will walk you through some of the surprising behaviors you may encounter with the seemingly basic rules that Kubernetes follows when scheduling and running pods -- and how those rules themselves may not be what you think! We'll dig into eviction and preemption (and why the difference matters) and why priority sometimes doesn't solve the problems you think it will. We'll finish with recent changes to pod resource management that are upending long-standing basics of pod scheduling, particularly the in-place pod resizing feature alpha-released in the last few versions of Kubernetes. You'll leave with a deeper understanding of the (not-so-) simple mechanics, as well as how to debug them when things get messy.

Speakers

Joe Thompson

Technical Product Marketing Manager, Platform9

Joe Thompson's IT career is near the end of its third decade. He's been part of the cloud-native community since 2014, starting with OpenStack and adding Kubernetes a few months after it debuted. He's spoken at KubeCon, Cloud Native Rejekts and many local meetups and enjoys showing... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

11:15am MST

All Your Routes Are Ready, More or Less - Dave Protasowski, Broadcom

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | 155 EF

Gateway API is the official next gen Kubernetes API for Ingress, Load Balancing and Service Meshes. Many proxies implement the API and pass conformance with glowing colours! But what is it really like to use the API? What isn't covered by the conformance tests that end-users should know. In the talk we'll highlight our experience adopting the Gateway API in the Knative Serving project. We'll talk about the problems we encountered and how we addressed them. Come to the talk and we'll pit some implementations against each other and show some numbers!

Speakers

Dave Protasowski

Staff Engineer, VMware/Broadcom

Dave Protasowski is part of Knative Technical Committee and a Serving Working Group Lead. During the night he works at VMware/Broadcom. Prior he worked on Cloud Foundry things at Pivotal.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Beginner

11:15am MST

The Future of DBaaS on Kubernetes - Melissa Logan, Constantia; Sergey Pronin, Percona; Deepthi Sigireddi, PlanetScale; Gabriele Bartolini, EDB

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | Grand Ballroom GI

Running Database-as-a-Service (DBaaS) in the cloud is a common practice for organizations, and more are seeking to offer DBaaS on Kubernetes. Benefits include cost efficiencies, as well as providing a faster, more scalable development environment. While it has many benefits, managing a DBaaS on Kubernetes can be challenging. In this panel, database experts from the Data on Kubernetes Community will discuss how to get started with Kubernetes and operators to run DBaaS, storage and security requirements, common patterns for deployment and Day 2 operations, how to leverage AI for DBaaS, and pitfalls to avoid. They will also share real world experiences from users running DBaaS on Kubernetes.

Speakers

Melissa Logan

CEO, Constantia

Melissa Logan has worked in tech for 24 years and is currently director of the Data on Kubernetes and Data Mesh Learning communities, and founder of Constantia.io - a tech community and communications company. Constantia works with data and open source companies to provide marketing... Read More →

Gabriele Bartolini

VP of Cloud Native, EDB

Gabriele, a co-founder of 2ndQuadrant and open-source advocate, has been instrumental in PostgreSQL's global growth. Focused on enhancing business continuity for large-scale databases, he has championed stateful workloads in cloud-native environments since 2019. As a co-founder and... Read More →

Deepthi Sigireddi

Software Engineer, PlanetScale

Deepthi is the Technical lead for Vitess, a CNCF graduated open source project. She also leads the Vitess engineering team at PlanetScale which offers a database service built on Vitess. She brings over 20 years of experience building scalable systems to this role. She enjoys speaking... Read More →

sergey pronin

Product guy, Percona

Sergey is a passionate technology “driver”. After graduation worked in various fields: internet service provider, financial sector and M&A business. Main focal points were infrastructure and products around it. At Percona as a Group Product Manager drives forward Kubernetes and... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Any

11:15am MST

Architecting Tomorrow: The Heterogeneous Compute Resources for New Types of Workloads - Alexander Kanevskiy, Intel Finland

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 2 | 255 BC

Imagine managing a set of diverse workloads on a Kubernetes node, operating across dozens of CPU cores and several memory zones. But do you truly comprehend the difference between one CPU core versus another? Are you aware of the impact that different memory zone might have on your workload's efficiency? Will optimisations for one type of workloads be helpful for another? Do you think that your ML workload will behave same way as e.g. Redis? This presentation delves deep into CPU internals, memory types (DRAM, HBM, CXL), and diverse cache/core types and layouts. Explore recent hardware advancements and their impact on workloads. We'll examine native compute resource allocation strategies from a hardware point of view, crucial for enhancing workload performance and optimising energy usage and cost efficiency. Join and learn details of the modern hardware architecture that gives you a framework to make more informed choices on hardware resource optimisation for your infrastructure.

Speakers

Alexander Kanevskiy

Principal Engineer, Cloud Orchestration Software, Intel Finland

Alexander is currently employed by Intel as Principal Engineer, Cloud Software, focusing on various aspects in Kubernetes: Resource Management, Device plugins for hardware accelerators, Cluster Lifecycle and Cluster APIs. Alexander has over 25+ years of experience in areas of Linux... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Intermediate

11:15am MST

SIG Network Intro and Updates - Daman Arora, VMware by Broadcom & Shaun Crampton, Tigera

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 3| 355 BC

SIG Network is responsible for networking for Kubernetes clusters, and there's never a shortage of interesting problems to solve in this space. In this session we'll provide some updates about SIG Network as a whole, including: * status and progress of core networking components * status and progress of sub-projects * considerations for the future If you're interested in hearing about what's going on in the networking space, or maybe even interested in joining the SIG and finding a place to contribute, please join us!

Speakers

Shaun Crampton

Distinguished Engineer, Tigera

Shaun is a Distinguished Software Engineer at Tigera, looking after Project Calico's iptables and eBPF dataplanes. Before joining the Tigera team, Shaun worked on a number of Software Defined Networking products and cloud scale applications. He holds an MA in Computer Science from... Read More →

Daman Arora

Software Engineer, VMware by Broadcom

Trying to maintain kube-proxy.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Network

11:15am MST

The Spice Must Flow Green: CNCF's Environmental Sustainability TAG - Marlow Warnicke (Weston), SchedMD & Saiyam Pathak, Loft Labs

Wednesday November 13, 2024 11:15am - 11:50am MST

Hyatt Regency | Level 4 | Regency Ballroom A

The carbon must be counted. In the Environmental Sustainability TAG, we focus on current and emerging technologies regarding carbon measurement and minimization. As our digital landscape grows, so does its impact on the environment—a factor often overlooked in the pursuit of technological advancement, such as AI. Traditionally, companies focused primarily on financial metrics. However, with increasing awareness of climate issues, stricter regulations, and rising energy costs, environmental impact is now a crucial consideration. We highlight the Green Reviews Working Group and our project to measure impact. We're developing a pipeline that works with current tooling, such as Kepler, to measure the power consumption of CNCF Projects. We explore how to measure energy consumption and emissions of software projects. We also give the status of other projects, such as the sustainability landscape, initiatives such as our sustainability week, and collaborative organisations.

Speakers

Saiyam Pathak

Principal Developer Advocate, Loft Labs

Saiyam is working as Principal Developer Advocate at Loft Labs. He is the founder of Kubesimplify, focusing on simplifying cloud-native and Kubernetes technologies. Previously at Civo, Walmart Labs, Oracle, and HP, Saiyam has worked on many facets of Kubernetes, including machine... Read More →

Marlow Weston

Principal Cloud Engineer, SchedMD

Marlow is a Principal Cloud Engineer working on scheduling at SchedMD. She also is a chair for the CNCF Environmental Sustainability TAG. Marlow has expertise in resource management, the AI/ML Kubernetes cloud compute ecosystem, embedded systems, high performance compute system tools... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Environmental Sustainability

11:15am MST

The State of Cloud Native Business Value in 2024 - Danielle Cook, appCD; Simon Forster, Stackegy; Catherine Paganini, Buoyant; Colin Griffin, Krumware; Robbie Glenn, Accenture

Wednesday November 13, 2024 11:15am - 11:50am MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

In 2024, what is the state of cloud native business value? We hear that it is marked by unprecedented growth and innovation, but is that what we are seeing? In this panel discussion hosted by the Cartografos Working Group, we provide an update on how organizations of all sizes are leveraging cloud native technologies to enhance agility, scalability, and cost efficiency. Key advancements go beyond technology alone. Panelists will discuss how cloud native is streamlining operations, accelerating time-to-market, realizing ROI through more efficient resource utilization and reduced operational overhead. Attendees will hear how cloud native can drive business goals including how cloud native platforms drive intelligent automation and data-driven decision-making. Attendees will hear how security and compliance frameworks have matured and how cloud native strategies are proving essential for competitive advantage and digital transformation across industries.

Speakers

Robbie Glenn

Tech Architecture Manager, Accenture

Colin Griffin

CEO, Krumware

Colin Griffin is CEO at Krumware, and a Co-Chair of the CNCF Platforms Working Group. Colin Griffin is a software engineer by trade, specializing in cloud-native application and infrastructure development; with an emphasis on developer enablement and platform engineering. He founded... Read More →

Catherine Paganini

Head of Marketing, Buoyant

Catherine Paganini is TAG Contributor Strategy Co-chair, CNCF Deaf & Hard of Hearing WG facilitator, CNCF Cloud Native Glossary founder, and Head of Marketing at Buoyant, the creator of Linkerd. A marketing leader passionate about open source, Catherine started her contributor journey... Read More →

Simon Forster

Technical Architect and CNCF Ambassador, Independent

Simon Forster is a CNCF Ambassador and cloud native technology architect and engineer based in London. Simon has extensive experience working in heavily regulated financial institutions on the design, delivery and security of critical cloud native applications. He has a specific focus... Read More →

Danielle Cook

VP, appCD

Danielle Cook has worked in the cloud native industry since 2016 helping organizations adopt the technologies that make cloud native enterprise ready. She co-authored and launched the CNCF Cloud Native Maturity Model in 2021, is a co-chair of the CNCF Cartografos Working Group and... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Cartografos

11:15am MST

TUF: Secure Distribution Beyond Software - Marina Moore, Independent

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 3 | 355 EF

As organizations improve their software supply chain, they may encounter an influx of metadata: attestations, SBOMs, VEX statements, and more. Have you ever wondered how to securely distribute all of this information to end users? Enter TUF! The Update Framework (TUF), has paved the way for secure software updates throughout the cloud native ecosystem and beyond, and is being expanded to securely distribute signing keys, attestations, and more. TUF allows organizations to ensure that all of this data is up-to-date and resilient to tampering. The TUF project is constantly improving and this talk will highlight some of these improvements, from recent integrations by groups such as Docker and Github to an effort to provide conformance testing across various TUF implementations. The TUF project has an active team of maintainers and contributors that make all of these improvements possible, and we will discuss how you can get involved to keep making the project better.

Speakers

Marina Moore

Independent

Marina Moore has a PhD from at NYU where she performed research into software supply chain security. This research focused on real-world application through open source contribution. She is an open source maintainer and active in open source communities through the CNCF and OpenSSF... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, The Update Framework (TUF)

11:15am MST

Using Notary Project to Ensure Authenticity and Integrity of Artifacts Within the Enterprise - Toddy Mladenov, Microsoft & Tjark Rasche, Mercedes-Benz Tech Innovation GmbH

Wednesday November 13, 2024 11:15am - 11:50am MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

In this session, we will go over the steps and considerations the enterprise goes through to select a reliable and future-proof signing technology and improve the integrity and authenticity of their software artifacts. We will share the questions and constraints in the enterprise and how those were addressed by Notary Project. We will also provide an update on the latest features and the roadmap for Notary Project.

Speakers

Toddy Mladenov

Principal Product Manager, Microsoft

Toddy has over 25 years of experience in software engineering and design, consulting, and product management for companies like Microsoft, T-Mobile, and SAP. He started his cloud journey 14 years ago as part of the Azure team. Since then, Toddy worked on large-scale cloud implementations... Read More →

Tjark Rasche

Senior Software Engineer, Mercedes-Benz Tech Innovation GmbH

Tjark works as a Cloud Software Engineer at Mercedes-Benz Tech Innovation GmbH. He focuses on automating the cluster lifecycle, cluster security and integrating custom cluster addons with Kubernetes. He is also highly involved with the local Kubernetes community, founder of the Kubernetes... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Notary

11:15am MST

Unlocking Cost Savings & New Possibilities: Your Guide to Prometheus Remote Write 2.0 - Callum Styan, Grafana Labs & Bartłomiej Płotka, Google

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | Grand Ballroom HJ

Prometheus Remote Write is the protocol used to send Prometheus metrics from Prometheus or any other metric source to compatible remote storage endpoints such as Thanos and Cortex. Remote Write is generally used for metric long term storage, centralization, and cloud services. It also enables users to run Prometheus in an agent mode, reducing local storage requirements. Welcome to Remote Write 2.0! In this talk, Bartek and Callum, Prometheus maintainers and RW2.0 spec. co-authors, will introduce you to the next iteration of the popular protocol which adds more functionality while cutting your egress costs up to 60%, and keeps the previous versions easy-to-implement stateless design! The audience will learn what's changed in the second version of Remote Write, what it unlocks, and how easy it is to update or adopt. Finally, the speakers will share the latest benchmarks and differences with the common alternatives.

Speakers

Bartłomiej Płotka

Senior Software Engineer, Google

Bartek Płotka is a Senior Software Engineer at Google. SWE by heart, with an SRE background, currently working on Cloud Observability. Previously Principal Software Engineer at Red Hat. Author of "Efficient Go" book with O'Reilly. As the co-founder of the CNCF Thanos project and... Read More →

Callum Styan

Senior Software Engineer, Grafana Labs

Callum is a software engineer from Vancouver, Prometheus Team Member/Maintainer, and currently works on Loki at Grafana Labs.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Advanced

11:15am MST

ARM-Wrestling: Overcoming CPU Migration Challenges to Reduce Costs - Laurent Bernaille & Eric Mountain, Datadog

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | 155 BC

When you have a significant cloud footprint, you always look for performance improvements and cost reductions. So when ARM instances became commonly available on one of our providers, seemingly providing great performance at a lower cost, we had to take a closer look! In this talk, we will first describe the steps we took to make our clusters ARM-ready and a few interesting issues we encountered during our initial tests: from performance regressions due to compiler behaviors to subtle memory corruption bugs. We will then discuss new challenges, in particular how to achieve load-balancing and auto-scaling when running workloads on a mix of CPUs with different performances, and share our results. If migrating real workloads to ARM proved challenging, it was worth the effort and we now run more than 50% of our workloads on ARM.

Speakers

Laurent Bernaille

Principal Engineer, Datadog

Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud and adopt containers. He is now Principal Engineer at Datadog and works closely with infrastructure teams, which are responsible... Read More →

Eric Mountain

Staff Engineer, Datadog

Eric Mountain began working with Kubernetes in 2014 helping Amadeus migrate to container and cloud technology. Eric is now a Staff Engineer in Datadog’s Compute team providing large scale Kubernetes to our internal users.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Any

11:15am MST

All-Your-GPUs-Are-Belong-to-Us: An Inside Look at NVIDIA's Self-Healing GeForce NOW Infrastructure - Ryan Hallisey & Piotr Prokop PL, NVIDIA

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | Grand Ballroom BDF

GeForce Now is a game streaming platform used by 20+ million gamers worldwide. Kubernetes is at the core of its infrastructure powering game workloads and other containerized services and tools. The infrastructure includes many regional clusters with 10s of thousands of GPUs capable of supporting 100s of thousands concurrent gamers. To operate a large Kubernetes infrastructure efficiently, NVIDIA built a GPU maintenance API to enable automated lifecycle management of critical infrastructure components. When combined with a few operators, this API facilitates planning and coordination of crucial driver, GPU, and Kubernetes upgrades at an unprecedented scale, as well as empowering self-healing operators to detect and remediate failures to avoid outages. In this talk, we will share: - How K8s and KubeVirt powers Nvidia GeForce Now - Nvidia’s GPU Maintenance API solution - NVIDIA’s vision for doing automated GPU maintenance at scale in K8s

Speakers

Ryan Hallisey

Software Engineer, NVIDIA

Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.

Piotr Prokop

Senior Software Engineer, NVIDIA

Piotr is a Senior Software Engineer at NVIDIA. He works on running high performance workloads powered by Kubernetes for NVIDIA products.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Beginner

11:15am MST

AuthZEN: The “OpenID Connect” for Authorization - Omri Gazitt, Aserto

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | 151

Today, the authorization world is fractured - each vendor supports its own APIs & protocols. But this is about to change. AuthZEN, a new OpenID Foundation working group, was created in late 2023 to establish authorization standards. OIDF is the home of OpenID Connect, the ubiquitous standard for federated login, and that’s where we’re setting our sights. In this talk, I'll describe the current state of cloud-native authorization, including the policy-as-code and policy-as-data approaches, and the various open source projects in each camp. I'll also share the progress we’ve made creating a single authorization API that works across both policy-as-code (OPA, Topaz) and policy-as-data (Zanzibar-style projects), present the API specs we've created so far, and show off the various interoperable implementations. With this foundation in place, engineering teams can be more confident in externalizing their authorization and picking a provider without being locked in to a proprietary API.

Speakers

Omri Gazitt

Co-founder & CEO, Aserto

Omri is the co-founder/CEO of Aserto, an authorization startup, and his third entrepreneurial venture. He's spent the majority of his 30-year career working on developer and infrastructure technology, most recently as the CPO of Puppet. Previously he was the VP and GM of HP's Cloud... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Any

11:15am MST

GitOops... I Did It Again! Protecting Your GitOps System from Being Used for Privilege Escalation - Oreen Livni & Elad Pticha, Cycode

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 2 | 250

From data theft to privilege escalation in the Kubernetes cluster, you don't want to be the one telling your boss that your GitOps system has been compromised. This talk covers the security of GitOps tools, highlighting common misconfiguration pitfalls and how to avoid them. We will share the story of CVE-2024-31989, a critical vulnerability we discovered in the popular tool Argo. When installed with the default configuration, this vulnerability allowed privilege escalation from any access point to the cluster (such as a webshell) to complete cluster takeover. We will discuss common insecure configurations like this and provide examples from popular open-source projects to explain how your organization can protect itself from these risks. Attendees will receive a guide and practical tools to protect their GitOps systems against such threats.

Speakers

Elad Pticha

Security Researcher, Cycode

Elad is a passionate security researcher with a focus on software supply chain and web application security. He dedicates his time to writing security research tools and finding vulnerabilities across a broad spectrum, from open-source projects and web applications to IoT devices... Read More →

Oreen Livni

Security Researcher, Cycode

Oreen Livni is a passionate security researcher specializing in application and supply chain security, Domain, and networking. With a focus on software supply chain vulnerabilities. Alongside his professional commitments, he immerses himself in art, gardening, and the world of surfing... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 2 | 250

Security

Content Experience Level Any

11:15am MST

Tutorial: A Mad Scientist's Guide to Automating CNI with Generative AI - Doug Smith, Red Hat, Inc

Wednesday November 13, 2024 11:15am - 12:45pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Ready to make Kubernetes networking a little easier and a lot more fun? Join Doug for an experiment in configuring CNI (Container Networking Interface) using generative AI. Despite being advised by data scientists to avoid automating machine configurations with generative AI, Doug went into the mad scientist's lab (err, basement) and tested how often a workflow could generate CNI configurations that would establish network connectivity between pods – and the success rate might surprise you. In this session, you'll automate CNI configurations using a large language model (LLM) and gain experience with a nifty tech stack: Ollama for running a containerized LLM, Kubernetes, CNI, and some script wizardry to create your own auto-configurator. Best yet? No prior CNI or AI/ML knowledge needed, and you'll learn along the way! Just in case, have contingency plans ready should any Skynet or Space Odyssey 2001 scenarios arise during the tutorial.

Speakers

Doug Smith

Principal Engineer, Red Hat, Inc

Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →

Wednesday November 13, 2024 11:15am - 12:45pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Cloud Native Novice

Content Experience Level Beginner

12:10pm MST

AI and ML: Let’s Talk About the Boring (yet Critical!) Operational Side - Rob Koch, Slalom Build & Milad Vafaeifard, Epam

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 2 | 255 EF

As AI and ML become increasingly prevalent, it’s worth looking harder at the operational side of running these applications. We need a lot of compute and access to GPU workloads. We also need to be reliable, while providing rock-solid separation between datasets and training processes. And we need great observability in case things go wrong, and must be simple to operate. Let's build our ML applications on top of a service mesh instead of spending resources reimplementing the wheel – or, worse, the flat tire. Join us for a lively, informative, and entertaining look at how a service mesh can solve real-world issues with ML applications while making it simpler and faster to actually get things done in the world of ML. Rob Koch, Principal at Slalom Build, will demonstrate how you can use Linkerd together with multiple clusters to develop, debug, and deploy an ML application in Kubernetes (including IPv6 and GPUs), with special attention to multitenancy and scaling.

Speakers

Rob Koch

Principal, Slalom Build

A tech enthusiast who thrives on steering projects from their initial spark to successful fruition, Rob Koch is Principal at Slalom Build, AWS Hero, and Co-chair of the CNCF Deaf and Hard of Hearing Working Group. His expertise in architecting event-driven systems is firmly rooted... Read More →

Milad Vafaeifard

Lead Software Engineer, Epam

Milad Vafaeifard, a Lead Software Engineer at EPAM Systems, has 9+ years of web design and development expertise. Deaf but undeterred, he is the creative force behind Sign Language Tech and an active contributor to a YouTube channel focused on tech content for the signing tech community... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 2 | 255 EF

AI + ML

Content Experience Level Any

12:10pm MST

Operationalizing High-Performance GPU Clusters in Kubernetes: A Case Study of Databricks' DBRX - Will Gleich & Wai Wu, Databricks

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | Hall DE

Training large language models (LLMs) on GPUs within Kubernetes environments involves significant configuration and complexity, often leading to unique failure scenarios. This presentation will cover the lessons learned from training DBRX, a state-of-the-art LLM, that we developed on a 400-node cluster with a primary workload utilizing 3072 GPUs and the tooling needed to measure and maintain a healthy fleet of nodes and underlying interconnect fabric. This will include: * How we implemented GPU health detection leveraging Prometheus and DCGM Exporter * How we monitor GPU Direct Remote Direct Memory Access (GDRDMA) and the challenges of monitoring components that bypass CPU * Discussion of failure scenarios during training, and how they were addressed Databricks Mosaic AI Training leverages GPU clusters across many cloud providers to maximize availability; we will also discuss the variations we see and how we had to engineer around them.

Speakers

Wai Wu

Databricks

Will Gleich

Sr. DevOps Engineer, Databricks

Will Gleich is a Sr. DevOps engineer at Databricks specializing in MLOps and Site Reliability Engineering.

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

12:10pm MST

Beyond 'Can You Mentor Me?' - Crafting the Contribution Ladder - Nitish Kumar, Akuity; Wenjia Zhang, Google; Lucas Käldström, Upbound; Carol Valencia, Elastic; Nabarun Pal, Broadcom

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 2 | 251

Mentorship, a cornerstone of the community's success, offers a transformative path to growth and development. However, finding the right mentor and building a successful mentorship relationship can be challenging. This panel discussion brings together experienced mentors from diverse roles within the Kubernetes community including maintainers, tech leads, and committee members. The panel members will share their insights on how to get the most out of mentorship at different stages of your Kubernetes journey, as you climb the Contributor ladder. By the end of this panel, the audience will understand essential takeaways for effective mentorship at different contributor ladder marks. The project maintainers can take inspiration from how the Kubernetes project maintainers make use of various mentorship techniques such as Role Based Shadowing, Peer-to-Peer Learning, and Mentorship Cohorts that can help any project especially CNCF incubating projects stick new contributors to the project.

Speakers

Lucas Käldström

Senior Software Engineer, Upbound

Lucas is a Kubernetes and cloud native expert who has been serving the CNCF community in lead positions for 6 years. He’s awarded Top CNCF Ambassador 2017 with Sarah Novotny. Lucas was a co-lead for SIG Cluster Lifecycle, co-created kubeadm, Weave Ignite, and ported Kubernetes to... Read More →

Wenjia Zhang

Engineering Manager, Google

Wenjia Zhang is an Engineer Manager at Google, working on Google Kubernetes Engine and Google Distributed Cloud. She is an active contributor for Kubernetes and etcd open source projects.

Nabarun Pal

Staff Engineer at VMware, Kubernetes Steering Committee and Maintainer, Broadcom

Nabarun is a Staff Software Engineer at VMware by Broadcom, a maintainer of the Kubernetes project, an elected Kubernetes Steering Committee member and a chair of Kubernetes SIG Contributor Experience. He is a Release Manager for Kubernetes and has been the Kubernetes 1.21 Release... Read More →

Nitish Kumar

Software Engineering Intern, Akuity

Nitish is a Software Engineer at Akuity and a CNCF Ambassador. In the past, Nitish has served as a Linux Foundation Mentee under the Kubernetes Release Engineering Team, where he built the OBS library that is used by the Kubernetes project to automate the process of managing release... Read More →

Carolina Valencia

Customer Architect, Elastic

Carol is a passionate software developer dedicated to implementing secure cloud-native practices. She actively contributes to CNCF projects and the Kubernetes community as an open-source contributor. She enjoys learning new technologies and creating material, some of which she shares... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Any

12:10pm MST

Can Your Kubernetes Network Handle the Heat? Building Resilience with AI Chaos - Lior Lieberman, Google & Surya Seetharaman, Red Hat

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | 155 EF

Kubernetes networking is complex with many APIs, numerous configurations and potential failure points. In the rapidly evolving world of cloud-native applications, ensuring your Kubernetes network can withstand unexpected failures is not just an advantage—it is a necessity. In this talk Surya and Lior, holding distinct leadership roles in Gateway API and NetworkPolicy API, will demonstrate how you can leverage AI-powered Chaos Engineering to stress test Gateways, NetworkPolicies, and Services on a live cluster! They will share their experiences and lessons learned from using Litmus and enhancing K8sGPT to design and execute AI Chaos experiments, as well as focusing on how you can proactively find gaps and bottlenecks in the network infrastructure. This is a great opportunity to learn from real-world disruption scenarios and participate in a collaborative discussion on how we can leverage AI to build robust Kubernetes Networks.

Speakers

Surya Seetharaman

Principal Software Engineer, Red Hat Inc.

Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Principal Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems... Read More →

Lior Lieberman

Site Reliability Engineer, Google

Lior is site reliability engineer at Google working on Google Compute Engine. He is a leading maintainer of ingress2gateway, and an active contributor to Kubernetes SIG network focused on Gateway API.

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

12:10pm MST

When Life Gives You Containers, Make an Open Source RDS: A Kubernetes Love Story - Sergey Pronin, Percona

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | Grand Ballroom GI

This isn't your typical technical talk. We'll take you on a step-by-step adventure, starting from a humble single database in a container and adding components one by one, just like we did. You'll witness firsthand how we tackled real-world challenges, from storage and scaling to monitoring and UI design, to create an Open Source Cloud Native database platform. You'll walk away with a deep understanding of how Kubernetes can be used to orchestrate complex and stateful applications (like databases clusters). Join us and discover how you can break free from vendor lock-in, save costs, and build a database that's truly yours. This is your chance to learn from our triumphs and tribulations, and be inspired to create your own open source success story.

Speakers

sergey pronin

Product guy, Percona

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Beginner

12:10pm MST

Building Reliable Cross-Cloud Kubernetes Clusters on Spot Instances with Drafter and PVM - Felicitas Pojtinger, Loophole Labs

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 2 | 255 BC

Building Kubernetes clusters that span across multiple cloud providers prevents vendor lock-in and offers flexibility. Using spot instances can further cut costs by up to 90%, but they can terminate with only 30 seconds' notice. Traditionally, migrating VMs across cloud providers and CPUs to mitigate this has been challenging due to hardware constraints. PVM (Pagetable Virtual Machine) is an experimental kernel technology that changes this by enabling KVM without hardware assistance or emulation. Using the research paper, this session will explain how PVM works and how the open-source Drafter and Firecracker projects can use it to migrate VMs between cloud providers. The session includes a live demo of running Kubernetes components like the Kubelet, CRI, CSI and CNI inside VMs and migrating them in a heterogeneous EC2, GCP, and Azure environment. This allows evacuating a Kubernetes node and network without downtime if a spot instance is terminated or if another provider is cheaper.

Speakers

Felicitas Pojtinger

Software Developer, Loophole Labs

Felicitas Pojtinger is a software engineer working on all things cloud native. She has developed multiple popular OSS projects such as the WebRTC-based overlay networking tool weron, the Go network boot server bofied, the go-nbd library and more. Currently, she does research and development... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Advanced

12:10pm MST

AI for Policy and Policy for AI! - Poonam Lamba, Google; Boris Kurktchiev, Nirmata; Andy Suderman, Fairwinds; Ronald Petty, RX-M; Jimmy Ray, Boeing Digital

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 3 | 355 EF

As Kubernetes becomes the go-to for deploying AI, the need for strong governance and policies is critical. This panel will dive into how policies and AI intersect within Kubernetes. We'll explore challenges, best practices, and new standards for managing AI workloads to guarantee security, fairness, and transparency. We'll examine existing and new policy frameworks for governing AI workloads on Kubernetes, including industry standards and best practices. We'll also address security risks like data privacy and model integrity, and establish clear lines of accountability for AI workloads. This panel is ideal for engineers, operators, compliance officers, and anyone involved in deploying and managing AI workloads on Kubernetes.

Speakers

Ronald Petty

Consultant, RX-M

Ronald Petty is a consultant at RX-M, a global Cloud Native an AI advisory and training firm. Ronald works as a consultant/advisor/board-member for both for-profit and non-profit organizations focusing on technology and related policy issues. Additionally, he authors and edits technical... Read More →

Poonam Lamba

Product Manager, Google

Poonam is a Product Manager at Google, where she leads Policy, Governance, and Compliance for GKE. An active contributor to the Kubernetes Policy Working Group and Gatekeeper project, she is passionate about open-source solutions. Outside of work, Poonam enjoys hiking, paddle boarding... Read More →

Andy Suderman

CTO, Fairwinds

Andy Suderman is CTO at Fairwinds, a managed Kubernetes-as-a-Service provider. Andy has worked with cloud native technologies for the last eight years helping organizations adopt and manage Kubernetes. Andy is the creator and primary developer of Goldilocks—an open source tool that... Read More →

Boris Kurktchiev

Chief Plumber, Nirmata

In the world of tools, it's not 'one size fits all.' I'm the expert who always knows when to grab the hammer and when to reach for the screwdriver.

Jimmy Ray

ISO, Boeing Digital

Underpinned by 30 years of technology, writing, and speaking experience, Jimmy Ray is recognized as a subject matter expert in Policy as Code, cloud-native computing, and software supply chain security.Jimmy is the author of Policy as Code - Improving Cloud Native Security, July 2024... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Policy

12:10pm MST

Best Friends Keep No Secrets: Going Secretless with Cert-Manager - Ashley Davis & Tim Ramlot, Venafi

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

In today's complex Kubernetes environments, managing secrets securely is a challenge. Traditional methods often involve complex configurations with secret vaults, secret syncing and secret backups. Regardless of which fancy technology is used, secrets always come with a risk of being leaked. Most of the secrets used in traditional applications can be replaced by short-lived certificates. Applications can prove to be the owner of a certificate without sharing any secrets. In Kubernetes, cert-manager can be used to provision these certificates to all applications without sharing any secret information. Table of contents: - Do we actually need secrets? Comparing authentication methods: static secrets vs short-lived secrets and proof of ownership - How to issue certificates using cert-manager without using [S|s]ecrets - Compatibility and other challenges

Speakers

Ashley Davis

Staff Software Engineer, Venafi

As a teenager, Ash taught himself to program after wondering how exactly video games were made. That led to adventures trawling through open source codebases, sparking an interest in computers spanning from bare-metal machine code right up to scalable distributed platforms like Kubernetes... Read More →

Tim Ramlot

Senior Software Engineer - cert-manager maintainer, Venafi

Tim started working at Venafi as a software engineer after his graduation as computer science engineer at Ghent University. He learned about cert-manager and Venafi through a Google Summer of Code internship. His mission at Venafi is to advance his problem solving skills, whilst contributing... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, cert-manager

12:10pm MST

Dapr's Road Ahead: GenAI APIs, Distributed Scheduling at Scale and What It Means for Your Platform - Yaron Schneider, Diagrid

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

In this maintainer track we will cover the latest developments and updates of the Dapr project looking into 2025, focusing on how Dapr is adding APIs to abstract the complexities of interacting with LLM models at scale, a new distributed scheduling API and workflow engine that can serve millions of activities per second and how Dapr can be used by platform teams to provide golden paths for interacting with the underlying infrastructure

Speakers

Yaron Schneider

CTO / Co-Founder at Diagrid, Dapr Co-Creator, Diagrid

Yaron co-created the CNCF projects Dapr and KEDA while at Microsoft and led the engineering architecture for serverless container platforms that run at scale using open source technologies. Yaron is an avid lover of open source tech and distributed systems, and is a co-founder and... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Dapr

12:10pm MST

Emissary-Ingress: Version 4 and the Road Ahead - Flynn, Buoyant

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Emissary-ingress 4.0 is shipping! This marks the first new major version in some years for Emissary, one of the first Kubernetes-native, self-service API gateways and ingress controllers, and it comes on the heels of some big changes in the project. In this session, we'll start with a quick overview of the need for ingress controllers in general, the benefits of self-service developer workflows, and how Emissary-ingress can help with these issues. We'll also talk about recent changes in the project, what Emissary 4 brings to the table, and how to get involved as a contributor, how to best offer feedback, and what's in store for the project in the future. Emissary's maintainer sessions are always great opportunities to talk directly with Emissary-ingress maintainers and make sure your voice is heard when it comes to the project's future -- looking forward to seeing you there!

Speakers

Flynn -

Tech Evangelist, Buoyant

Flynn is a tech evangelist at Buoyant, educating developers about Linkerd, Kubernetes, and cloud-native development in general. He has spent 40 years in software engineering (from the kernel up through distributed applications, with a common thread of communications and security throughout... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Emissary-ingress

12:10pm MST

SIG Scheduling Intro & Updates - Aldo Culquicondor, Google & Kensei Nakada, Tetrate.io

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 3| 355 BC

SIG Scheduling is responsible for the components that make Pod scheduling decisions in a Kubernetes cluster, such as kube-scheduler for pod to node assignment, kueue for job queueing, Kwok for scheduling load testing, among other projects. In this session, you will learn the basics of these projects and how they can be extended. You will also learn about our recent advancements and ongoing work, such as higher scheduling throughput in kube-scheduler, fair sharing and hierarchical cohorts in Kueue and evaluating performance and scalability efficiently using Kwok.

Speakers

Aldo Culquicondor

Sr. Software Engineer, Google

Aldo is a Senior Software Engineer at Google. He works on Kubernetes and Google Kubernetes Engine, where he contributes to kube-scheduler, the Job API and other features to support batch, AI/ML and HPC workloads. He is currently a TL at SIG Scheduling and an active member of WG Batch... Read More →

Kensei Nakada

Software Engineer, Tetrate.io

Kensei Nakada is a platform engineer at Tetrate. In the community, he is a sig-scheduling approver, and a core maintainer of the project kube-scheduler-simulator and kube-scheduler-wasm-extension.

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Scheduling

12:10pm MST

Towards Zero Change Incidents: Intuit's Strategy for Implementing AI-Driven Progressive Delivery - Avik Basu & Saravanan Balasubramanian, Intuit

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

At Intuit, rapid development is essential for swift feature updates and fixes. Yet, 33% of last year's incidents were due to new deployments, highlighting the need for a progressive delivery system with automated rollback capabilities. However, traditional static thresholds fall short for Intuit's ~2500 services, each with unique patterns across multiple key performance metrics. To tackle this, Intuit has implemented an ML-based progressive delivery system that utilizes Prometheus to monitor multivariate metrics, offering a comprehensive view of application health and performance during deployments. The talk will present a case study application, identify its critical metrics, and showcase how Intuit leverages Numaproj and its out-of-the-box ML models to generate anomaly scores during deployments using Argo Rollouts. This strategy enables Intuit to quickly identify and address issues using AIOps techniques, ensuring a smooth and dependable customer experience.

Speakers

Saravanan Balasubramanian

Staff Software Engineer, Intuit

Bala is the lead engineer and maintainer in Argo workflow project , Intuit- leading Argo workflow project for open source community and Intuit.

Avik Basu

Staff Machine Learning Engineer, Intuit

Avik is a data scientist and machine learning engineer with expertise across multiple ML domains such as computer vision, natural language understanding, reinforcement learning, and time series. Currently, he leads the machine learning initiatives for open-source AIOps at Intuit... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Beginner

12:10pm MST

Automated Multi-Cloud, Multi-Flavor Kubernetes Cluster Upgrades Using Operators - Ziyuan Chen, Databricks

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | 155 BC

Databricks manages over a thousand k8s clusters across three major cloud providers which run critical workloads in cloud regions around the world. This talk describes the system we built to upgrade nodes’ operating system, k8s version, and other configs monthly, supporting EKS, AKS, GKE, and self-managed k8s. Our system is built on k8s operators and performs zero-downtime blue-green rolling updates, respects contracts with services with features like PDBs, maintenance windows, deferred node draining, and custom workload handling plugins. It enables easy rollbacks, has good observability, and incurs minimal human operational cost. This has allowed us to patch vulnerabilities and release infrastructure changes quickly and reliably across the fleet. We will also share our lessons learned on building several operators that work together using the controller-runtime framework, designing the declarative interfaces between them, and achieving consistent behavior across three clouds.

Speakers

Ziyuan Chen

Software Engineer, Databricks

Ziyuan Chen is a software engineer at Databricks. He has worked on Databricks' cloud platform and OS infrastructure.

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

12:10pm MST

Automated Multi-Cloud Blue-Green Cluster Rotations: Zero Downtime Upgrades at Scale - Sourav Khandelwal, Databricks

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

I will present the system developed for cluster rotations across Databricks’ fleet of over a thousand cloud-managed k8s clusters on AWS, Azure, and GCP. Blue-green cluster rotations, or cluster swaps (upgrading by creating a new k8s cluster with a new version/configuration & shifting workloads from the old cluster), allow us to implement major infrastructure changes and upgrade k8s versions with low risk through staged rollouts, seamless rollbacks, zero downtime, and minimal operator intervention. Our system includes a k8s-style continuous reconciliation mechanism to manage cluster swap lifecycles, a fast and reliable cluster state change discovery system, and a k8s workload migration system. We will share methodologies and experiences in constructing this loosely coupled system that orchestrates product workloads and cloud provider APIs for automated cluster swaps. This session will explore the challenges faced, and the benefits of automating large-scale, multi-cloud k8s upgrades.

Speakers

Sourav Khandelwal

Sr. Software Engineer, Databricks

I am a seasoned software engineer with over 10 years of experience in designing and managing large-scale platforms in cloud-native environments. At Databricks, my significant contributions have been pivotal in launching our next-generation cloud infrastructure that helped to transition... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Intermediate

12:10pm MST

The Hard Truth About GitOps and Database Rollbacks - Rotem Tamir, Ariga

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 2 | 250

For two decades now, the common practice for handling rollbacks of database schema migrations has been pre-planned "down migration scripts". A closer examination of this widely accepted truth reveals critical gaps that result in teams relying on risky, manual operations to roll back schema migrations in times of crisis. In this talk, we show why our existing tools and practices cannot deliver on the GitOps promise of "declarative" and "continuously reconciled" workflows and how we can use the Operator Pattern to build a new solution for robust and safe schema rollbacks.

Speakers

Rotem Tamir

CTO, Ariga

Rotem Tamir (38), father of two. Co-founder and CTO of Ariga, co-maintainer of Atlas and Ent. Ex-data platform architect at Nexar, infrastructure team lead at ironSource.

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Intermediate

12:10pm MST

Breaking Free from Vulnerability Scanning Noise: Automated VEX Aggregation for Accuracy - Teppei Fukuda, Aqua Security Software Ltd.

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | 151

Vulnerability scanners detect known vulnerabilities in software dependencies, but often produce inaccurate results (false-positives) due to their inability to automatically determine if a vulnerability is actually exploitable. Vulnerability Exploitability eXchange (VEX) is an industry-wide initiative that aims to address this issue, but the lack of standardized distribution hinders its effective utilization. This talk introduces VEX Hub, a central repository that automatically aggregates VEX documents published by open-source projects. VEX Hub’s unique architecture makes it easy and practical for software maintainers to start adopting VEX, while at the same time making it seamless for scanners and users to incorporate VEX in their workflow. The presentation showcases a practical use case of VEX Hub with Trivy, an open-source security scanner that popularizes VEX thanks to VEX Hub and delivers more accurate and actionable scanning results to its users.

Speakers

Teppei Fukuda

Open Source Engineer, Aqua Security Software Ltd.

Teppei Fukuda is the creator of Trivy and works at Aqua Security as an Open Source Software Engineer. He has a wealth of software engineering experience working on network and security. Away from the work, he is an avid manga enthusiast, dreaming of reading every comic book in the... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Any

12:10pm MST

🚩 An Introduction to Capture The Flag - Andy Martin & Kevin Ward, ControlPlane

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 2 | 255 A

The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon North America attendees. In preparation for getting started with the activity, you are invited to attend an introductory session.

This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together. Want to know more about the CTF? [more details to be shared soon]

Speakers

Andrew Martin

CEO, ControlPlane

Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Kevin Ward

Principal Consultant, ControlPlane

Kevin is an Principal Consultant with over 10 years of experience designing, building and testing secure solutions for Government, Defence and Finance sectors. In his own time, Kevin enjoys hacking and hardening systems to discover the balance between security and usability. He co-authored... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 2 | 255 A

Security

12:45pm MST

Lunch 🍲

Wednesday November 13, 2024 12:45pm - 2:30pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Wednesday November 13, 2024 12:45pm - 2:30pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

1:15pm MST

Project Pavilion Tour with Orlin Vasilev, CNCF Ambassador

Wednesday November 13, 2024 1:15pm - 1:35pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Wednesday November 13, 2024 1:15pm - 1:35pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

2:30pm MST

Architecting the Future of AI: From Cloud-Native Orchestration to Advanced LLMOps - Ion Stoica, Anyscale

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 255 EF

With the groundbreaking release of ChatGPT, large language models (LLMs) have taken the world by storm: they have enabled new applications, have exacerbated GPU shortage, and raised new questions about their answers’ veracity. This talk delves into an AI stack, encompassing cloud-native orchestration, distributed computing, and advanced LLMOps. Key topics include: - Kubernetes: The foundational technology that seamlessly manages AI workloads across diverse cloud environments. - Ray: The versatile, open-source framework that streamlines the development and scaling of distributed applications. - vLLM: The cutting-edge, high-performance, and memory-efficient inference and serving engine designed specifically for large language models. Attendees will gain insights into the architecture and integration of these powerful tools, driving innovation and efficiency in the deployment of AI solutions.

Speakers

Ion Stoica

Co-founder, executive chairman & president, Anyscale

Ion Stoica is a Professor in the EECS Department at the University of California at Berkeley, and the Director of SkyLab. He is currently doing research on cloud computing and AI systems. Past work includes Ray, Apache Spark, Apache Mesos, Tachyon, Chord DHT, and Dynamic Packet State... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 255 EF

AI + ML

Content Experience Level Any

2:30pm MST

Optimizing LLM Performance in Kubernetes with OpenTelemetry - Ashok Chandrasekar, Google & Liudmila Molkova, Microsoft

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Hall DE

Large Language Models are increasing in popularity and their deployments on Kubernetes have steadily increased. LLM applications bring new usage patterns that the industry does not have the expertise in. At the same time, there is a lack of observability in these deployments which makes it difficult to debug performance issues. We will present an end to end walkthrough of how you can leverage client and server LLM observability using Open Telemetry based on the recent efforts in the Kubernetes and Open Telemetry communities to standardize these across LLM clients and model servers. We will also demonstrate how to troubleshoot a real-world performance issue in your LLM deployment and how to optimize your LLM server setup for better performance on Kubernetes. We'll show how to use Kubernetes autoscaling based on custom model server metrics and demonstrate how they offer a superior alternative to using GPU utilization metrics for such deployments.

Speakers

Liudmila Molkova

Principal Software Engineer, Microsoft

Liudmila Molkova is a Principal Software Engineer at Microsoft working on observability and Azure client libraries. She is a co-author of distributed tracing implementations across the .NET ecosystem including HTTP client instrumentation and Azure Functions. Liudmila is an active... Read More →

Ashok Chandrasekar

Senior Software Engineer, Google

Ashok Chandrasekar is a Senior Software Engineer at Google working on AI/ML experience for Google Kubernetes Engine. Previously he was a Staff Engineer at VMware where he led the cluster lifecycle management area for Tanzu Mission Control. He has 7 years of Kubernetes experience working... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

2:30pm MST

Choose Your Own Adventure: The Observability Odyssey - Whitney Lee, CNCF Ambassador & Viktor Farcic, Upbound

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 251

Our hero, a running app in a secure K8s prod environment, knows they are destined for greater things! They’re serving end users, but currently, they have no idea what is going on. Are apps scaling correctly? Are automated deployments successful? What just went wrong, and how can it be fixed? Hero is desperate to escape this fog by adding CNCF tools for logs, metrics, traces, and dashboards. It is up to you, the audience, to guide our hero and help them grow from a lost and confused app to their final form⎯an app that knows their faults before their users do. In their fourth KubeCon ‘Choose Your Own Adventure’-style talk, Whitney and Viktor will present choices that an anthropomorphized app must make as they add observability to their cluster, enabling the ability to answer meaningful questions about their system. Throughout the presentation, the audience (YOU!) will vote to decide our hero's path! Can we navigate CNCF projects and add observability before the session time elapses?

Speakers

Viktor Farcic

Developer Advocate, Upbound

Viktor Farcic is a lead rapscallion at Upbound, a member of the CNCF Ambassadors, Google Developer Experts, CDF Ambassadors, and GitHub Stars groups, and a published author. He is a host of the YouTube channel DevOps Toolkit and a co-host of DevOps Paradox.

Whitney Lee

CNCF Ambassador

Whitney is a lovable goofball and a CNCF Ambassador who enjoys understanding and using tools in the cloud native landscape. Creative and driven, Whitney recently pivoted from an art-related career to one in tech. You can catch her lightboard streaming show ⚡️ Enlightning on her... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Any

2:30pm MST

Cilium, EBPF, WireGuard: Can We Tame the Network Encryption Performance Gap? - Daniel Borkmann & Anton Protopopov, Isovalent

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 155 EF

To increase data security for cloud and hybrid cloud deployments, many companies, governments, standards, and tenders require data in transit to be protected. However, network encryption comes at a cost - what is the performance impact and how can we reduce it? In this session, we explore how network encryption can be efficiently enforced with Cilium, eBPF, and WireGuard. We dive deep into Cilium’s integration of WireGuard and elaborate on both the management plane and Cilium’s eBPF datapath. We analyze and benchmark what performance cost one can expect and explore opportunities in the Linux kernel to reduce that price. This talk is for operators and security teams that need to encrypt network traffic, but also want to minimize its overhead. The audience will walk away understanding whether network encryption needs to come at a high toll and whether there are opportunities for optimizations.

Speakers

Daniel Borkmann

Software Engineer, Isovalent at Cisco

Daniel Borkmann co-created eBPF and is a kernel developer at Isovalent working on eBPF, the Linux kernel and Cilium. He is a long-term Linux kernel core contributor in the eBPF and networking subsystem for over a decade and co-maintains eBPF and XDP. In his spare time, he loves to... Read More →

Anton Protopopov

Software Engineer, Isovalent at Cisco

Anton is a software engineer at Isovalent, which is now part of Cisco.Anton is leading a team building new generation of Isovalent products and also participates in developing eBPF-based parts of Cilium stack and on eBPF support in the Linux Kernel.During his career, Anton played... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Advanced

2:30pm MST

AIStore as a Fast Tier Storage Solution: Enhancing Petascale Deep Learning Across Cloud Backends - Abhishek Gaikwad & Aaron Wilson, NVIDIA

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Grand Ballroom GI

As deep learning continues to evolve, the demand for handling petascale datasets efficiently becomes paramount. Current cloud storage solutions often struggle with the speed (throughput) and cost-effectiveness required for these massive datasets, particularly due to the random access needs of machine learning workloads. This talk introduces AIStore (AIS) as a fast-tier storage solution designed to overcome these challenges by offering a fast, scalable, cost-effective tier for deep learning data. AIS features linear scalability with each added storage node - in fact, with each added drive. In this presentation, we will explore the architecture and benefits of AIStore, focusing on its linear scalability and high performance. This session will feature detailed benchmarks and use cases comparing the performance of accessing cloud datasets with and without AIStore, highlighting AIS's ability to deliver high per-GPU throughput and stable latencies.

Speakers

Aaron Wilson

NVIDIA

Abhishek Gaikwad

Software Engineer, NVIDIA

Abhishek Gaikwad is a Software Engineer at NVIDIA with a Master of Science degree in Computer Science from San Jose State University. As a key developer and maintainer of AIStore, Abhishek has played a crucial role in its design, development, and management. His contributions include... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

2:30pm MST

Cloud Native Sustainability Speedrun: Tools from Infrastructure to Application Level - Saiyam Pathak, Loft Labs & Saloni Narang, Kubesimplify

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 255 BC

The cloud native sustainability landscape is rising rapidly with new tools that are solving new challenges. This session will provide a quick overview of the latest tools & initiatives within the landscape. The speaker will dive into different sections, from infrastructure to application, and cover tools within the landscape. They will explore key tools like Kepler for energy consumption monitoring, KubeGreen for scaling down deployments, Scaphandre for detailed power usage metrics, & Cloud Carbon Footprint for tracking and reducing carbon emissions. This talk will showcase the practical application of these tools, demonstrating how they can be integrated to create a comprehensive sustainability strategy. Attendees will learn landscape segmentation & how they can use it for their cloud native applications today in order to track & reduce their carbon emissions effectively. This talk will offer how these tools can be used together to make cloud native deployments more sustainable.

Speakers

Saiyam Pathak

Principal Developer Advocate, Loft Labs

Saloni Narang

Independent DevRel, Kubesimplify

Saloni is working as an independent DevRel, helping companies to form their DevRel strategies. Previously she worked at SAP Labs and has worked on different cloud tools including GCP,Oracle, & AWS. She loves to learn about new open-source tools in the CNCF landscape. She has been... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Advanced

2:30pm MST

Guiding Kubernetes: The Steering Committee's Role in Project Evolution - Maciej Szulik, Red Hat

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

The Kubernetes Steering Committee plays a crucial role in overseeing the non-technical aspects of the Kubernetes project and making important project-wide decisions. The committee has a wide scope of working and responsibilities. The committee has evolved over the years. In this session, let’s take a look at how the committee came to be created, the bootstrap era, how it works now and what’s in store for the future. We will have excerpts from our emeritus members who served to shape the goals and vision of the steering committee. We will explore how you can leverage our learnings to enhance the governance of your own cloud native projects. If you are eager to gain insights or have queries about the governance journey of the Kubernetes project, we encourage you to drop by and engage in an insightful discussion.

Speakers

Maciej Szulik

Senior Principal Software Engineer, Red Hat

Maciej is a passionate developer with almost 2 decades of experience in many languages. Currently he's working on OpenShift and Kubernetes for Red Hat. Whereas at night he is hacking on side projects with python. In his spare time he enjoys reading a good book or taking photos.

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Steering

2:30pm MST

Harbor Project - The Maintainers Session What We Have Accomplished! - Orlin Vasilev, SUSE; Vadim Bauer, 8gears Container Registry; Miner Yang, Daniel Jiang & Yan Wang, Broadcom

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 3 | 355 EF

In Harbor v2.11, we've successfully integrated SBOM (Software Bill of Materials) within the platform, enhancing our security and compliance capabilities. We're also exploring innovative trends in AI, such as an AI-assisted registry (not to be confused with an AI-integrated bot). Join Vadim and Orlin as they guide you through the latest developments in the Harbor project, along with some exciting side projects within our community that you may find intriguing. This session is a perfect opportunity for software engineers and DevOps professionals to dive into Harbor's advancements and explore new possibilities together. We invite you to join us for firsthand information about what's coming next in Harbor and learn how you can actively contribute to the project. Together, let's make Harbor even better!

Speakers

Miner Yang

CNCF Project Harbor Contributor, Member of VMware Kubernetes techinal staff, Broadcom

Join Cloud Native and Harbor team 2 years ago, Developer of Harbor, Harbor-helm and Harbor Carvel Package.

Daniel Jiang

Broadcom

Yan Wang

Broadcom

Orlin Vasilev

Principal Open Source Technology Advocate, SUSE

Orlin Vasilev is Principal Open Source Technology Advocate and Community Manager for Project Harbor as part of the Cloud Native team at SUSE. Second term CNCF Ambassador and driving the CNCF Meetup Group(~1.7 K members) in Bulgaria. KubeCon CfP review board member. Previously SysAdmin/Dev/SRE/System... Read More →

Vadim Bauer

Harbor Maintainer, 8gears Container Registry

Vadim Bauer is a Container Silverback with over a decade of experience in running containers in production. As a maintainer of the CNCF project Harbor, he focuses on extending the boundaries of OCI artifact management, adoption, and developer experience. At 8gears, Vadim helps cloud... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Harbor

2:30pm MST

Kubernetes Data Protection WG Deep Dive - Dave Smith-Uchida, Veeam

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, we will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. We will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.

Speakers

Dave Smith-Uchida

Technical Leader, Veeam

Dave has been a leader in data protection for Kubernetes for the last several years. In addition to his work at Veeam on K10, he is a founding member of the Kubernetes Data Protection Working Group and was formerly the architect for the Velero Open Source Kubernetes backup project... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Data Protection

2:30pm MST

Kubernetes WG Device Management - Advancing K8s Support for GPUs - John Belamaric, Google; Patrick Ohly, Intel; Kevin Klues, NVIDIA

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

The goal of the recently formed WG Device Management is to enable simple and efficient configuration, sharing, and allocation of accelerators (such as GPUs and TPUs) and other specialized devices. This working group focuses on the APIs, abstractions, and feature designs needed to configure, target, and share the necessary hardware for both batch and serving (inference) workloads. The current focus of the working group is the Dynamic Resource Allocation (DRA) feature. Come to this talk to learn what we have delivered in Kubernetes 1.31, what is coming in 1.32 and beyond, and how you can influence the roadmap for Kubernetes support of accelerated workloads.

Speakers

Patrick Ohly

Principal Engineer, Intel

Patrick Ohly is a software engineer at Intel GmbH, Germany. In the past he has worked on performance analysis software for HPC clusters ("Intel Trace Analyzer and Collector") and cluster technology in general (PTP and hardware time stamping). Since January 2009 he has worked for Intel... Read More →

Kevin Klues

Distinguished Engineer, NVIDIA

Kevin Klues is a distinguished engineer on the NVIDIA Cloud Native team. Kevin has been involved in the design and implementation of a number of Kubernetes technologies, including the Topology Manager, the Kubernetes stack for Multi-Instance GPUs, and Dynamic Resource Allocation (DRA... Read More →

John Belamaric

Senior Staff Software Engineer, Google

John is a Sr Staff SWE, co-chair of K8s SIG Architecture and of K8s WG Device Management, helping lead efforts to improve how GPUs, TPUs, NICs and other devices are selected, shared, and configured in Kubernetes. He is also co-founder of Nephio, an LF project for K8s-based automation... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Device Management

2:30pm MST

SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Ryan Zhang, Microsoft; Stephen Kitt, Red Hat

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 3| 355 BC

SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, and applications deployed across many clusters, or even across cloud providers. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape!

Speakers

Stephen Kitt

Senior Principal Software Engineer, Red Hat

Stephen is one of the maintainers of the Submariner project, providing connectivity and service discovery across multiple Kubernetes clusters. He is a long-time open source contributor, and has been at Red Hat since 2015, working on OpenDaylight and Submariner.

Jeremy Olmsted-Thompson

Principal Engineer, Google

Jeremy is a software engineer who works on Google Kubernetes Engine. His main focus is on simplifying the Kubernetes experience, and making it as easy as possible to deploy applications both within a cluster with things like GKE Autopilot, and across clusters with multi-cluster solutions... Read More →

Laura Lorenz

SWE, Google

Laura Lorenz is a software engineer at Google. She is an active member of Kubernetes’ upstream focused on SIG-Multicluster, SIG-Node, and releases.

Ryan Zhang

Principal Software Engineering Manager, Microsoft

Dr. Ryan Zhang is a Principal Software Engineering Manager at Microsoft, working on Azure Kubernetes Service Team. Ryan has been working on Cloud Native open source projects for the past few years including CloudEvents, Open Application Model (OAM) and multi-cluster related initi... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Multicluster

2:30pm MST

Unifying Observability: Correlating Metrics, Traces, and Logs with Exemplars and OpenTelemetry - Anusha Reddy Narapureddy & Charlie Le, Apple

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

In modern distributed systems, observability is key to understanding application performance and behavior. While metrics, traces, and logs each provide valuable insights, their true power is realized when they are correlated. This talk will dive into the practical benefits and implementation of correlating these signals with exemplars using the OpenTelemetry SDK and Collector, and showcase the results in Grafana. Attendees will learn how to leverage OpenTelemetry to create exemplars which will allow them to navigate from either logs or metrics to their traces.

Speakers

Anusha Reddy Narapureddy

Senior Software Engineer, Apple

Anusha is an enthusiastic software engineer who is passionate about observability, distributed systems, and cloud-native technologies. She has extensive experience in designing and building highly available, scalable, and fault-tolerant systems in the cloud.

Charlie Le

Senior Software Engineer, Apple

Charlie is a software engineer at Apple, specializing in building and scaling cloud native observability solutions and infrastructure. Deeply inspired by the collaborative spirit of open source, he actively contributes to projects like Cortex and OpenTelemetry, shaping the future... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Intermediate

2:30pm MST

Does My K8s Application Need CPR? Performance Evaluation of a Multi-Cluster Workload Management App - Braulio Dumba & Ezra Silvera, IBM

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 155 BC

KubeStellar (KS) is an open-source Kubernetes multi-cluster workload configuration management system that can be used to manage AI workloads in multi-cluster environments. Hence, understanding KS performance is crucial especially when managing resource intensive AI workloads. In this talk, we will present our experience in analyzing the performance metrics of KS across several dimensions of scalability (e.g., number of bindingPolicies, workload description spaces and number of managed remote clusters) and challenges that arise when conducting performance experiments in a multi-cluster environment. Our insights will demonstrate the utility of benchmarking the performance of a multi-cluster Kubernetes workload management application. Additionally, in this talk, we will demonstrate the usefulness of using several opensource tools such as clusterloader2, kube-burner & kwok to evaluate the performance of multi-cluster Kubernetes management applications.

Speakers

Ezra Silvera

Senior Technical Staff Member, IBM

Ezra Silvera is a Senior Technical Staff Member at IBM Research. His interests include distributed systems, cloud management, and cloud infrastructure. Ezra is passionate about open-source technologies and has been involved in several notable open source projects such as Docker, KubeVirt... Read More →

Braulio Dumba

Staff Research Scientist, IBM

Dr. Braulio Dumba is a Staff Research Scientist at IBM Research. In 2018, he joined IBM under the Hybrid Cloud organization. His current research is focus on edge computing and hybrid cloud computing. Dr. Dumba earned a Ph.D. in Computer Science from University of Minnesota, Twin... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

2:30pm MST

Better Pod Availability: A Survey of the Many Ways to Manage Workload Disruptions - Zach Loafman, Google

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Kubernetes Pods are ephemeral, but some are more ephemeral than others. Kubernetes provides a dizzying array of options to manage and handle Pod disruption. From PodDisruptionBudgets, to "safe-to-evict" annotations, GracefulTermination timeouts and more, it can be incredibly hard to determine the optimal solution for handling Pod disruption and how to manage gracefully terminating your application. Thankfully, due to the extensible nature of Kubernetes we can build CRDs and controllers that can simplify these complex topics for end users. In this talk, we'll present an in-depth analysis of the built-in options and how they work (or don't). While this problem is not unique to game-serving, we'll deep-dive and explain how Agones (an open-source session orchestration system layered on Kubernetes) solves this problem with a simple abstraction to hide the complexity!

Speakers

Zach Loafman

Staff Software Engineer, Google

Zach leads Google’s GKE Games team. He was previously lead of the Kubernetes Control Plane team for GKE, lead of the GKE Cluster Lifecycle team, worked on Kubernetes prior to GA, and was one of the founding members of the Google Kubernetes Engine team.

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Intermediate

2:30pm MST

Secure by Design CI/CD: Practical Insights from Adobe and Autodesk - Vikram Sethi, Adobe Inc. & Jesse Sanford, Autodesk

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 250

Worried that your CI/CD pipelines and developer workflows are insecure? Lost in security buzzwords like SBOMs, provenance, attestation, SLSA, OpenSSF, and more? Seeking a clear, actionable reference architecture to secure your pipeline? Whether you are just getting started on your Software Supply Chain Security journey, or are ready to take it to the next level navigating this diverse ecosystem is challenging. Join Vikram and Jesse as they present a reference architecture for secure-by-default CI/CD pipelines and show you effective security controls at every step. See firsthand how these industry giants safeguarded their pipelines while maintaining agility and innovation. This talk will showcase their work, and the work of the CNOE (Cloud Native Operational Excellence) group, which aims to build a paved path through this problem space by producing opinionated software collections or “CNOE stacks” that can be adapted to meet you where your technology is.

Speakers

Jesse Sanford

Software Architect, Autodesk

Jesse is a lifelong software engineer focused on site reliability and Infosec. Currently architecting the juncture of platform engineering and security/compliance for Autodesk's Developer Enablement team. He regularly contributes to open source and frequently speaks about his work... Read More →

Vikram Sethi

Principal Scientist, Adobe Inc.

Vikram is a Principal Scientist in the Developer Platforms organization at Adobe. Vikram has been architecting and building the Developer Experience for Adobe's Internal Developer Platform for the last few years. In the last year or so, Vikram has been working on rearchitecting Adobe's... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Any

2:30pm MST

Bridging Clouds: TikTok’s Blueprint for Unified OIDC Access on Multi-Cloud Kubernetes - Naveen Mogulla, TikTok

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 151

As businesses embrace increasingly complex multi-cloud environments, managing access across diverse Kubernetes setups becomes paramount. At TikTok, we faced the challenge of unifying OpenID Connect (OIDC) access for Kubernetes clusters across GKE, EKS, OKE and on-prem clusters each providing different levels of support and integration. This talk will detail our journey to develop a scalable, centralized OIDC framework using a reverse proxy approach, ensuring seamless authentication and authorization across different cloud providers. We will discuss our architectural strategy, highlighting how we leveraged Envoy for request handling and dynamic configuration with external authorization filters to accommodate diverse OIDC implementations. Discover how TikTok overcame identifying OIDC discrepancies among providers to implementing a unified solution that not only simplifies k8s access management but also reinforces security and compliance across our global, multi-cloud infrastructure.

Speakers

Naveen Mogulla

Tech Lead, TikTok

Naveen Mogulla is a Tech Lead at TikTok kubernetes edge platform team. He has worked in Infrastructure engineering for almost 13+ years. He is also the main contributor to the AWS IAM operator in the keiko project. He was part of the Intuit core team which created multiple open source... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced

2:30pm MST

🚩 An Introduction to Capture The Flag - Andy Martin & Kevin Ward, ControlPlane

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 255 A

Speakers

Kevin Ward

Principal Consultant, ControlPlane

Andrew Martin

CEO, ControlPlane

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 255 A

Security

2:30pm MST

Tutorial: Confidential Containers 101: A Hands-on Workshop - Archana Choudhary & Suraj Deshmukh, Microsoft

Wednesday November 13, 2024 2:30pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

As traditional enterprises with stringent data protection requirements become cloud-native and migrate to Kubernetes on public clouds, they are wondering: “Is my data secure on this shared hardware? Can someone with a host access snoop on my data?” And especially, with the upcoming Digital Operational Resilience Act (DORA) in Europe mandating data protection in use, it’s crucial for users to familiarize themselves with solutions like Confidential Containers (CoCo), a CNCF sandbox project. In this, first of its kind, hands-on workshop we’ll dive deep into using CoCo with k8s. We’ll explore real-world challenges, such as ensuring data confidentiality from platform owners (cloud providers), and show you how to overcome them. Through practical exercises, you’ll learn to set up CoCo and secure your containerized workloads, turning theory into practice. Attendees will discover streamlined practices, find robust protection mechanisms, and gain strategic insights into adopting CoCo.

Speakers

Suraj Deshmukh

Senior Software Engineer, Microsoft

Suraj is working on Confidential Containers open-source project for Microsoft. He has been working with Kubernetes since version 1.2. He is currently focused on integrating Kubernetes and Confidential Containers on Azure.

Archana Choudhary

Ms, Microsoft

A software engineer who has been exploring cloud-native technologies, particularly focusing on confidential containers over the past several months.

Wednesday November 13, 2024 2:30pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Security

Content Experience Level Intermediate

3:25pm MST

A Tale of 2 Drivers: GPU Configuration on the Fly Using DRA - Alay Patel & Varun Ramachandra Sekar US, Nvidia

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 255 EF

NVIDIA’s GeForceNow is a cloud gaming service that allows users to stream video games from NVIDIA's servers to a wide range of devices, including PCs, Macs, Android devices, iOS devices, and smart TVs. Under the hood, it is powered by Kubernetes running Kubevirt VMs. For a seamless user experience, GeForceNow dynamically switches GPU drivers to accommodate either passing through an entire GPU or slicing it into multiple virtual GPUs, all while keeping utilization close to 100% across the datacenter. This poses significant challenges when using the traditional device plugin API provided by Kubernetes. In this talk, we explore GeForce Now’s journey to transition away from the traditional device plugin API in favor of Dynamic Resource Allocation (DRA). We'll share valuable insights for anyone looking to perform a similar migration of their own. Join us to learn about the challenges, solutions, and best practices to help optimize your GPU-accelerated workloads in the cloud.

Speakers

Alay Patel

Senior Software Engineer, Nvidia

Alay is a Senior Software Engineer at Nvidia where he works on cloud gaming service, exposing infrastructure for GPU workloads. He is passionate about open source with a focus on Kubernetes and platform engineering.

Varun Ramachandra Sekar US

Senior Software Engineer, Nvidia

Developer by day, Dog whisperer by night.

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 255 EF

AI + ML

Content Experience Level Intermediate

3:25pm MST

Optimizing Load Balancing and Autoscaling for Large Language Model (LLM) Inference on Kubernetes - David Gray, Red Hat

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Hall DE

As generative AI language models improve, they are increasingly being integrated into business-critical applications. However, large language model (LLM) inference is a compute-intensive workload that often requires expensive GPU hardware. Making efficient use of these hardware resources in the public or private cloud is critical for managing costs and power usage. This talk introduces the KServe platform for deploying LLMs on Kubernetes and provides an overview of LLM inference performance concepts. Attendees will learn techniques to improve load balancing and autoscaling for LLM inference, such as leveraging KServe, Knative, and GPU operator features. Sharing test results, we will analyze the impact of these optimizations on key performance metrics, such as latency per token and tokens per second. This talk equips participants with strategies to maximize the efficiency of LLM inference deployments on Kubernetes, ultimately reducing costs and improving resource utilization.

Speakers

David Gray

Senior Software Engineer, Red Hat

David Gray is a Senior Software Engineer on the Performance and Scale team at Red Hat. His role involves analyzing and improving AI inference workloads on Kubernetes platforms. David is actively engaged in performance experimentation and analysis of running large language models in... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Any

3:25pm MST

Create & Distribute a Plugin for Kubernetes (Kubectl) in Few Minutes? Easy! 🙂 - Aurélie Vache, OVHcloud & Gaëlle Acas, Doctolib

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 251

Kubectl is the most powerful tool that allow you to interact with the API Server of a Kubernetes cluster. We use it everyday to list the pods, deploy a service, scale a deployment to 5 replicas... but do you know that you can add custom features to the kubectl CLI? Indeed, Kubernetes is an extensibe world that allows you to extends most of its components (Network, Storage, Container runtime, webhooks … ) and even the kubectl CLI. In this talk, Gaëlle and Aurélie will show you how it can be easy to create a plugin in a few minutes. For that, they will create, in live, a plugin in Bash, to make our pods more user-friendly. But that's not all! The goal of this talk is also to share our awesome plugin with others and for that, Krew is “The place to be”. At the end of this talk you will have all the marbles in hand in order to be able to create & share your own plugin to the world or only to your internal teams. Ready? Create your own plugins!

Speakers

Gaëlle Acas

Site Reliability Engineer, Doctolib

Site Reliability Engineer at Doctolib & co-organiser of the CNCF Nantes meetup. As a cloud addict, I love playing with containers, surfing Dev&Ops skills and juggling the world of serverless. I also love to share and pass on my passion for code to our kids.

Aurélie Vache

Developer Advocate, OVHcloud

Aurélie is a CNCF Ambassador, a Docker Captain & Google Developer Expert. She created a new visual way to learn & understand Cloud technologies: "Understanding Kubernetes/Istio/Docker in a visual way" in sketchnotes, books and videos. She has been working as a Developer & Ops for... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

3:25pm MST

Extending the Gateway API: The Power and Challenges of Policies - Kate Osborn, NGINX

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 155 EF

From the beginning, the Gateway API has been designed to be extensible. With over 25 implementations to date, it’s crucial that these implementations have a way to support implementation-specific features without resorting to annotations. Among the various ways to extend the Gateway API, the Policy Attachment mechanism stands out as the most potent and challenging. In this session, we will explain what Policy Attachment is and share the lessons we learned at NGINX when implementing our own Policies. You will learn about: - The difference between direct and inherited policies. - How policy inheritance and merging works. - Corner cases, such as conflicting policies and invalid target refs. - Techniques to verify if a policy has been successfully applied. - Strategies for troubleshooting policies. We will show you examples of Gateway API policies as well as policies from multiple Gateway API implementations.

Speakers

Kate Osborn

Software Engineer, NGINX

Maintainer of NGINX Gateway Fabric. Kubernetes enthusiast since 2018.

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Beginner

3:25pm MST

Architecting a Data Platform with Open Source Tools - Priyanka J. Naik, Palo Alto Networks Inc

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom GI

The presentation will focus on - * The architecture of the data streaming platform which we built in Palo Alto Networks using open source tools like Strimzi, Kafka, Kafka Connect, Confluent Community licensed tools like Schema Registry and KSqlDB on K8s for supporting corp risk intelligence, health and compliance. * Application of core software engineering principles in architecting open source data platforms and its benefits * Some drawbacks which were identified in the data platform solutions and how we overcame those.

Speakers

Priyanka J. Naik

Principal Software Engineer, Palo Alto Networks Inc

Priyanka J. Naik is at Palo Alto Networks Inc. where she works on secure networking software. In her career of 17 years, she has worked in Citrix Systems, Appfolio, with projects and work ranging on products like GoToMeeting, GoToTraining, GoToWebinar, and on data platforms. Interests... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Advanced

3:25pm MST

Deep Dive Into Generic Control Planes and Kcp - Stefan Schimanski, Upbound & Mangirdas Judeikis, Cast AI

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 255 BC

The Kubernetes code now allows native construction of generic control planes, without container types and in new form-factors other than your beloved clusters, be it customized apiserver binaries or embedded into other applications. This talk gives an in-depth explanation of what a generic controlplane is, how to construct it, how to extend it with custom types and how to control which native Kube APIs like secrets, configmaps, etc. or mechanisms like resource quota or RBAC are available. Specifically, we will cover 3 variants: 1. single-tenant generic control planes using upstream Kubernetes. 2. multi-tenant generic control planes using kcp to scale horizontally in one process. 3. multi-shard and multi-region generic control planes with focus of backing SaaS services.

Speakers

Stefan Schimanski

Senior Principal Software Engineer, Upbound

Stefan is a Senior Principal Engineer at Upbound working on control planes, Kubernetes, kcp, and as a tech-lead in Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code mentor with CNCF, loves to teach and help people to learn... Read More →

MJ / Mangirdas Judeikis

Staff Engineer, Cast AI

With 10+ years in engineering, tech has been my passion from the start. Graduating in computer networks, I thrive on Go, Kubernetes, and an OpenSource approach. As an SRE practitioner, it's all about owning what you touch. No cloud preference, just adaptability. My motto? "Learn daily... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Advanced

3:25pm MST

How to Get Started Contributing in the CNCF - Destiny O'Connor, Women Blessing Women & Riaan Kleinhans, Linux Foundation

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

The CNCF fosters a dynamic and inclusive ecosystem where individuals of all skill sets and regardless of experience can contribute to cloud-native technologies. Let us delve beyond the traditional "how-to contribute" approach and empower you to unlock your potential as a contributor. We’ll get into the core principles of open source, drawing from real-world examples from my experience. Highlighting its collaboration and the inclusive environment it offers. We'll share valuable resources and practical steps to teach you how to get started in the open-source community. Learn how to: - Find projects that align with your skills & interests. - Navigate the open-source collaborative environment. - Contribute with guidelines for beginners. - Leverage your unique perspective. - Use resources to find your contribution niche. This presentation equips you to confidently enter the rewarding world of open-source cloud-native development.

Speakers

Destiny O'Connor

Co-Chair CNCF Deaf and Hard of Hearing WG, Web Developer, Women Blessing Women

As Co-Chair of the CNCF Deaf and Hard of Hearing Working Group, where I channel my passion for creating a more inclusive tech world for deaf and hard-of-hearing individuals. My mission is to educate the tech community about the unique challenges and experiences of being deaf in this... Read More →

Riaan Kleinhans

Mr., Linux Foundation

Riaan Kleinhans is a seasoned project manager with extensive experience in customer-facing roles, open-source projects, and community management. Currently, he serves as a Program Manager at the Linux Foundation, collaborating with the Cloud Native Computing Foundation and the Confidential... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Contributor Strategy

3:25pm MST

Life of a Packet: Ambient Edition - John Howard, Solo.io & Keith Mattix, Microsoft

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

Istio's new "ambient mode" promises to (and delivers!) dramatically simplify and reduce the cost of running a service mesh. This doesn't come easily, however; Istio employs some advanced and innovative techniques to deliver on this promise. In this talk, Keith and John - two leads on the ambient project - will give an in-depth look under the hood to show how ambient mode operates, walking through how a packet gets from point A to point B securely and efficiently.

Speakers

Keith Mattix

Senior Software Engineering Lead, Microsoft

Keith Mattix is an Engineering Lead at Microsoft focused on Istio, Gateway API, and other networking projects.

John Howard

John Howard, Solo.io

John Howard is a Senior Architect at Solo.io and Istio Technical Oversight Committee member.

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Istio

3:25pm MST

Mastering ApplicationSet: Advanced Argo CD Automation - Alexander Matyushentsev, Akuity

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 3 | 355 EF

Argo CD has become an essential deployment tool that engineers use to automate various infrastructure management use cases across hundreds of clusters. This presents a new challenge of managing Argo CD applications at scale. The Argo CD team has explored multiple approaches to solving this, resulting in the creation of ApplicationSet. Over time, ApplicationSet has gained many features, becoming sophisticated and quite complex to use. In this session, we will dive into advanced ApplicationSet features: orchestrating complex rollouts of ingress controllers across multiple clusters and accommodating snowflake clusters. We will enable the audience to answer these and many other questions about using ApplicationSet. Finally, we will demonstrate an effective way to debug ApplicationSet specifications without digging through logs and altering production Argo CD settings.

Speakers

Alexander Matyushentsev

Co-founder and Chief Architect, Akuity

Argo Co-Creator, Argo CD Lead, and maintainer. Energetic and passionate software engineer with over a decade of software development experience. I'm an enthusiast of continuous integration, agile environments, and a huge open-source believer. Core contributor and maintainer of http://argoproj.io... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Argo

3:25pm MST

OpenTelemetry Project Update - Alolita Sharma, Apple; Juraci Paixão Kröhling, Grafana Labs; Ted Young, ServiceNow; Morgan Mclean, Splunk; Daniel Dyla, Dynatrace

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

This is the official OpenTelemetry session at Kubecon. OpenTelemetry started with distributed traces and metrics, but the project's vision has always been to provide whatever signals are needed from infrastructure, services, and more. This session will focus on what's coming next, including new signals and sources. Join to learn about OpenTelemetry's new logging functionality, including its two logging paths, the benefits of each, and real-world production examples. We'll show the power of the next wave of OpenTelemetry enhancements, including profiling and the insights that this unlocks in combination with distributed traces, and how we're extending your observability to client applications. We'll wrap up with a Q&A of 10+ project maintainers, who can speak to these topics and more.

Speakers

Morgan Mclean

Director of Product Management, Splunk

Morgan is one of the co-founders of OpenTelemetry, and he sits on the project's governance committee and runs multiple initiatives within the project. He is a Senior Director of Product Management at Splunk, where he is responsible for the core platform behind Splunk Observability... Read More →

Juraci Paixão Kröhling

Software Engineer, Grafana Labs

Juraci Paixão Kröhling is a software engineer at Grafana Labs, a maintainer of the OpenTelemetry project, a member of the project's governing board and CNCF Ambassador. He has presented about distributed tracing, OpenTelemetry, and other related topics at conferences like KubeCon... Read More →

Daniel Dyla

Senior Open Source Architect / OpenTelemetry GC, JS, Maintainer, Dynatrace

Daniel joined Dynatrace in 2015 working on the Davis Assistant natural language interface to the Dynatrace AI. He is an Open Source Architect, member of the W3C Distributed Tracing Working Group, OpenTelemetry specification contributor, maintainer of the OpenTelemetry JS client, and... Read More →

Ted Young

Director of Developer Education, ServiceNow

OpenTelemetry co-founder

Alolita Sharma

Observability Engineering, Apple

Alolita Sharma is a member of OpenTelemetry GC, Observability TAG co-chair, CNCF End-User TAB Chair and Governing Board member. She leads Apple’s AIML observability teams. She contributes to open source, open standards at OpenTelemetry, Unicode, W3C. She has served on the boards... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, OpenTelemetry

3:25pm MST

SIG-Node: Intro and Deep Dive - Sergey Kanzhelev & Dawn Chen, Google; Mrunal Patel, Red Hat

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 3| 355 BC

Kubernetes SIG Node maintainers track session will cover the latest updates in the Kubernetes Node subsystem. The emergence of Generative AI has introduced new challenges and workload behaviors. And SIG Node is up for the challenge. SIG Node owns components and interactions between pods and host resources, including the Kubelet, Container Runtime Interface, and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! The session will be led by Kubernetes SIG Node leads and will be interesting for seasoned contributors as well as people seeking to get involved in the project. Attendees will leave the session with a better understanding of the latest developments in the Kubernetes Node subsystem. The session is open to all Kubernetes users, regardless of experience level.

Speakers

Dawn Chen

Principal Software Engineer, Google

Dawn Chen is a principal software engineer at Google. Dawn has worked on Kubernetes and Google Container Engine (GKE) before the project was founded. She has been one of tech leads in both Kubernetes and GKE. Prior to Kubernetes, she was the one of the tech leads for Google internal... Read More →

Mrunal Patel

Distinguished Engineer, Red Hat

Mrunal Patel is a Senior Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He started the CRI-O runtime. He is a SIG-Node chair and tech lead.

Sergey Kanzhelev

Staff Software Engineer, Google

Sergey Kanzhelev is a seasoned open source and cloud native maintainer working actively on Kubernetes. Sergey is serving as co-chair of SIG node. He is also one of the founders of OpenTelemetry. He is working on engineering aspect of software and its practical application. He is contributing... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Node

3:25pm MST

Using OpenTelemetry for Deep Observability Within Messaging Queues - Shivanshu Raj Shrivastava, SigNoz & Ekansh Gupta, Zeta

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

The recent changes in OpenTelemetry have made new semantic conventions and changes in agents to better monitor messaging queues such as Kafka, RabbitMQ, and Amazon SQS, etc. In this session, we'll discuss how those semantic conventions are standardizing the telemetry collected from producers, consumers, and the messaging queues, and how in-depth observability can be achieved by correlating producer-to-consumer spans with the metrics collected from Kafka. Additionally, We will demonstrate how the Kafka Java client side instrumentation enabled and JMX metrics collected from Kafka how OpenTelemetry instrumentation can help for metrics to trace and trace to metrics correlation and spot reasons for anomalies like increased consumer lag, partition failures, time taken by messaging queues. This will also help in giving the corresponding traces in time that can help end users to better delve into their infrastructures and optimize their asynchronous applications.

Speakers

Ekansh Gupta

SDE, Zeta

Ekansh is a Software Development Engineer with Zeta Suite, with active involvement in various open-source and cloud native communities for upwards two years now. He was previously an SDE Intern at SteamLabs. He is also a speaker for a couple of talks at PyCon, KubeCon and MozFests... Read More →

Shivanshu Raj Shrivastava

Founding Engineer, SigNoz

Shivanshu is a Founding Engineer at SigNoz, working on building an OTeL native observability product. He has a keen interest in deep tech and OSS. He is a CNCF ambassador and a member of CNCF projects like OTeL, k8s, and Istio. He has got the opportunity to mentor contributors in... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Intermediate

3:25pm MST

Global Payments: Setting New Standards for Reliability in Cloud Native Multi-Region Applications - Trey Caliva, Global Payments

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 155 BC

As a multinational FinTech provider, processing over 32 billion card transactions for 816 million accounts, Global Payments requires globally available architectures with quick disaster recovery while maintaining subsecond latencies. In addition, these workloads require strict adherence to compliance standards. This session will explore the high-level architectural decisions implemented in a cloud-native redesign and cloud migration of a mission critical legacy .NET application. Key cloud native tools leveraged include Kubernetes on GCP, and the use of CockroachDB as a cloud native database solution. We will explore how leveraging these cloud native technologies achieved extreme fault tolerance in a multi-region deployment, setting new standards for performance and reliability.

Speakers

Trey Caliva

Principal Cloud Architect, Global Payments

Trey Caliva is an Architect and engineer with 10+ years of hands-on experience planning, developing, managing, and securing deployments in Google Cloud and AWS. He is currently Principal Cloud Architect at Global Payments, a Fortune 500 company and a member of the S&P 500 focused... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

3:25pm MST

Cash App's Journey Into a Multi-Cluster Ecosystem - Rachel Sheikh, Cash App

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Cash App's Compute team is responsible for the health and maintenance of the company's Kubernetes clusters, and the enablement of service owners to deploy their services into these clusters with confidence. Over the past year, we've made strides in improving our reliability and uptime, part of which involved introducing a paradigm around creating new Kubernetes clusters in our service ecosystem that allow us to seamlessly transition services in/out of to simplify cluster upgrades and provide us with guardrails against common outages. This talk intends to walk you through our experience introducing new Kubernetes clusters for our services at Cash App, migrating and splitting service traffic across clusters with zero downtime, and thinking through tooling adoption / creation to simplify cluster maintenance as our overhead scales.

Speakers

Rachel Sheikh

Ms., Cash App

I'm a software engineer with a decade of experience building and scaling backend services across various industries. When I'm not working on clusters or writing Go, I'm probably watching pro League of Legends or taking pictures of my dog.

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Any

3:25pm MST

Scale Job Triggering with a Distributed Scheduler - Cassie Coyle & Artur Souza, Diagrid

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 250

Imagine scheduling thousands or millions of jobs that are persisted and triggered timely and resilient to downtime. Some jobs might be triggered every second while others need to reliably be triggered on the first day of the month. Achieving high throughput and reliability is critical for the performance and operational efficiency of modern distributed systems. How can traditional cron job scheduling be extended? How can distributed systems handle job scheduling with minimal downtime? What challenges arise when scaling job scheduling to thousands or millions of jobs? In this session, Artur and Cassie will delve into the design of Dapr’s distributed Scheduler and how users can start using it today. You will gain a comprehensive understanding of how Dapr’s Scheduler unblocks scalability of actors and workflows while also enabling new capabilities, like delayed pubsub and schedule job API.

Speakers

Artur Souza

Head of Engineering, Diagrid

I am a maintainer of Dapr since 2019, helped the project reach the 1.0 stable version and keeping frequent releases since then. Currently Head of Engineering at Diagrid, leading the engineering teams building Conductor and the next generation of managed cloud native APIs via Dapr... Read More →

Cassie Coyle

Software Engineer, Diagrid

Cassie, a devoted software engineer at Diagrid actively contributes to Dapr, focusing on Go backend development to simplify the creation of resilient, event-driven, and microservices-based apps. She is a member of the Dapr Day and AppDeveloperCon 2024 program committees. Her work... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Intermediate

3:25pm MST

CEL-Ebrating Simplicity: Mastering Kubernetes Policy Enforcement - Kevin Conner, Getup Cloud & Anish Ramasekar, Microsoft

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 151

As Kubernetes deployments grow increasingly complex, robust policy enforcement is crucial. The Common Expression Language (CEL) provides a powerful solution, enabling the creation of sophisticated, human-readable expressions for Kubernetes policies. This session explores CEL's integration with Kubernetes, simplifying policy definition and enforcement. Key takeaways: - Fundamentals of CEL and its Kubernetes integration. - Practical use cases for CEL in admission control, resource management, and security. - Enhancing policy expressiveness and flexibility with CEL. - Introduction to CEL Playground for testing and validating CEL expressions. Through live demos, learn to leverage CEL and CEL Playground for streamlined policy management in Kubernetes. Ideal for administrators, developers, and DevOps professionals, this session equips you to enhance your Kubernetes policies using CEL. Join us to discover how CEL and CEL Playground can transform your Kubernetes policy management.

Speakers

Anish Ramasekar

Principal Software Engineer, Microsoft

Anish Ramasekar is a software engineer at Microsoft. He is on the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects that are part of the Azure Kubernetes Service. Anish is a maintainer of the Secrets Store CSI Driver project.

Kevin Conner

Chief Engineer, Getup Cloud

Kevin Conner is the Chief Engineer at GetUp Cloud, a startup focused on Kubernetes and DevSecOps. He has worked at startups like Integrated Micro Products, Arjuna Technologies, JBoss, and Aviatrix, as well as Sun Microsystems and Red Hat where he led teams for Cloud Enablement, Service... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate

4:00pm MST

Coffee Break ☕

Wednesday November 13, 2024 4:00pm - 4:30pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Wednesday November 13, 2024 4:00pm - 4:30pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

4:30pm MST

Making Kubernetes Simpler for Accelerated Workloads - Susan Wu, Google; Lucy Sweet, Uber; Mitch McKenzie, Weave; Aditya Shanker, Crusoe

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 255 EF

Kubernetes and the open-source ecosystem for AI frameworks have been great for LLM innovation, empowering developers to build applications that use natural language as the interface to data. Yet, many developers and cluster operators struggle to put these frameworks into production use. In this session, hear from several platform engineers responsible for designing core infrastructure supporting accelerated workloads, services, large language model training and inference pipelines. You can expect to come away with guidance, hear of pitfalls to watch out for and learn how they successfully abstracted the infrastructure complexity to improve their research users' experience and velocity. Panelists include: Lucy Sweet, Senior Software Engineer (Infrastructure), Uber, Mitch McKenzie, Site Reliability Engineer - Machine Learning Operations, Weave, Susan Wu, Outbound Product Manager, Google

Speakers

Aditya Shanker

Crusoe

Susan Wu

Outbound Product Manager, Google

Susan is an Outbound Product Manager for Google Cloud, focusing on GKE Networking and Network Security. She previously led product and technical marketing roles at VMware, Sun/Oracle, Canonical, Docker, Citrix and Midokura (part of Sony Group). She is a frequent speaker at conferences... Read More →

Lucy Sweet

Senior Software Engineer at Uber, Uber

Lucy is a Senior Software Engineer at Uber Denmark who works on software infrastructure

Mitch McKenzie

Weave

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 255 EF

AI + ML

Content Experience Level Intermediate

4:30pm MST

Platform Performance Optimization for AI - a Resource Management Perspective - Antti Kervinen, Intel & Dixita Narang, Google

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Hall DE

How much node resource management can affect AI workload performance? What options are there? What is the trade-off between total throughput and low latencies? In this talk we take a systematic approach to Platform Performance Optimization. We walk through the whole path from goal setting, gathering data, analysis, visualizations and conclusions. At each stop along the path we share our practical experiences in a case of LLM inference optimization. You will find many considerations, findings and practical tricks to take away. For instance, how to instrument PyTorch without touching the source or a container image, how to enable changing what we are measuring without new expensive benchmark reruns, and how much more we can learn from visualizations compared to numeric averages and percentiles. Finally we share real results from our case: how resource management increased total token throughput per worker node by more than 3.5x from the baseline.

Speakers

Antti Kervinen

Cloud Orchestration Software Engineer, Intel

Antti Kervinen is a Cloud Orchestration Software Engineer working at Intel, whose interest in Linux and distributed systems has led him from academic research of concurrency to the world of Kubernetes. When unplugged, Antti spends his time outdoors discovering wonders of nature.

Dixita Narang

Software Engineer, Google

Dixita Narang is a Software Engineer at Google on the Kubernetes Node team. With a primary focus on resource management within Kubernetes, Dixita is deeply involved in the development and advancement of the Memory QoS feature, which is currently in the alpha stage. She is a new contributor... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

4:30pm MST

Museum of Weird Bugs: Our Favorites from 8 Years of Service Mesh Debugging - Tom Dean & Alen Haric, Buoyant

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Over the past 8 years, we've fixed a lot of bugs in Linkerd. Many of these were straightforward, but some manifested in strange ways, or only showed up in unique situations, or otherwise surprised us. Some of them were just plain funny. In this talk, we will run through a couple of Linkerd's favorites: the most interesting, weird, and memorable bugs we've found and fixed Linkerd. We describe how they originally manifested (usually in someone else's production system), how we went about tackling them (often by educating the reporter on how to construct a useful bug report), and the sometimes long and windy path to finally fixing them.

Speakers

Tom Dean

Field Engineer, Buoyant

Tom Dean started programming BASIC on Apple IIs over 40 years ago, and has been hooked on tech since then. A long-time user of Linux and Open Source, he has been expanding his Cloud, Cloud Native and adjacent subject matter knowledge to become a more well-rounded technologist, and... Read More →

Alen Haric

Solutions Architect, Buoyant

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Cloud Native Experience

Content Experience Level Any

4:30pm MST

DNS Deep Dive in Kubernetes with CoreDNS - Jingming Guo, Airbnb

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 251

In the dynamic world of Kubernetes, efficient DNS resolution is critical for seamless application performance and scalability. CoreDNS, as the default DNS server for Kubernetes, offers flexible and high-performance DNS capabilities. This talk will delve into the lifecycle of a DNS request within a Kubernetes cluster using CoreDNS, offering insights into the flow of DNS traffic and enhancing your understanding of DNS requests and service discovery in Kubernetes—-key knowledge for effective debugging and issue resolution. Additionally, we will present a case study of Airbnb's successful integration of CoreDNS, highlighting the CoreDNS performance evaluation, our seamless migration approach, and scaling strategy. Finally, we will talk about the multi-cluster DNS resolution with CoreDNS. This section will demonstrate how multi-cluster DNS capabilities address the common challenges, discuss performance considerations and multi-cluster DNS limitations.

Speakers

Jingming Guo

Software Engineer, Airbnb

Jingming Guo, graduated from Northwestern University in 2017 and subsequently joined AWS EBS team. At AWS, Jingming led the development of Elastic Volume feature on the Block Express volume and led the EBS Server capacity increase release. In 2022, Jingming joined Airbnb and led the... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Any

4:30pm MST

From Observability to Performance - Nadia Pinaeva, Red Hat & Antonio Ojea, Google

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | 155 EF

No matter how fast the Services on your Kubernetes cluster are, users would love them to be faster. But how do you get from a huge pile of metrics across a distributed system to real user experience improvements? There is a way, and with the right tools and the right approach, you can better understand and evaluate Service performance. In this talk, you'll learn how to identify the performance parameters that directly translate to user experience. We will explore how to collect performance metrics from running Kubernetes clusters without disrupting normal operations using tools like Prometheus, Grafana, kube-burner, and custom instrumentation. We will discuss how to translate the collected metrics and analysis into concrete actions and how to identify bottlenecks and implement optimizations to enhance Service performance. This talk is ideal for k8s networking developers, administrators, SREs, DevOps engineers, and anyone responsible for managing or optimizing Kubernetes networking.

Speakers

Antonio Ojea

Software Engineer, Google

Antonio Ojea is a Software Engineer at Google, where he works on Kubernetes. He is one of the top contributors of the Kubernetes project, with a stronger presence on the areas of networking and reliability. He has a vast experience in Open Source, networking and distributed systems... Read More →

Nadia Pinaeva

Senior Software Engineer, Red Hat

Nadia Pinaeva is a Senior Software Engineer at Red Hat working on Openshift Networking. She collaborates with the SIG-network-policy to improve network security for Kubernetes clusters, and works on ovn-kubernetes network plugin.

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

4:30pm MST

Building Resilience: Effective Backup and Disaster Recovery for Vector Databases on Kubernetes - Pavan Navarathna & Shwetha Subramanian, Veeam

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Grand Ballroom GI

As generative AI revolutionizes industries, reliance on vector databases - crucial for managing and querying high-dimensional data - has skyrocketed. These databases are often deployed on Kubernetes for its scalability and orchestration capabilities. However, ensuring robust backup and disaster recovery for these stateful applications presents unique challenges. Join Pavan and Shwetha as they discuss the critical need for an effective data protection strategy for vector databases in Kubernetes environments, emphasizing its importance in maintaining data integrity and availability. Attendees will learn about the growing significance of vector databases driven by AI applications and the specific considerations for their reliable deployment and management in cloud-native settings. Through a practical demonstration, this session will introduce Kanister, a CNCF Sandbox project, showcasing how it simplifies the complex process of backing up and recovering vector databases on Kubernetes.

Speakers

Pavan Navarathna

Engineering Manager, Veeam

Pavan joined Kasten by Veeam in March 2018, where he leads the open-source efforts and manages a team of cloud-native engineers developing innovative solutions for data protection in Kubernetes. He has previously worked in data protection and networking at NetApp and Aryaka. Pavan... Read More →

Shwetha Subramanian

Software Engineer, Kasten by Veeam, Veeam

Shwetha Subramanian is a 2+ year experienced software professional, armed with a Master’s in Computer Science (Machine Learning track) from Columbia University, currently working as an SWE in the Kasten team at Veeam. An inherently curious individual, she is on a journey of learning... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Any

4:30pm MST

Experience in Designing & Implementing a Cloud Native Framework for Farm Data Analytics - Braulio Dumba, IBM & Gloire Rubambiza, Cornell University

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 255 BC

This work is based on 17 months experience managing a digital agriculture platform that has aggregated and processed tens of gigabytes of data on 1500 cows on a commercial dairy farm. Significant challenges surfaced tied to multi-cluster management, fault-tolerance, and privacy as the number of applications and farm management models grew. To bridge this gap, we designed and implemented a cloud native networked system for multi-cluster configuration and management of farm data analytics that leverages KubeStellar and Software-Defined Farm paradigm. Our experience from designing, implementing and deploying this framework showcase how Kubernetes can enable farmers and agribusinesses to leverage the power of containerization and cloud-native computing to optimize workflows and streamline agricultural operations. This work presents progress towards cloud-native, scalable, and fault-tolerant data analytics in digital farming with potential environmental, financial, and societal impacts.

Speakers

Braulio Dumba

Staff Research Scientist, IBM

Gloire Rubambiza

Ph.D. Candidate, Cornell University

Gloire Rubambiza is a Ph.D. candidate in CS at Cornell University, where he conducts research in hybrid cloud computing for digital agriculture with an emphasis on societal impact. At Cornell, he was a University Fellow, a fellow of NSF National Research Traineeship in Digital Plant... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Intermediate

4:30pm MST

CNI Updates and Direction! - Michael Zappa, Microsoft

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

The CNI or Container Networking Interface is one of the most important projects of Kubernetes and the surrounding ecosystem. Without it, nodes aren’t ready, and pods aren’t scheduled. This session will provide a brief overview of what the CNI is, where it intersects with Kubernetes, the latest updates, how you can get involved and the future of the CNI. We have talked a lot about CNI 2.0 and now it is becoming a reality. This will be the biggest change to the CNI however let's not get carried away, we will make this seamless for you! Attendees will leave with an understanding of what the CNI is and how it fits into the larger picture of Kubernetes networking so that you can contribute to the CNI community!

Speakers

Michael Zappa

Software Engineer, Microsoft

Hello, I am Zappa. I have been a technologist for over 20 years with a background in networking, systems, software and Devops engineering. I am a self-caught coder and started in the 6th grade. I am passionate about the ecosystem and container networking. My areas in the open-source... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Container Network Interface

4:30pm MST

How to Expand Your IDP: The New Building Blocks of Backstage - Ben Lambert & Patrik Oldsberg, Spotify

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Learn new ways to get the most out of your internal developer portal (IDP) and improve developer experience and productivity together with the Backstage community. The project maintainers will walk through brand new framework features and resources designed to help you build plugins and integrations. By expanding what a Backstage portal can do, you add value to your own IDP while strengthening the Backstage open source ecosystem. You’ll also hear the latest updates from the different Project Areas and a roadmap for what’s coming next. There will be plenty of time for Q&A, so here’s your chance to ask any burning questions!

Speakers

Patrik Oldsberg

Senior Engineer, Spotify

Patrik is a Senior Software Engineer at Spotify and a core maintainer of Backstage. In 2019 he joined the team in Spotify’s platform organization that owned the Backstage platform, and worked together with the rest of the team to bring it out in the open. Before joining Spotify... Read More →

Ben Lambert

Core Maintainer of Backstage, Senior Engineer at Spotify, Spotify

Ben is an Engineer at Spotify and a Maintainer of Backstage.io

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Backstage

4:30pm MST

Linkerd Update: Ingress, Egress, IPv6, Enhanced Multicluster, Rust, and More - William Morgan, Buoyant

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 3 | 355 EF

The pace of feature delivery in Linkerd has never been higher. In this whirlwind project update by Linkerd maintainers and directors, you'll learn about the latest developments and upcoming features. We'll discuss new support for egress traffic control and visibility, ingress traffic handling, UX improvements to multicluster, new support for IPv6, and more. Come prepared to learn about the world's fastest, lightest service mesh!

Speakers

William Morgan

Linkerd Director, Buoyant CEO, Buoyant

William is a director on the Linkerd project and the co-founder and CEO of Buoyant, the creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, a software engineer at Powerset, Microsoft, and Adap.tv, a research scientist at MITRE. He holds an MS in computer... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Linkerd

4:30pm MST

SIG Instrumentation Introduction and Deep Dive - Han Kang, David Ashpole & Richa Banker, Google; Damien Grisonnet, Red Hat

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 3| 355 BC

Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!

Speakers

Richa Banker

Richa Banker, Google

Currently a software engineer at Google. Exploring and contributing to OSS Kubernetes on the side.

Han Kang

Senior Staff Software Engineer, Google

Han Kang is a Senior Staff Software Engineer at Google. Han co-chairs SIG instrumentation while also participating in SIG API Machinery, focusing on operational aspects of managing Kubernetes clusters.

David Ashpole

David Ashpole, Google

TODO

Damien Grisonnet

Senior Software Engineer, Red Hat

Damien Grisonnet is a Software Engineer at Red Hat, he is very active in the monitoring ecosystem of Kubernetes for which he serves as a technical lead for Kubernetes SIG Instrumentation as well as a maintainer for projects such as kube-state-metrics, metrics-server, and prometheus-adapter... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Instrumentation

4:30pm MST

Understanding How OpenTelemetry Network Uses eBPF for Network Observability - Shivanshu Raj Shrivastava, SigNoz & Jonathan Perry, State-fu

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

The recent advancements in eBPF tooling, including the enhanced eBPF runtime embedded in the Linux kernel, the BPF Compiler Collection (BCC) for efficient kernel tracing, and the LLVM Compiler for converting C code to eBPF programs, have made it easier to provide always-on network visibility. OpenTelemetry Network leverages these foundational tools to provide out-of-the-box network observability for modern infrastructures. In this talk, we'll explore the architecture of the OTel Network, focusing on its key components: the kernel collector, kubernetes collector, cloud collector, and reducer which together enable collecting, ingesting, aggregating, enriching, and exporting telemetry data collected from various sources. We'll show an end-to-end setup to demonstrate the use of these agents and reducer component to send data to the OTel collector. This session aims to equip end-users and contributors with the necessary infomation to get started with the OpenTelemetry Network project.

Speakers

Jonathan Perry

Founder, State-fu

Jonathan Perry is a maintainer of the OpenTelemetry eBPF network collector. His PhD research at MIT CSAIL focused on performance isolation in datacenter and cloud networks, aiming to enhance network efficiency and reduce latency. Jonathan founded Flowmill, where he developed eBPF-based... Read More →

Shivanshu Raj Shrivastava

Founding Engineer, SigNoz

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, OpenTelemetry

4:30pm MST

Watching the Watchers: How We Do Continuous Reliability at Grafana Labs - Nicole van der Hoeven, Grafana Labs

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Nothing is foolproof. Everything fails eventually. Observability tools help predict and lessen the impact of those failures, as the watchers of your software systems. But who watches the watchers? At Grafana Labs, we're not immune to production incidents. Just like any company, we still sometimes move too quickly. We run complex, microservices-based systems ourselves, so we have to eat our own dogfood on a daily basis. In this talk, I reveal: - how we solved a years-long mystery that cost us $100,000+ - how we got our internal Mimir clusters to reliably hold 1.3 billion time series for metrics - what we've had to do to scale our Loki clusters to handle 324 TB of logs a day - what our Grafana dashboards to monitor Grafana Cloud look like Sometimes, it's easier to learn from failures in observability than from successes. This talk is a confession of some of our worst sins as well as a realistic look under the hood at how we're improving the continuous reliability of our stack.

Speakers

Nicole van der Hoeven

Senior Developer Advocate, Grafana Labs

Nicole is a Senior Developer Advocate at Grafana Labs and a performance engineer with over a decade of experience in breaking software and learning to build it back up again. She has lived in the Philippines, the US, Australia, the Netherlands, and Portugal, helping teams all over... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Any

4:30pm MST

Kubernetes at Scale: Practical Solutions for Enhanced CNI and Kubelet Performance - Henrique Santana, Amazon Web Services & Bruno Gabriel da Silva, Sysdig

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | 155 BC

In this session, we'll explore challenges faced in maintaining optimal performance for Container Network Interface (CNI) and Kubelet components in Kubernetes clusters. Based on recurring real-world scenarios, we will dive into troubleshooting and mitigations of issues such as IP address allocation delays, registry pull queries per second (QPS), disk throttling. These pose significant impacts on the performance, scalability and stability of Kubernetes clusters. Our discussion will revolve around practical strategies aimed at mitigating such challenges, leveraging multiple block storage volumes, adjusting instance types, tuning registryPullQPS settings, and exploring the benefits of prefix mode for faster IP address allocation. Additionally, we'll examine the role of warm IP pools, and the implications of WARM_ENI_TARGET settings on CNI performance, providing attendees with a comprehensive understanding on how to optimize CNI and Kubelet performance effectively.

Speakers

Bruno Gabriel da Silva

Sr. Solutions Engineer, Sysdig

I have been working as a Solutions Engineer for several years, with my passion for cloud-native technologies igniting around 2018. That year, I transitioned from a traditional IT Windows Sysadmin role to fully embracing DevOps, focusing entirely on Open Source and Cloud. My first... Read More →

Henrique Santana

Sr. Cloud Support Engineer, Amazon Web Service

I'm Containers Specialist with over 15 years of experience in infrastructure operations. Skilled at automating workflows and solving problems through user-centered design and emerging technologies. Currently focusing on containers and container orchestration. Adept at optimizing resource... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

4:30pm MST

Perform Laser Focused Deployments by Deciding in Advance the Blast Radius - Kostis Kapelonis, Octopus deploy

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 250

Progressive Delivery is an advanced deployment method that allows for zero-downtime application releases. Argo Rollouts is a Kubernetes controller that allows you to adopt progressive delivery in the form of blue/green and canary deployments. We see a lot of teams that choose an arbitrary number of clients that access the new version of a canary. Yes, it is very easy to send only 10% of the traffic to the new version of a Kubernetes deployment. But sometimes you want to choose WHICH 10% sees the new traffic. In this talk we will see several approaches on pinning down specific clients to the old or new version and advanced scenarios for sending canary traffic only to a specific subset of users such as internal employees or customers who have expressed their interest on seeing brand new releases as soon as possible.

Speakers

Kostis Kapelonis

Developer Advocate, Codefresh by Octopus Deploy

Kostis is a software engineer/technical-writer dual class character. He lives and breathes automation, good testing practices and stress-free deployments with GitOps.

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Intermediate

4:30pm MST

Expanding the Capabilities of Kubernetes Access Control - Jimmy Zelinskie, authzed & Lucas Käldström, Upbound

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | 151

Kubernetes RBAC is an effective way of managing ACLs in one cluster. However, there are many other effective paradigms out there, such as Attribute- & Relation-based Access Control. In this talk, we’ll demystify how these differ, and when to use respective paradigms, giving context and guidance. We’ll highlight how Kubernetes access control has recently evolved towards supporting lots of different use-cases. We take this opportunity to cover multiple perspectives: security within a single cluster (zooming in) and security within real-life production environments with external services and multiple clusters (zooming out). As containers became ubiquitous first with excellent tools like Docker, we believe the same can and will happen for access control, yielding uniform, interoperable and understandable authorization. Finally, we'll propose future work that could be done to supercharge Kubernetes and ensure it keeps up with the ever increasing security requirements in our industry.

Speakers

Lucas Käldström

Senior Software Engineer, Upbound

Jimmy Zelinskie

Co-founder, authzed

Jimmy Zelinskie is a software engineer and product leader with a goal of democratizing software via open source development. He's currently CPO of authzed where he's focused on bringing hyperscaler best-practices in authorization to the industry at large. At CoreOS, he helped pioneer... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate

4:30pm MST

Tutorial: Get the Most Out of Your GPUs on Kubernetes with the GPU Operator - Eduardo Arango Gutierrez, Tariq Ibrahim, Amanda Moran & Christopher Desiniotis, NVIDIA; David Porter, Google

Wednesday November 13, 2024 4:30pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

NVIDIA’s GPU operator has become the de-facto standard for managing GPUs in Kubernetes at scale. This tutorial provides in-depth, hands-on training on the various GPU sharing techniques that are possible with the GPU operator. Participants will learn to deploy jobs utilizing these sharing techniques, as well as get hands-on experience on the installation and configuration of the NVIDIA GPU Operator itself. This includes an in-depth exploration of its two primary CRDs: ClusterPolicy and NVIDIADriver. These CRDs are essential for configuring GPU-accelerated nodes, enabling GPU sharing mechanisms, and performing GPU driver upgrades. The session will culminate with practical use cases, such as training an AI/ML model and giving participants firsthand experience in managing a GPU-accelerated Kubernetes cluster.

Speakers

Christopher Desiniotis

Senior Systems Software Engineer, NVIDIA

Christopher Desiniotis is a Senior Systems Software Engineer on the Cloud Native team at NVIDIA where he works on enabling GPUs in containers and Kubernetes. He is a maintainer of the NVIDIA GPU Operator, a widely used tool for managing GPUs in Kubernetes, and is focused on increasing... Read More →

David Porter

Senior Software Engineer Google, Google

David Porter is a Senior Software Engineer at Google on the Kubernetes node team. David’s focus is on the kubelet node agent and the resource management area. He is primary maintainer of cAdvisor, a resource monitoring library widely used in kubernetes, reviewer of a SIG Node, and... Read More →

Eduardo Arango Gutierez DE

Senior systems software engineer, NVIDIA

Eduardo is a Senior Systems Software Engineer at NVIDIA, working on the Cloud Native Technologies team. Eduardo has focused on enabling users to build and deploy containers on distributed environments.

Tariq Ibrahim

Senior Software Engineer, NVIDIA

Tariq Ibrahim is a Senior Cloud Platform Engineer on the Cloud Native team at NVIDIA where he works on enabling GPUs in containers and Kubernetes. He is a maintainer of the NVIDIA GPU Operator. He has also contributed to several cloud native OSS projects like kube-state-metrics, Istio... Read More →

Amanda Moran

https://www.nvidia.com/en-us/, NVIDIA

Amanda has been working in technology since graduating from SCU in 2012 with a Master’s in Science in CS. Prior to this she had graduated with an BS in Biology from UW. Amanda has worked the last 12 years as a Software Engineer, a Solutions Architect, and an Engineering Manager... Read More →

Wednesday November 13, 2024 4:30pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, AI + ML

Content Experience Level Intermediate

5:20pm MST

Project Pavilion Tour with Jorge Castro + Bob Killen

Wednesday November 13, 2024 5:20pm - 6:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Wednesday November 13, 2024 5:20pm - 6:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

5:25pm MST

Detecting and Overcoming GPU Failures During ML Training - Sarah Belghiti, Wayve & Ganeshkumar Ashokavardhanan, Microsoft

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 155 EF

Scaling ML training demands powerful GPU infrastructure, and as model sizes and training scale increases, GPU failures become an expensive risk. From outright hardware faults to subtle performance degradation, undetected GPU problems can sabotage training jobs, inflating costs and slowing development. This talk dives into GPU failure challenges in the context of ML training, particularly distributed training. We will explore the spectrum of GPU issues, and why even minor performance drops can cripple large jobs. Learn how observability (leveraging tools like NVIDIA DCGM) enables proactive problem detection through GPU health checks. Understand principles of fault-tolerant distributed training to mitigate GPU failure fallout. Drawing on cloud provider and autonomous vehicle company experience, we will share best practices for efficient identification, remediation, and prevention of GPU failures. We will also explore cutting-edge ideas like CRIU and task pre-emption for GPU workloads.

Speakers

Ganeshkumar Ashokavardhanan

Software Engineer, Microsoft

Ganesh is a Software Engineer on the Azure Kubernetes Service team at Microsoft, working on node lifecycle, and is the lead for the GPU workload experience on this kubernetes platform. He collaborates with partners in the ecosystem like NVIDIA to support operator models for machine... Read More →

Sarah Belghiti

ML Platform Engineer, Wayve

Sarah Belghiti is an ML Platform Engineer at Wayve, a leading developer of embodied intelligence for autonomous vehicles. She works on the infrastructure, scheduling and monitoring of ML workloads. With GPUs becoming an increasingly scarce resource, her focus has been on building... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 155 EF

AI + ML

Content Experience Level Intermediate

5:25pm MST

Production AI at Scale: Cloudera’s Journey in Building a Robust Inference Platform - Zoram Thanga & Peter Ableda, Cloudera

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Hall DE

In this session, we talk about Cloudera AI Inference Service, a secure, large scale platform for generative AI and predictive inference workloads, built using state of the art Kubernetes, CNCF and Apache open source projects. We take the audience through our journey in building this platform and share the experiences we gained along the way. The platform is built using openness, security, scalability, performance and standards compliance as guiding principles. We demonstrate that it is possible to be open and secure at the same time, and that organizations can incorporate production grade AI inferencing into their Big Data environments. This session will cover the architecture of the platform, and explain how we handle performance, scaling, authentication, fine grained authorization and audit logging, all of which are critical considerations for production inferencing.

Speakers

Peter Ableda

Director, Product Management, Cloudera

Peter Ableda is the Director of Product Management for Cloudera’s AI product suite, bringing over a decade of experience in data management and advanced analytics. Holding a Master of Science degree in Computer Science from the Budapest University of Technology, Peter has dedicated... Read More →

Zoram Thanga

Principal Engineer, Cloudera

Zoram is a Principal Engineer, Enterprise AI Platform in Cloudera. He has been working in the software industry for over 23 years, and has been involved in building clustering software, containers, file systems, analytical query engines, and ML/AI platforms. He is a committer in the... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

5:25pm MST

Conquering Configuration Constraints: Real-World Patterns for Distributing Data at Scale in Kubernet - Daniel Hrabovcak, Google

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom GI

Did you know that major Cloud providers cap the amount of volumes you could attach to a node? You may be tempted to use a ConfigMap or a Secret instead; however, did you know that Kubernetes caps the size of all resources to 1 MiB? What if you need arbitrarily large data? After all, reaching these limits may effectively render your application completely useless and for commonly used operators, constraints are exacerbated. In this talk, we cover all built-in storage mechanisms and their pitfalls. Not only can your data be large, but what about auto-scaled workloads which access the same data? We explore patterns that we at Google explored while working on our open source Prometheus operator, including: variable expansion, compression, sharding, projected volumes and dynamically mounting resources. We discuss how to shape the user configuration surface and how to make your data available at scale. Especially a must-see for anyone distributing configurations in their operator!

Speakers

Daniel Hrabovcak

SWE, Google

Daniel Hrabovcak is a software engineer at Google working within Cloud Monitoring to build Google Cloud’s Managed Service for Prometheus. Daniel’s love of coding has lasted a decade, touching on open-source game development and a previous career in full stack development, giving... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Beginner

5:25pm MST

Container Image Workflows at Scale with Buildpacks - Jesse Brown, Heroku & Aidan Delaney, Bloomberg

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 3 | 355 EF

Buildpacks transform source applications into images that run on any cloud. Each output image contains a full Software Bill of Materials which allows platform developers to know precisely what software is deployed. This makes them an excellent solution where a container runtime is provided to untrusted or semi-trusted development teams. There are wider use-cases where many application development teams share a common runtime, like Kuberenetes. In this talk we look at using Buildpacks to deploy web applications at scale, we consider batch processing in large workflows - particularly AI/machine learning workflows - and we look at an example Functions as a Service platform that uses Buildpacks.

Speakers

Jesse Brown

Software Engineer, Heroku

Jesse is a software engineer at Heroku, currently based in Memphis, TN. With a focus on the Heroku Builds suite of services, Jesse has been contributing to buildpacks.io since 2019 and earned maintainer status in 2021. Passionate about Kubernetes and large-scale systems, Jesse dedicates... Read More →

Aidan Delaney

Bloomberg

Aidan is a Buildpacks.io maintainer and currently works in Bloomberg's Data Management Services team. He has worked on Buildpacks (and other infrastructure) for AI and large scale data processing. He likes to build well-tested platforms that have clean interfaces.

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Buildpacks

5:25pm MST

Distributed Tracing with Jaeger and OpenTelemetry - Jonah Kowall, Independent & Pavol Loffay, Red Hat

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

In this session, we will introduce the Jaeger project, explain distributed tracing concepts, and the value it brings compared to other telemetry signals like metrics and logs. The session will continue with a live Jaeger demo, after which the audience will understand the platform features. We will switch gears to focus on the exciting release of Jaeger v2, which is due to be released very soon. This new version will further incorporate OpenTelemetry into Jaeger natively. Then we’ll delve into service performance monitoring and the changes which have happened to this critical feature. We will finish by talking about the roadmap and how to get involved with the project, including our expanding LFX and Google Summer of Code mentorship programs.

Speakers

Pavol Loffay

Principal Software Engineer, Red Hat

Pavol Loffay is a principal software engineer at Red Hat working on open-source observability technology for modern cloud-native applications. Pavol contributes and maintains Cloud Native Computing Foundation (CNCF) projects OpenTelemetry and Jaeger. In his free time, Pavol likes... Read More →

Jonah Kowall

CTO, TBD (between roles)

Jonah Kowall, computer scientist and open-source contributor to OpenSearch, Jaeger, OpenTelemetry. A technical leader across startups to large enterprises specialized in operations, security, and performance. Led Gartner research on monitoring. Product leadership at AppDynamics, Cisco... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Jaeger

5:25pm MST

Observability TAG Round-up and What’s New for AI Observability - Alolita Sharma, Apple & Chris Larsen, Netflix

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

The Observability TAG has been busy in 2024. We've been hard at work on exciting initiatives designed to address the challenges of large-scale observability. This session will provide an update on our activities, workgroups, and achievements. The cloud is undergoing a supernova event! Massive deployments of GPUs and NPUs running AI workloads are fueling a revolution, but implementing observability for this new ecosystem can easily devour your budget. As CNCF’s Observability TAG, we'll dive into the latest trends in observability that address the cost challenges of the AI Cloud. See what’s new to help manage observability data more effectively, optimize operational efficiency, and keep costs under control.

Speakers

Chris Larsen

Senior Software Engineer, Netflix, Netflix

Observability engineer focusing on cross telemetry correlation and maintainer of OpenTSDB.

Alolita Sharma

Observability Engineering, Apple

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Observability

5:25pm MST

Squashing Trampoline Pods: The Future of Securely Enabling Hardware Extensions - Joe Betz, Google & David Eads, Red Hat

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 3| 355 BC

Prevent a single node compromise from leaping to other nodes. If you deploy or develop per-node agents, learn how to combine recent and developing features (validating admission policy, service account token node claims, CRD field selectors, and field selector authorization) to build secure hardware extensions.

Speakers

Joe Betz

Staff Software Engineer, Google

Joe Betz is a tech lead of the Kubernetes api-machinery SIG. Joe has contributed to extensibility features including custom resources, admission webhooks, and CEL. Joe has also contributed to etcd as a project maintainer.

David Eads

Senior Principal Software Engineer, Red Hat

David Eads is a senior principal software engineer at Red Hat and co-lead for Kubernetes sig-apimachinery and TL for sig-auth.

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, API Machinery

5:25pm MST

XRegistry - Looking Beyond CloudEvents - Calum Murray, University of Toronto

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

CloudEvents helps in the delivery of events by standardizing where common event metadata can be found in the messages carrying those events without the need to understand the schema of each event. But discovering which endpoints support those events, how to communicate with them, and finding the schema of the messages carrying those events can be challenging. This is where xRegistry can be used. xRegisty defines a core set of interoperable APIs for a generic "registry" that can be used to persist and query its contents to help discover resources and their metadata. On top of this extensible base registry model we are developing 3 domain specific registries: Endpoint, Message and Schema registries - specifically aimed at enabling the automation, tooling and code generation often needed in distributed systems development. In this session you will learn about CloudEvents, xRegistry and how we're trying to help users be more productive in an event-driven world.

Speakers

Calum Murray

Engineering Science Student, University of Toronto, Faculty of Applied Science and Engineering

I'm a software engineer, and I love building cool things in open source. I like to seek out the most interesting and challenging problems which I think will have a large impact, and build creative solutions to them. I also like to share my passion for open source with others, and... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Cloudevents

5:25pm MST

The OTTL Cookbook: A Collection of Solutions to Common Problems - Tyler Helmuth, Honeycomb & Evan Bradley, Dynatrace

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Is your telemetry missing key attributes? Maybe there are details in your log bodies you’d rather have as attributes. It is common to find yourself in situations where your data doesn't look how you expect: it's too large, the wrong shape, or doesn't have everything you want. The OpenTelemetry Collector uses the OpenTelemetry Transformation Language (OTTL) to solve these problems. OTTL enables telemetry transformations based on any field of the payload, utilizing functions to execute the changes. In this session, Tyler and Evan will go over a brief intro to OTTL and then cover example after example of situations where you can use OTTL to solve processing problems in the Collector, like setting attributes, or defining an entire OTLP log record from a kubernetes event. Get ready with situations of your own, as we’ll save time at the end to try writing OTTL statements live on stage for your transformation or filtering issues so we can demonstrate how flexible OTTL truly is.

Speakers

Tyler Helmuth

Sr. Software Engineer, Honeycomb

Tyler is a Sr. Software Engineer at Honeycomb with a passion for observability and helping users start their observability journey. He is a maintainer for the OpenTelemetry Collector and OTel Helm Charts, and an active contributor to other OTel repositories. While not its originator... Read More →

Evan Bradley

Senior Software Engineer, Dynatrace

Evan helps maintain the OpenTelemetry Collector, where he is also a primary contributor to the OpenTelemetry Transformation Language (OTTL) and the OpenTelemetry Agent Management Protocol (OpAMP) Collector components. Evan has a background in developing DevOps tooling and observability... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Any

5:25pm MST

Misadventures in Large Scale Cluster Performance - Shane Corbett, AWS & Dima Ilchenko, Lacework

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 155 BC

Join us for our follow up to one of the highest rated talks of kubecon 2022 (73,000 pods a day, lessons from misadventures in multi-tenant). We are on a new misadventure, asking the question what if some of the most popular advice about Kubernetes was just...wrong? We spent over two years pouring through 800 page linux kernel performance books, tweaking obscure control plane settings, and developing detailed custom monitoring dashboards so you don’t have to! Join us as we take you through real world findings that took months of research to fully understand, and provide evidence that some of the things we were convinced were best practices, were the very things holding us back the most.

Speakers

Dima Ilchenko

SRE, Lacework

Dima is a staff SRE on a Compute Platform Team focused on troubleshooting, observability and scalability of large-scale Kubernetes platform at Lacework. Lacework's unique features create unique challenges that push Kubenetes to its limits, offering Dima unique perspective into often... Read More →

Shane Corbett

Senior Kubernetes Specialist, AWS

Shane Corbett is a Senior Containers Specialist at AWS focused on helping customers with the finer points of Kubernetes large scale design and performance. When not pushing Kubernetes to extremes you will find Shane pursuing his lifelong obsession of exploring the edge of the extreme... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

5:25pm MST

Creating Paved Paths for Platform Engineers - Ritesh Patel, Nirmata; Abby Bangser, Syntasso; Viktor Farcic, Upbound; Nicholas Morey, Akuity; Praseeda Sathaye, Amazon

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

The platform engineering team's role has evolved into a pivotal one as the custodian of the internal developer platform. However, these teams often find themselves in a quagmire of identifying the right components to include in their platforms, particularly in the ever-expanding CNCF landscape. This panel session discusses these challenges by exploring the concept of 'Paved Paths' as a strategic approach to guide platform teams in their journey of building an internal developer platform (IDP). 'Paved Paths' offers a solution by providing platform engineering teams with proven reference architectures (e.g. CNOE and the BACK Stack). This approach prevents them from starting from scratch and getting lost in the vast CNCF landscape. By offering proven and opinionated reference architectures, platform teams can focus on enhancing developer experiences and optimizing higher-level workflows rather than grappling with the complexities of identifying foundational components for their IDP.

Speakers

Viktor Farcic

Developer Advocate, Upbound

Ritesh Patel

Co-Founder & VP Product, Nirmata

Ritesh Patel is Co-founder and leads Products at Nirmata, the creators of Kyverno. At Nirmata, he is responsible for commercial products for Kubernetes security, governance, and automation. He also leads key technology partnerships. Ritesh has 20+ years of experience delivering enterprise... Read More →

Praseeda Sathaye

Principal Specialist Solution Architect, Amazon (AWS)

Praseeda Sathaye is a Principal Specialist SA for App Modernization and Containers at Amazon Web Services based in Bay Area California. She has been focused on helping customers speed their cloud-native adoption journey by modernizing their platform infrastructure, internal architecture... Read More →

Nicholas Morey

Senior Developer Advocate, Akuity

Nicholas Morey is a Platform Engineer with a passion for DevOps practices. He is on the team at Akuity as a Developer Advocate, working with the community on anything Argo and Kargo-related. He is an experienced Argo CD operator and a Certified Kubernetes Administrator.

Abby Bangser

Principal Engineer, Syntasso

Abby is a Principal Engineer at Syntasso delivering Kratix, an open-source cloud-native framework for building internal platforms on Kubernetes. Her keen interest in supporting internal development comes from over a decade of experience in consulting and product delivery roles across... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Intermediate

5:25pm MST

Taming Your Application’s Environments - Marcos Lilljedahl, Dagger & Mauricio "Salaboy" Salatino, Diagrid

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 2 | 250

How coupled are your applications code and pipelines to its target cloud or on-prem environment? Kubernetes helps us to abstract how we run our workloads. However, there are other aspects, like infrastructure dependencies, service configuration, build process, deployment descriptors, etc., which need to be considered to make an application portable across multiple environments. Focusing on these aspects make a big difference when migrating apps to reduce costs, meeting compliance requirements or leveraging a specific tech only available somewhere else. Join us to cover three techniques you can implement to level up your SDLC: - Modularizing and enhancing our delivery pipelines to simplify complex environments (Crossplane and Dagger) - Building consistent experiences around well-known interfaces (CloudEvents, Dapr, and OpenFeature) to minimize runtime drift. - Design with separation of concerns to enable fast feedback loops between development and operation teams (Argo CD, Knative)

Speakers

Marcos Lilljedahl

Software Engineer, Dagger

Dad, Docker Captain, OSS lover, helmsman and wine drinker. Father of a joyful kid and wannabe surfer. I like listening to jazz music and tinker with some fun projects when possible. Avid open source contributor.

Mauricio Salatino

OSS Software Engineer, Diagrid

Mauricio works as an Open Source Software Engineer at @Diagrid, contributing to and driving initiatives for the Dapr OSS project. Mauricio also serves as a Steering Committee member for the Knative Project and Co-Leading the Knative Functions initiative. He published a book titled... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Intermediate

5:25pm MST

From Observability to Enforcement: Lessons Learned Implementing eBPF Runtime Security - Anna Kapuścińska & Kornilios Kourtis, Isovalent

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 151

eBPF is getting widely adopted in cloud native runtime security tools like Falco, KubeArmor, and Tetragon. Using eBPF we can collect relevant security events right in the kernel and pass them to Security Engineers for retroactive attack detection and response. Having reliable and complete visibility is great, but wouldn't it be even better to proactively prevent attacks in progress? This talk covers the Tetragon team’s experience moving from security observability to enforcement and lessons learned along the way: from defining security models to hardening interactions between the local kernel and distributed Kubernetes systems. It will deep dive into how eBPF-based enforcement works, why it differs from observability, and the challenges of implementing it. The audience will walk away understanding the inner workings and common pitfalls of eBPF-based runtime security.

Speakers

Kornilios Kourtis

Dr, Isovalent

I am a software engineer at Isovalent, working on cloud-native networking, security, and observability using eBPF. Before that, I worked in industrial (IBM) and academic research (ETH Zurich, NTU Athens) in systems, including operating systems, storage and network stacks, and high-performance... Read More →

Anna Kapuścińska

Software Engineer, Isovalent, now part of Cisco

Anna is a software engineer at Isovalent, focusing on eBPF-based observability and security. Her previous roles span the industry: she wore both developer and SRE hats, and worked in AdTech, FinTech, public healthcare, end-user SaaS company and a hosting provider. On good weather... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate

5:25pm MST

Workload Identity Federation – Stop Using Long-Lived Credentials - Benjamin Dronen, Ford Motor Company & Kristen Newcomer, Red Hat

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 2 | 255 BC

Workload identity federation is a somewhat daunting but extremely beneficial topic in Kubernetes security. In this session, we will share the lessons Ford Motor Company has learned through using workload identity federation with Google Cloud Platform, Microsoft Entra ID, and other platforms at scale from a wide variety of different workload types, how it has enhanced our security posture, improved developers’ lives, and reduced outages.

Speakers

Kirsten Newcomer

Red Hat

Benjamin Dronen

Kubernetes Platform Engineer, Ford Motor Company

Ben Dronen started at Ford Motor Company in 2022 as part of their Ford College Graduate rotational program. He currently holds a Kubernetes Platform Engineering position and focuses on bare metal Kubernetes deployments. Ben attended Andrews University in Southwest Michigan and holds... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 2 | 255 BC

Security

Content Experience Level Any

6:00pm MST

🎉 #KubeCrawl + #CloudNativeFest Sponsored by CDW

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Thank you to our sponsor, CDW!

Join us for a captivating evening at #KubeCrawl + #CloudNativeFest, the highlight of our conference in Salt Lake City!

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Experiences

6:00pm MST

🪧 Poster Session: 0.0.0.0 Day: Exploiting Localhost APIs from the Browser - Avi Lumelsky, Oligo

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Browser-based attacks are not new in the malicious landscape of attack patterns. Browsers remain a popular infiltration method for attackers. While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface, and leaving the floodgates ajar to remote network attacks. In this live demo and attack simulation we’ll unveil a zero-day vulnerability (still under responsible disclosure) in Chrome and other browsers, and how we use the 0-day to attack developers behind firewalls. We will demonstrate remote code execution on a wildly popular open-source platform serving millions in the data engineering ecosystem, that seems to run on localhost. In our talk, we will present novel attack techniques, targeting developers and employees within an organization, that are behind firewalls. This will be a first-ever deep dive into this newly discovered zero-day vulnerability.

Speakers

Avi Lumelsky

AI Security Researcher, Oligo

Avi has a relentless curiosity about business, AI, security—and the places where all three connect. An experienced software engineer and architect, Avi’s cybersecurity skills were first honed in elite Israeli intelligence units. His work focuses on privacy in the age of AI and... Read More →

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Security

Content Experience Level Intermediate

6:00pm MST

🪧 Poster Session: Accepting Mortality: Strategies for Ultra-Long Running Stateful Workloads in K8s - Sebastian Beyvers & Maria Hansen, Giessen University

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

"Pods are mortal" is a well-known quote in the official Kubernetes documentation. For ultra-long running stateful workloads that take months to complete, this mortality comes with its own challenges. How do you react to hardware failures? What resource quotas are appropriate? What if the workload has no built-in persistence and does all its work in memory? For such workloads, failures can be fatal, potentially wiping out months of work. This session will show that despite all the obstacles, Kubernetes can still be a reasonable choice for running stateful workloads that take months to complete. Using real-world examples based on production workflows, we will show how we design, configure, run, and operate such workloads using K8s and Argo workflows. We will also show how intelligent checkpointing using CRIU can help us deal with failures and enables us to avoid some problems even before they occur.

Speakers

Sebastian Beyvers

Distributed Systems Researcher, Giessen University

Sebastian Beyvers is a distributed systems researcher in bioinformatics and a cloud-native Rust developer at Giessen University. Sebastian's current work focuses on cloud-native data storage and processing solutions that try to harmonize existing national and international data ecosystems... Read More →

Maria Hansen

Research Associate, Giessen University

Maria Hansen is a research assistant in the field of (bio)informatics at Justus Liebig University Giessen. She is currently working on a cloud-native data orchestration system that aims to unite existing national and international data ecosystems.

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Emerging + Advanced

Content Experience Level Intermediate

6:00pm MST

🪧 Poster Session: Climatik: Cloud Native Sustainable LLM via Power Capping - Chen Wang, IBM & Vincent Hou, Bloomberg L.P.

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

As GenAI workloads grow, the need for advanced accelerators with higher power consumption is surging. NVIDIA GPU peak power has risen from 300W for V100 to 1000W for B100. However, current power infrastructure and cooling systems are not designed to handle rapid power increases, leading to challenges like limited accelerator deployment in some regions or overheating risks that could cause fire hazards. We propose Climatik, a dynamic power capping system that enables data center and cluster admins and developers to set power caps dynamically at the cluster, service namespace, and rack levels. Climatik leverages Kepler for observability and offers APIs for integration with Kubernetes control knobs, including autoscalers, schedulers, and queuing systems, to ensure power caps are maintained across all levels. We will demo how to use Climatik to configure power capping for a large language model (LLM) inference service on KServe and show how power capping influences KEDA on autoscaling.

Speakers

Chen Wang

Senior Research Scientist, IBM

Chen Wang is a Staff Research Scientist at the IBM T.J. Watson Research Center. Her interests lie in Kubernetes, Container Cloud Resource Management, Cloud Native AI systems, and applying AI in Cloud system management. She is an open-source advocate, a Kubernetes contributor, and... Read More →

Vincent Hou

Senior Software Engineer, Bloomberg L.P.

Vincent Hou is a Chinese software engineer, who used to study in Belgium and is currently working in US. He has been an active open source contributor, since 2010. He used to be an active contributor to Cinder project, OpenStack block storage service, and a core committer of OpenWhisk... Read More →

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, AI + ML

Content Experience Level Intermediate

6:00pm MST

🪧 Poster Session: Kubernetes as a Geographically Distributed System - Ildiko Vancsa, Open Infrastructure Foundation

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Kubernetes was designed to be the best container orchestration platform on top of a cloud infrastructure in one data center. What do you do when you want to take your deployment and grow it in various geographical locations, but sill keep it as part of one system? You will have to face with complexity and figure out infrastructure management on a massive scale, and neither of these is easy to tackle. However, you don't have to go back to the drawing board, because the platform that delivers on requirements and expectations, already exists and it is called StarlingX. The StarlingX project is a fully integrated, open source cloud platform that is running in production at large telecom operators, who rely on its distributed cloud architecture along with next-level container orchestration support, which is provided by Kubernetes. This talk will introduce the StarlingX platform, share highlights from its latest release and show how it takes Kubernetes to the next level!

Speakers

Ildiko Vancsa

Director of Community, Open Infrastructure Foundation

Ildikó is working for the Open Infrastructure Foundation as Director of Community. As part of her role, she is the Community Manager for StarlingX and Kata Containers, and a co-leader of the OpenInfra Edge Computing Group. Ildikó has been contributing to projects like OpenStack... Read More →

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Operations + Performance

Content Experience Level Intermediate

6:00pm MST

🪧 Poster Session: Optimizing Pod Affinity in Kubernetes: A Mathematical Approach to Workload Placement - Jack Xue, Microsoft

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

A standout feature of Kubernetes is its sophisticated mechanism for pulling container images from repositories, aligning containers with the appropriate pods, and strategically deploying pods to nodes that meet their resource requirements—such as CPU, GPU, RAM, network, and storage. This process adheres to the defined affinity and anti-affinity specifications between pods and nodes. Despite these capabilities, the challenge of optimally arranging a multitude of workloads, each comprising several pods within a cluster, remains an ongoing endeavor. In our research, we illustrate that a set of YAML files, which detail a workload deployment request, can be systematically transformed into a Binary Integer Linear Programming (BILP) model. Depending on the specific optimization goals, the objective functions of the model can be tailored accordingly. With the imposition of broad conditions, it is feasible to derive an optimal solution that adheres to polynomial time complexity constraints.

Speakers

Jack Xue

Principal Cloud Solution Architect, Microsoft

PhD & MBA. Principal Cloud Solution Architect, Microsoft

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Platform Engineering

Content Experience Level Intermediate

6:00pm MST

🪧 Poster Session: Revolutionizing Windows Container Startup Performance - Tina Wu & Shaheed Chagani, Microsoft

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Are you frustrated by Windows container delays and struggling to meet demand spikes? We are excited to introduce a suite of innovations that will revolutionize your Windows container startup and scaling experience. Conventional Windows container image download, import, and launch processes have long suffered from sluggishness and inefficiencies. By leveraging a new storage stack, CimFS & UnionFS, we anticipate a 30%+ improvement in container image import and launch times. Building on top of that, we are excited to announce Artifact Streaming for Windows Containers to drastically reduce image download time from minutes to seconds. This session will showcase an in-depth exploration of the architecture, implementation intricacies, and tangible benefits of the new storage stack. We will also guide you through compelling use cases and performance benchmarks that highlight the impact. Don't miss the opportunity to stay at the forefront of Windows container technology innovations.

Speakers

Shaheed Chagani

Principal Software Engineering Lead - Microsoft, Microsoft

Principal Software Engineering Lead for the File System Virtualization team.

Tina Wu

Senior Product Manager, Microsoft

Tina is a Senior Product Manager on the Windows Storage & File Systems team and works on technologies such as Artifact Streaming for faster image downloads for Windows Containers, CimFS & UnionFS for a modern container launch stack, and Storage Spaces for storage virtualization.

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Operations + Performance

Content Experience Level Beginner

6:00pm MST

🪧 Poster Session: Unleashing the Power of Init and Sidecar Containers in Kubernetes - Carlos Sanchez & Natalia Angulo, Adobe

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

This session dives deep into the power of init and sidecar containers, the issues they solve and why they are very useful when managing Kubernetes workloads. We will explore real-world use cases that show how these tools can: * Simplify complex deployments: Break down intricate deployments into manageable steps. * Enhance security: Isolate security critical tasks within your pods and ongoing security measures. * Facilitate rapid and isolated changes: when everyone is interested in updating the same service, separation of concerns is critical for rapid development. * Boost application functionality: Utilize sidecar containers to inject essential functionalities like logging, monitoring, and networking capabilities without modifying your main application code. Our goal is to share our experience and challenges managing thousands of environments in Kubernetes, how we manage init and sidecar containers and what problems they solve for us.

Speakers

Natalia Angulo

Software Developer Engineer, Adobe

Natalia Angulo is a Software Development Engineer at Adobe Experience Manager, contributing to Site Reliability tasks and the development of new features inside AEM, and specially helping with their infrastructure management. She is passionate about maths, coding puzzles and teaching... Read More →

Carlos Sanchez

Principal Scientist, Adobe

Carlos Sanchez is a Principal Scientist at Adobe Experience Manager, specializing in software automation, from build tools to Continuous Delivery and Progressive Delivery. Involved in Open Source for over 20 years, he is the author of the Jenkins Kubernetes plugin and a member of... Read More →

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Operations + Performance

Content Experience Level Intermediate

6:00pm MST

🪧 Poster Session: Unleashing the Power of Prediction to Proactively Scale Control Plane Components - Anubhav Aeron & Ryan Tay, Intuit

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

At Intuit, our control plane components such as IstioD are responsible for hundreds of applications per cluster. It is responsible for configuring data plane, as well as injecting the istio-proxy container. With an increase in application traffic, there is an increase in application pods, which results in the control plane to scale up. For critical control planes such as IstioD, it is wise to scale proactively, rather than as a reaction to increase in load. With traditional approaches, like tuning HPA thresholds, to scale in advance, we might pre scale even when not required due to outliers, which could be wasteful. At Intuit a novel deep learning forecasting model called N-HiTS was employed to solve this issue. This session will discuss and demo how we train N-HiTS, our most important model features, and how we deploy our service on a per-cluster basis to provide contextualized predictions for cost effective and on time auto-scaling.

Speakers

Anubhav Aeron

Staff SE, Intuit

Anubhav is a seasoned software engineer in the field of Cloud Native Technologies, and has been doing Kubernetes and Service Mesh since 2016. He developed Redis Cluster as a Service, and a Templating Engine while working at Yahoo! He is the lead maintainer of Admiral, which is an... Read More →

Ryan Tay

Software Engineer, Intuit Inc.

As a software engineer on the Service Mesh team at Intuit, Ryan works to support Intuit's extensive Istio deployment through contributions to projects like Admiral. He has previously worked to reduce costs of cloud development environments for the Intuit API Gateway team. His main... Read More →

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Platform Engineering

Content Experience Level Intermediate

6:00pm MST

🪧 Poster Session: Unveiling Anomalies: eBPF-Based Detection in High-Volume Encrypted Network Traffic - Ben Smith-Foley, Rensselaer Center for Open Source

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

The increased use of encryption in network traffic presents a significant challenge for traditional network monitoring and security tools. As encrypting traffic becomes the norm, so does the need for advanced methods to detect malicious activities hidden within encrypted traffic. This poster will focus on how eBPF can be utilized to gain early observability into incoming packets by capturing and analyzing metadata before packets are fully processed, and how eBPF offers a unique vantage point for identifying anomalies in real-time. It will discuss methods to detect abnormal patterns, the design of the eBPF programs used, and the integration of these programs into a broader monitoring framework. The insights from this research have the potential to significantly enhance network security by providing a scalable and efficient solution for monitoring network traffic without compromising privacy. Attendees will gain an understanding of the practical applications of eBPF in network security.

Speakers

Ben Smith-Foley

University Student, Rensselaer Center for Open Source

Ben is a senior at Rensselaer Polytechnic Institute studying Computer Science with a concentration in Systems and Software. He is currently conducting undergraduate research in "Anomaly Detection in High-Volume Encrypted Network Traffic", helps lead the Rensselaer Center for Open... Read More →

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Security

Content Experience Level Any

6:00pm MST

🪧 Poster Session: What's Happening with SPIFFE and WIMSE? - Daniel Feldman, Qusaic

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

This session will be a very brief overview of what's going on with the SPIFFE and WIMSE identity standards projects. SPIFFE is a CNCF effort to standardize workload identity implementations. That is, a SPIFFE implementation can grant services unique identities and credentials. WIMSE is an IETF effort to build on the SPIFFE foundation. In particular, it adds a new, unique token format that allows securely recording multi-hop identity information. Implementors will be able to use this token format to build complete, end-to-end, cryptographically auditable identity records.

Speakers

Daniel Feldman

Founder, Qusaic

Daniel Feldman has worked with many companies, large and small, to deploy SPIFFE and SPIRE zero-trust identity.

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Security

Content Experience Level Intermediate

6:10pm MST

Project Pavilion Tour with Aditya Soni, CNCF Ambassador

Wednesday November 13, 2024 6:10pm - 6:30pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Wednesday November 13, 2024 6:10pm - 6:30pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties