KubeCon + CloudNativeCon North America 2024: Full Schedule

In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

arrow_back View All Dates

8:00am MST

Badge Pick-Up

Thursday November 14, 2024 8:00am - 6:00pm MST

West Temple Entrance (East)

Thursday November 14, 2024 8:00am - 6:00pm MST
West Temple Entrance (East)

Registration

8:00am MST

Badge Pick-Up

Thursday November 14, 2024 8:00am - 6:00pm MST

200 South Entrance (South)

Thursday November 14, 2024 8:00am - 6:00pm MST
200 South Entrance (South)

Registration

9:00am MST

Keynotes To Be Announced

Thursday November 14, 2024 9:00am - 10:30am MST

Salt Palace | Level 1 | Hall DE

Thursday November 14, 2024 9:00am - 10:30am MST
Salt Palace | Level 1 | Hall DE

Keynote Sessions

10:30am MST

Coffee Break ☕

Thursday November 14, 2024 10:30am - 11:00am MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Thursday November 14, 2024 10:30am - 11:00am MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

10:30am MST

Solutions Showcase

Thursday November 14, 2024 10:30am - 5:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Thursday November 14, 2024 10:30am - 5:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Solutions Showcase

10:40am MST

Project Pavilion Tour with Julia Furst Morgado, CNCF Ambassador

Thursday November 14, 2024 10:40am - 11:00am MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Explore the Project Pavilion, a hub of innovation and discovery! Take part in daily tours, interact with project maintainers at their kiosks, gain insights on community engagement and KCD event organization, and learn more about certification opportunities to showcase your expertise.

Thursday November 14, 2024 10:40am - 11:00am MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

11:00am MST

Shifting Gears: Leveraging CNCF Tools to Streamline Operations at Toyota Connected - Benson Phillips & Rob Heckel, Toyota Connected

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 255 BC

In the evolving landscape of cloud-native ecosystems, aligning teams and standardizing practices is crucial for operational excellence. At Toyota Connected, we faced significant challenges due to inconsistent practices and fragmented collaboration across departments. To address this, we adopted a suite of CNCF tools including ArgoCD, Backstage, Harbor, External Secrets Operator, and OpenCost. This session will delve into our journey of implementing these tools to unify our approach, streamline workflows, and enhance cross-team collaboration. Attendees will gain insights into the practical application of these tools, our successes and failures, and the substantial reduction in time to market achieved. By focusing on the integration of technical solutions and effective team practices, we aim to foster a cohesive and efficient cloud-native environment. This presentation provides actionable strategies for leveraging CNCF tools to drive innovation and excellence in your organization.

Speakers

Benson Phillips

Platform Architect, Toyota Connected

Software oriented, primarily working with cloud native computing. But my interests do not stop there as my love for technology is boundless.

Rob Heckel

Platform Architect, Toyota Connected North America

Rob has over 15 years in technology, specializing in open source and developer enablement. As a Platform Architect for Toyota Connected, he enhances DevOps, SDLC, and SRE practices. He has led the creation of an internal developer platform, streamlined tool integrations, and promoted... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 255 BC

Cloud Native Experience

Content Experience Level Any

11:00am MST

Harnessing the Power of Envoy Proxy for Building an LLM Gateway - Idit Levine, Solo.io

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 155 EF

As the demand for LLMs continues to soar, the need for secure, cost-conscious, and content-aware control over its usage is paramount. In this talk, we explore why Envoy Proxy is the optimal choice for building an LLM gateway, leveraging its unique architecture and capabilities. Unlike traditional proxies (e.g. NGINX), which rely on scripting languages for customization, Envoy Proxy stands out due to its extensibility features: filter architecture, callout architecture (ext-proc, ext-auth), and ability to dynamically load libraries. Combined with its high-performant, async core ( C++), Envoy can run as an ingress, egress and mesh gateway. We'll look at using Envoy proxy for LLM credential management, prompt guarding/decorting, analyzing content safety, usage controls, context-aware failover, and observability. Ideal for developers, architects, and tech enthusiasts looking to solve challenges around LLM usage and picking the right technologies for their platform infrastructure.

Speakers

Idit Levine

Founder & CEO, Solo.io

Idit Levine is the founder and CEO of Solo.io, a company that creates open-source tools to assist enterprises in adopting and extending innovative cloud-native technologies while modernizing their existing IT investments. Solo.io is a top contributor to CNCF projects such as Envoy... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

11:00am MST

Cooperative Scheduling for Stateful Systems - Michael Youssef & Laxman Prabhu, LinkedIn

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | Grand Ballroom GI

At LinkedIn, we develop many stateful systems and run them on tens of thousands of machines in our datacenters. As we move LinkedIn’s infrastructure to Kubernetes, we quickly realized that StatefulSet was not going to be enough to support running critical stateful systems and satisfy the safety and durability goals of the teams developing stateful systems. We've built first-class support for running stateful workloads on bare metal where the stateful systems can coordinate with Kubernetes to stay available and ensure durability. With our design, we support planned/unplanned maintenance, swapping out hardware, and allow stateful systems to customize their rollout policies natively on Kubernetes. This talk covers: - Our LiStatefulSet API. - How we allow apps to customize safety checks and deployment policies via an ApplicationClusterManager, our pluggable policy engine. - The ApplicationClusterManager protocol that allows coordination of the lifecycle of workloads with Kubernetes.

Speakers

Laxman Prabhu

Staff Software Engineer, Systems Infrastructure, LinkedIn

Michael Youssef

Staff Software Engineer, LinkedIn

Michael is a Staff Software Engineer at LinkedIn, currently making management and deployment of sharded systems a touch less painful on Kubernetes. In his free time he enjoys spending time with his cat, inhaling chocolate, and playing tennis.

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

11:00am MST

Kubernetes Workspaces: Enhancing Multi-Tenancy with Intelligent Apiserver Proxying - James Munnelly & Andrea Tosatto, Apple

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 255 EF

Multi-tenancy in Kubernetes means sacrificing essential features like cluster-scoped list/watches and multi-namespace/cluster-scoped RBAC. This often leads to additional complexity when configuring operators and forces discrepancies and friction with cluster-as-a-service type offerings. In this talk we will go through a demonstration of an intelligent Kubernetes apiserver proxy that introduces the concept of a ‘workspace’. Borrowing the name from the KCP project, a Workspace is a virtual apiserver endpoint that provides a ‘cluster-scoped’ view over a group of namespaces in a remote cluster. We’ll then go on to discuss optimisations and changes that we’d like to make within Kubernetes to better support apiserver proxying for multi-tiered caching, routing and scoping purposes.

Speakers

James Munnelly

Staff Field Engineer, Apple

James Munnelly is a Field Engineer at Apple, helping customers adopt and adapt Kubernetes, and driving adoption of OSS cloud native technologies. James is also the founder of the cert-manager project, a Kubernetes extension for managing x509 certificates. He's an active member of... Read More →

Andrea Tosatto

Site Reliability Engineer, Apple

Andrea works at Apple as a Site Reliability Engineer. His day to day job consists in managing the lifecycle and ensuring the reliability of a multi-tenant compute platform built on top of Kubernetes. He is deeply passionate about multi-tenancy and any related topic, ranging from runtime... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Intermediate

11:00am MST

Artifact Hub: Discover, Analyze, and Share Cloud Native Artifacts - Matt Farina, SUSE

Thursday November 14, 2024 11:00am - 11:35am MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Finding cloud native artifacts, from Helm charts to security policies, can be difficult with general search engines. Analyzing what you find can be a very manual process and you're going to miss out on some useful projects. Artifact Hub was created to ease the pain of cloud native artifact discovery and now provides for discovery and analysis of over 20 different types of cloud native artifacts. In this session you'll learn: • How Artifact Hub came into existence • How you can discover and analyze artifacts, right on Artifact Hub • Making your artifacts discoverable • Running your own instance of Artifact Hub • How you can contribute to the project

Speakers

Matt Farina

Distinguished Engineer, SUSE

Matt works as a Distinguished Engineer at SUSE, where he works as the Chief Architect of the SUSE Rancher Team. He is a maintainer of multiple open source projects including Helm and Artifact Hub. Matt is an author, speaker, and regular contributor to open source.

Thursday November 14, 2024 11:00am - 11:35am MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, ArtifactHub

11:00am MST

GitOps at Production Scale with Flux - Leigh Capili, Flox & Priyanka Ravi, G-Research

Thursday November 14, 2024 11:00am - 11:35am MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

In this session, Leigh and Pinky will cover best practices when running Flux at scale in production. We'll start with an overview of the scaling capabilities of Flux controllers: - Vertical Scaling - Horizontal Scaling - Sharding We'll dive deeply into each method and explain when and how to use them considering multi-tenancy, cluster fleet size, and workload complexity. We'll also introduce the Mean Time To Production benchmarking tool the Flux team has developed using CUE lang and Timoni. The benchmark measures the time it takes for Flux to deploy thousands of Helm charts and Kustomize overlays on Kubernetes clusters. We'll explain the benchmark results and share lessons from running it on different Kubernetes distributions and providers. The session will conclude with the Flux roadmap and our API promises now that Flux is GA.

Speakers

Leigh Capili

Senior DevRel Engineer, Flox

Leigh is an empathetic speaker and dev with niches in cloud-native systems and security. He has a background in building software to manage infra. Leigh is working in k8s SIG-Auth. He authored kubeadm’s etcd mTLS implementation and Flux 2’s multi-tenant security model. Leigh works... Read More →

Priyanka Ravi

Platform Tech Advocate, G-Research

Priyanka “Pinky” Ravi is a Platform Technical Advocate at G-Research. She is a Flux project member and an advocate for GitOps. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a developer... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Flux

11:00am MST

SIG-Apps: Powering Applications with High-Volume Data and APIs - Maciej Szulik, Red Hat & Janet Kuo, Google

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 3| 355 BC

Over the last decade, Kubernetes expanded support for various workloads from stateless to stateful, from simple jobs to complicated batch workloads. All the APIs have become mature, consistent, and full-featured. We've been busy in SIG Apps, and there's more to come. In this session the SIG Apps leads will provide an overview of what has been accomplished since its inception. They will highlight major milestones, sub-projects and share various stories surrounding major events. They will also discuss how the work has been shared between SIG Apps, Work Groups and sub-projects. The session will conclude with an open discussion and Q&A. Attendees will learn about contributing to SIG Apps themselves.

Speakers

Janet Kuo

Staff Software Engineer, Google

Janet Kuo is a Staff Software Engineer at Google. She's joined the Kubernetes project since before the 1.0 launch in 2015. She is Kubernetes project maintainer, SIG Apps chair, and KubeCon co-chair emeritus. In her free time, she enjoys traveling and taking photos.

Maciej Szulik

Senior Principal Software Engineer, Red Hat

Maciej is a passionate developer with almost 2 decades of experience in many languages. Currently he's working on OpenShift and Kubernetes for Red Hat. Whereas at night he is hacking on side projects with python. In his spare time he enjoys reading a good book or taking photos.

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Apps

11:00am MST

SPIRE: Intro & In-Depth Exploration of the Upcoming Forced Rotation and Revocation Feature - Agustín Martínez Fayó & Marcos Yacob, Hewlett Packard Enterprise

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 3 | 355 EF

Join us for an insightful session on the SPIRE project, where we’ll provide a comprehensive introduction covering the foundational aspects of SPIRE, detailing its architecture, capabilities, and the problems it solves. Additionally, we’ll delve into the exciting upcoming updates for the project, with a special focus on the highly anticipated forced rotation and revocation feature that will provide a rapid, reliable, and automated mechanism for recovering from key compromise. Whether you’re new to SPIRE or an experienced user, this talk will equip you with the knowledge of current developments and prepare you for the future enhancements that will further strengthen your infrastructure to provide secure identities for workloads.

Speakers

Marcos Yacob

Principal Software Engineer, Hewlett Packard Enterprise

I'm principal Software Engineer at Hewlett Packard Enterprise (HPE) and Maintainer of different SPIFFE projects.

Agustín Martínez Fayó

Principal Software Engineer, Hewlett Packard Enterprise

Agustín is a Principal Software Engineer at Hewlett Packard Enterprise (HPE) and Maintainer of the SPIRE project. Agustín has always been dedicated to building software that helps to improve the security of systems that operate at scale.

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, SPIRE

11:00am MST

What's New with Kubectl and Kustomize … and How You Can Help! - Eddie Zaneski, Defense Unicorns & Arda Guclu, Red Hat

Thursday November 14, 2024 11:00am - 11:35am MST

Hyatt Regency | Level 4 | Regency Ballroom A

Have you ever wondered how kubectl and kustomize enhancements are designed and built? Curious why your favorite feature request wasn't accepted? Join the folks from Kubernetes SIG CLI to find out! In this session, the SIG CLI maintainers will provide an introduction to the tooling they are working on and an overview of how to get started contributing. They will share the work done over the past year and the roadmap for what is next. Join us to help shape your favorite tools!

Speakers

Eddie Zaneski

Staff OSS Engineer, Defense Unicorns

Eddie lives in Denver, CO with his wife and dog. He loves open source and works on the Kubernetes project. When not hacking on random things you'll most likely find him climbing rocks somewhere.

Arda Guclu

Senior Software Engineer, Red Hat

Senior software engineer at Red Hat, regular contributor to Kubernetes and one of the maintainers of kubectl.

Thursday November 14, 2024 11:00am - 11:35am MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, CLI

11:00am MST

Lesson’s Learned Adopting OpenTelemetry at Scale - Alex Arnell, Heroku / Salesforce

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | Grand Ballroom HJ

OpenTelemetry makes bold promises to unlock and unleash your observability, providing you with open standards, no vendor lock-in and interoperability with just about everything. You believe that your organization could really benefit from an uplift to modern observability. It would be easy to adopt if you were was starting out fresh, but let’s face it, most organizations have sprawling codebases and architectures. Decisions, infrastructure and often engineers that have been in place for decades. How do you even get started? This Heroku case study dives into our OpenTelemetry journey where you'll discover strategies on adoption, how to deal with internal resistance, and technical guidance on rolling out the change. Learn from our missteps and what we wished we had done differently. You’ll even see how a bit of luck can help drive adoption over the finish line. This session will equip you to navigate OpenTelemetry adoption in the most entrenched environments.

Speakers

Alex Arnell

Principal Engineer, Heroku / Salesforce

Alex Arnell is a Principal Engineer at Heroku / Salesforce with over two decades of software development experience. Alex has spent the last decade specializing in telemetry and observability systems. Alex is the lead engineer of the Telemetry team at Heroku, responsible for the collection... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Any

11:00am MST

Navigating the Cgroup Transition: Bridging the Gap Between Kubernetes and User Expectations - Sohan Kunkerkar, Red Hat Inc

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 155 BC

As Kubernetes and container technologies evolve, shifting from cgroup v1 to cgroup v2 has become a pivotal development. With cgroup v2 available in Kubernetes since v1.25, we're at a crossroads where many users and organizations must decide when and how to transition fully to this new system. Despite the benefits of cgroup v2, including better resource management and enhanced capabilities, users frequently encounter unexpected challenges signaling a gap in readiness and understanding. This talk will address the practical implications of moving to cgroup v2, discuss the coordinated efforts to deprecate cgroup v1, and propose actionable strategies to bridge the gap between the Kubernetes community, system administrators, and developers. By focusing on real-world experiences and providing clear guidance, this session aims to equip you with the knowledge and tools to navigate this significant change confidently.

Speakers

Sohan Kunkerkar

Senior Software Engineer, Red Hat Inc

Sohan Kunkerkar is a Senior Software Engineer at Red Hat, bringing expertise in distributed systems, backend engineering, and containers. His active contributions extend to CRI-O, a container runtime engine, and various sub-projects within the Kubernetes Sig-Node community. Sohan... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

11:00am MST

Engineering a Kubernetes Operator: Lessons Learned from Versions 1 to 5 - Andrew L'Ecuyer, Crunchy Data

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | Grand Ballroom BDF

Join me to uncover insights and hard-learned lessons from our journey through the first five versions of a Kubernetes Operator for Postgres. I will trace the development lifecycle from version 1 started in 2017 to version 5 now. Each version represents a milestone in addressing specific challenges, functionality, stability, and performance. We will discuss the architectural decisions, design patterns, and implementation strategies that shaped the evolution of the Operator. Key topics will include handling stateful applications, ensuring high availability, building for flexible deployment models, scalability, and managing rolling upgrades for both the Operator and underlying software. By the end of this session, participants will be equipped with practical knowledge and actionable strategies for engineering their own Kubernetes Operators, ready to accelerate their development process and avoid common pitfalls.

Speakers

Andrew L'Ecuyer

Sr. Director of Kubernetes Engineering, Crunchy Data

Andrew head’s up the Kubernetes Engineering Team at Crunchy Data. With a diverse background spanning both the public and private sectors, Andrew has played a key role in designing, building and integrating complex systems of all shapes and sizes. He holds degrees in both Computer... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Any

11:00am MST

Yahoo’s Kubernetes Journey from on-Prem to Multi-Cloud at Scale - Nandhakumar Venkatachalam & Payal Patel, Yahoo

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 251

Yahoo is an early adopter of Kubernetes, operating 37 on-prem and 42 multi-cloud production clusters hosting 2700 applications. Our team offers a simple yet powerful interface for users to deploy applications onto our managed clusters. Since 2015, we have handled multiple complex upgrades, including Operating Systems and Kubernetes, upgrading from version 1.0.3 to 1.30.0. In 2023, Yahoo announced plans to migrate to both GCP and AWS cloud platforms. Leveraging extensive knowledge, our team successfully provisioned Kubernetes clusters in a multi-cloud environment within a short period. Our team faced numerous challenges during the cloud adoption process, including networking, security, cluster autoscaling, and cost. In this talk, we will share managing K8S in a multi-cloud and discuss the challenges faced and solutions found. Key topics include Shared VPC, IP Space for K8s, securely accessing private clusters, multi-tenant workload identity, and maintaining a user interface to K8S.

Speakers

Nandhakumar Venkatachalam

Sr Princ Production Engineer, Yahoo Inc

Nandhakumar Venkatachalam is a Senior Principal Production Engineer at Yahoo Inc. As a lead engineer responsible for operating the large-scale Kubernetes cluster, he has played a key architect role in building scalable cloud infrastructure. Nandha has been with Yahoo for over 17 years... Read More →

Payal Patel

Principal Software Development Engineer, Yahoo

Payal Patel is a Principal Software Development Engineer in the Cloud Infrastructure team at Yahoo. She is currently developing a hybrid cloud solution for Kubernetes clusters in AWS and GCP to set up the Kubernetes clusters at scale. Before that, she worked on managing the Kubernetes... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 251

Platform Engineering

Content Experience Level Any

11:00am MST

How We Made OpenTelemetry Be Our Fitness Tracker for Your CI/CD Pipelines! - Nicolas Woerner, Clario & Andreas Grabner, Dynatrace

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 250

CI/CD pipelines are the heartbeat of modern cloud-native software delivery. Healthy pipelines ensure rapid and continuous deployments every time code gets committed to the Git repositories! Every new repository and commit puts more load on the CI/CD tool making it more challenging to keep this crucial heartbeat healthy! In this session, engineers from Clario will demonstrate how they leverage OpenTelemetry to observe, validate, report and optimize their CI/CD pipelines, keeping their deployments healthy despite increased scale and unlocking the full potential of modern software delivery on Kubernetes with GitLab.

Speakers

Andi Grabner

CNCF Ambassador and DevRel, Dynatrace

Andreas Grabner (@grabnerandi) has 20+ years of experience as a software developer, tester and architect and is an advocate for high-performing cloud scale applications. He is a CNCF ambassador, contributor to the CNCF project keptn and a DevRel for Dynatrace. Andreas is also a regular... Read More →

Nicolas Woerner

Associate DevOps Engineer, Clario

Nicolas Wörner works in the Platform Engineering Team at Clario. With a background in software and DevOps engineering he focuses on continuously enhancing the software delivery workflow at Clario. Nicolas is passionate about leveraging CNCF software to drive efficiency and reliability... Read More →

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Intermediate

11:00am MST

From Silicon to Service: Ensuring Confidentiality in Serverless GPU Cloud Functions - Zvonko Kaiser, NVIDIA

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 151

With the widespread adoption of cloud computing, concerns about data privacy and infrastructure security are increasing. This session will focus on confidential cloud functions, including serverless environments and GPU-accelerated workloads, to ensure the security of your code and data within the cloud infrastructure. We will explore technologies such as hardware-based Trusted Execution Environments (TEEs) and confidential computing. In addition, we will cover hardware and software attestation to guarantee integrity from the silicon level upwards, complete stack attestation for end-to-end trust, and supply chain security to trace and verify all application components. Participants will learn practical steps to implement confidential serverless functions, utilizing GPUs for high-performance computing while ensuring data integrity and privacy. Join us to discover how to innovate securely, build your own secure cloud functions infrastructure, and enhance your cloud security posture.

Speakers

Zvonko Kaiser

Principal Systems Software Engineer, NVIDIA

Zvonko is a Principal Systems Engineer at NVIDIA, working on the Cloud Native Technologies team. Focusing right now on all things related to confidential computing, especially in the context of accelerators.

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced

11:00am MST

Tutorial: Kubernetes Smart Scaling: Getting Started with Karpenter - Changsu Lee & Raj Saha, AWS; Wilson Darko & Charlie McBride, Microsoft; Praseeda Sathaye, Amazon

Thursday November 14, 2024 11:00am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Karpenter is an open-source node provisioner that simplifies infrastructure management for Kubernetes clusters. It automatically launches the right compute resources to handle application demands, allowing you to leverage the cloud's elastic capabilities with fast and simple provisioning. This hands-on workshop will guide you through setting up Karpenter in your Kubernetes clusters, how Karpenter automatically responds to changes in application load, scheduling and resource requirements, and placing new workloads onto available compute capacity. Additionally, you'll explore how Karpenter reduces cluster costs by removing under-utilized nodes, replacing expensive nodes with cheaper alternatives, and consolidating workloads onto efficient resources. Throughout the workshop, you'll gain hands-on experience with Karpenter's advanced capabilities, such as evaluating scheduling constraints, enabling continuous optimization through consolidation, and managing drift for day-2 operations.

Speakers

Wilson Darko

Microsoft

Praseeda Sathaye

Principal Specialist Solution Architect, Amazon (AWS)

Praseeda Sathaye is a Principal Specialist SA for App Modernization and Containers at Amazon Web Services based in Bay Area California. She has been focused on helping customers speed their cloud-native adoption journey by modernizing their platform infrastructure, internal architecture... Read More →

Chance Lee

Sr Container specialist Solutions Architect, AWS

Chance Lee is a Sr. Container Specialist Solutions Architect at AWS based in the Bay Area. He helps customers architect highly scalable and secure container workloads with AWS container services and various ecosystem solutions. Prior to joining AWS, Chance was an IBM Lab Services... Read More →

Raj Saha

Principal Solutions Architect, AWS

Raj is the Principal Specialist SA for Containers, and Serverless at AWS. Rajdeep has architected high profile Kubernetes applications serving millions of customers. He is a published instructor on Kubernetes, Serverless, DevOps, and System Design, has published blogs, and presented... Read More →

Charlie McBride

SDE 2, Microsoft

Summa Cum Laude graduates from the University of Washington. I've been emersed within cloud containerization first interning at AWS within Elastic Container Registry, before going to a full-time position at Azure Kubernetes Services. The cloud feels like a natural home, where I'm... Read More →

Thursday November 14, 2024 11:00am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Operations + Performance

Content Experience Level Beginner

11:00am MST

🚨 Contribfest: Backstage Onboarding: Your Journey to Community Contribution!

Thursday November 14, 2024 11:00am - 12:30pm MST

Salt Palace | Level 3 | 355 A

Join us for an in-depth session on Backstage, an incubating project within the CNCF ecosystem. Backstage is a framework for building Internal Developer Portals, enhanced with a variety of plugins. In this session we will guide you through your local environment, ensuring you have all the prerequisite tools like NodeJS and TypeScript. We will then walk through the Contributing Guide to help you familiarize yourself with the project and the contribution process. From there, we will dive into a curated list of GitHub Issues perfect for first-time contributors. You will have the opportunity to receive help from Backstage experts while we tackle these issues. Embark on your journey of contributing to Backstage and its vibrant community of plugins!

Speakers

Patrik Oldsberg

Senior Engineer, Spotify

Patrik is a Senior Software Engineer at Spotify and a core maintainer of Backstage. In 2019 he joined the team in Spotify’s platform organization that owned the Backstage platform, and worked together with the rest of the team to bring it out in the open. Before joining Spotify... Read More →

Ben Lambert

Core Maintainer of Backstage, Senior Engineer at Spotify, Spotify

Ben is an Engineer at Spotify and a Maintainer of Backstage.io

André Wanlin

Customer Success Engineer, Spotify

André, a full Stack Developer from Winnipeg, Manitoba, Canada, is an active member of the Backstage open source project having contributed 3 plugins - Azure DevOps, DevTools, and Linguist - as well as various features, bug fixes and documentation updates. He's often found on the... Read More →

Paul Schultz

Software Engineer, Red Hat

Hi! I'm Paul Schultz, a Software Engineer at Red Hat. I started as an intern in 2021 and now work on open-source projects like Devfile and Backstage. As engineer for Red Hat Developer Hub (based on Backstage), I tackle maintenance challenges – dependencies, version control, automated... Read More →

Yi Cai

Software Engineer, Red Hat

Yi Cai is an enthusiastic developer and recent contributor to the Backstage ecosystem. Working with Red Hat, Yi helps deliver the Janus and Red Hat Developer Hub projects, adding valuable features and improving functionality. She migrated plugins from static to dynamic using a team-developed... Read More →

Thursday November 14, 2024 11:00am - 12:30pm MST
Salt Palace | Level 3 | 355 A

🚨 Contribfest

11:00am MST

🚨 Contribfest: Collaborative WebAssembly Creation with WasmCloud

Thursday November 14, 2024 11:00am - 12:30pm MST

Salt Palace | Level 3 | 355 D

wasmCloud aims to provide a seamless developer experience for building, testing, and deploying WebAssembly components. Join maintainers and community contributors at this Contribfest to build WebAssembly components and enhance wasmCloud's core developer experience. We'll test our newest feature, wash dev, by rapidly building applications in Wasm. With support for Rust, Go, Python, and JavaScript/TypeScript, developers of all backgrounds can get hands-on with Wasm. Since applications built with wasmCloud use the latest Wasm standards, components created during the workshop will benefit the broader Wasm ecosystem. Contributors who find bugs, improvements, or new features can pair program with maintainers to contribute directly to wasmCloud.

Speakers

Bailey Hayes

CTO, Cosmonic

Bailey Hayes is the CTO at Cosmonic. She believes the future is in distributed systems and WebAssembly (Wasm). She wears many hats in the open source ecosystem from standards to implementations as the W3C WebAssembly WASI Subgroup co-chair, Bytecode Alliance TSC Director, and maintainer... Read More →

Colin Murphy

Senior Software Engineer, Adobe

Colin Murphy is a senior software engineer on the Adobe Express team. Prior to his current role, he was responsible for infrastructure of Adobe Document Cloud microservices, including Adobe Sign and Acrobat Web. He has been responsible for the implementation of major portions of Adobe’s... Read More →

Taylor Thomas

Engineering Director, Cosmonic

Taylor Thomas is an Engineering Director working on WebAssembly platforms at Cosmonic. He actively participates in the open source community and is one of the creators of Krustlet and Bindle. He is a CNCF Ambassador and a regular speaker at various open source conferences and meetups... Read More →

Thursday November 14, 2024 11:00am - 12:30pm MST
Salt Palace | Level 3 | 355 D

🚨 Contribfest

11:00am MST

🚩 Capture The Flag Experience

Thursday November 14, 2024 11:00am - 5:05pm MST

Salt Palace | Level 2 | 255 A

The Capture The Flag (CTF) experience runs concurrently to KubeCon + CloudNativeCon North America 2024!

Delve deeper into the dark and mysterious world of Cloud Native security! Exploit a supply chain attack and start your journey deep inside the target infrastructure, utilize your position to hunt and collect the flags, and hopefully learn something new and wryly amusing along the way!

Attendees can play three increasingly treacherous and demanding scenarios to bushwhack their way through the dense jungle of Cloud Native security. Everybody is welcome, from beginner to seasoned veterans, as we venture amongst the low-hanging fruits of insecure configuration and scale the lofty peaks of cluster compromise!

Thursday November 14, 2024 11:00am - 5:05pm MST
Salt Palace | Level 2 | 255 A

Security

11:55am MST

Democratizing AI Model Training on Kubernetes with Kubeflow TrainJob and JobSet - Andrey Velichkevich, Apple & Yuki Iwai, CyberAgent, Inc.

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Hall DE

Running model training on Kubernetes is challenging due to the complexity of AI/ML models, large training datasets, and various distributed strategies like data and model parallelism. It is crucial to configure failure handling, success criteria, and gang-scheduling for large-scale distributed training to ensure fault tolerance and elasticity. This talk will introduce the new Kubeflow TrainJob API, which democratizes distributed training and LLM fine-tuning on Kubernetes. The speakers will demonstrate how TrainJob integrates with Kubernetes JobSet to ensure scalable and efficient AI model training with simplified Python experience for Data Scientists. Additionally, they will explain the innovative concept of reusable and extendable training runtimes within TrainJob. The speakers will highlight how these capabilities empower data scientists to rapidly iterate on their ML development, making Kubernetes more accessible and beneficial for the entire ML ecosystem.

Speakers

Andrey Velichkevich

Senior Software Engineer, Apple

Andrey Velichkevich is a Senior Software Engineer at Apple and is a key contributor to the Kubeflow open-source project. He is a member of Kubeflow Steering Committee and a co-chair of Kubeflow AutoML and Training WG. Additionally, Andrey is an active member of the CNCF WG AI. He... Read More →

Yuki Iwai

Software Engineer, CyberAgent, Inc.

Yuki is a Software Engineer at CyberAgent, Inc. He works on the internal platform for machine-learning applications and high-performance computing. He is currently a Technical Lead for Kubeflow WG AutoML / Training. He is also a Kubernetes WG Batch active member and a Kubernetes... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Any

11:55am MST

Tick, TAG, TOC - Keeping Cloud Native Running - Karena Angell & Emily Fox, Red Hat; Rajas Kakodkar, Broadcom; Alex Chircop, Akamai; Ricardo Aravena, Truera

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 255 BC

With only so many hours in the day, how does the cloud native community keep things running? Over 190 projects, thousands of contributors, and an array of groups all contribute to what we know as “cloud native” but there is more going on behind the scenes that keep the machine of cloud native running smoothly and driving the technical direction of the landscape. In this panel discussion, you’ll hear from Chairs and Technical Leads of Technical Advisory Group (TAG) Runtime, Storage, App Delivery and the chair of the CNCF Technical Oversight Committee (TOC) on - How they are defining the roadmap for the future - The glue and oil of collaboration between advisory, oversight, and projects’ health - How you can time your engagement with these groups to have an outsized impact! This is not a maintainer track session. While they are separate tracks for specific CNCF TAG and TOC activities, this is meant to be your backstage pass to see how the CNCF landscape gets shaped!

Speakers

Alex Chircop

Chief Product Architect at Akamai, Akamai

Chief Product Architect at Akamai. Previously a founder and CTO of Ondat (formerly StoraeOS), building software defined solutions for cloud native environments. Alex is also a co-chair of the CNCF Storage TAG (previously SIG). Before embarking on the startup adventure he spent over... Read More →

Ricardo Aravena

Cloud Native Lead, Truera

Ricardo currently works at TruEra as a Cloud Infrastructure Lead helping automate everything with cloud native technologies. He's an open source enthusiast and co-chair of the CNCF TAG-Runtime. He has been working in tech for more than 20 years and comes from a diverse professional... Read More →

Karena Angell

Senior Principal Chief Architect, Red Hat

Karena Angell is a Senior Principal Chief Architect at Red Hat focusing on cloud native application workloads for Kubernetes, open source software projects, as well as solutions for the 'open' hybrid cloud.

Rajas Kakodkar

Senior Member of Technical Staff | Tech Lead TAG Runtime CNCF, Broadcom

Rajas is a senior member of technical staff at Broadcom and a tech lead of the CNCF Technical Advisory Group, Runtime. He is actively involved in the AI working group in the CNCF. He is a Kubernetes contributor and has been a maintainer of the Kube Proxy Next Gen Project. He has also... Read More →

Emily Fox

Emerging Technologies Security Lead, Red Hat

Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She promotes the cross-pollination of development and security practices. She has worked in security for over 14 years to drive a cultural change where security is unobstructive, natural, and... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 255 BC

Cloud Native Experience

Content Experience Level Any

11:55am MST

Scratching the Surface: Simulating K8s in MIT Scratch - Mitch Connors, Microsoft & Jude Connors, Independent

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 251

Why would anyone re-implement Kubernetes from scratch? And why use Scratch, the graphical programming language from MIT? The best way to understand a machine is to take it apart and put it back together again, but how can we apply this to Kubernetes, which isn’t so easy to take apart? In the code, one is quickly overwhelmed with the nuances of protobufs, channels, and goroutines. Examples can be equally perplexing: why, exactly, would I cuddle a kube? Come see K8s through the eyes of a 14-year-old, re-creating core k8s components in their simplest form with Scratch. Topics include Explain It Like I’m 14 (because one of us is), some surprising things we learned (even after years of working with k8s), and how to pass the torch to the next generation. New users will learn Kubernetes by breaking it down into simple controllers, and veteran contributors will be empowered to tackle the most difficult task of all: explaining your job to your children.

Speakers

Mitch Connors

Principal Software Engineer, Microsoft

Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →

Jude Connors

Professional 14 Year Old, Unemployed

Jude is a freshman in high school with a passion for puzzles, music, and games of every sort.

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

11:55am MST

How to Move from Ingress to Gateway API with Minimal Hassle - Keith Mattix, Microsoft

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | 155 EF

For many, the Ingress resource was one of the first Kubernetes APIs they used, adding HTTP routing rules and SSL certs for cluster-external traffic. These APIs are used for production in clusters across the world today, configuring ingress gateways serving hundreds of thousands of connections per second. As of October 2023, the Ingress API has been superseded by the Gateway API, a new set of Kubernetes resources with over 20 implementations that enforces security best practices by design. However, migrating networking APIs is an intimidating task, and doing so safely is every company’s primary concern. Join this session to learn how to make this migration safe by identifying the best migration path, implementing Gateway API best practices, and utilizing community-supported migration tools such as ingress2gateway.

Speakers

Keith Mattix

Senior Software Engineering Lead, Microsoft

Keith Mattix is an Engineering Lead at Microsoft focused on Istio, Gateway API, and other networking projects.

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

11:55am MST

Database DevOps: CD for Stateful Applications - Stephen Atwell, Harness.io & Christopher Crow, Pure Storage

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom GI

Running stateful applications on Kubernetes can provide many of the same advantages as stateless applications. In this talk, Stephen and Chris will share some thoughts on managing stateful applications as part of a CD Pipeline so that applications - and the application's data - can be versioned and deployed safely and repeatedly. This talk will discuss managing persistent data within kubernetes, as well as managing structural changes to a database as part of a CD process. With Kubernetes and liquibase, we can provide something better than before: A more testable, repeatable, and open way to deploy stateful applications. This talk features a practical demo of how CD tooling can empower users to automate data migrations within Kubernetes.

Speakers

Christopher Crow

Technical Marketing Engineer, Pure Storage

Chris Crow works as a cloud architect at Portworx. He has worked previously as an education, systems administrator. He is a lifelong open-source enthusiast.

Stephen Atwell

Principal Product Manager, Harness.io

With over 26 years of technology experience, Stephen focuses on solving problems encountered in his previous roles. He has worn hats ranging from network administrator, to database administrator, to software engineer, to product manager. Outside of work, Stephen develops open source... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

11:55am MST

Running Quantum-Safe Applications on Kubernetes - Paul Schweigert & Michael Maximilien, IBM Quantum

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 255 EF

Quantum computers pose a unique threat to computer security, as the encryption standards we rely upon are vulnerable to powerful quantum computers. While those computers are still several years away, "harvest now, decrypt later" attacks put all data not protected using quantum-safe security at risk. So what can we do now to protect our applications? In this talk, Paul will demo how to deploy a quantum-safe application on Kubernetes. He'll provide a brief overview of quantum-safe cryptography and why it's needed, highlight key work being done in the open source community to migrate to quantum-safe cryptography, and conclude with a demo of how to build a quantum-safe cloud-native application. In particular, he'll show where and how to make changes to a Kubernetes environment to ensure users are protected by quantum-safe connections. At the conclusion of this session, listeners will have a set of practical steps they can take to help secure their applications in a post-quantum world.

Speakers

Michael Maximilien

Distinguished Engineer, IBM

My name is Michael Maximilien, better known as max or dr.max, and I am a currently a Distinguished Engineer with IBM. I am the leader for IBM’s Open Source team contributing to all things Serverless and Platform-as-a-Service (PaaS). I have worked at various divisions of IBM. At... Read More →

Paul Schweigert

Senior Software Engineer, IBM

Paul Schweigert works on quantum and serverless technologies at IBM. He has extensive experience in open source (Knative and Kubernetes in particular) and has spoken at numerous conferences. He has also led various platform engineering and data science teams. In a previous life, he... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Any

11:55am MST

0.1 to 1.16: How Has Knative Fulfilled Its Vision? - Dave Protasowski, Broadcom & Evan Anderson, Stacklok

Thursday November 14, 2024 11:55am - 12:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Knative 0.1 launched approximately 6 years ago. 0.1 promised a number of features, including supporting a developer workflow equivalent to AWS Lambda and other FaaS platforms, but with an “a la carte” design where each component could operate independently. How does that vision look 6 years and 40 releases later? Through the lens of a demo, where does Knative exceed the original vision, and where have things been dropped?

Speakers

Dave Protasowski

Staff Engineer, VMware/Broadcom

Dave Protasowski is part of Knative Technical Committee and a Serving Working Group Lead. During the night he works at VMware/Broadcom. Prior he worked on Cloud Foundry things at Pivotal.

Evan Anderson

Software Engineer, Stacklok

Co-founder and maintainer on Knative project. Member of sigstore-oncall. Previously worked on Google Compute Engine and Serverless (App Engine, Functions) and in SRE. Principal engineer at Stacklok. Ex-Google, ex-VMware. Author of Building Serverless Applications on Knative by O'Reilly... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Knative

11:55am MST

Cilium: Connecting, Observing, and Securing Kubernetes and Beyond with eBPF - Ahmed Bebars, The New York Times & Liz Rice, Isovalent @ Cisco

Thursday November 14, 2024 11:55am - 12:30pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Welcome to Cilium's maintainer track session where you'll get an update on how Cilium is expanding the frontiers of cloud native networking, observability, and security. Cilium is CNCF's most widely adopted CNI, being the default choice for all major cloud providers. This talk dives into the bytecode behind all of the buzz around the project. We'll start with a brief overview of each part of the project before diving into how Cilium is expanding beyond Kubernetes with load balancing and multi-cloud networking and into runtime enforcement with Tetragon. In this session, you'll hear from Cilium contributors and users Isovalent and The New York Times.

Speakers

Liz Rice

Chief Open Source Officer, Isovalent, now a part of Cisco

Liz Rice is Chief Open Source Officer at Isovalent, the creators of the Cilium project, and now part of Cisco. Currently on the boards of the CNCF and OpenUK, she was chair of the CNCF's Technical Oversight Committee 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She... Read More →

Ahmed Bebars

Principal Engineer, The New York Times

As a seasoned Principal Engineer on the Delivery Engineering team at The New York Times, I specialize in developing robust and scalable Kubernetes-based solutions. My primary focus is on crafting a secure and flexible runtime environment that is pivotal in empowering service teams... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Cilium

11:55am MST

Cluster API Deep Dive - Roadmap to API Graduation - Fabrizio Pandini, Broadcom & Vince Prignano, Apple, Inc.

Thursday November 14, 2024 11:55am - 12:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

The Cluster API is the de-facto project to manage the lifecycle of Kubernetes clusters at scale using simple declarative APIs. In 2021 the project reached production readiness, and today the community is working towards the next major milestone: graduating the APIs to v1 General Availability. Join us to get an overview how Cluster API is today used in production and discover what's planned for our APIs exciting new features like Karpenter, in-place upgrades, and more.

Speakers

Vince Prignano

Apple

Fabrizio Pandini

Staff Engineer 1, Broadcom

A Kubernetes contributor obsessed with making Kubernetes lifecycle simple and consistent across all types of infrastructures, so everyone can build amazing applications on top of it. When I’m not busy as a SIG Cluster Lifecycle tech lead or as a project maintainer in Cluster API... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Cluster Lifecycle

11:55am MST

CNCF TAG Network: Intro & Deep Dive - Lee Calcote, Layer5

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 3 | 355 EF

“It’s the network!” is the cry of every engineer. With the increased prevalence of microservices and distributed systems, it’s true - networking as a discipline has never been more critical in the well-architected design and efficient operation of modern infrastructure. Join this talk for an intro to the TAG, its charter and a deeper discussion of current cloud native networking topics being advanced in this TAG.

Speakers

Lee Calcote

Founder, Layer5

Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As Founder of Layer5, he is at the forefront of the cloud native movement. Open source, advanced and emerging technologies have been a consistent focus through... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Network

11:55am MST

SIG Autoscaling Projects Update - Jack Francis, Microsoft

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 3| 355 BC

The last year’s been an exciting time for SIG Autoscaling, with Karpenter being accepted as a subproject just before Kubecon NA 2023, work to support more advanced workload types for operators, and more. Come along to hear about: Karpenter’s first year as a SIG Subproject - what’s happened over the last year, and what we’ve got planned for the next year. Dynamic Resource Allocation - how the SIG is involved in k8s’ efforts to make it easier for users to run cost effective and efficient workloads requiring GPUs and other custom resources. Provisioning Requests and Pod & Node Headroom - new APIs planned for the Cluster Autoscaler and Karpenter to support long standing requests for improved support for batch workloads and from cluster operators. Improvements in the SIG’s processes - the SIG’s been hard at work improving and extending our use of k8s’ test infra, expanding our test coverage, as well as improving our release processes over the last year.

Speakers

Jack Francis

Principal Software Engineer, Microsoft

Jack works on open source Kubernetes from his basement in Portland, Oregon, USA. When he’s not working, he’s usually upstairs hanging out with his family. On occasion he straps on a guitar and turns the amp to 11.

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Autoscaling

11:55am MST

Cognitive and Self-Adaptive System for Effective Distributed-Tracing in Applications - Mitul Tandon & Akash Gusain, VMware; Susobhit Panigrahi, Broadcom

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

In response to challenges of limited trace capture in dynamic API tracing systems, the solution leverages Machine Learning and Cognitive approach for unbiased trace collection. Unlike existing implementations with a skewed distribution(~5%) towards normal traces, our self-adaptive system dynamically learns to prioritise and capture diverse traces, crucial for effective diagnosis of API failures and performance issues. This innovative approach significantly enhances the SREs ability to triage complex issues, leading to a game-changing reduction in Mean Time to Resolve (MTTR). The Adaptive Sampling approach analyses existing system traces and autonomously adjusts the sampling rate, eliminating manual configs. This ML-based solution outcome includes streamlined trace metric analysis, enhanced reliability work efficiency, and considerable infrastructure cost reduction through targeted trace collection, ultimately making a significant impact on operational effectiveness & reliability

Speakers

Susobhit Panigrahi

Senior Software Engineer

As a Developer and DevOps Engineer at VMware, I specialize in developing scalable cloud software. My focus includes deploying and managing services with Kubernetes, Helm, and Istio. I'm keen to contribute to the open-source community, especially in Kubernetes and other CNCF projects... Read More →

Akash Gusain

Software Engineer, VMware

Akash Gusain is a Software Engineer at VMware with over two years of experience in building and deploying cloud-native applications. At VMware, Akash has contributed to the development of scalable and robust cloud solutions, demonstrating expertise in various technologies and fra... Read More →

Mitul Tandon

DevOps Engineer, VMware

A DevOps/SRE Engineer at VMware with 2+ years of experience with working on distributed systems and containerised applications.

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Any

11:55am MST

Multi-Zone Clusters Inside and Out - Tom Dean, Buoyant

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | 155 BC

Multi-zone clusters are a great tool for improving application reliability — and also a great way to spend a ton of cash. Why? What really happens when you set these things up? How do you use them effectively without bankrupting your whole organization? In this session, we'll dig into the nuts and bolts of what goes on under the hood of a multi-zone cluster, including what a zone is, what Kubernetes understands about zones, how zones affect routing, and why multi-zone clusters can drive costs up. We'll spend some time on Kubernetes' Topology Aware Routing, covering its advantages as well as its very real limitations. Finally, we'll dive into how you can influence Kubernetes' choices to take advantage of multi-zone clusters' reliability while containing costs. Join us for learning and live demos!

Speakers

Tom Dean

Field Engineer, Buoyant

Tom Dean started programming BASIC on Apple IIs over 40 years ago, and has been hooked on tech since then. A long-time user of Linux and Open Source, he has been expanding his Cloud, Cloud Native and adjacent subject matter knowledge to become a more well-rounded technologist, and... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

11:55am MST

Evolving Reddit’s Infrastructure via Principled Platform Abstractions - Karan Thukral & Harvey Xia, Reddit

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Reddit’s approach to infrastructure management has grown organically over time, adapted to solve tactical, near term problems. We have now reached a point where the only way to scale infrastructure capabilities to a growing engineering organization is through platform abstractions offering self-service management of standardized infrastructure patterns. Beginning in 2021, a concerted effort was made to reimagine infrastructure as an internal platform that empowers both application and infrastructure engineers to build impactful and maintainable systems. We present a case study of Reddit’s ongoing journey in evolving its infrastructure management practices from inefficient, human-in-the-loop processes to efficient, self-service interfaces. By treating Kubernetes as a universal control plane and extending it with custom control processes fronted by well-designed interfaces, we are moving the organization towards this vision. This will cover the the many trade-offs and lessons learnt.

Speakers

Harvey Xia

Staff Engineer, Compute Infrastructure @ Reddit, Reddit

I'm a software engineer with experience across a variety of disciplines including backend engineering, data engineering, and most recently, infrastructure engineering. I specialize in building cloud native infrastructure platform features.

Karan Thukral

Senior Engineer, Compute Infrastructure @ Reddit, Reddit

Karan is a Senior Software Engineer at Reddit working on the Compute team to build an easy to use internal developer platform which is scalable and reliable. He has been working in this problem space since 2017 building both internal and external developer platforms including App... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Any

11:55am MST

From Chaos to Calm: Building a Unified and Scalable CI/CD Pipeline at Akamai - Tomer Patel, Akamai Technologies Inc.

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 250

Are you struggling with a chaotic development process? Join Akamai's talk and discover how we built a unified and scalable CI/CD pipeline, saving 40% of our QA, Performance, Dev, and Ops daily work, and how you can do that in your organization! This session dives into the architecture, key features, and its impact on development efficiency. You will learn how to: - Conquer cloud-native deployments by adding the right tools - such as Argo Rollouts, and Backstage - Integrate CI/CD tools (ArgoCD, Jenkins, DevSpace, Grafana, Prometheus, Thanos) for a smoother workflow. - Leverage best-in-breed, cost-efficient open-source solutions

Speakers

Tomer Patel

Senior Engineering Manager, Akamai Technologies Inc.

Tomer currently works as Senior Engineering Manager at Akamai Technologies, where he leads a group of Data engineers, Software developers and DevOps at scale. Previously Tomer worked as Team Lead at Clarizen (Now Planview).

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Intermediate

11:55am MST

What Agent to Trust with Your K8s: Falco, Tetragon or KubeAmor? - Henrik Rexed, Dynatrace

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | 151

In the CNCF landscape we have plenty of ebpf based security solutions that help us protect our k8s cluster from runtime vulnerabilities. On paper though Falco, Tetragon and KubeArmor look very similar. Eventually you have to make a choice on which one best fits your needs. To give you additional insights to make your decision join this session. We have run extensive benchmarks against those three solutions and will answer the following questions that came out of our testing: - What are the different featuresets? - What about the performance impact of each agent? - Which privileges does each solution need? - What are the pros and cons across the three options?

Speakers

Henrik Rexed

Cloud Native Advocate, Dynatrace

Henrik is a Cloud Native Advocate at Dynatrace, the leading Observability platform. Prior to Dynatrace, Henrik has worked more than 15 years, as Performance Engineer. Henrik Rexed Is Also one of the Organizer of the conferences named WOPR, KCD Austria and the owner of the Youtube... Read More →

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate

12:30pm MST

Lunch 🍲

Thursday November 14, 2024 12:30pm - 2:30pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Thursday November 14, 2024 12:30pm - 2:30pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

1:00pm MST

Project Pavilion Tour with Orlin Vasilev, CNCF Ambassador

Thursday November 14, 2024 1:00pm - 1:20pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Thursday November 14, 2024 1:00pm - 1:20pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

2:30pm MST

Unlocking Potential of Large Models in Production - Yuan Tang, Red Hat & Adam Tetelman, NVIDIA

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Hall DE

The recent paradigm shift from traditional ML to GenAI and LLMs has brought with it a new set of non-trivial LLMOps challenges around deployment, scaling, and operations that make building an inference platform to meet all business requirements an unsolved problem. This talk highlights these new challenges along with best-practices and solutions for building out large, scalable, and reliable inference platforms on top of cloud native technologies such as Kubernetes, Kubeflow, Kserve, and Knative. Which tools help effectively benchmark and assess the quality of an LLM? What type of storage and caching solutions enable quick auto-scaling and model downloads? How can you ensure your model is optimized for the specialized accelerators running in your cluster? How can A/B testing or rolling upgrades be accomplished with limited compute? What exactly do you monitor in an LLM? In this session we will use KServe as a case study to answer these questions and more.

Speakers

Yuan Tang

Principal Software Engineer, Red Hat

Yuan is a principal software engineer at Red Hat, working on OpenShift AI. Previously, he has led AI infrastructure and platform teams at various companies. He holds leadership positions in open source projects, including Argo, Kubeflow, and Kubernetes. He's also a maintainer and... Read More →

Adam Tetelman

Principal Product Architect, NVIDIA

Adam Tetelman is a principal architect at NVIDIA leading cloud native initiatives and CNCF engagements across the company; building inference platforms for NVIDIA AI Enterprise and DGX Cloud. He has degrees in computational robotics, computer & systems engineering, and cognitive science... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

2:30pm MST

What Istio Got Wrong: Learnings from the Last Seven Years of Service Mesh - Christian Posta & Louis Ryan, Solo.io

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 255 BC

Building complex systems often requires simplicity in components—a lesson the Istio project has learned throughout its seven(plus)-year journey. Although Istio offers a lot of powerful features for application networking, crucial for many organizations, the path to maturity and broader adoption was fraught with challenges. In this talk, we explore the key mistakes made during Istio's development, including its initially complex architecture, an overload of features, premature release of version 1.0, difficulties faced by contributors, and delays in joining the CNCF. We will discuss the impact of these mistakes, how these missteps were addressed, and how they have positioned Istio as a leader in the service mesh market. This presentation will detail how Istio's evolution reflects a shift towards simpler, more modular components that together offer effective solutions for managing APIs and service-to-service communication regardless of platform.

Speakers

Louis Ryan

CTO, Solo.io

Co-creator of Istio and gRPC

Christian Posta

Global Field CTO, Solo.io

Christian Posta (@christianposta) is Global Field CTO at Solo.io. He is the author of Istio in Action and many other books on cloud-native architecture. He's well known in the cloud-native community for being a speaker, blogger (https://blog.christianposta.com) and contributor to... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 255 BC

Cloud Native Experience

Content Experience Level Any

2:30pm MST

Solving the Kubernetes Networking API Rubik's Cube - Doug Smith & Surya Seetharaman, Red Hat; Shane Utt, Kong; Lior Lieberman, Google

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 251

AI/ML use cases are steering the Kubernetes wheel in exciting directions. If you’re interested in networking, it might be having a bigger impact on changes to core Kubernetes than you think. Are you hearing the acronyms DRA (Dynamic Resource Allocation) and KNI (Kubernetes Networking Interface) a LOT in the ecosystem lately and wondering how they are connected to AI/ML-Networking, Multi-Networking and CNI? We love the GPU allocation aspects of DRA - but did you know there are considerations for allocating hardware devices for networking too? You might be familiar with CNI - but have you come across the KNI effort to build a standardized set of Kubernetes Networking APIs? For those who are new to Kubernetes networking, trying to solve this networking Rubik’s cube can feel overwhelming. Join us for a fun and informative session where we'll simplify the landscape and help you fit the puzzle pieces together. Leave with confidence to navigate and contribute in this rapidly evolving space.

Speakers

Doug Smith

Principal Engineer, Red Hat, Inc

Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →

Surya Seetharaman

Principal Software Engineer, Red Hat Inc.

Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Principal Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems... Read More →

Shane Utt

Senior Principal Software Engineer, Red Hat

TODO

Lior Lieberman

Site Reliability Engineer, Google

Lior is site reliability engineer at Google working on Google Compute Engine. He is a leading maintainer of ingress2gateway, and an active contributor to Kubernetes SIG network focused on Gateway API.

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

2:30pm MST

How the Tables Have Turned: Kubernetes Says Goodbye to Iptables - Casey Davenport, Tigera & Dan Winship, Red Hat

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 155 EF

For decades, iptables has been the preferred packet filtering system in the Linux kernel. Used extensively across the Kubernetes networking ecosystem, iptables is now on the way out and is expected to be removed from the next generation of Linux distributions. With iptables past its prime, where does that leave Kubernetes? The successor to iptables -- nftables -- is ready to carry the torch instead, with a newly released beta kube-proxy implementation in v1.31 and network policy using Calico’s nftables backend. In this talk, Dan and Casey will share what they have learned building Kubernetes Service and NetworkPolicy implementations using nftables. They will cover the history and current status of iptables usage in Kubernetes, the capabilities and performance characteristics of Kubernetes networks running on nftables, and why eBPF may not be the right tool for the job.

Speakers

Casey Davenport

Casey Davenport, Tigera

Casey is a core developer on Calico and has been building Kubernetes networking systems since 2016.

Dan Winship

Senior Principal Software Engineer, Red Hat

Dan is a Tech Lead for Kubernetes SIG Network and has been working on Kubernetes and OpenShift networking for 7 years at Red Hat.

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

2:30pm MST

Distributed Cache Empowers AI/ML Workloads on Kubernetes Cluster - Yuichiro Ueno & Toru Komatsu, Preferred Networks, Inc.

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Grand Ballroom GI

Today, storage technologies play a fundamental role in the realm of AI/ML. Read performance is essential for swiftly moving datasets from storage to AI accelerators. However, the rapid enhancement of AI accelerators' performance often outpaces I/O, bottlenecks the training. Due to the scheduling of pods in Kubernetes across multiple nodes, utilizing node-local storage effectively presents a challenge. To address this, we introduce a distributed cache system built atop node-local storages, designed for AI/ML workloads. This cache system has been successfully deployed on our on-premise 1024+ GPUs Kubernetes cluster within a multi-tenancy environment. Throughout our two-year experience operating this cache system, we have overcome numerous hurdles across several components, including the I/O library, load balancers, and the storage backend. We will share the challenges and the solutions we implemented, leading to a system delivering 50+ GB/s throughput and less than 2ms latency.

Speakers

Toru Komatsu

Engineer, Preferred Networks, Inc.

Toru is a machine learning platform engineer at Preferred Networks in Japan. He is the creator and lead developer of youki, an OCI Runtime in Rust, and a maintainer of the OCI Runtime Specification. Additionally, he serves as a reviewer for runwasi and is involved in developing a world that utilizes containers and Wasm. Additionally, he is a member of the Kubernetes org and is especially interested in... Read More →

Yuichiro Ueno

Engineer, Preferred Networks, Inc.

He is currently a machine learning platform engineer at Preferred Networks in Japan. His research and engineering interests include a range of high-performance computing (distributed deep learning, networking/RDMA, and storage technologies), performance engineering, and Kubernete... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

2:30pm MST

Running WebAssembly (Wasm) Workloads Side-by-Side with Container Workloads - Jiaxiao Zhou, Microsoft

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 255 EF

Sidecar containers are a powerful Kubernetes design pattern, running alongside the main application within the same pod to provide supporting features like observability, configuration and communication. However, sidecars can be resource-intensive, adding up to high CPU, memory and network bandwidth usage. WebAssembly (Wasm) offers a solution with its low resource usage and minimal memory footprint compared to Linux containers. Its quick start-up time enables scale-to-zero capability, making it a perfect fit for sidecar containers. The Containerd Runwasi project extends the sidecar pattern by enabling Kubernetes-native deployment and management of Wasm workloads.This talk will show how you can get started deploying Wasm sidecars to support your primary services with additional functionality. It will conclude with a demo of integrating these Wasm sidecars with your existing sidecar framework, whether that be Service Mesh or Dapr. Tune in to see Wasm sidecars on Kubernetes!

Speakers

Jiaxiao Zhou

Software Engineer, Microsoft

Jiaxiao (Joe) Zhou is a Software Engineer at Microsoft. He is on the Azure Container Upstream team and works on bringing WebAssembly to the cloud through projects like "runwasi", "SpiderLightning", and "containerd-wasm-shims". He is a Recognized Contributor to the Bytecode Alliance... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Advanced

2:30pm MST

Applications, Platforms, and Infrastructure Oh My! What Is the TAG App Delivery Doing to Support You - Daniel Oh, Red Hat; Roberth Strand, Sopra Steria; Ryan Nowak, Microsoft; Abby Bangser, Syntasso

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 3 | 355 EF

TAG App Delivery focuses on how organizations can deliver cloud-native applications. To succeed, there are a number of hard questions that need to be answered: How can platform teams do a better job of enabling developers? How can developers help platform teams to understand better their development needs and their technology stack specific requirements? Which artifacts will be created and by whom? What does it take to provision a development environment? Which tools are involved? This panel will highlight how the TAG Working Groups including App Development, Platform, Infrastructure, and Artifacts are helping build a unified view of how to successfully deliver cloud native applications at scale.

Speakers

Daniel Oh

Senior Principal Developer Advocate, Red Hat

Daniel Oh is a Java Champion and Senior Principal Developer Advocate at Red Hat to evangelize developers for building cloud-native apps and serverless ob Kubernetes ecosystems. He's also contributing to various cloud open-source projects and ecosystems as a CNCF ambassador for accelerating... Read More →

Abby Bangser

Principal Engineer, Syntasso

Abby is a Principal Engineer at Syntasso delivering Kratix, an open-source cloud-native framework for building internal platforms on Kubernetes. Her keen interest in supporting internal development comes from over a decade of experience in consulting and product delivery roles across... Read More →

Roberth Strand

Principal Cloud Native Architect, Sopra Steria

Roberth is a self-proclaimed "cloud automator", and works primarily with Microsoft Azure infrastructure, Platform Engineering, DevOps and Cloud Native technology. He has been awarded the title Microsoft Azure MVP (2021, 2022, 2023), CNCF Ambassador (2023), as well as HashiCorp Ambassador... Read More →

Ryan Nowak

Incubations Architect, Microsoft

Ryan is an architect working on open-source projects from the Azure CTO's office. He's passionate about designing software for humans, incubating risky ideas, releasing them in open-source so everyone can benefit. At Microsoft, he's had a 15+ year career building developer-centric... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, App Delivery

2:30pm MST

Bare Metal Kubernetes with KOps: Gathering Community Wisdom - Justin Santa Barbara, Google & Ciprian Hacman, Microsoft

Thursday November 14, 2024 2:30pm - 3:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

Kubernetes on bare metal presents unique challenges compared to cloud deployments. While kOps is optimized for cloud environments, we have begun to explore bare metal support and identify key architectural trade-offs. We'll examine common architectures for bare metal Kubernetes, such as node discovery and availability without cloud services. Introducing a VM layer creates a familiar Kubernetes environment but adds complexity and can limit hardware performance. We'll discuss managing devices like GPUs and the need for tooling when hardware health isn't verified by a cloud provider. This talk will delve into the kOps project and its potential in supporting bare metal Kubernetes. However, our primary goal is to learn from the community. We invite you to share your successes, struggles, and insights to shape the future of our tooling for bare metal. Your feedback is crucial in guiding our development and ensuring kOps meets the needs of those deploying Kubernetes on bare metal.

Speakers

Justin Santa Barbara

Software Engineer, Google

Justin has been contributing to kubernetes since 2014, initially as the primary maintainer of the kubernetes AWS support, he also started the kOps project. He loves helping users adopt and grow their use of kubernetes, and believes that we have only scratched the surface of the kubernetes... Read More →

Ciprian Hacman

Software Engineer, Microsoft

Ciprian Hacman is a Software Engineer, working with cloud-native technologies. He is also an open source project maintainer for kOps (Kubernetes Operations), etcd-manager, cloud-provider-aws and frequent contributor to other projects in the Kubernetes ecosystem.

Thursday November 14, 2024 2:30pm - 3:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Cluster Lifecycle

2:30pm MST

Celebrating Prometheus 3.0: A Deep Dive with the Maintainers - Kemal Akkoyun, fal.ai & Josh Abreu, Grafana Labs

Thursday November 14, 2024 2:30pm - 3:05pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Prometheus is an open-source systems monitoring system and a CNCF Graduate project. It benefits from a rich ecosystem, including Alertmanager, efficient client libraries for many languages, the Prometheus Operator to install on Kubernetes, and numerous Exporters to provide the raw data. This year, Prometheus releases the 3.0 version, which includes new features, a refreshed UI/UX, and plenty of new things that build on what has worked well for years. Join two Prometheus maintainers, Josh and Kemal, to celebrate the 3.0 version and learn what it enables for new and existing users, how to upgrade, and how to get the most out of the latest version! Prepare tons of questions; we will have a lot of interactive time for questions; we want to hear community feedback!

Speakers

Kemal Akkoyun

Staff Software Engineer, Independent

Software Infrastructure Engineer. Programmer. Open Source Enthusiast. I help to build large-scale, distributed, real-time microservice systems and observability infrastructure.

Josue Abreu

Principal Software Engineer, Grafana Labs

Josue (Josh) Abreu has been involved in observability for the past 4 years. As a relative newcomer to this world, he was often puzzled at how alerting would function on a small and big scale. Josue works as the Alerting Lead at Grafana Labs and is a Prometheus Maintainer. Over a 10-year... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Prometheus

2:30pm MST

Cortex Intro: Multi-Tenant Scalable Prometheus - Charlie Le, Apple & Daniel Blando, Amazon

Thursday November 14, 2024 2:30pm - 3:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Cortex provides horizontally scalable, highly available, multi-tenant, long term storage for Prometheus. In this talk, we will do an introduction of Cortex architecture and project status. We will also walk through those new features added to Cortex and how to utilize them efficiently in production.

Speakers

Charlie Le

Senior Software Engineer, Apple

Charlie is a software engineer at Apple, specializing in building and scaling cloud native observability solutions and infrastructure. Deeply inspired by the collaborative spirit of open source, he actively contributes to projects like Cortex and OpenTelemetry, shaping the future... Read More →

Daniel Blando

AWS, Senior SDE, Cortex, Amazon

Daniel Blando is a Senior Software Engineer at AWS in the Amazon Managed Prometheus (AMP) team. He currently works with Cortex, Thanos, Prometheus among others open source projects. He is working to make Cortex more scalable and highly available recently focusing on the write path... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Cortex

2:30pm MST

Kubernetes SIG Storage: Intro & Deep Dive - Saad Ali & Michelle Au, Google; Xing Yang, VMware by Broadcom; Hemant Kumar, Red Hat

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 3| 355 BC

Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). SIG Storage also has a project that provides APIs for object storage support in Kubernetes. In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.

Speakers

Hemant Kumar

Principal Software Engineer, Red Hat

Hemant is a Principal Software Engineer at Red Hat working on storage subsystem of Kubernetes. He is a member of SIG-Storage and author of persistent volume expansion, volume limits, mount options and various instrumentation bits in storage subsystems of Kubernetes. He is also a maintainer... Read More →

Saad Ali

Senior Engineering Manager, Google

Saad Ali is a Senior Engineering Manager at Google. He works on Google Distributed Cloud and the open-source Kubernetes project. He led the development of the Kubernetes storage and volume subsystem. He serves as a lead of the Kubernetes Storage SIG, has served as member of the CNCF... Read More →

Michelle Au

Software Engineer, Google

Michelle Au is a software engineer at Google and is a Kubernetes SIG Storage tech lead. She has been a Kubernetes maintainer since 2018, working on projects including the Container Storage Interface, volume security, volume topology, and local persistent storage.

Xing Yang

Tech Lead, VMware by Broadcom

Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware by Broadcom. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Storage

2:30pm MST

Low-Overhead, Zero-Instrumentation, Continuous Profiling for OpenTelemetry - Christos Kalkanis, Elastic

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Elastic has recently donated its whole-system continuous profiling agent to OpenTelemetry. After a thorough community review process, the donation was enthusiastically accepted. Leveraging eBPF, the profiling agent provides unprecedented visibility into the runtime behavior of all applications: it builds stacktraces that go from the kernel to userspace native code, all the way into code running into higher level runtimes, enabling users to identify performance regressions, reduce wasteful computations, and debug complex issues faster. This session will explore: - Benefits of eBPF-based continuous profiling compared to conventional approaches that rely on application instrumentation - How the agent builds profiles that seamlessly span kernel, native code and most widely used application runtimes - Integration with the rest of OpenTelemetry: OTLP and Collector

Speakers

Christos Kalkanis

Principal Software Engineer, Elastic

Christos is the technical lead for the edge collection group at Elastic, a maintainer for the OpenTelemetry Profiling SIG and a co-author of the donated OpenTelemetry profiling agent previously known as the Elastic Universal Profiling agent. After more than a decade of focusing on... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Intermediate

2:30pm MST

One Inventory to Rule Them All: Standardizing Multicluster Management - Corentin Debains, Google & Ryan Zhang, Microsoft

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 155 BC

Most Kubernetes users run more than one cluster, and some run hundreds or more. Crossing cluster boundaries has always been a challenge, because most Kubernetes APIs, tools, and operators are cluster-centric. In fact, there’s a remarkable lack of standard tools and patterns for multi-cluster. Over time users have found ways to stitch clusters together but the community has been asking for standardization.To share multi-cluster tools, Kubernetes sig-multicluster has introduced the “ClusterProfile” API, a critical building block for multi-cluster capabilities. This API provides a canonical way for multicluster controllers and users to iterate over clusters, and to install or manage multi-cluster features. In this talk, we will look at some of the problems inherent to multi-clustering, explain the concepts introduced by this new API and look at implementations and consumers of it.We dive into real life examples of patterns and usage, with products such as Kueue, ArgoCD, and Argo workflow.

Speakers

Ryan Zhang

Principal Software Engineering Manager, Microsoft

Dr. Ryan Zhang is a Principal Software Engineering Manager at Microsoft, working on Azure Kubernetes Service Team. Ryan has been working on Cloud Native open source projects for the past few years including CloudEvents, Open Application Model (OAM) and multi-cluster related initi... Read More →

Corentin Debains

Software Engineer, Google

Corentin Debains is a software engineer at Google working on the GKE Fleet (multicluster platform). He is an active member of Kubernetes’ special interest group sig-multicluster.

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

2:30pm MST

Exceeded Your Validation Cost Budget? Now What? - Joel Speed, Red Hat

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

With the introduction of the common expression language (CEL) for writing complex validations, this is also brought in validation cost budgeting. It can be easy to violate this budget and difficult to work out how to reduce your validation cost. This talk with dive into the runtime cost budgeting and help to prevent those pesky errors! In this talk, we will cover the basics of CEL to set some groundwork before taking a look at some relatively simple CEL validations that cause the API server to reject your CRD definition. We will look at why the API server suggests that the runtime cost is over 100x the allowable cost budget, exploring how it came to that conclusion, and what you need to know when building your own APIs to be able to prevent that from happening. When you walk away from this talk, you should understand the various factors that contribute to your CEL runtime cost and be able to prevent errors in the future, improving CRD validation one field at a time!

Speakers

Joel Speed

Principal Software Engineer, Red Hat

Joel has been working with Kubernetes and building controllers since 2017. Joel cut his teeth with Kubernetes as an SRE, before eventually moving into full software development at Red Hat where he leads the Cluster Infrastructure team, responsible for both Cloud Controller Managers... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Advanced

2:30pm MST

Mastering Cell-Based Architecture: Practical Solutions and Best Practices - Shweta Vohra, Booking.com & Asanka Abeysinghe, WSO2

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 250

Are you struggling to validate your cell boundaries or facing challenges with greenfield versus brownfield cell-based architectures (CBA)? Do you find it difficult to define enterprise-wide cell boundaries or wish there were best practices to guide you? If these pain points sound familiar, this session is tailored for you. In this talk, we will first guide you through the process of defining an enterprise-wide cell-based architecture for your organization or context. Then we will explore best practices for greenfield, brownfield, and hybrid cell implementations using CBA. By translating common user challenges into actionable implementation references, we aim to elevate your understanding of CBA with real-world use cases and best practices. This session will also cover best practices for the data, security, application, and infrastructure layers, ensuring a comprehensive approach to CBA implementation. Join us to take your knowledge of CBA to the next level!

Speakers

Asanka Abeysinghe

CTO, WSO2

Asanka, WSO2's CTO, is a technology visionary with over 20 years of experience designing and implementing scalable distributed systems, microservices, and business integration solutions. He advances WSO2's corporate reference architecture, collaborates with customers and industry... Read More →

Shweta Vohra

Enterprise Architect, Booking.com

Shweta is an Enterprise Architect and a Cloud Navigator! 🚀 As a seasoned Architect with a vast toolkit in Cloud, Platforms, Data, and ML technologies. She has spent over two decades crafting solutions across various domains and complexity levels. She is a frequent conference speaker... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Intermediate

2:30pm MST

From Standards to Practice: The Journey to Container Maturity - Carmen Chow & Thomas Robinson, Yelp

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 151

Yelp runs tens of thousands of Docker containers in Kubernetes. How do we track their vulnerabilities, baseline their security needs, and prioritize our most critical findings? Security standards change constantly, so we need a robust model of container maturity to guide our adoption of these standards in a way that addresses Yelp’s specific needs and risk tolerance. Finally, to maximize our model’s value, over 1,000 engineers must understand its practical guidance well enough to apply it to their daily work. This talk covers designing and incorporating a container maturity model into Yelp’s development lifecycle, along with our strategy for proactively improving our security posture. We believe our experiences will assist others in creating similar models that work for their organizations, help evaluate and assess risks to their own containers, and drive next steps towards future risk evaluation platforms.

Speakers

Carmen Chow

Software Engineer, Yelp

Carmen Chow is a Software Engineer on Yelp’s Infrastructure Security team, where she has worked on cost modeling, data lifecycle tools, and Kubernetes observability. Previously, she was an infrastructure developer responsible for containerizing services and migrating them to Kubernetes... Read More →

Thomas Robinson

Software Engineer, Yelp

Tom is a software engineer living near Seattle, Washington. Having previously worked in security research and antivirus software, he's spent the last decade helping keep Yelp secure.

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate

2:30pm MST

Tutorial: Live with Gateway API V1.2 - Flynn, Buoyant & Mike Morris, Microsoft

Thursday November 14, 2024 2:30pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Gateway API v1.2 is here! We have GA support for service mesh! We have timeouts in HTTPRoutes! We have GRPCRoutes! And we still have precious few real-world walkthroughs of using Gateway API to get real things done… In this hands-on workshop hosted by Gateway API contributors and GAMMA co-leads, we’ll start with completely unconfigured clusters, walk through installing a demo app with your choice of ingress controller and service mesh (Envoy Gateway + Linkerd, or Istio), then dig into actually using Gateway API for routing, resilience, and progressive delivery with an application using HTTP and gRPC at the same time. You’ll walk away with practical, real-world knowledge about what Gateway API can do and how to use it, and portable skills you’ll be able to apply to the many projects implementing Gateway API!

Speakers

Flynn -

Tech Evangelist, Buoyant

Flynn is a tech evangelist at Buoyant, educating developers about Linkerd, Kubernetes, and cloud-native development in general. He has spent 40 years in software engineering (from the kernel up through distributed applications, with a common thread of communications and security throughout... Read More →

Mike Morris

Senior Product Manager, Microsoft

Mike is a product manager at Microsoft working on upstream open source projects with a focus on Istio service mesh, and a Gateway API for service mesh co-lead. He is interested in building healthy, sustainable communities and scalable distributed systems, and working collaboratively... Read More →

Thursday November 14, 2024 2:30pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, SDLC (Software Development Lifecycle)

Content Experience Level Any

2:30pm MST

🚨 Contribfest: Enhancing Kubernetes Debugging and Observability with Inspektor Gadget

Thursday November 14, 2024 2:30pm - 4:00pm MST

Salt Palace | Level 3 | 355 A

Let’s dive into the world of Kubernetes observability and debugging by joining the Inspektor Gadget Contribfest. Inspektor Gadget is both a collection of eBPF tools (Gadgets) and a systems inspection framework for Kubernetes, containers, and Linux hosts. In this session, maintainers will give a quick introduction to the Inspektor Gadget project and will guide participants to setup their development environment. The gadgets concept will be introduced, and we’ll guide participants to create a simple hello world gadget. Then, participants will be able to contribute in different ways: - By building gadgets for new use cases - By extending the existing gadgets - By brainstorming ideas of new features

Speakers

Mauricio Vásquez Bernal

Principal Software Engineer, Microsoft

Mauricio works as a software engineer at Microsoft. He is interested in eBPF, Kubernetes, networking and low level programming. Mauricio has used eBPF in different scopes like implementing network virtual functions (polycube project), tracing solutions (Inspektor Gadget) and recently... Read More →

Jose Blanquicet

Senior Software Engineer, Microsoft

Jose is a Senior Software Engineer focused on Kubernetes and eBPF technologies for debugging and observability. He is currently working to maintain and develop Inspektor Gadget, an open-source project from the Kinvolk team at Microsoft.

Thursday November 14, 2024 2:30pm - 4:00pm MST
Salt Palace | Level 3 | 355 A

🚨 Contribfest

2:30pm MST

🚨 Contribfest: Helm 4: The Next Generation of the Kubernetes Package Manager

Thursday November 14, 2024 2:30pm - 4:00pm MST

Salt Palace | Level 3 | 355 D

Love it or hate it, there is little argument that Helm remains a popular choice for packaging Kubernetes applications. As the project embarks on its first new major version since 2019, Helm 4, anyone who makes use of Helm, whether it be a producer or consumer, has the opportunity to help shape the future and direction. Join members of the Helm community to get a unique opportunity to take part in the development of Helm 4 so it can provide the next generation of Kubernetes applications and users the package manager for today and tomorrow.. In this session, attendees will learn: Learn about the key features being considered Support for Helm 3 before, during and after Helm 4 is released How to get involved in the Helm project, including the various roles and responsibilities The process for contributing to the Helm codebase This is a session any Kubernetes contributor does not want to miss

Speakers

Andrew Block

Distinguished Architect, Red Hat

Andrew Block is a Distinguished Architect at Red Hat that works with organizations to design and implement solutions leveraging cloud native technologies. He specializes in Continuous Integration and Continuous Delivery methodologies with a focus on security to reducing the overall... Read More →

Matt Farina

Distinguished Engineer, SUSE

Thursday November 14, 2024 2:30pm - 4:00pm MST
Salt Palace | Level 3 | 355 D

🚨 Contribfest

3:25pm MST

Unlocking the Future of GPU Scheduling in Kubernetes with Reinforcement Learning - Nikunj Goyal, Adobe Systems & Aditi Gupta, Disney Plus Hotstar

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Hall DE

Scaling up Multi GPU setup using Kubernetes for large scale ML projects has been a hot topic equally stressed upon among both the AI and cloud community. While Kubernetes is able to providing computing power by scheduling GPU nodes, certain issues like resource fragmentation and low utilization plague the performance and results in cost issues. Why Reinforcement Learning (RL) in particular one would ask. Unlike the other algorithms, RL shines in its unique ability to continuously adapt to changing environments and efficiently handle Complex and Multi-dimensional Objectives making it particularly suitable for the dynamic and heterogeneous nature of Kubernetes clusters. In this talk, we shall explore the current landscape of GPU scheduling and some state of the art RL algorithms proposed for scheduling. Their current impact on Kubernetes and the possible use of RLHF shall be dived deep into. We hope that audience gain more insights into these new ways of scheduling GPUs on Kubernetes.

Speakers

Aditi Gupta

Aditi Gupta, Software Developer at Disney + Hotstar, Disney Plus Hotstar

I'm Aditi Gupta, a Software Developer Engineer at Disney+ Hotstar. Graduated from Asia's largest tech college for women, Indira Gandhi Delhi Technical University,I've been deeply immersed in cloud-native technologies and AI/ML advancements. Skilled in containerisation, micro-service... Read More →

Nikunj Goyal

Developer at Adobe, AI and Machine Learning Specialist, Adobe Systems

Hi, I am Nikunj Goyal, working as a developer at Adobe and a Maths major from IIT Roorkee. I am working with AI and Machine Learning for some time mainly with Generative AI and graph based methods. I am a core part of Text-to-vector generation team at my org and previously worked... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Beginner

3:25pm MST

Tackling GPU Shortages and High Costs by Harnessing Hybrid Kubernetes Clusters - Xiaoman Dong & Alex Pucher, Parasail

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 255 BC

In the era of supporting AI and large language models, acquiring GPU supplies from major cloud providers is challenging and expensive. Meanwhile, a significant supply of affordable GPU resources is emerging from various third-party providers. Hybrid Kubernetes clusters are the perfect solutions to integrate these GPUs into existing services built on large cloud providers. At our startup focusing on cloud infrastructure, we have created numerous hybrid Kubernetes clusters based on K3s and P2P VPN using the Wireguard protocol. With this setup, we have successfully integrated more than ten sources of GPUs from different geographical locations, achieving nearly unlimited on-demand GPU resources while reducing GPU costs by 2x-4x. In this talk, we will discuss the architecture, pros and cons, requirements, and limitations of pure hybrid Kubernetes clusters for GPUs. We will also share lessons learned during the building and management of such true hybrid Kubernetes clusters.

Speakers

Alexander Pucher

Parasail AI

Xiaoman Dong

Founding Engineer, Parasail

Xiaoman Dong has devoted his past 10+ years building cloud and data infrastructure, and hosted scalable distributed systems with multi region high availability. During his work in Parasail, Stripe and Uber, he has designed, built, and operated several large scale business critical... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 255 BC

Cloud Native Experience

Content Experience Level Beginner

3:25pm MST

TLS and MTLS: Introduction to Modern Security - Andrew Davis, Independent & Sandeep Kanabar, Gen (formerly NortonLifeLock)

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 251

A constant presence in our lives for nearly 25 years, TLS is a cornerstone of modern security practice — especially in a zero-trust world. In cloud native, mTLS comes up every time service meshes get mentioned. Even so, both these technologies are still sources of endless questions. How do they work? How are they related? What problems do they solve – and which others do they not solve? How does it relate to end-user auth? What's all this stuff with certificates anyway? And why should you care about these things? Thankfully, answering these questions isn't that complex. Sandeep Kanabar, Lead Software Engineer at Gen, and Andrew Davis, a Cybersecurity Expert—both Deaf & Hard of Hearing WG members—will discuss what TLS and mTLS are, what they do, how they work, why they matter as standards, and what nearly 25 years of attacking them have to say about security. They'll use Linkerd as an example, but this talk will apply to any situation involving mTLS or TLS, no matter the implementation.

Speakers

Sandeep Kanabar

Lead Software Engineer, Gen (formerly NortonLifeLock)

Hailing from India, Sandeep is a passionate software engineer working at Gen (formerly NortonLifeLock). A frequent meetup speaker, Sandeep enjoys sharing his lessons learned from 15+ years in the tech space with the community. He's a staunch advocate for diversity and inclusion and... Read More →

Andrew Davis

Cybersecurity Specialist, Not Applicable

A passionate self-taught cybersecurity expert, Andrew Davis is a big believer in life-long learning. He has worked for various Fortune 500 companies, including DELL and Fidelity Investments. Deaf himself, Andrew is a strong advocate for accessibility. He's an active member of the... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Any

3:25pm MST

Kubernetes Multi-Cluster Networking 101 - Niranjan Shankar, Microsoft & Ram Vennam, Solo.io

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 155 EF

You’ve (somewhat) grasped the networking model of a single Kubernetes cluster. But how do you enable Pods to communicate across clusters? How do service discovery and DNS work for a multi-cluster setup? How do you secure inter-cluster traffic and manage certificates? Not sure? Don’t worry - this session will have the answers. We’ll start by outlining the core requirements for workloads to communicate across clusters. You’ll then learn some common multi-cluster networking topologies, like flat and multi-network setups, and how inter-cluster connectivity and IP address management differ for each of them. Finally, we’ll cover some popular tools for managing and securing traffic between clusters, like service mesh, CNIs, and gateways, and discuss their use-cases. You’ll leave this session with a solid understanding of fundamental terms and concepts - like virtual networking peering, external DNS, trust domains, etc - needed for navigating the multi-cluster networking landscape.

Speakers

Ram Vennam

Solutions Engineer, Solo.io

Ram Vennam is the Director of Solutions Engineering at Solo.io where he helps companies design and build highly scalable, resilient, distributed systems with the latest cloud-native technology. Previously, he was at IBM where he was a Technical Product Manager and Developer Advocate... Read More →

Niranjan Shankar

Software Engineer, Microsoft

Niranjan Shankar is a software engineer at Microsoft working on the Istio-based service mesh add-on for Azure Kubernetes Service (AKS). He has experience with multi-cluster operations, edge traffic management and security, GitOps-based patterns, and policy enforcement with Kubernetes... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

3:25pm MST

Elastic Data Streaming: Autoscaling Apache Kafka - Jakub Scholz, Red Hat

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom GI

Autoscaling is an important part of modern cloud-native architecture. It allows applications to handle a big load at peak times while helping to optimize costs and make deployments more green and sustainable at the same time. Apache Kafka is well known for its scalability. It can grow with your project from a small cluster up to hundreds of brokers. But it was not very elastic for a long time and using dynamic autoscaling with it was very hard. This talk will guide the attendees through the main challenges of auto-scaling Apache Kafka on Kubernetes. It will show how these challenges can be solved with the help of new features added recently in Strimzi and Apache Kafka projects such as auto-rebalancing, node pools, or tiered storage. And it will help the users get started with the auto-scaling of Apache Kafka.

Speakers

Jakub Scholz

Senior Principal Software Engineer, Red Hat

Jakub works at Red Hat as Senior Principal Software Engineer. He has long-term experience with messaging and currently focuses mainly on Apache Kafka and its integration with Kubernetes. He is one of the maintainers of the Strimzi project which provides tooling for running Apache... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

3:25pm MST

Load-Aware GPU Fractioning for LLM Inference on Kubernetes - Olivier Tardieu & Yue Zhu, IBM

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 255 EF

As the popularity of Large Language Models (LLMs) grows, LLM serving systems face challenges in efficiently utilizing GPUs on Kubernetes. In many cases, dedicating an entire GPU to a small or unpopular model is a waste, however understanding the relationship between request load and resource requirements has been difficult. This talk will study GPU compute and memory requirements for LLM inference servers, like vLLM, revealing an analytical relationship between key configuration parameters and performance metrics such as throughput and latency. This novel understanding makes it possible to decide at deployment time an optimal GPU fraction based on the model's characteristics and estimated load. We will demo an open-source controller capable of intercepting inference runtime deployments on Kubernetes to automatically replace requests for whole GPUs with fractional requests using MIG (Multi-Instance GPU) slices, increasing density hence LLM sustainability without sacrificing SLOs.

Speakers

Olivier Tardieu

Principal Research Scientist, Manager, IBM

Dr. Olivier Tardieu is a Principal Research Scientist and Manager at IBM T.J. Watson, NY, USA. He joined IBM Research in 2007. His current research focuses on cloud-related technologies, including Serverless Computing and Kubernetes, as well as their application to Machine Learning... Read More →

Yue Zhu

Research Scientist, IBM Research

Dr. Yue Zhu is a Research Scientist at IBM Research specializing in foundation model systems and distributed storage systems. Yue obtained a Ph.D. in Computer Science from Florida State University in 2021 and has consistently contribute to sustainability for foundation models and... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Intermediate

3:25pm MST

Cloud Native Storage: The CNCF Storage TAG Projects, Technology & Landscape - Alex Chircop, Akamai & Raffaele Spazzoli, Red Hat

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 3 | 355 EF

This talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with CNCF Storage projects, and the work we have done to build guidance and write whitepapers for the ecosystem. During this session we will cover an overview of storage projects in the CNCF, including the broader ecosystem, as well as projects that are currently being reviewed. We will also share updates of our latest work including the CNCF Storage Whitepaper, Performance and Benchmarking whitepaper, Cloud Native Disaster Recovery whitepaper, and the Data on Kubernetes whitepapers on database patterns and AI/ML workloads. Join us to find out how to contribute and participate in the CNCF storage community and discover practical guidance on how to use cloud native storage in your environments.

Speakers

Alex Chircop

Chief Product Architect at Akamai, Akamai

Raffaele Spazzoli

Senior Principal Architect, red hat

Raffaele is a full-stack enterprise architect with 20+ years of experience. Currently Raffaele covers a consulting position of cross-portfolio application architect with a focus on OpenShift. Most of his career Raffaele worked with large financial institutions allowing him to acquire... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Storage

3:25pm MST

Elevate Your Kubernetes Policy Game with Kyverno! - Vishal Choudhary, Nirmata; Lanting Chiang & Karen Tu, Robinhood Markets, Inc.

Thursday November 14, 2024 3:25pm - 4:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Struggling to find the balance between robust security and empowering developers? Join Robinhood's platform engineers Karen and Lanting as they share their migration journey from custom solutions and PSPs, to policy as code with Kyverno. Go beyond the basics of resource validation and enforcement, and learn the power of Kyverno for policy as code lifecycle management, including testing, deployment, performance optimizations, exception management, and reporting. Plus, Vishal, a Kyverno maintainer, will present a game-changing new feature in Kyverno 1.12: etcd offloading for policy reports, which is critical for large production workloads. This session is a must-attend for platform engineers and Kubernetes administrators looking to leverage policy as code for self-service automation, security, and compliance.

Speakers

Karen Tu

Robin Hood

Lanting Chiang

Software Engineer, Robinhood Markets, Inc.

Software Engineer on the Software Platform - Container Orchestration team at Robinhood Markets, Inc.

Vishal Choudhary

Software Engineer, Nirmata

Vishal is a student and a software engineer, working on cloud-native projects focusing on governance and securing software supply chains for everyone! He is a maintainer of Kyverno and an active contributor at several other projects in the space. He is always looking to discuss tools... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Kyverno

3:25pm MST

Intro & Deep Dive - Kubernetes Infrastructure - Arnaud Meukam, Independent & Mahamed Ali, Cisco

Thursday November 14, 2024 3:25pm - 4:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

This session will examine the intricacies of Kubernetes infrastructure, ongoing maintenance efforts, and strategic security enhancements. We will showcase notable achievements, address challenges, and emphasize the significance of our collaborative efforts with fellow SIGs. The session concludes with an interactive Q&A, welcoming invaluable feedback and insightful discussions from all participants to shape our future trajectory. Join us in this unique opportunity to contribute to the advancement of SIG k8s Infra together.

Speakers

Arnaud Meukam

Open Source Engineer, Independent

Arnaud is a Open Source Engineer and he is a core Kubernetes contributor. He is been involved in the project for over 5 years now, is the SIG Chair for the Kubernetes Infrastructure Group and Release manager.

Mahamed Ali

Senior DevOps Engineer, Cisco

Mahamed is a Senior DevOps Engineer at ThousandEyes by Cisco and improves developer experience for fellow engineers. He is also an OSS Maintainer and works on Kubernetes as the SIG K8s-Infra Tech Lead and on Knative as the Productivity Working Group Lead.

Thursday November 14, 2024 3:25pm - 4:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, K8s Infra

3:25pm MST

Kubernetes SIG Architecture Intro and Updates - John Belamaric, Google & David Eads, Red Hat

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 3| 355 BC

SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.

Speakers

John Belamaric

Senior Staff Software Engineer, Google

John is a Sr Staff SWE, co-chair of K8s SIG Architecture and of K8s WG Device Management, helping lead efforts to improve how GPUs, TPUs, NICs and other devices are selected, shared, and configured in Kubernetes. He is also co-founder of Nephio, an LF project for K8s-based automation... Read More →

David Eads

Senior Principal Software Engineer, Red Hat

David Eads is a senior principal software engineer at Red Hat and co-lead for Kubernetes sig-apimachinery and TL for sig-auth.

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Architecture

3:25pm MST

Peak Innovation and Cloud Tweaks: Falco’s Ongoing Runtime Security Development - Jason Dellaluce, Leonardo Grasso & Luca Guerra, Sysdig; Carlos Tadeu Panato Junior, Chainguard; Melissa Kilby, Apple

Thursday November 14, 2024 3:25pm - 4:00pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

In the fast-paced world of cloud-native runtime security, Falco embraces innovation and adaptability. As a trusted CNCF-graduated project, Falco keeps evolving to meet today’s security challenges with new approaches. This session covers Falco’s latest developments, including better rule handling for flexible ruleset customization and output definition, integration with Prometheus metrics, and an improved installation experience. We will also look at new language extensions and operators, improvements in performance and testing, and powerful new plugins for advanced data modeling. Join us in celebrating Falco’s ongoing efforts to refining runtime security and its dedication to the future of cloud-native environments.

Speakers

Carlos Panato

Staff Software Engineer, Chainguard

Carlos Panato (@cpanato) is a Staff Software Engineer at Chainguard, Inc., specializing in development and infrastructure with Kubernetes and containers. He has a diverse background in development, testing, processes, and management. Carlos actively contributes to several Linux Foundation... Read More →

Leonardo Grasso

Open Source Tech Lead Manager / Falco Core Maintainer, Sysdig

Leonardo leads a talented group of open source engineers advancing security projects at Sysdig. Based in Italy, Leonardo combines his deep passion for Linux, Kubernetes, Containers, and Security with a strong background in software design and R&D. As a core maintainer of Falco, a... Read More →

Melissa Kilby

Security Engineer, Apple

Before joining Apple, Security Engineer Melissa Kilby contributed to US Government research projects and taught Applied Data Science at BlackHat. She has a Ph.D., specializing in machine learning and biomechanics. She has also contributed to NASA’s space suit engineering program... Read More →

Jason Dellaluce

Tech Lead, Manager, Sysdig

Jason Dellaluce is an Senior Engineer and Manager at Sysdig and a core maintainer of Falco, the CNCF tool for Cloud Native Runtime Security. On a daily basis, he contributes to the Falco Community and is exposed to Linux, Kubernetes, Containers, Security, eBPF, and the Open Source... Read More →

Luca Guerra

Sr. Open Source Engineer, Sysdig Inc.

Luca is an experienced software engineer, specializing in software design and security research. His professional experience includes designing security solutions, building and breaking secure systems, and vulnerability management. Luca is a core maintainer for the Falco project and... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Falco

3:25pm MST

Measuring All the Costs with OpenCost Plugins - Alex Meijer, Stackwatch

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

The CNCF OpenCost project is approaching 5,000 stars on GitHub and has become one of the most popular cost monitoring systems in use. Originally focused on cloud provider and Kubernetes cost monitoring, OpenCost expanded its scope in May 2024 by launching OpenCost Plugins with Datadog as the first reference implementation. These plugins allow users to measure and visualize virtually any cost in OpenCost, without writing a single line of OpenCost code. Alex Meijer, OpenCost and OpenCost Plugins maintainer, will speak on how the OpenCost Plugins ecosystem works and will dive into the use of the open-source FOCUS spec in OpenCost, which is the key to being able to measure nearly any cost. A plugin-enabled OpenCost deployment will be demoed, with an external cost (Datadog) visualized alongside the traditional Kubernetes and cloud provider costs. Alex will also share how to get started with plugins so that users can start analyzing the costs of whatever matters to their unique use case!

Speakers

Alex Meijer

Staff Software Engineer, Stackwatch

Alex Meijer has been working with Kubernetes for his entire career, being at various times a user, operator, and currently as someone working to help others use Kubernetes better. He has served in startups ranging in size from 5-90 people. Alex contributes to the Opencost project... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Intermediate

3:25pm MST

Orchestrating Quasi-Real Time Data Processing in the Computing Farm of the ATLAS Experiment at CERN - Giuseppe Avolio, CERN

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 155 BC

What has Kubernetes got to do with a High Energy Physics experiment collecting one million physics events per second at a data rate of 5 TB/s? That is what we would like to show you! The ATLAS experiment at CERN filters one million complex collision signatures per second provided by the Large Hadron Collider in quasi real-time, using a mixture of custom electronics and a large computing farm (the Event Filter – EF – farm) consisting of up to 5000 commodity servers. In this talk, we will tell you how we are going to exploit Kubernetes to orchestrate the ATLAS EF computing farm. In particular, we will focus on the strategy and optimizations we put in place in order to start more than 25000 PODs over more than 2500 worker nodes in about 50 seconds. We will also show the impact of the Kubernetes Scheduler and Controller Manager QPS values on POD start and stop throughputs and we will report about how custom scheduler profiles allow us to schedule PODs at an average rate of about 500 Hz.

Speakers

Giuseppe Avolio

Dr., CERN

Giuseppe Avolio is a physicist working at CERN, with almost 20 years of experience in the field of Data Acquisition (DAQ) systems for High Energy Physics experiments. He is member of the ATLAS collaboration, and he is currently responsible for coordinating the ATLAS DAQ system upgrade... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

3:25pm MST

From Chaos to Harmony, Transforming ML Engineering: A Kubernetes Adoption Journey

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

How Ekstra Bladet’s Data Science team went from a small team of ML engineers, who needed to deliver quickly without deep technical infrastructure knowledge, to a rigid and proprietary ML pipeline built from AWS components and triggered by a large and chaotic Infrastructure as Code project. This made it difficult to achieve freedom and required a lot of work to implement and debug. One of the key reasons for adopting Kubernetes for our ML team emerged when we realized that we should serve all stakeholders across the JP/Politikens Hus organization, not just Ekstra Bladet. We then chose Kubernetes as our container infrastructure, which transformed the ML team into a dynamic ML ecosystem with great freedom under responsibility.

Initially, we focused on building robust frameworks for training and deploying ML models as API services and model training. Today, our ML team operates at the forefront of innovation, where we embrace GitOps principles to streamline our machine learning platform. Through careful adoption of advanced techniques such as autoscaling, scheduling, event triggers, and dynamic service deployment, we ensure seamless integration of new ML models into our infrastructure. This evolution has allowed us to effectively meet our diverse needs, while maintaining agility and scalability in our ML operations.

Speakers

Paris Nakita Kejser

Cloud Engineer, JP Politikens Hus

As a certified Cloud Engineer specializing in AWS and Kubernetes, I'm integral to Ekstra Bladet’s Data Science team. My focus lies in optimizing cloud infrastructure, integrating AWS and Kubernetes setups, and driving technological advancements. I contribute to Ekstra Bladet's digital... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Intermediate

3:25pm MST

You're Overpaying for CI - Kyle Penfound, Dagger

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 250

In recent years, the computational power of developer workstations has surged dramatically. With so much compute available at every developer's fingertips, why do we continue to waste time and money with lengthy build times on sluggish CI compute? Some forward-thinking organizations are re-evaluating this approach, questioning the necessity of paying for CI compute when the developers' workstations, which are already more powerful and paid for, remain underutilized. In this technical session we will transition a fully functioning production CI system from cloud-based compute to local workstation compute. We will explore the intricacies of replicating the functionality of a modern CI system, leveraging the power of developer workstations, all using open source software.

Speakers

Kyle Penfound

Solutions Engineer, Dagger

Kyle is part of the ecosystem team at dagger.io working on the future of CICD. He has a background in DevOps and just loves giving demos!

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Any

3:25pm MST

It's Dangerous to Build It Alone, Take This. - Jeremy Rickard & Ashna Mehrotra, Microsoft

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 151

You've got high and critical CVEs in open source software packages that are critical to your platform or business. Time is almost up to patch them, and the upstream project hasn't fixed things. If you don't patch, your accreditation might be at risk. You're going to have to do it yourself! But where do you start? Fork the projects? Can you just patch in place? In this session, you'll learn about tools and strategies that can help you respond to CVEs in your container images faster, starting with patching existing images in place with Copacetic and moving on to patching and building projects from scratch. We'll look at challenges to building and testing upstream projects using existing tools and learn from emerging practices in industry. We'll also talk about how to inform your teams to stop using bad images! After this session, you'll have best practices and tools at your disposal, understand some of the pitfalls of owning your entire open source software supply chain.

Speakers

Ashna Mehrotra

Software Engineer, Microsoft

Ashna Mehrotra is a software engineer on the Upstream Security team, working on cloud-native open source security projects at Microsoft.

Jeremy Rickard

Principal Software Engineer, Microsoft

Jeremy Rickard is a principal software engineer at Microsoft where he works on the Azure Container Upstream team. He is currently a co-chair for SIG Release and serves on both the CNCF and the Kubernetes Code of Conduct Committees. He was also the Kubernetes 1.20 Release Lead.

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Any

4:00pm MST

Coffee Break ☕

Thursday November 14, 2024 4:00pm - 4:30pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Thursday November 14, 2024 4:00pm - 4:30pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

4:10pm MST

Project Pavilion Tour with Annie Talvasto, CNCF Ambassador

Thursday November 14, 2024 4:10pm - 4:30pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Thursday November 14, 2024 4:10pm - 4:30pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

4:30pm MST

Which GPU Sharing Strategy Is Right for You? a Comprehensive Benchmark Study Using DRA - Kevin Klues & Yuan Chen, NVIDIA

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Hall DE

Dynamic Resource Allocation (DRA) is one of the most anticipated features to ever make its way into Kubernetes. It promises to revolutionize the way hardware devices are consumed and shared between workloads. In particular, DRA unlocks the ability to manage heterogeneous GPUs in a unified and configurable manner without the need for awkward solutions shoehorned on top of the existing device plugin API. In this talk, we use DRA to benchmark various GPU sharing strategies including Multi-Instance GPUs, Multi-Process Service (MPS), and CUDA Time-Slicing. As part of this, we provide guidance on the class of applications that can benefit from each strategy as well as how to combine different strategies in order to achieve optimal performance. The talk concludes with a discussion of potential challenges, future enhancements, and a live demo showcasing the use of each GPU sharing strategy with real-world applications.

Speakers

Kevin Klues

Distinguished Engineer, NVIDIA

Kevin Klues is a distinguished engineer on the NVIDIA Cloud Native team. Kevin has been involved in the design and implementation of a number of Kubernetes technologies, including the Topology Manager, the Kubernetes stack for Multi-Instance GPUs, and Dynamic Resource Allocation (DRA... Read More →

Yuan Chen

Principal Software Engineer, NVIDIA

Yuan Chen is a Principal Software Engineer at NVIDIA, working on building NVIDIA GPU Cloud for AI. He served as a Staff Software Engineer at Apple from 2019 to 2024, where he contributed to the development of Apple's Kubernetes infrastructure. Yuan has been an active code contributor... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Any

4:30pm MST

The Maintainer Monologues - Sarah Christoff, Defense Unicorns; Karen Chu, Fermyon; Jason Hall, Chainguard; Scott Rigby, Independent; Ryan Nowak, Microsoft

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 255 BC

Are maintainers born? Or made? Made. They’re definitely made. Oftentimes it’s a combination of trial and error, luck, and lots of hard work. With a mixed group of first time and experienced maintainers, join us for a panel covering the origin stories and learnings of CNCF sandbox/incubating/graduated project maintainers. They’ll share their journeys as their projects evolved, and cover topics such as: - Project milestones (inception, MVP, & donation) - Learning the ecosystem - Blind spots - Navigating social dynamics (community building, getting more help, navigating challenges) - Work life balance / open source burnout With this knowledge, you’ll be better equipped to become the next open source contributor, maintainer, or creator of projects, ready to navigate the ecosystem.

Speakers

Karen Chu

OSS Community PM

Karen Chu is an OSS Community PM. Having participated in the cloud native community since 2015, she is a CNCF Ambassador, Helm community manager/maintainer, emeritus Kubernetes Code of Conduct Committee member, meet-up organizer, and conference organizer. She has also worked on The... Read More →

Sarah Christoff

Software Engineer, Defense Unicorns

Sarah is a software engineer at Defense Unicorns who loves making complex code more digestible. She is the self-proclaimed founder of the Leslie Lamport fan club. When she's not bugbusting, she is running her animal rescue and competing in triathlons. She believes code should be like... Read More →

Scott Rigby

Senior Cloud Solutions Architect, NASA / Navteca

Scott is an artist, engineer & dad, collaborating on a different kind of world. Into collective art, activism, therapy & open source nerdy stuff. Scott is a Cloud Native Ambassador, speaker, organizer of CNCF community events including the New York Kubernetes Meetup, and international... Read More →

Jason Hall

Principal Software Engineer, Chainguard

Jason is a hopeless container image tooling nerd, living in Brooklyn with his wife, two children and (most importantly) lots of pizza.

Ryan Nowak

Incubations Architect, Microsoft

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 255 BC

Cloud Native Experience

Content Experience Level Any

4:30pm MST

Understanding Kubernetes Networking in 30 Minutes - Ricardo Katz, Broadcom & James Strong, Isovalent at Cisco

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 251

You are learning Kubernetes and started to face concepts like Pod CIDRs, Services, CNI, kube-proxy? Welcome! you have reached the amazing area of Kubernetes networking! We all have already been there and know how complex it may seem on the beginning, but in this talk, Ricardo and James will demystify the Kubernetes network concepts and model on a fun way, exploring how it is designed, why the is a "pause" container on every Pods, how the communication between Pods work, what are kube-proxy and CNI and their importance. In the end of this talk we expect you to get your learning path on Kubernetes Networking clear to better understand not only what are the concepts about, but also see on a live demo how every component correlates and makes the communications possible on a Kubernetes cluster .

Speakers

Ricardo Katz

Software Engineer, Broadcom

Software Engineer at VMware by Broadcom, Kubernetes contributor on spare time. Previously was the tech lead for the Brazilian Government Cloud and Platform infrastructure, being one of the persons responsible for implementing some of the first Kubernetes clusters in Brazil, clusters... Read More →

James Strong

Sr Customer Success Architect, Isovalent at Cisco

James has been working in the cloud for 7 years. He helped build a private cloud at GE Appliances and developed and supported REST API's in AWS on docker. Recently he has passed the CNCF's CKA exam and helps companies migrate their applications to Kubernetes.

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

4:30pm MST

Microsegment Your Network Like Mastercard with AdminNetworkPolicy - John Zaiss, Mastercard & Surya Seetharaman, Red Hat

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | 155 EF

Do you manage Kubernetes clusters and need to enforce airtight workload security on a cluster-wide level? This is vital in the Financial Services industry to comply with the PCI Data Security Standard. Mastercard was looking for a built-in Kubernetes solution enabling admins to govern network access between workloads at scale. While exploring different options, they found namespace-scoped NetworkPolicies but wanted to avoid duplicating policies for each namespace. When Kubernetes SIG-Network added AdminNetworkPolicies in v1.25, Mastercard found what they needed! In this session, we will introduce AdminNetworkPolicy and demonstrate applying granular, non-overridable network controls on a live cluster for multi-tenant isolation. Join us to learn how Mastercard is securing microservices in production based on the principle of least privilege and zero trust. We will also share our operational challenges and lessons learnt. Attendees will gain actionable strategies to secure clusters.

Speakers

John Zaiss

Principal Software Engineer, Mastercard

As a Principal Engineer, John brings extensive expertise in Kubernetes, automation, cloud identity architecture, server architecture, VMware ESX, mobile device management, and IT strategy. He is a seasoned information technology professional with a BS in Cybersecurity and a MS in... Read More →

Surya Seetharaman

Principal Software Engineer, Red Hat Inc.

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

4:30pm MST

Elevating Kubeflow Spark Operator's Future: Best Practices and Enhancements - Vara Bonthu, AWS & Chaoran Yu, Apple Inc

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Grand Ballroom GI

As Kubernetes becomes the leading platform for data processing, mastering the deployment and management of Apache Spark on it is crucial. In this presentation, you'll hear from the new maintainers of the Kubeflow Spark Operator project, who will provide an overview of scaling the Spark Operator on Kubernetes, emphasizing best practices to optimize performance and efficiency. Attendees will explore the migration of the Spark Operator repository from Google to Kubeflow, gaining insights into the roadmap and key takeaways. The session will cover strategies for achieving multi-tenancy, managing multiple Spark Operator instances for large-scale deployments, ensuring robust security, and performing seamless upgrades. Participants will learn advanced techniques to maximize their Spark on Kubernetes deployments, making their data processing pipelines more efficient, reliable, and secure. This talk is for Data, ML, DevOps, and MLOps pros to enhance their Spark on Kubernetes skills.

Speakers

Chaoran Yu

Software Engineer, Apple Inc

Chaoran Yu is a software engineer at Apple. He leads a team that builds and operates a large-scale batch analytics data platform to meet the demanding requirements of data scientists and engineers. His passion lies in delivering the best value to stakeholders through best-of-breed... Read More →

Vara

Principal OSS Specialist, AWS

Vara Bonthu is a dedicated technology professional and Worldwide Tech Leader for Data on EKS, specializing in assisting AWS customers ranging from strategic accounts to diverse organizations. He is passionate about open-source technologies, Data Analytics, AI/ML, and Kubernetes, and... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Any

4:30pm MST

WASM + KWOK Wizardry: Writing and Testing Scheduler Plugins at Scale - Dejan Pejchev & Jonathan Giannuzzi, G-Research

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 255 EF

In the world of Kubernetes, optimizing scheduler performance is key to maximizing cluster efficiency. This session dives into building custom Kubernetes scheduler plugins using WebAssembly and leveraging KWOK to test their performance. We'll begin by introducing the fundamentals of Kubernetes scheduling and the unique advantages of WebAssembly, such as fast startup times and secure sandboxing. We will show how the kube-scheduler-wasm-extension project can be used to create custom scheduling logic easily. Next, we'll explore KWOK (Kubernetes WithOut Kubelet), a tool that simulates Kubernetes clusters for testing and benchmarking purposes. Through hands-on examples, we'll demonstrate how to set up KWOK, create realistic test environments, and gather performance metrics to fine-tune your custom scheduler plugins.

Speakers

Jonathan Giannuzzi

Open Source Evangelist, G-Research

Dejan Zele Pejchev

Open Source Engineer, G-Research

Dejan is a seasoned Software Engineer with over 8 years of experience building and scaling distributed systems and an advocate of open source & Kubernetes-native solutions. Dejan is also a maintainer of Armada, the Kubernetes multi-cluster batch scheduling tool, Testkube, the Kubernetes-native... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Advanced

4:30pm MST

Fluent Bit: Better Pipelines for Observability - Eduardo Silva, Chronosphere

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 3 | 355 EF

Creating better data pipelines is constantly challenging when "better" is defined by performance, low resource usage, and total ecosystem integration. In this session, we will dive deep into Fluent Bit, a CNCF graduate project under the Fluentd umbrella that helps you build scalable data pipelines to manage all your needs for the collection and processing of telemetry data by integrating multiple data sources and formats and reliably sending it to your desired endpoints or vendors for analysis. Attendees of this session will learn about best practices for telemetry data handling and important concepts such as buffering, backpressure, monitoring, and retry logic, among many others. Fluent Bit, which was primarily known for managing logs, now also handles metrics and traces. It fully integrates with applications based on Prometheus or OpenTelemetry formats.

Speakers

Eduardo Silva

OSS Engineering Manager, Chronosphere

Eduardo is an entrepreneur and Software Engineer. He is one of Fluentd project maintainers and creator of Fluent Bit, a lightweight Logs, Metrics, and Traces processor.

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Fluentd

4:30pm MST

Gateway API: What's New, What's Next? - Christine Kim & Nick Young, Isovalent at Cisco; Mattia Lavacca, Kong; Guilherme Cassolato, Red Hat

Thursday November 14, 2024 4:30pm - 5:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

Gateway API represents the next generation of ingress and service mesh APIs for Kubernetes. Since its promotion to GA (General Availability) last year, numerous features have been added, with many more in development. In this talk, we will introduce the latest enhancements, review all recent changes to the API, and discuss what lies ahead. Many features are planned to graduate to GA in the upcoming releases, while others will be introduced as experimental. This talk is the ideal opportunity to familiarize yourself with these changes, connect with the Gateway API community, and get answers to all your questions!

Speakers

Guilherme Cassolato

Principal Software Engineer, Red Hat

Guilherme is a Principal Software Engineer at Red Hat, core member of the Cloud Native Computing Foundation (CNCF) project Kuadrant, developer and maintainer of Authorino, active contributor in the Kubernetes community with the Gateway API project by SIG-Network.

Nick Young

Senior Software Engineer, Isovalent at Cisco

Nick has been working to prevent the entropic downfall of systems for 25 years, across datacenters, clouds, networking, and others. He's a Staff Engineer at Isovalent, and a maintainer on the Kubernetes Gateway API project, where he works on improving the ingress and mesh experiences... Read More →

Christine Kim

Developer Relations, Isovalent at Cisco

Christine Kim focuses on developer experience at Isovalent, where she dabbles in the world of Kubernetes and Service Meshes.

Mattia Lavacca

Software Enginner, Kong

Mattia is a Software Engineer at Kong, working on Kubernetes networking. He is a key contributor to SIG-Network projects, such as Gateway API, Ingress2Gateway, and Blixt, and the co-lead of Kong's Gateway API implementation. He is working on many Kong projects related to networking... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Network

4:30pm MST

Navigate Cross SIG Collaborations with SIG Docs - Rey Lejano & Savitha Raghunathan, Red Hat; Divya Mohan, SUSE; Xander Grzywinski, Microsoft

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 3| 355 BC

As one of the largest open source projects, Kubernetes is divided into twenty-four Special Interest Groups (SIGs). All SIGs share a common goal of advancing the project, and collaboration across SIGs is required to do so. In this session, learn how SIG Docs collaborates with other SIGs on Kubernetes releases, improving Kubernetes security and driving Kubernetes adoption with documentation.

Speakers

Savitha Raghunathan

Senior Software Engineer, Red Hat

Savitha Raghunathan is a Senior Software Engineer at Red Hat, working on Container Migration and Application Modernization. She leads K8s sig-security-docs sub-project aiming to create security awareness through docs. As a maintainer of the Konveyor project, she leads the community... Read More →

Xander Grzywinski

Open Source Program Manager, Defense Unicorns

Xander is an open source program manager at Defense Unicorns. Previously he worked in various roles on platform and open source teams at Microsoft, Twitter, Apple, and HashiCorp. When not at a computer, you'd most likely find him at a pottery wheel.

Rey Lejano

Solutions Architect @ Red Hat, CNCF Ambassador, K8s SIG Docs co-chair, SIG Security subproject lead, K8s v1.23 release lead, DevOps Institute Ambassador, Red Hat

Rey Lejano is a Solutions Architect at Red Hat and is the co-chair of Kubernetes SIG Docs. He contributes to Kubernetes SIG Security, Release, & Contributor Experience. He is a member of seven Kubernetes Release Teams including serving as the 1.23 Release Lead and 1.25 Emeritus Adviser... Read More →

Divya Mohan

Principal Technology Advocate, SUSE

Divya is a Senior Technical Evangelist at SUSE, where she contributes to Rancher’s cloud native open source projects. She co-chairs the documentation for the Kubernetes & LitmusChaos projects & has previously worked extensively in the systems engineering space during her tenure... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Docs

4:30pm MST

Open Policy Agent (OPA) Intro, Deep Dive & V1.0 Update - Charlie Egan, Styra

Thursday November 14, 2024 4:30pm - 5:05pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Join us in this dedicated session on Open Policy Agent (OPA), the general-purpose policy engine for policy decision-making and management across the cloud native stack - from application authorization to Kubernetes admission, OPA has you covered. OPA maintainers will provide a comprehensive introduction for newcomers, followed by a deep dive into OPA v1.0 and recent updates. Whether you're a veteran OPA user, or just intrigued by policy as code in cloud-native environments, you will find this session valuable. Don't miss the opportunity to connect with other OPA users and to get your questions answered after the presentation too.

Speakers

Charlie Egan

Senior Developer Advocate, Styra

Charlie has been working with in the Cloud Native space since 2018. He currently works as a Developer Advocate at Styra and on the OPA project. Charlie is interested in authentication and authorization across the stack. You can find him in the OPA Community Slack.

Thursday November 14, 2024 4:30pm - 5:05pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Open Policy Agent (OPA)

4:30pm MST

Secure Release Processes with in-Toto Policy Verification - John Kjell, TestifySec & Aditya Sirish A Yelgundhalli, New York University

Thursday November 14, 2024 4:30pm - 5:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Ensuring software releases adhere to expected processes is crucial for both open-source projects and enterprise software. The in-toto project offers a solution by creating attestations for each step, providing verifiable evidence of compliance. Over the past five months, community contributors have worked to enhance the definition and capabilities of in-toto layouts to enforce policies for these attestations. This presentation will showcase the results of this effort, demonstrating how to create flexible policies for any software development lifecycle (SDLC) process, from source code commit to production release. We will explore how to formulate policies that verify attestations for code reviews, SBOM integrity, testing, vulnerability scans, build provenance (such as SLSA), and more. Join us to learn how to ensure your software development process is compliant and secure.

Speakers

Aditya Sirish A Yelgundhalli

Ph.D. Candidate, New York University

Aditya is a Ph.D. candidate at New York University where he researches software supply chain security. He is a maintainer of in-toto, which is incubated at the CNCF. He is also a contributor to TUF, another CNCF project, and a maintainer of gittuf, a sandbox project at the OpenSSF... Read More →

John Kjell

Director of Open Source, TestifySec

John is responsible for open source at TestifySec, a software supply chain security startup. He is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is an active contributor to CNCF's TAG Security and multiple projects within the OpenSSF. Before... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, in-toto

4:30pm MST

Mastering OpenTelemetry Collector Configuration - Steve Flanders, Cisco

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Configuring the OpenTelemetry Collector can be a daunting task for both novices and seasoned professionals alike. Yet, mastering this crucial aspect is essential for unlocking the full potential of your observability stack. In this session, you will embark on a journey to gain the knowledge and skills needed to conquer common OpenTelemetry Collector configuration challenges. This session will draw from real-world experiences and best practices and provide live demonstrations to navigate the intricacies of OpenTelemetry Collector configuration. Whether you are a novice looking to get started or a seasoned veteran seeking to level up your skills, this session promises to empower you with the knowledge and confidence needed to properly and efficiently configure the OpenTelemetry Collector.

Speakers

Steve Flanders

Senior Director of Engineering, Cisco

Steve Flanders is a Senior Director of Engineering at Splunk (acquired by Cisco) responsible for the Observability Platform team, which includes contributions to the OpenTelemetry project. He was previously the Head of Product at Omnition (acquired by Splunk). Prior to Omnition, he... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Any

4:30pm MST

Per-Node Api-Server Proxy: Expand the Cluster's Scale and Stability - Weizhou Lan & Iceber Gu, DaoCloud

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | 155 BC

For lots of CNCF projects, kinds of daemonsets simultaneously synchronize datas from the Api-server from each node. Especially in large-scale clusters, it creates significant pressure on the Api-server, burdens the network, even affects the stability of the cluster. Some projects have implemented optimization to address this. For instance, Cilium aggregates endpoint information into the CRD CiliumEndpointSlice before distributing it to its daemonset. However, many projects have not yet adopted such data aggregation optimizations and Currently, there is still no project to help improve the communication between all components and the Api-server. ClusterPedia supports to launch per-node Api-server proxies to serve all local pods, and utilize eBPF to resolve the API server's clusterIP to the local proxy, which transparently implements API server access redirection on demand. In large-scale clusters, this can significantly improve the stability of all cluster's services.

Speakers

Iceber Gu

Software Engineer, DaoCloud

Senior open source enthusiast, focused on cloud runtime, multi-cloud and WASM. I am a CNCF Ambassador and founded Clusterpedia and promoted it as a CNCF Sandbox project. I also created KasmCloud to promote the integration of WASM with Kubernetes and contribute it to the WasmCloud... Read More →

Weizhou Lan

Senior Tech Lead, Daocloud

Weizhou Lan, 13+ years of engineering experience, engaged in kubernetes since 2018. a senior tech lead at Daocloud focusing on private cloud, a speaker at KubeCon NA/EU and KCD China, a Program Committee Member for KubeCon, the initiator and maintainer of the CNCF sandbox project... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

4:30pm MST

GÖDel Scheduler: A Unified Scheduler for Online and Offline Workloads - Bing Li, Yue Yin & Lintong Jiang, ByteDance

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Gödel Scheduler, developed by ByteDance, has been open-sourced as a unified system for managing online and offline workloads efficiently. Created to surpass the capabilities of Kubernetes' default scheduler, it enhances resource utilization, operational efficiency, and scheduling throughput. Key features include optimistic concurrency, a two-layer scheduling abstraction, and a robust dispatcher and binder system. Gödel Scheduler aims to improve cloud-native experiences and reduce operational burdens, catering to ByteDance’s extensive and diverse computing needs. Join us to explore how Gödel Scheduler can revolutionize your workload management strategy, ensuring efficient and reliable operations across your cloud-native infrastructure.

Speakers

Yue Yin

ByteDance

Lintong Jiang

ByteDance

Bing Li

Senior Software Engineer, ByteDance

Software Engineer at ByteDance CloudNative Infrastructure, building Gödel.

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Advanced

4:30pm MST

Bring the Joy Back to Deployments! - Murriel McCabe, Google Cloud & Elizabeth Ponce, Airbnb

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 250

Destination: deployment! Your feature is complete. Your application is ready. You want to share your hard work with the world. How do you pick the optimal deployment process? Where do you even start? In this talk, Murriel and Elizabeth will be your guides on a brief tour of several open source tools for deploying a workload into Kubernetes. Our journey will begin with manual hello world deployments and from there we will explore some of the most common modern tools for CI/CD, including a demo speedrun! Major destinations on this tour will include helm, kustomize, skaffold, ArgoCD, Tekton, Jenkins and JenkinsX. We will walk through the fundamentals of CI/CD, explore tradeoffs and discuss the process for implementing these tools in your software development lifecycle. By the end of this talk, you'll be equipped to begin navigating the CI/CD landscape and will leave with resources that will enable you to get started quickly and begin testing in your own environment.

Speakers

Murriel McCabe

Customer Engineer, Google Cloud

Murriel is a Customer Engineer with Google Cloud. She is currently excited about all things DevOps and platform engineering, developer productivity, and container platforms. She is a big advocate for STEM mentorship of girls/youth and exploring how technology can be used for social... Read More →

Elizabeth Ponce

Software Engineer, Airbnb

Elizabeth is a Software Engineer in Search Infrastructure at Airbnb and has a non traditional pathway from Customer Support Specialist to Software Engineering at Airbnb. As a Global Co-Chair for GemTech, Airbnb's Genders Marginalized in Tech employee resource group, Elizabeth actively... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Beginner

4:30pm MST

Mish-Mesh: Abusing the Service Mesh to Compromise Kubernetes Environments - Hillai Ben-Sasson & Nir Ohfeld, Wiz

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | 151

Service mesh solutions are common components in almost every large Kubernetes environment. Many engineers and security teams have adopted solutions like Linkerd and Istio to better segment and isolate their Kubernetes networks. In this talk, we will demonstrate how we were able to exploit common misconfigurations and insecure features in popular service mesh solutions, to escalate low-severity vulnerabilities to critical service takeovers. Our real-life examples include several major cloud service providers, where these vulnerabilities allowed us to gain unauthorized access to internal systems and sensitive secrets. This talk will help engineers understand whether their service mesh deployment acts as a proper security barrier, and how to make sure that it does. Security teams – both attackers and defenders – will learn new techniques for hacking Kubernetes environments, and how to properly defend against them.

Speakers

Hillai Ben-Sasson

Nir Ohfeld

Security Researcher, Wiz

Nir Ohfeld is a 25-years-old senior security researcher at Wiz. Ohfeld focuses on cloud-related security research and specializes in research and exploitation of cloud service providers, web applications, application security, and in finding vulnerabilities in complex high-level systems... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate

4:30pm MST

Tutorial: No Mess Rollouts with Gateway API: Leveraging Gateway API and Argo Rollouts for Progressive Delivery - Nina Polshakova & Lawrence Gadban, Solo.io

Thursday November 14, 2024 4:30pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Modern application delivery has many pitfalls: version transitions, traffic management, quality assurance, performance monitoring, and rollbacks. If you encounter an upgrade issue, what can you do? Mirror traffic? Debug locally? Roll back? Argo Rollouts lets teams gradually and safely deploy new versions of applications. A standard Gateway API enables any provider to support Argo Rollouts without provider-specific code. Argo Rollouts monitors Prometheus metrics to verify performance and reverts if success criteria aren’t met. This hands-on lab guides you on integrating Argo Rollouts with applications using different Gateway API implementations. Using Argo and Gateway API resources (HTTPRoute), you’ll learn to adjust traffic weights and gradually direct more traffic to a new version. We will also explore challenges in route delegation and role-based access control within Gateway API and potential extensions to address gaps in traffic shaping, access control, and debugging rollouts.

Speakers

Lawrence Gadban

Software Engineer, Solo.io

Lawrence is a Field Engineer at Solo.io where he works with organizations of all sizes to architect, adopt, and operationalize components such as Envoy proxy, API gateways, and service mesh. Most recently, he has been working directly with several organizations at various stages of... Read More →

Nina Polshakova

Software Engineer, Solo.io

Nina is a software engineer working on multi-cluster Istio solutions on the Gloo Platform team at Solo.io. She is a CNCF Ambassador and has also been on several Kubernetes release teams. She led the Enhancements team for the 1.29 release and is the current lead for the Release Notes... Read More →

Thursday November 14, 2024 4:30pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Operations + Performance

Content Experience Level Any

4:30pm MST

🚨 Contribfest: Kickstart Your eBPF Journey with Tetragon

Thursday November 14, 2024 4:30pm - 6:00pm MST

Salt Palace | Level 3 | 355 A

Tetragon and eBPF have a lot of buzz and this is your chance to get involved diving into the bytecode or docs! Tetragon’s docs are still young and your new contributor's perspective will be a superpower for spotting issues or unclear wording in the various quickstarts, guides, and concepts pages. The project’s CLI, tetra, is another great opportunity for those interested in code contributions around ease of use, testing, and consistency in flags and output. Tetragon’s documentation tech stack uses Markdown, built with Hugo, and a customized Docsy theme. The CLI is written in Go with the Cobra library and uses gRPC to communicate with the agent. While this session should help you get more familiar with Tetragon and can lead to more contributions in the future, those technologies are also used in Kubernetes and many other CNCF projects.

Speakers

Mahé Tardy

Software Engineer, Isovalent at Cisco

Mahé is a security engineer at Isovalent and an active contributor to Kubernetes SIG Security. He was previously working as a security researcher and loves working with Linux, security, and Kubernetes!

Kornilios Kourtis

Dr, Isovalent

I am a software engineer at Isovalent, working on cloud-native networking, security, and observability using eBPF. Before that, I worked in industrial (IBM) and academic research (ETH Zurich, NTU Athens) in systems, including operating systems, storage and network stacks, and high-performance... Read More →

Joe Stringer

Cilium Maintainer, Isovalent

Passionate about building efficient network dataplanes, and actively involved in the communities around Cilium, eBPF and the Linux kernel.

John Fastabend

Director of Engineering, Cisco

John is currently leading the Security and Observability team at Isovalent where he created Tetragon a runtime security and observability tool. When not working on Tetragon he maintains various bits and pieces of the Linux kernel contributing primarily to the BPF subsystem and networking... Read More →

Thursday November 14, 2024 4:30pm - 6:00pm MST
Salt Palace | Level 3 | 355 A

🚨 Contribfest

4:30pm MST

🚨 Contribfest: Meshery Contribfest: Extending the Cloud Native Manager

Thursday November 14, 2024 4:30pm - 6:00pm MST

Salt Palace | Level 3 | 355 D

Join the Meshery maintainers and community in improving the leading cloud native management plane. This is your chance to get hands-on with the tools shaping the future of collaborative cloud native management. Opportunities: Work on core functionality in the Server (Golang) or UI (React) or extend Meshery by building your own plugin. Contribute to the Meshery documentation by incorporating your own examples of cloud native solution architectures using Meshery Designer. Why Contribute to Meshery? - Gain experience with cloud native technologies, including essentially every CNCF project and open source development practices. As is the 10th fastest growing CNCF project, Meshery has a vibrant community. Work alongside passionate maintainers and contributors. No Prior Experience Needed: We welcome contributions from all levels of experience. Join us at Meshery Contribfest and be part of the growing community shaping the future of collaborative cloud native management.

Speakers

Shivay Lamba

Developer Relations Engineer, Couchbase

Shivay Lamba is a software developer specializing in DevOps, Machine Learning and Full Stack Development. He is an Open Source Enthusiast and has been part of various programs like Google Code In and Google Summer of Code as a Mentor and is currently a MLH Fellow. He has also worked... Read More →

Lee Calcote

Founder, Layer5

Thursday November 14, 2024 4:30pm - 6:00pm MST
Salt Palace | Level 3 | 355 D

🚨 Contribfest

5:25pm MST

Managing and Distributing AI Models Using OCI Standards and Harbor - Steven Zou & Steven Ren, VMware by Broadcom

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Hall DE

Just as container images are vital to cloud-native technology, AI models are crucial to AI technology. Effectively, conveniently, and safely managing, maintaining, and distributing AI models is critical for supporting workflows like AI model training, inference, and application deployment. This presentation explores AI model management based on OCI standards and the Harbor project. Standardizing AI model structures and characteristics using OCI specifications and extension mechanisms like OCI Reference to link datasets and dependencies. When large models require efficient loading or privacy considerations, model replication or proxy with upstream repositories like Hugging Face becomes essential. Enhancing model distribution security through signing, vulnerability scanning, and policy-based governance is often necessary. Additionally, introducing acceleration mechanisms such as P2P can significantly improve the efficiency of large model loading.

Speakers

Steven Ren

Senior Manager, Broadcom

Steven Zou

Staff II Engineer, VMware by Broadcom

Steven Zou is a senior engineer with years of experience in cloud computing and cloud-native technology. He is currently working as a Staff II engineer at VMware, focusing on cloud-native and Kubernetes-related platform services. In addition, he is a core maintainer of the CNCF open-source... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Any

5:25pm MST

Navigating Failures in Pods with Devices: Challenges and Solutions - Sergey Kanzhelev, Google & Mrunal Patel, Red Hat

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 2 | 250

Pods are no longer running with just CPU and Memory. We provision GPUs, network cards, request special placement of those devices and allocated memory. And the more efficient or effective you want your set up to be, the more complicated those device requirements are, the more chances you will hit an edge case Kubernetes has not accounted for yet. Come to the talk to learn from Node Maintainers about some of those shortcomings in Kubernetes. If you are only starting with AI/ML and devices, you will be interested to learn what to expect. If you have lots of experience, you may still learn new things. With the increased focus on AI/ML workloads, highlighting those scenarios is important. As Kubernetes plans to fix those problems, you can give feedback on what would work best for you.

Speakers

Sergey Kanzhelev

Staff Software Engineer, Google

Sergey Kanzhelev is a seasoned open source and cloud native maintainer working actively on Kubernetes. Sergey is serving as co-chair of SIG node. He is also one of the founders of OpenTelemetry. He is working on engineering aspect of software and its practical application. He is contributing... Read More →

Mrunal Patel

Distinguished Engineer, Red Hat

Mrunal Patel is a Senior Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He started the CRI-O runtime. He is a SIG-Node chair and tech lead.

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Any

5:25pm MST

Engaging the KServe Community, The Impact of Integrating a Solutions with Standardized CNCF Projects - Adam Tetelman, NVIDIA; Taneem Ibrahim, Red Hat; Johnu George, Nutanix; Tessa Pham, Bloomberg; Andreea Munteanu, Canonical

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom GI

Building a new solution and contemplating whether or not the OSS path is right for you? Wondering where to get started with a large cloud initiative and where the pitfalls may lie? Curious to know all the benefits waiting if your organization embraces a rich CNCF ecosystem? In this talk we will discuss the trade-offs between building a product on a full OSS platform vs. a DIY approach. We will delve into the issues of working with internal stakeholders or partners to embrace an OSS community and will cover the benefits and scaling factors that come when embracing open standards. We will use the recent integration of NVIDIA NIM into KServe as a case study and talk through the trials and tribulations that paid off in a win-win-win situation for our solutions, the OSS projects, and our users. We will cover Kubeflow, Knative, Istio, KServe, and wg-serve as well as a network of companies building enterprise K8s platforms and enterprise AI applications on top of these foundations.

Speakers

Andreea Munteanu

AI Product Manager, Canonical

I lead AI at Canonical, the publisher of Ubuntu and a provider of open source security, support and services. With a background in data science across industries like retail and telecommunications, I help enterprises make data-driven decisions with AI. I am passionate about amplifying... Read More →

Tessa Pham

Senior Software Engineer, Bloomberg

Tessa Pham is a Senior Software Engineer on Bloomberg's Cloud Native Compute Services organization. She works on building an inference platform for Bloomberg’s Data Science Platform, used by engineers and data scientists for training, deploying and serving ML models. Tessa is a... Read More →

Johnu George

Staff Engineer, Nutanix

Johnu George is a staff engineer at Nutanix with a background in distributed systems and large-scale hybrid data pipelines. He is an active in open-source and has steered several industry collaborations on projects like Kubeflow, Apache Mnemonic and Knative. His research interests... Read More →

Adam Tetelman

Principal Product Architect, NVIDIA

Taneem Ibrahim

Senior Engineering Manager, Red Hat

Taneem is an engineering leader at Red Hat where his organization is responsible for building and delivering Model Serving, Responsible AI, and Model Registry solution in OpenShift AI.

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Cloud Native Experience

Content Experience Level Any

5:25pm MST

Pick My Project! Lessons Learned from Interviewing 20+ End Users for Cloud Native Case Studies - Shedrack Akintayo & Bill Mulligan, Isovalent at Cisco

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 2 | 255 BC

Cloud native projects can promise the moon in their READMEs, but have you ever wondered what actually causes end users to adopt a project? Shedrack and Bill have interviewed over 20 companies in industries ranging from media to financial services about why they picked a project for their cloud native platform. In this talk, they will reveal what end users truly want when adopting cloud native technologies and what the forcing function was for each of them. You’ll hear firsthand accounts of the triumphs and tribulations faced by companies like Bloomberg, DigitalOcean, The New York Times, and more as well as the specific benefits these organizations are reaping, from enhanced security and observability to improved performance and cost savings. Additionally, they’ll teach other projects their process for creating impactful case studies. By the end, the audience will understand the real-world applications and advantages of cloud native technologies and why end users pick a project.

Speakers

Shedrack Akintayo

Technical Marketing Engineer, Isovalent at Cisco

Shedrack Akintayo is a software engineer and technical writer based in London with six years of experience spanning Web Engineering, DevOps, Technical Writing, and Developer Relations. Shedrack works as a Technical Marketing Engineer at Cisco, via the Isovalent acquisition. He actively... Read More →

Bill Mulligan

Community Pollinator, Isovalent at Cisco

Bill Mulligan is a cloud native pollinator and community builder. He has given talks, written articles, and appeared on podcasts on a wide range of topics around cloud native. While at CNCF he restarted the Kubernetes Community Day program. He is currently at Isovalent growing the... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 2 | 255 BC

Cloud Native Experience

Content Experience Level Any

5:25pm MST

Why Serverless Is Trending Again - Matt Butcher, Fermyon

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 2 | 251

The idea of serverless computing really took off in 2016. But after an apparent peak in 2019, it seemed to be on the decline. Yet things took an about face again in 2022. The idea of serverless functions not only regained lost ground, but even now it is hitting new levels of interest. Why? In this session, we first get very clear about what “serverless” means as a design pattern. Then we dive into what it is good for, and mention a few of the major successes of serverless computing. From there, we look into the present and future of serverless technology, particularly inside of Kubernetes. WebAssembly is the runtime technology that enables serverless in Kubernetes to outperform Amazon Lambda and other competitors.

Speakers

Matt Butcher

CEO, Fermyon

Matt Butcher (CEO) is a founder of Fermyon. He is one of the original creators of Helm, Brigade, CNAB, OAM, Glide, and Krustlet. He has written or co-written many books, including "Learning Helm" and "Go in Practice." He is a co-creator of the "Illustrated Children’s Guide to Kubernetes... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Any

5:25pm MST

One Gateway API to Rule Them All (and in the Cluster Configure Them) - Flynn, Buoyant

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 155 EF

Ingress, egress, east-west, north-south… Kubernetes has always had a lot of different ways to talk about network traffic, each with its own concerns. For years, the possibility of unifying these kinds of configuration under a single API was a tantalizing but far-off possibility until Gateway API v0.8 took the first step of combining ingress and mesh configuration. Now Gateway API is taking the next step: bringing egress to the party. Join us for a look into how Linkerd is using these new egress capabilities to meet real user needs! We’ll start with a quick overview of what egress policy covers and what people need from it, how Gateway API makes egress work within its existing model, continue to cover how Linkerd implements it, and finish up with a live demo showing off a real-world example of egress management through the Gateway API. Welcome to the grand unified world!

Speakers

Flynn -

Tech Evangelist, Buoyant

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Any

5:25pm MST

What if Kubernetes Was a Compiler Target? - David Morrison, Applied Computing Research Labs & Tim Goodwin, UC Santa Cruz

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 2 | 255 EF

Multi-tier programming is a classic concept from the programming languages community, which provides abstractions for building multiple layers of a distributed application at once. For example, there might be a “presentation” tier that displays a user interface, a “data” tier that interacts with a backing database, and a “business logic” tier that connects the two, all of which can be expressed succinctly as part of the same program and compiled into independently-deployable units. However, Kubernetes has pushed modern software development in the opposite direction: SOA applications are composed of hundreds of independent units of code, often written in different languages and development environments. In this talk we provide an overview of multi-tier programming and how it might apply to software development on Kubernetes. We also present a prototype “Kubernetes compiler” that can turn a monolithic codebase into a distributed application that runs on top of Kubernetes.

Speakers

David Morrison

Applied Computing Research Labs

Tim Goodwin

PhD Student, UC Santa Cruz

I am a 3rd year PhD student in the LSD lab at UC Santa Cruz. I am broadly interested in distributed systems and the abstractions we use to build them. I focus on cloud-native programming models and the challenges they present to developers, and my current research is focused on Kubernetes... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Advanced

5:25pm MST

Longhorn: Intro, Deep Dive and Q+A - David Ko, SUSE

Thursday November 14, 2024 5:25pm - 6:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Longhorn is a cloud-native, distributed block storage solution for Kubernetes, supporting persistent volume capacities and compatible with CSI protocols. It is designed for agnostic deployment across on-premises, edge, and cloud environments, serving as an independent storage solution within your cluster or as part of your broader infrastructure platform. Longhorn covers key data areas including data integrity, data locality, volume migration, replica rebalancing, automated volume operations, snapshot/revert, backup/restore, disaster recovery, data protection, data encryption, backing images for VM workloads, and so on. Besides, the new v2 data engine is under active development to enhance Longhorn's data plane performance. In this session, we will discuss the latest v2 status, like online replica rebuilding, new volume upgrade mechanism, volume trimming, and other significant features. We will also provide insights into the roadmap and engage in an in-depth discussion.

Speakers

David Ko

Engineering Director, SUSE

David Ko, a senior engineering manager at SUSE, is currently leading the Longhorn project (CNCF incubating) and is primarily dedicated to open-source development. David is not just a project/product/team/people manager, but also a hands-on developer and architect with 10+ years of... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Longhorn

5:25pm MST

Scaling and Safeguarding the Heart of Kubernetes: Deep Dive Into etcd - Wenjia Zhang & Marek Siarkowicz, Google; James Blair, Red Hat; Ivan Valdes Castillo, Aki Technologies; Wei Fu, Microsoft

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 3 | 355 EF

SIG-etcd are hard at work on scaling&safeguarding etcd, we need your help and feedback! This deep dive session will explore current & future etcd development efforts to share with both etcd & Kubernetes users & contributors. In particular we’ll focus on: -Feature gates:Reviewing recent KEPs for server & cluster level etcd feature gates. Discuss how feature gates empower us to introduce new capabilities while minimizing risk or breaking changes. -etcd Operator Working Group:Discuss the progress & next steps for the working group to release an officially supported etcd Operator. -Tackling compaction correctness:A post mortem exploration of the recent etcd watch correctness issue & resolution. -Community Update: A status update on the growth of the etcd community and project news. Highlight opportunities for you to get involved! Join etcd maintainers and contributors to learn about these recent developments & future plans, including how you can contribute to them. Bring questions, too.

Speakers

Wenjia Zhang

Engineering Manager, Google

Wenjia Zhang is an Engineer Manager at Google, working on Google Kubernetes Engine and Google Distributed Cloud. She is an active contributor for Kubernetes and etcd open source projects.

Wei Fu

Software Engineer, Microsoft

containerd maintainer: Building things for others who build things

Marek Siarkowicz

Senior Software Engineer, Google

Marek is a Software Engineer working at Google in Etcd team. He began his career in local startups where he loved open source and extreme programming. Currently he is a etcd maintainer and active member of SIG-instrumentation leading structured logging effort in Kubernetes. In his... Read More →

James Blair

Specialist Architect, Red Hat

James Blair is a Specialist Architect at Red Hat who works with organisations to design and implement solutions leveraging cloud native technologies. He is a vivid open source advocate and hands-on engineer who is an active Kubernetes and Etcd contributor and is passionate about growing... Read More →

Ivan Valdes Castillo

Independent

Ivan is a Site Reliability Engineer specializing in CI/CD pipelines, Infrastructure as Code, and automation. His dedication to spreading and mentoring the DevOps culture is evident in his efforts to foster collaboration and streamline development. In his free time, he is an active... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, etcd

5:25pm MST

Securing the Future of Ingress-Nginx - James Strong, Isovalent & Marco Ebert, Giant Swarm

Thursday November 14, 2024 5:25pm - 6:00pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

Ingress NGINX is a very flexible Ingress controller that provides users with a lot of NGINX functionality through annotations. However, this flexibility also raises security concerns for maintainers and cluster administrators. There have been eight significant CVEs and RCEs in Ingress NGINX. To address these issues, we have created a security hardening guide, which will be presented as a preview in this talk. Additionally, we will enable restrictive features by default to offer a more secure out-of-the-box experience with Ingress NGINX such as annotation validations. To maintain and secure the project and its Gateway API implementation, we will not be adding any new features to the core functionality of ingress, and a significant amount of functionality, such as UDP/TCP Routing, will be moved to Gateway API. We will also unveil the new name of the project during this presentation.

Speakers

James Strong

Sr Customer Success Architect, Isovalent at Cisco

Marco Ebert

Site Reliability Engineer, Giant Swarm

I'm Marco - working in Open Source for more than a decade, with Kubernetes since 2016 and as a maintainer of Ingress NGINX since 2023!As an SRE, I'm always interested in infrastructure & networking and love learning new stuff while troubleshooting complex platforms.After work, you... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Network

5:25pm MST

The Path to Helm 4 - Matt Farina, SUSE & Andrew Block, Red Hat

Thursday November 14, 2024 5:25pm - 6:00pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Helm, the package manager for Kubernetes, has had a long and storied history alongside Kubernetes, dating back to 2015. As Kubernetes has grown, matured, and evolved, so has Helm. Since Helm is used by communities and organizations throughout the world, it is important that the project remains stable and efficient. For this to occur, Helm utilizes semantic versioning which ensures the CLI and API remain stable. However, as Kubernetes has evolved, it has been difficult to add new capabilities while also complying with these standards. There becomes a point for which breaking changes must be made. For this reason, Helm is embarking on Helm 4 which will help shape the future of the project. In this session, attendees will learn: How Helm remains stable including the safeguards used Why Helm is embarking on a new major version The key the features associated with Helm 4 Helm 3 support, during and afterward How to get involved The future of Helm is NOW and you can participate!

Speakers

Andrew Block

Distinguished Architect, Red Hat

Matt Farina

Distinguished Engineer, SUSE

Thursday November 14, 2024 5:25pm - 6:00pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Helm

5:25pm MST

What's New in SIG-Windows - Mark Rossetti, Microsoft & Aravindh Puthiyaparambil, Softdrive

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 3| 355 BC

At this maintainer track talk we will cover what is new in the Windows Special Interest Group. This talk will mainly focus on kubelet related improvements including memory-pressure eviction support, cpu / topology manager support, and more!

Speakers

Mark Rossetti

Software Engineer, Microsoft

Mark Rossetti is a software engineering focusing on open-source projects at Microsoft and is also the co-chair of Kubernetes' SIG-Windows. Mark focuses on improving the experience of using Windows containers in Kubernetes. Mark has also served on the Kubernetes release team since... Read More →

Aravindh Puthiyaparambil

Director of Engineering, Softdrive

Director of Engineering at Softdrive

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Windows

5:25pm MST

Now You See Me: Tame MTTR with Real-Time Anomaly Detection - Kruthika Prasanna Simha & Raj Bhensadadia, Apple Inc.

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Picture this! You are running an application on a Kubernetes cluster & you notice that your nodes have been restarting and your users are noticing that your application is unreachable. As an engineer, you want to identify these failures in real-time & differentiate these from known states, at scale. But we know, static thresholds fail for dynamic metrics! This session explores real-time anomaly detection for cloud-native systems. We'll show you how to reduce MTTR and mean time to analyse by proactively identifying abnormal application behavior using statistical & machine learning algorithms on time series data from Prometheus. Learn to pinpoint issues, identify missing instrumentation, and visualize anomalies using Grafana. This session equips you to achieve faster issue resolution and maintain optimal application health. We'll demo practical techniques for metrics selection, anomaly detection and proactive issue identification to manage your cloud-native applications.

Speakers

Raj

Machine Learning Engineer, Apple Inc.

Raj Bhensadadia, a machine learning engineer with a passion for leveraging ML technologies to enhance monitoring and analysis of large scale systems and ensure robustness and performance of infrastructure and services.

Kruthika Prasanna Simha

Software Engineer, Apple Inc.

Kruthika is a software engineer at Apple specializing in building ML enabled observability solutions. She holds a Masters in Computer Engineering and has specialized in Machine Learning. In her free time, she likes to dabble with Jupyter Notebooks for running experiments with data... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Any

5:25pm MST

Pod Power: Liberating Kubernetes Users from Container Resource Micromanagement - Dixita Narang, Google & Peter Hunt, Red Hat

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 155 BC

In the dynamic world of Kubernetes, efficient resource management is crucial for optimizing performance and costs. Traditionally, managing resource requests and limits in Kubernetes has focused on individual containers within a pod. While this approach offers granular control, it can become cumbersome and error-prone, particularly for complex applications with multiple containers. Join us as we'll examine the challenges and scalability limitations posed by container resource micromanagement resource allocation. To address this issue, the pod-level feature specification is introduced. In this session, we'll delve into the transition towards pod-level resource specifications, providing an intuitive method for defining resource requests and limits at the pod level, in conjunction with the existing container-level settings. This innovative approach offers enhanced flexibility and optimized resource utilization for a variety of workloads, including those with init containers and sidecars.

Speakers

Peter Hunt

Senior Software Engineer, Red Hat

Peter Hunt is a Senior Software Engineer working at Red Hat. Passionate about free software, Peter focuses on maintaining CRI-O, attending SIG node, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, gardening, and dancing.

Dixita Narang

Software Engineer, Google

Dixita Narang is a Software Engineer at Google on the Kubernetes Node team. With a primary focus on resource management within Kubernetes, Dixita is deeply involved in the development and advancement of the Memory QoS feature, which is currently in the alpha stage. She is a new contributor... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

5:25pm MST

How Google Build Its New Cloud on Top of Kubernetes - Saad Ali, Jie Yu & Prashanth Venugopal, Google

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

“Build a new air-gapped cloud with open source technologies” – this is what a small team at Google was tasked with in late 2021. The team delivered a private cloud platform, complete with managed VMs, databases, AI services, and more. Moreover, it did so by leveraging a number of CNCF technologies, including Kubernetes, Istio, etc. We’ll share the potential of these technologies, as well as their limitations, by explaining how they were used to build a scalable, reliable, and secure cloud platform. We’ll discuss how to implement cloud tenancy concepts, enforce isolation among tenants, and how we built a cloud API leveraging k8s API machinery and service mesh. A key innovation in building the private cloud platform was the “Kubernetes Defined Networking” (KDN) stack we created: by leveraging existing k8s networking features (e.g. load balancer, etc.) along with a few key enhancements, we implemented most of the traditional cloud SDN concepts, like VPC, firewall, VM support, etc.

Speakers

Saad Ali

Senior Engineering Manager, Google

prashanth venugopal

Kubernetes Networking Lead, Google

Prashanth has an almost two decades long career, across various networking market segments. In his current role as the lead architect of Google's Kubernetes networking stack, he helps drive the networking stack's evolution for Google Kubernetes Engine (for the Public Cloud Market... Read More →

Jie Yu

Principal Software Engineer, Google

Jie Yu is a currently a Principal Software Engineer at Google. Jie is currently working on Google Distributed Cloud, and is the leading architect for the product. Prior to Google, Jie was a Chief Architect at Mesosphere (D2IQ), and worked at Twitter. Jie joined Kubernetes community... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Any

5:25pm MST

Multi-Tier Security in WasmCloud: From Developer Constraints to Platform Extensibility - Brooks Townsend, Cosmonic

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 151

In 2024, 96% of codebases contain open source, and 74% of these have high-risk vulnerabilities — a 54% increase from 2023. As open source adoption grows and the cloud native landscape evolves, robust security practices are critical. This session explores wasmCloud, a CNCF platform for distributed WebAssembly applications, focusing on achieving a secure-by-default environment. wasmCloud's multi-tier security model addresses the needs of both developers and platform engineers. Developers work in a deny-by-default mode, requiring explicit declaration of all application capabilities. Platform engineers grant these capabilities in a fine-grained manner and extend security through pluggable services. Grounded in real-world experience and practical demos, you’ll leave this talk with the knowledge to configure and extend security using pluggable services, enabling you to leverage WebAssembly to secure your cloud native applications.

Speakers

Brooks Townsend

Senior Software Engineer II, Cosmonic

Brooks is a Lead Software Engineer at Cosmonic, focusing on harnessing WebAssembly to alleviate the pains of modern software development. Brooks started his software development career with Critical Stack, a Kubernetes container orchestration platform that is now open source. He joined... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Beginner