KubeCon + CloudNativeCon North America 2024: Full Schedule

In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

arrow_back View All Dates

8:00am MST

Badge Pick-Up

Friday November 15, 2024 8:00am - 4:00pm MST

West Temple Entrance (East)

Friday November 15, 2024 8:00am - 4:00pm MST
West Temple Entrance (East)

Registration

8:00am MST

Badge Pick-Up

Friday November 15, 2024 8:00am - 4:00pm MST

200 South Entrance (South)

Friday November 15, 2024 8:00am - 4:00pm MST
200 South Entrance (South)

Registration

9:00am MST

Keynotes To Be Announced

Friday November 15, 2024 9:00am - 10:30am MST

Salt Palace | Level 1 | Hall DE

Friday November 15, 2024 9:00am - 10:30am MST
Salt Palace | Level 1 | Hall DE

Keynote Sessions

10:30am MST

Coffee Break ☕

Friday November 15, 2024 10:30am - 11:00am MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Friday November 15, 2024 10:30am - 11:00am MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

10:30am MST

Solutions Showcase

Friday November 15, 2024 10:30am - 2:30pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Friday November 15, 2024 10:30am - 2:30pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Solutions Showcase

10:40am MST

Project Pavilion Tour with Aditya Soni, CNCF Ambassador

Friday November 15, 2024 10:40am - 11:00am MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Explore the Project Pavilion, a hub of innovation and discovery! Take part in daily tours, interact with project maintainers at their kiosks, gain insights on community engagement and KCD event organization, and learn more about certification opportunities to showcase your expertise.

Friday November 15, 2024 10:40am - 11:00am MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

11:00am MST

Better Together! GPU, TPU and NIC Topological Alignment with DRA - John Belamaric, Google & Patrick Ohly, Intel

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 250

AI/ML workloads on Kubernetes demand ultra-high performance. If your training or multi-GPU inference job spans nodes, your GPUs will use the network, talking through a NIC over local PCIe. But not all NICs are equal! To get the best performance, you need a NIC which is as "close" to the GPU as possible. Unfortunately, the Kubernetes extended resources API does not have enough information and does not give you control over which specific devices are assigned. Dynamic Resource Allocation, the successor API, gives you this power. Come to this session to learn about DRA, how it is improving overall device support in K8s, and how to use it to allocate multiple GPUs, NICs, and TPUs to get the maximum performance out of your infrastructure.

Speakers

Patrick Ohly

Principal Engineer, Intel

Patrick Ohly is a software engineer at Intel GmbH, Germany. In the past he has worked on performance analysis software for HPC clusters ("Intel Trace Analyzer and Collector") and cluster technology in general (PTP and hardware time stamping). Since January 2009 he has worked for Intel... Read More →

John Belamaric

Senior Staff Software Engineer, Google

John is a Sr Staff SWE, co-chair of K8s SIG Architecture and of K8s WG Device Management, helping lead efforts to improve how GPUs, TPUs, NICs and other devices are selected, shared, and configured in Kubernetes. He is also co-founder of Nephio, an LF project for K8s-based automation... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Intermediate

11:00am MST

Open Source 2.0: The Maintainers' Perspective - William Morgan, Buoyant; Ashley Davis, Venafi; Deepthi Sigireddi, PlanetScale

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 255 EF

Open source rules the world, and for a good reason: The code is generally better and more secure, bugs are fixed faster, and more. Virtually all modern applications run on it. But the landscape has changed since the early Linux days. Nights and weekends, volunteer-led projects are increasingly rare. Especially in the CNCF landscape, open source is maintained almost exclusively by companies that pursue a strategic goal, and they need a business justification for paying their engineers. So, who writes the code has changed, but the community's expectations — that it should be free — hasn't. While open source will remain free, the companies behind it must find ways to monetize it — whether through support, enterprise editions, or licensing models. Recent changes, including projects like Terraform, Flux, and Linkerd, highlight the need for a paradigm shift. Join this panel to hear from project maintainers why that is and the future they envision.

Speakers

William Morgan

Linkerd Director, Buoyant CEO, Buoyant

William is a director on the Linkerd project and the co-founder and CEO of Buoyant, the creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, a software engineer at Powerset, Microsoft, and Adap.tv, a research scientist at MITRE. He holds an MS in computer... Read More →

Ashley Davis

Staff Software Engineer, Venafi

As a teenager, Ash taught himself to program after wondering how exactly video games were made. That led to adventures trawling through open source codebases, sparking an interest in computers spanning from bare-metal machine code right up to scalable distributed platforms like Kubernetes... Read More →

Deepthi Sigireddi

Software Engineer, PlanetScale

Deepthi is the Technical lead for Vitess, a CNCF graduated open source project. She also leads the Vitess engineering team at PlanetScale which offers a database service built on Vitess. She brings over 20 years of experience building scalable systems to this role. She enjoys speaking... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 255 EF

Cloud Native Experience

Content Experience Level Any

11:00am MST

Securing Outgoing Traffic: Building a Powerful Internet Egress Gateway for Reliable Connectivity - Edie Yang & Akshita Agarwal, Airbnb

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 155 EF

Concerned about secure and reliable outgoing traffic from your organization's mesh network? With the increasing demand to use external vendor apis for LLMs, along with vulnerabilities like Log4j, the need for preventing data exfiltration and maintaining strong safeguards is critical. But managing access to multiple external domains within the service mesh can be daunting. Discover the secrets behind building a powerful Internet Egress gateway using Istio and Envoy. This enlightening talk unveils a way to define fine-grained access policy to monitor and audit outgoing traffic from your mesh network. Besides, it demonstrates how to build a generic multi-tenant gateway that can be used across heterogeneous services and save years of repeated engineering work. By the end of the talk, attendees will gain an understanding of what an Internet Egress Gateway is, why it is necessary, and how they can configure it for their own services using the open-source Istio/Envoy based solution.

Speakers

Akshita

Senior Software Engineer, Airbnb

Akshita is a Senior Software Engineer at Airbnb working in the Service Mesh team which the handles interservice networking at scale. She currently is focused on designing a secure network edge solution at Airbnb. Previously she worked at Microsoft developing the Nginx Load Balancer... Read More →

Edie Yang

Senior Software Engineer, Airbnb

Edie is a Senior Software Engineer at Airbnb on the Cloud Infrastructure team which develops the Service Mesh system that powers the entire Airbnb stack. Edie has been working on developing service mesh API, service migration automation, Google IAP-based ingress gateway and internet... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

11:00am MST

How We Scale a Distributed SQL Database to 1 PB - Sam Dillard, PingCAP

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | Grand Ballroom GI

TiDB is a distributed SQL database that we built to solve the scalability problems of traditional SQL databases such as MySQL and PostgreSQL. Using TiDB, users do not need to shard their data across multiple MySQL or PostgreSQL database instances, nor do they need to sacrifice some key database features such as JOIN and transactions. Users only need to add storage nodes and computing nodes to the cluster as needed. However, we also encountered many scalability challenges when building TiKV - the stateful storage layer of TiDB. Challenges such as workload skew issues making it difficult to scale performance, management challenges of millions of dynamic data partitions, latency impact during scaling, interference between different workloads when consolidating multiple workloads into the same cluster, etc. In this talk, I will provide an in-depth look at these challenges and our solutions.

Speakers

Sam Dillard

Principle Engineer, PingCAP

Principal Engineer at PingCAP, TiKV maintainer and committer, RocksDB contributor, the author of "MariaDB Principles and Implementation". Mainly engaged in the design and development of cloud-native large-scale distributed storage systems, data platforms, 10+ years of experience in... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

11:00am MST

Achieving and Maintaining a Healthy CI with Zero Test Flakes - Antonio Ojea, Michelle Shepardson & Benjamin Elder, Google

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 3| 355 BC

In the fast-paced world of software development, a reliable and efficient Continuous Integration pipeline is essential. However, flaky tests can cause delays, frustration, and decreased confidence in the codebase. This session will go deep into the strategies, best practices, and tools that the Kubernetes projects use to eliminate flaky tests and achieve a robust CI pipeline that delivers high-quality software consistently.

Speakers

Benjamin Elder

Senior Software Engineer, Google

Benjamin Elder is a Senior Software Engineer at Google working on Kubernetes. Ben is a long time contributor to the project since writing kube-proxy's iptables mode for GSoC 2015 and is an elected member of the Kubernetes Steering Committee.

Michelle Shepardson

Senior Software Engineer, Google

Michelle is a Senior Software Engineer at Google, with over 10 years of experience in developing tooling and helping engineer productivity. As a member and chair of SIG Testing, they primarily focus on developing TestGrid, a tool for visualizing test results in a grid to track patterns... Read More →

Antonio Ojea

Software Engineer, Google

Antonio Ojea is a Software Engineer at Google, where he works on Kubernetes. He is one of the top contributors of the Kubernetes project, with a stronger presence on the areas of networking and reliability. He has a vast experience in Open Source, networking and distributed systems... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Testing

11:00am MST

Bloomberg's Journey to Manage Multi-Cluster Training Application with Karmada - Leon Zhou & Yao Weng, Bloomberg

Friday November 15, 2024 11:00am - 11:35am MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Bloomberg provides an on-premises Data Science Platform using cloud-native software to support internal AI model training. It runs on Kubernetes spanning multiple data centers and featuring a diverse range of GPU types. However, managing such a large-scale and heterogeneous GPU environment poses many challenges, such as improving resource utilization, reducing operational costs, and scheduling workloads across different GPU types. In collaboration with the Karmada community, Bloomberg's Data Science Platform team has aimed to tackle these challenges by addressing multi-cluster batch job management problems. This talk will delve into the approaches the team has adopted, including: - Intelligently scheduling GPU workloads across multiple clusters - Using Karmada's resource interpreter to support Custom Resource Definitions (CRDs) on top of a multi-cluster architecture - Building a highly available Karmada control plane - Establishing a consistent training job submission interface

Speakers

Yao Weng

Senior Software Engineer, Bloomberg

Yao Weng is a Senior Software Engineer on Bloomberg’s Data Science Platform engineering team. She has contributed extensively to optimizing the company’s Kubernetes environment for high performance compute, model inference, and workflow orchestration. Yao Weng obtained her Ph.D... Read More →

Leon Zhou

Software Engineer, Bloomberg

Leon Zhou is a software engineer on the Data Science Platform engineering team at Bloomberg. With prior NLP experience, he is now building ML platforms to facilitate machine learning development. He is interested in ML infrastructure to enable large-scale training and complex pipelines... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Karmada

11:00am MST

CRI-O Features for Fun and Profit - Peter Hunt & Sohan Kunkerkar, Red Hat

Friday November 15, 2024 11:00am - 11:35am MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Are you a cluster admin looking to be on the cutting edge of Kubernetes features? How about an end-user looking to take full advantage of the capabilities of your cluster? This is the talk for you! Join Sohan Kunkerkar and Peter Hunt as they explore recent features in CRI-O and Kubernetes. They'll cover topics such as native sigstore signature support, running Podman in a Kubernetes pod, using OCI artifacts as a volume, and more. In each, they will highlight potential use cases, pitfalls and common patterns, as well as show how to use each in your cluster. If you're interested in the newest at the intersection of Kubernetes and container runtimes, step right up and learn away!

Speakers

Peter Hunt

Senior Software Engineer, Red Hat

Peter Hunt is a Senior Software Engineer working at Red Hat. Passionate about free software, Peter focuses on maintaining CRI-O, attending SIG node, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, gardening, and dancing.

Sohan Kunkerkar

Senior Software Engineer, Red Hat Inc

Sohan Kunkerkar is a Senior Software Engineer at Red Hat, bringing expertise in distributed systems, backend engineering, and containers. His active contributions extend to CRI-O, a container runtime engine, and various sub-projects within the Kubernetes Sig-Node community. Sohan... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, cri-o

11:00am MST

Discover CNCF TAG Runtime: From AI, WASM, OS, Edge to Workloads in the Heart of Salt Lake City - Stephen Rust, Akamai; Rajas Kakodkar, Broadcom; Danielle Tal, Microsoft; Ricardo Aravena, TruEra

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 3 | 355 EF

In this session, we will cover the following: 1) Overview of CNCF open source projects that enable running cloud native workloads. 2) The latest on the many TAG-Runtime working groups, including topics like: a. The Cloud Native AI working group including how AI can help Cloud Native and Cloud Native enables AI. b. Progress in the WASM, Edge, Batch, CDI, and Special Purpose OS working group. 4) Future trends in cloud-native technologies within the TAG scope. 7) How to get involved, grow in the contributor ladder, and have a say in the runtime related projects that get inducted in the CNCF landscape. Come join us and be a part of the many exciting projects under the TAG-Runtime umbrella! By the end of the session, you'll master the runtime related CNCF landscape, discover the latest developments in the TAG-Runtime working groups, learn how to join the communities of your interest, and dive into open-source project contributions. Be a part of this vital and vibrant CNCF community!

Speakers

Ricardo Aravena

Cloud Native Lead, Truera

Ricardo currently works at TruEra as a Cloud Infrastructure Lead helping automate everything with cloud native technologies. He's an open source enthusiast and co-chair of the CNCF TAG-Runtime. He has been working in tech for more than 20 years and comes from a diverse professional... Read More →

Rajas Kakodkar

Senior Member of Technical Staff | Tech Lead TAG Runtime CNCF, Broadcom

Rajas is a senior member of technical staff at Broadcom and a tech lead of the CNCF Technical Advisory Group, Runtime. He is actively involved in the AI working group in the CNCF. He is a Kubernetes contributor and has been a maintainer of the Kube Proxy Next Gen Project. He has also... Read More →

Danielle Tal

PM, Microsoft

Danielle Tal is a Program Manager at Microsoft and an integral part of the team responsible for maintaining Flatcar Container Linux. The team is contributes to Linux OS distributions and Linux Security within Azure and other upstream projects. With a background in supporting diverse... Read More →

Stephen Rust

Principal Architect, Akamai

Stephen Rust is a Principal Architect at Akamai, where he leads Cloud Native architecture within the Akamai Linode Cloud. Stephen has over 20 years of experience in operating systems, storage, and working in open source with containers, Kubernetes, and Cloud Native systems. At Akamai... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Runtime

11:00am MST

Thanos: Intro and Updates - Ben Ye, Amazon Web Services

Friday November 15, 2024 11:00am - 11:35am MST

Hyatt Regency | Level 4 | Regency Ballroom A

Thanos is a popular open-source, highly available Prometheus setup with long-term storage capabilities. Users trust Thanos with deployments that manage billions of series and years of retention in globe-spanning clusters. In this talk, Thanos maintainer will do a introduction and provide updates for the project.

Speakers

Ben Ye

Software Development Engineer, Amazon Web Services

Ben Ye is a software development engineer at AWS. He is a maintainer of Thanos and Cortex, and contributor to many CNCF and Prometheus ecosystem projects, such as Prometheus itself, Prometheus operator, Kubernetes, etc. His interests include observability, distributed systems, storage... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Thanos

11:00am MST

Shopify’s Open Source Approach to Network Monitoring with eBPF, Vector and ClickHouse - Sebastian Rabenhorst & Matt Franklin, Shopify

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | Grand Ballroom HJ

At Shopify, we’ve successfully implemented a scalable, open-source network monitoring solution for the cloud. In this talk, we will demonstrate how we built a network monitoring solution leveraging eBPF, Vector, ClickHouse, and Grafana. This solution enables us to monitor over 30 million network flow, DNS and other networking-related events per second at the container level for thousands of services across hundreds of Kubernetes clusters in the Shopify Cloud. We will also share the lessons we learned regarding these technologies and provide insights on how you can implement your own purely open-source monitoring solution capable of handling millions of events per second.

Speakers

Matt Franklin

Shopify

Sebastian

Senior Production Engineer, Shopify

Sebastian is a Senior Production Engineer at Shopify mostly working on a Thanos-based monitoring solution as part of the observability team.

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Beginner

11:00am MST

The State of Kubernetes Optimization and the Role of AI - James Wilson, nOps; Haoran Qiu, Microsoft; Katie Gamanji, Apple; Jasmine James, Square; Josh Cypher, Sonos

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 155 BC

Featuring a diverse panel of experts, attendees will hear the latest in Kubernetes optimization. The session will encourage and engage attendees to challenge conventional wisdom and explore innovative approaches to optimization. Participants will leave with actionable knowledge and new perspectives they can apply to their own environments. Topics include: - Valuable insights into the current state of AI in optimization, highlighting both its potential and barriers to adoption - How and when AI can be used for real-time decision-making - Exploring the intersection of sustainability and optimization, emphasizing the importance of visibility in driving sustainable practices - The state of multidimensional pod autoscaling and potential to resolve conflicts between horizontal and vertical autoscaling - How new computing options and tools like Karpenter have the potential to disrupt the bin packing problem - How cloud-native projects can leverage new tools to track efficiencies

Speakers

Katie Gamanji

Sr Field Engineer, Apple

Katie is a cloud native leader and practitioner, currently in a Senior Field Engineer role at Apple and a TOC for CNCF. As a platform engineer, Katie contributed to Conde Nast and American Express platforms and at CNCF led the End User Community. Katie is the author of the Cloud Native... Read More →

Haoran Qiu

Research SDE, Microsoft

Haoran Qiu is a Research Software Development Engineer at Microsoft Azure Systems Research. His research interests are in cloud efficiency, ML systems, and applying ML for cloud systems design and operation. Haoran was a recipient of ML and Systems Rising Star by MLCommons in 2023... Read More →

Jasmine James

Head of Development Infrastructure, Square

Jasmine James is an engineering leader at Square heading the Development Infrastructure for the Devices Platform overseeing CI Infrastructure, Developer Experience, and Test Rack teams aiming to streamline development and foster continuous feedback. She is passionate about diversity... Read More →

James Wilson

VP of Engineering, nOps

James has over two decades of experience in tech, with a strong focus in leading engineering teams in building cloud-based solutions. His expertise includes container orchestration, high-speed data transport, and cloud-native architectures. Currently, he leads the engineering team... Read More →

Josh Cypher

Senior DevOps Engineer, Sonos

Josh, a Senior DevOps Engineer at Sonos, has a diverse background in quality assurance and automation. Throughout his career, he has held roles such as tester, backend developer, automation engineer, engineering manager, and head of quality before specializing in DevOps and Kubernetes... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Any

11:00am MST

Upgrade Safely: Avoid the Pitfalls of Kubernetes Versioning - Rob Scott, Google

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 255 BC

Have you ever upgraded a cluster or controller only to realize everything was broken due to some kind of versioning mismatch? Do you remember the pain of upgrading to a new Kubernetes API version like Ingress v1? Do you get a little twinge any time you see a feature or API deprecated in release notes? This is the talk for you. Kubernetes versioning is surprisingly complex and widely misunderstood. This talk will cover all the relevant versioning concepts, from storage versions to feature gates. It will show how they interact with each other, and how you can use this information to safely and confidently upgrade your clusters and controllers. This talk will provide real examples of how versioning mixups can lead to broken clusters and downtime. You’ll learn exactly how you can avoid each of these potential failure modes, and gain some insights into how API and Controller authors are trying to minimize the impact of these kinds of changes in the future.

Speakers

Rob Scott

Software Engineer, Google

Rob is an open source enthusiast currently working on Kubernetes Networking at Google. He's been a maintainer of Gateway API since the very early days of the project and led the development of other Kubernetes networking APIs like EndpointSlices.

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 255 BC

Operations + Performance

Content Experience Level Intermediate

11:00am MST

Platform Engineering in Financial Institutions: The Practitioner Panel - Paula Kennedy, Syntasso; Chris Plank, NatWest Bank; Suhail Patel, Monzo; Jinhong Brejnholt, Saxo Bank; Rachael Wonnacott, Fidelity International

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | Grand Ballroom BDF

In the world of small and large financial institutions, platform engineering is a driver for shipping quickly, safely, and efficiently. This panel brings together seasoned practitioners from leading banks and financial institutions to share their firsthand platform experiences, successes, and challenges. - Discover how platform engineering can enhance developer experience, facilitate rapid innovation and drive efficiencies. - Delve into the complexities of navigating regulatory compliance, specifically when using open source technologies such as Kubernetes. - Learn from the experts' successes, setbacks and strategies (across technology and people), gaining actionable insights for successful implementation. Join us as we discuss the journey of adopting and deploying CNCF technologies at scale within the highly regulated financial sector. We’ll explore practical examples of both successes and incidents where things have gone wrong, providing the audience with valuable takeaways.

Speakers

Paula Kennedy

Chief Operating Officer, Syntasso

Paula is Co-Founder & Chief Operating Officer of Syntasso; previous roles include Senior Director at VMware Tanzu, Pivotal and Co-Founder & Chief Operating Officer of CloudCredo. With 20+ years experience in IT, Paula champions community, diversity and inclusion and has a range of... Read More →

Suhail Patel

Senior Staff Engineer, Monzo

Suhail is a Staff Engineer at Monzo focused on building the Core Platform. His role involves building and maintaining Monzo's infrastructure which spans over two thousand microservices and leverages key infrastructure components like Kubernetes, Cassandra, Etcd and more. He focuses... Read More →

Jinhong Brejnholt

Chief Cloud Architect, Saxo Bank

Jinhong is an accomplished cloud and platform architect, deeply committed to advancing DevSecOps practices and cloud-native technologies. She holds an MSc in Software Development and Technology and is certified as a Kubernetes application developer, administrator, and security specialist... Read More →

Chris Plank

Enterprise Architect & Joint Product Owner, NatWest Bank

Chris Plank is a Enterprise Architect working for NatWest Bank in Edinburgh, Scotland. He has been leading a Platform as a Product initiative within the Bank over the last year looking to radically change the Banks approach to provisioning and maintaining services. Outside of work... Read More →

Rachael Wonnacott

Technical Product Owner, Kubernetes Platform, Fidelity International

Rachael has spent the last decade focused on platform engineering. She places a conscious emphasis on improving flow and is on the quest to smooth the application lifecycle for developers in the enterprise. With a background in astrophysics, Rachael brings her scientific approach... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Any

11:00am MST

Still Don't Do What Charlie Don't Does - Making CRD Changes Safer - Nick Young, Isovalent

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 2 | 251

Many Kubernetes installations use controllers that include Custom Resource Definitions (CRDs) to extend their capabilities. However, because CRDs can only have one version installed in a cluster at any one time, version and change management can be very difficult. This talk will benefit both controller implementers and users. For implementers, I have tips on how to more safely make API changes to their CRDs, and for CRD users, some tips on what to look out for when installing CRD updates. All of this is based on using experience from projects like Contour, Gateway API, and Cilium among others. Learn things like: Different CRD version management strategies - what’s worked and what hasn’t How to make schema changes like pluralizing a field or changing field validation in a safe way How not to make the same mistakes I did Expect to come away from this talk having learned from my painful experiences handling CRD changes badly, but also having heard a bunch of Simpsons references.

Speakers

Nick Young

Senior Software Engineer, Isovalent at Cisco

Nick has been working to prevent the entropic downfall of systems for 25 years, across datacenters, clouds, networking, and others. He's a Staff Engineer at Isovalent, and a maintainer on the Kubernetes Gateway API project, where he works on improving the ingress and mesh experiences... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 2 | 251

Platform Engineering

Content Experience Level Intermediate

11:00am MST

Powering Automatic Authorization in Envoy Through Live Traffic Inspection - Dom Del Nano, Pixie core maintainer

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 151

The dynamic nature of today’s environments coupled with the importance of data privacy has made AuthN/Z crucial for safeguarding sensitive data. However, many large scale environments existed before these best practices and tooling were commonplace. Retrofitting systems requires a deep understanding of service to service access patterns and requires significant effort to achieve least privilege access. While service dependencies are often difficult to track, the rise of zero instrumentation Observability tools has eased access to this data, providing a potential baseline for AuthZ rules. Projects such as CNCF Pixie and Hubble expose language agnostic protocol traces providing full visibility of their environments. Pixie even supplies access to the span payloads making L7 analysis possible. In this talk, we present a case study of using Pixie to generate OPA policies for Envoy AuthZ using real traffic. This approach provides a starting point for scoping permissions on a L7 basis.

Speakers

Dom Del Nano

Dom Delnano, Pixie core maintainer

Dom is a Principal Software Engineer at New Relic working on the Pixie open source project, which provides observability to Kubernetes applications through eBPF based auto instrumentation. Prior to his full time work on Pixie, Dom was at Twitter scaling its internally developed time... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced

11:00am MST

Tutorial: OpenTelemetry Hands-on - Automatic and Manual Instrumentation for Java and Python Apps - Matthias Haeussler, Novatec Consulting GmbH & Tiffany Jernigan, Independent

Friday November 15, 2024 11:00am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

In today's software landscape - in the cloud-native one in particular - observability has become a critical aspect of ensuring the performance, reliability, and security of applications. OpenTelemetry, a standard and OSS observability framework, provides a unified way to collect and export telemetry data from applications and services. This tutorial will guide participants through the process of using OpenTelemetry to instrument a simple application, collect metrics, traces, and logs, and send them to various backends for analysis. It covers the implementation and usage of OpenTelemetry into Python and Java-based applications. The exercises include: the instrumentation of a polyglot microservice application, auto vs. manual instrumentation, evaluating the collected traces, logs and metrics, configuring a collector, analysing the results in Jaeger and Prometheus. This tutorial is made for everyone seeking a pragmatic understanding of OpenTelemetry's immediate benefits.

Speakers

Matthias Haeussler

Chief Technologist, Novatec Consulting GmbH

Matthias Haeussler is Chief Technologist at Novatec Consulting, university lecturer for distributed systems, awarded ambassador of Cloud Foundry and the organizer of the Stuttgart Cloud Foundry Meetup. He advises clients on Cloud strategies and supports implementations and migrations... Read More →

Tiffany Jernigan

Developer Advocate, www.tiffanyfay.dev

Tiffany is a seasoned technologist and content creator in the Cloud Native space. She most recently was a senior developer advocate at VMware. She also formerly worked as a software developer and developer advocate at Amazon, Docker, and Intel. Prior to that, she graduated from Georgia... Read More →

Friday November 15, 2024 11:00am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Observability

Content Experience Level Beginner

11:00am MST

🚨 Contribfest: Kyverno: Lets Build Together!

Friday November 15, 2024 11:00am - 12:30pm MST

Salt Palace | Level 3 | 355 D

Come meet the Kyverno maintainers and community for an hands-on, interactive, workshop and session where we deep dive into the Kyverno project. Kyverno is a cloud native policy as code solution that elegantly solves critical challenges across security, automation, and compliance. You will learn about Kyverno’s architecture, the role of each component, how to try Kyverno, and set up your environment to contribute to the project. This hands-on session will be led by Kyverno maintainers and organized so that both developers as well as non-developers can learn, explore, and contribute!

Speakers

Chip Zoller

Product Manager, Kubecost

Chip Zoller is a technologist, maintainer, and contributor to the Kyverno project where his primary focus is on process, enablement, documentation, automation, policy design and authoring, and community. He is a maintainer and contributor to several other open source projects in the... Read More →

Friday November 15, 2024 11:00am - 12:30pm MST
Salt Palace | Level 3 | 355 D

🚨 Contribfest

11:00am MST

🚨 Contribfest: Making SlimToolkit XRAY Even Easier to Use: Building a Terminal UI

Friday November 15, 2024 11:00am - 12:30pm MST

Salt Palace | Level 3 | 355 A

SlimToolkit has an interactive prompt mode that makes it easy to pick the right flags and values you'd need to configure the tool commands that let you inspect, minify and debug your containers. The interactive prompt mode helps you only with the setup part of the command execution. The command output is still the same CLI text output and it can be improved by presenting the output in a more tabular and a more interactive way. The "XRAY" command in SlimToolkit is a great candidate for this enhancement. The command output gives you a lot of information about the target image including what's inside including the files inside. Let's build a TUI to make it easy navigate the container file system and the discovered metadata. No low level SlimToolkit or container technology domain is necessary. You only need to know basic Go and you need to be open to learning a few of TUI Go libraries (e.g., Bubble Tea, Bubbles and Lip Gloss)

Speakers

Kyle Quest

Founder, AutonomousPlane

Kyle is the creator of DockerSlim, a popular tool to inspect, minify and debug containers. He's the founder/CEO of AutonomousPlane & he's also the founder/CTO of Slim.AI. He's building an autopilot to fix vulnerabilities in application dependencies. Kyle has been building applications... Read More →

Friday November 15, 2024 11:00am - 12:30pm MST
Salt Palace | Level 3 | 355 A

🚨 Contribfest

11:55am MST

Building Massive-Scale Generative AI Services with Kubernetes and Open Source - John McBride, OpenSauced

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 250

At OpenSauced, we power over 40,000 generative AI inferences every day, all through our in-house platform ontop of Kubernetes. The cost of doing this kind of at-scale AI inference with a third party provider API would be astronomic. Thankfully, using Kubernetes, the public cloud, and open-source technologies, we've been able to scale with relatively low costs and a lean stack. In this talk, John will walk through the journey of building a production grade generative AI system using open source technologies, open large language models, and Kubernetes. We'll also explore why we chose to build ontop of Kubernetes for our AI workloads over using a third party provider, and how we're running and managing our AI/ML clusters today. Additionally, we'll dive into the techniques we used to groom our Retrieval-Augmented-Generation pipelines for efficiency ontop of Kubernetes and other practical tips for deploying your own AI services at-scale.

Speakers

John McBride

Sr. Software Engineer, OpenSauced

John is a Sr. Software Engineer at OpenSauced where he also serves as Head of Infrastructure and AI engineer. He is the maintainer of spf13/cobra, the Go CLI bootstrapping library used throughout the CNCF landscape. In the past, he has worked on open source Kuberenetes platforms... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Any

11:55am MST

Improving Service Availability: Scaling Ahead with Machine Learning for HPA Optimization - Avni Sharma & Estela Ramirez, Intuit

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Hall DE

In this talk, we will explore employing machine learning (ML) algorithms to enhance the Kubernetes autoscaling capabilities beyond the traditional, reactive horizontal pod autoscaler (HPA). Attendees will be introduced to how to leverage recommendation algorithms to predict future load and usage patterns, allowing for smarter, proactive scaling decisions. This approach not only ensures high availability and responsiveness of applications but also offers a pathway to substantial cost optimizations by preventing over-provisioning and minimizing resource wastage.

Speakers

Avni Sharma

Product Manager, Intuit

Avni is a Product Manager at Intuit, working on Intuit’s Modern SaaS Kubernetes platform. She also worked on ArgoCD as a PM. Avni is passionate about Developer tooling and strives to make developers' life easier by delivering them delightful experiences. She is also an Open Source... Read More →

Estela Ramirez

Software Engineer, Intuit Kubernetes Service, Intuit

Estela is a Software Engineer at Intuit focusing on Intuit Kubernetes Developer Platform. She works on abstracting the autoscaling for developers.

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

11:55am MST

Accessibility at KubeCon: Deaf Voices in Cloud Native - Rob Koch, Slalom Build; Jay Jackson, CallRevu; Destiny O'Connor, Women Blessing Women; Anastasiia Gubska, BT Group; Travis Johnson, Convo Communications

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Never met a deaf person at a conference? That is not surprising. While there are lots of deaf engineers, until recently, most conferences — and virtually any other community activity — haven't been accessible to deaf community members. But for KubeCon, that all changed exactly a year ago! During this discussion, deaf panelists from various countries will shed light on their unique experiences being deaf in tech and the impact that making KubeCon accessible has had on their lives and hopes for the future. Attendees will learn why the technology space is a great fit for deaf individuals, the benefits and opportunities deaf professionals bring to the table, and what it takes to be an accessible and welcoming community. Panelists will also debunk common misconceptions and empower *you* to take steps toward a more inclusive cloud native ecosystem.

Speakers

Anastasiia Gubska

SRE/DevOps Engineer, BT Group

Anastasiia Gubska, a Deaf SRE/DevOps Engineer at BT Group, develops and implements best practices for software delivery at the UK-based multinational telecommunications company. Passionate about discovering new communities and embracing diverse cultures, Anastasiia is an active member... Read More →

Travis Johnson

Level 3 Engineer, Convo Communications

A Linux aficionado, Travis Johnson is a deaf Level 3 Engineer with 10+ years of experience in the VoIP industry, where he has gained deep knowledge of networking and scripting. A firm believer in lifetime learning, Travis continuously acquires new skills and certifications. Off work... Read More →

Rob Koch

Principal, Slalom Build

A tech enthusiast who thrives on steering projects from their initial spark to successful fruition, Rob Koch is Principal at Slalom Build, AWS Hero, and Co-chair of the CNCF Deaf and Hard of Hearing Working Group. His expertise in architecting event-driven systems is firmly rooted... Read More →

Destiny O'Connor

Co-Chair CNCF Deaf and Hard of Hearing WG, Web Developer, Women Blessing Women

As Co-Chair of the CNCF Deaf and Hard of Hearing Working Group, where I channel my passion for creating a more inclusive tech world for deaf and hard-of-hearing individuals. My mission is to educate the tech community about the unique challenges and experiences of being deaf in this... Read More →

Jay Jackson

Senior Software Engineer, CallRevu

Jay Jackson, a Senior Software Engineer at CallRevu, brings over 2 decades of experience in the tech industry. Jay has navigated this tech journey as a deaf individual, with American Sign Language (ASL) as his primary mode of communication and is passionate about exploring ways to... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Cloud Native Experience

Content Experience Level Any

11:55am MST

Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation

Friday November 15, 2024 11:55am - 12:30pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

This session is a panel discussion moderated by Chris Aniszczyk with members of the Technical Oversight Committee. Feel free to come with questions, but we'll be doing an overview of the Technical Oversight Committee's governance structure, scope, mission and processes.

To learn more about the TOC, visit https://github.com/cncf/toc

Speakers

Chris Aniszczyk

CTO, CNCF

Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Cloud Native Experience

11:55am MST

Introduction to Distributed ML Workloads with Ray on Kubernetes - Mofi Rahman & Abdel Sghiouar, Google

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 255 EF

The rapidly evolving landscape of Machine Learning and Large Language Models demands efficient scalable ways to run distributed workloads to train, fine-tune and serve models. Ray is an Open Source framework that simplifies distributed machine learning, and Kubernetes streamlines deployment. In this introductory talk, we'll uncover how to combine Ray and Kubernetes for your ML projects. You will learn about: - Basic Ray concepts (actors, tasks) and their relevance to ML - Setting up a simple Ray cluster within Kubernetes - Running your first distributed ML training job

Speakers

Abdel Sghiouar

Developer Relations Engineer, Google

Abdel Sghiouar is a senior Cloud Developer Advocate @Google Cloud. A co-host of the Kubernetes Podcast by Google and a CNCF Ambassador. His focused areas are GKE/Kubernetes, Service Mesh and Serverless.

Mofi Rahman

Developer Relations Engineer, Google

Mofizur Rahman (@moficodes) is a Developer Advocate at Google. His favorite programming language these days is Go. He is a strong believer of the power of open source and importance of giving back to the community. He is a self proclaimed sticker collecting addict and has collected... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 255 EF

Cloud Native Novice

Content Experience Level Beginner

11:55am MST

Seeing Double? Implementing Multicast with eBPF and Cilium - Louis DeLosSantos, Isovalent at Cisco

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | 155 EF

Multicast is a popular networking technology used in finance, telecommunications, and media CDNs, among others to efficiently replicate and deliver data streams to multiple clients. However, this advantage can be overshadowed by the complexity involved in configuring the necessary infrastructure leaving the overworked platform team rather than the end users seeing double. To combat this complexity, Cilium explored using eBPF to implement pod-to-pod multicast delivery within a Kubernetes cluster. This talk will provide both a high and low level understanding of how eBPF can be used to implement multicast delivery. It will discuss how Cilium’s multicast works and the hurdles faced by the project along the way. By the end of this talk the audience will have a better understanding of how multicast functions, how eBPF can be used in-place of traditional multicast infrastructure, and how Cilium can be used as a multicast-enabled CNI, letting your audience - and not you- see double.

Speakers

Louis De Los Santos

Louis DeLosSantos, Isovalent at Cisco

Louis DeLosSantos is a multi-disciplined technologist who has worn network, systems, and software engineer hats at various times. Presently he works at Isovalent at Cisco where he focuses on Linux Kernel networking and implementing eBPF datapath networking solutions.

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

11:55am MST

Kubernetes on Multisites – A Story About Stateful App, Hybrid Clouds, and High Availability - Florian Coulombel, Dell Technologies & Jan Šafránek, Red Hat

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom GI

The day has come! Kubernetes has won the hearts and minds of your leadership and entire organizations, and everyone wants to benefit. Projects are launched to migrate legacy apps, run proprietary systems, and even use virtual machines in your Kubernetes infrastructure! But wait a minute. VMs and good' ol RDBMS are not microservices developed with 12 factors in mind where data is either hosted on an external service or replicated by the application. How are we going to warranty the availability of these applications and systems? Do I need to do a backup of these things? What if my business is fragmented across edge, on-prem, and public clouds? Members from SIG Storage will guide you through the options to compose with, including the latest CSI features, Kubernetes architecture design, and even hardware solutions. We will evaluate the benefits to consider and the pitfalls to avoid when implementing stateful workloads in Kubernetes on multiple sites.

Speakers

Jan

Software Engineer, Red Hat

Jan is a Senior Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 8 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →

Florian Coulombel

Senior Software Engineer, Dell Technologies

Father of 2, living in France. Nerd since 1996 when Quake alpha version leaked, Linux user since 2001, Kubernetes enthusiast since 2016, member of Kubernetes SIG Storage since 2023.

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

11:55am MST

Crossplane Intro and Deep Dive - The Cloud Native Control Plane Framework - Jared Watts, Upbound

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 3 | 355 EF

The maintainers of Crossplane, a CNCF Incubating project, will lead this session that will introduce the project to new attendees, as well as dive deeper into details of Crossplane’s latest features and releases. There is always something new to show off at Kubecon! We will start with the basics on how Crossplane enables you to compose cloud infrastructure and services into custom platform APIs, and accelerate the journey of folks new to Crossplane to build a control plane of their own. Then we will take a detailed tour through the key features from the latest releases and how to adopt them into your platforms, including high level metrics, change logs, claim errors/status, and more! Finally, there will be an interactive opportunity to engage with the maintainers, ask questions, and influence the future of the project direction.

Speakers

Jared Watts

Founding Engineer, Upbound

Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a co-creator of the open source Crossplane (https://crossplane.io) and Rook (https://rook.io) projects. Prior to... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Crossplane

11:55am MST

WG Serving: Accelerating AI/ML Inference Workloads on Kubernetes - Eduardo Arango Gutierrez, NVIDIA & Yuan Tang, Red Hat

Friday November 15, 2024 11:55am - 12:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

The emergence of Generative AI (GenAI) has introduced new challenges and demands in AI/ML inference, necessitating advanced solutions for efficient serving infrastructures. The recently created Kubernetes Working Group Serving (WG Serving) is dedicated to enhancing serving workload on K8s, especially for hardware-accelerated AI/ML inference. This group prioritizes compute-intensive inference scenarios using specialized accelerators, benefiting various serving workloads such as web services and stateful databases. This session will dive into WG Serving's initiatives and workstreams. We will spotlight discussions and advancements in each workstream. We are also actively looking for feedback and partnership with model server authors and other practitioners who want to utilize powers of K8s for their serving workloads. Join us to gain insight into our work and learn how to contribute to advancing AI/ML inference on K8s.

Speakers

Yuan Tang

Principal Software Engineer, Red Hat

Yuan is a principal software engineer at Red Hat, working on OpenShift AI. Previously, he has led AI infrastructure and platform teams at various companies. He holds leadership positions in open source projects, including Argo, Kubeflow, and Kubernetes. He's also a maintainer and... Read More →

Eduardo Arango Gutierez DE

Senior systems software engineer, NVIDIA

Eduardo is a Senior Systems Software Engineer at NVIDIA, working on the Cloud Native Technologies team. Eduardo has focused on enabling users to build and deploy containers on distributed environments.

Friday November 15, 2024 11:55am - 12:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, Serving

11:55am MST

What's New in Operator Framework?! - Bryce Palmer, Rashmi Gottipati & Lalatendu Mohanty, Red Hat; Attila Meszaros, Apple

Friday November 15, 2024 11:55am - 12:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

The Operator Framework has gone through a lot of change in the last year! Interested in the current state of Operator Lifecycle Manager (OLM)? Join us as we highlight the OLM v1.0.0 roadmap, current progress, plans beyond v1.0.0 (helm support?!), and the core tenets behind the OLM v1 design. Want to know what’s new with the Java Operator SDK? Stop by to learn what’s coming up in Java Operator SDK v5. Curious about what is happening with the Operator-SDK? Swing in for an update on the current state of the Operator-SDK and future plans.

Speakers

Attila Meszaros

Senior Software Engineer, Apple

For more than ten years I was designing and implementing software solutions, architectures and services and related tooling. Then I spent a few years focusing more on building platforms on top of Kubernetes in some excellent platform teams. I'm one of the creators and currently full... Read More →

Lalatendu Mohanty

Principal Software Engineer at Red Hat, Red Hat

I am a free software enthusiast and advocate. I have been contributing to open source or free software for more than 12 years now.

Bryce Palmer

Senior Software Engineer, Red Hat

Software engineer passionate about building developer tooling in the cloud native space.

Rashmi Gottipati

Senior Software Engineer, Red Hat

Rashmi joined Red Hat in 2020 as a Senior Software Engineer. Since then she has been a part of Operator SDK, and has been an active maintainer of the Operator-Framework project. Currently, her focus lies in the next major iteration of Operator Lifecycle Manager, which provides APIs... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Operator Framework

11:55am MST

Working Together to Improve Security Visibility in Kubernetes - Rita Zhang & Jeremy Rickard, Microsoft

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 3| 355 BC

Ensuring the security of Kubernetes is a team sport. When a CVE is reported to the SRC for Kubernetes, a process is kicked off that involves a lot of coordination between SRC, contributors from different SIGs, and SIG Release, ultimately resulting in new Kubernetes Releases. Once released, an automatic CVE feed provides a programmatic way to understand the security of the releases. For other security issues, like dependency vulnerabilities and false positives, it isn’t quite as easy to get a full picture. SIG Security, SIG Release, and SRC are working to make this better and in this session we will share more about how things work today and what we plan to do in the future to improve the security visibility of the releases and artifacts produced by the project!

Speakers

Jeremy Rickard

Principal Software Engineer, Microsoft

Jeremy Rickard is a principal software engineer at Microsoft where he works on the Azure Container Upstream team. He is currently a co-chair for SIG Release and serves on both the CNCF and the Kubernetes Code of Conduct Committees. He was also the Kubernetes 1.20 Release Lead.

Rita Zhang

Principal software engineer, Kubernetes SIG Auth co-chair, Security Response Committee, Microsoft

Rita Zhang is a Principal software engineer at Microsoft, based in San Francisco bay area. She leads the Azure Container Upstream team of maintainers and contributors building features for Kubernetes upstream, CNCF projects, and for Azure Kubernetes Service. She is a Kubernetes sig-auth... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Security

11:55am MST

Strategies for Mitigating Performance Interference in Cloud-Native Systems - Jonathan Perry, Startup

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | 155 BC

In cloud-native environments, application performance often degrades due to contention over shared resources such as CPU caches and memory bandwidth. Current container technologies lack mechanisms to isolate these resources, which compels operators to maintain low utilization by scaling out their deployments. This session explores strategies used by hyperscalers like Google, Microsoft, Facebook, and Alibaba to mitigate such performance interference. We will review their published methodologies, extracting key principles that could guide the development of a Kubernetes-native performance isolator. Participants will gain insights into the design trade-offs and operational impacts of these tools. Additionally, we will discuss integration strategies for deploying such isolators in existing Kubernetes environments, aiming to optimize resource utilization while preserving application performance.

Speakers

Jonathan Perry

Founder, State-fu

Jonathan Perry is a maintainer of the OpenTelemetry eBPF network collector. His PhD research at MIT CSAIL focused on performance isolation in datacenter and cloud networks, aiming to enhance network efficiency and reduce latency. Jonathan founded Flowmill, where he developed eBPF-based... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

11:55am MST

What Containerd 2.0 Means for You - Samuel Karp, Google

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 255 BC

containerd 2.0 is the first major new version of containerd since 1.0.0 was released in 2017. This new version of containerd introduces new features, new extension points, and new backends for image operations and CRI with the goal of increased flexibility and better efficiency for certain types of workloads. containerd 2.0 also removes some previously-deprecated features in favor of modern replacements. This talk will discuss how to prepare for containerd 2.0 in your production environments, including strategies for incorporating containerd 2.0's new functionality and detecting/remediating any impact of removed features prior to upgrading.

Speakers

Samuel Karp

Staff Software Engineer, Google

Samuel Karp is a containerd maintainer and a Staff Software Engineer at Google, focused on the container runtime for Google Kubernetes Engine. Sam has been involved in the container ecosystem since 2014 and serves as the Chair of the Open Container Initiative's Technical Oversight... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 255 BC

Operations + Performance

Content Experience Level Intermediate

11:55am MST

Kubernetes Upgrades: Less Pain, More Gain (and Maybe a Little Swearing) - Jago Macleod, Google

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Kubernetes upgrades are a major pain point for many users, often due to the complexity of managing multiple, independently versioned components. This talk will delve into the strategies and best practices for minimizing disruption and maximizing success during Kubernetes upgrades. We'll explore: - Common pitfalls and challenges faced during upgrades - Practical tips for smoother, more reliable upgrade processes - The risks of relying solely on Long Term Support (LTS) versions - Improving upgrade reliability for all Kubernetes users, regardless of their chosen platform Led by the head of both OSS Kubernetes and GKE Release and Upgrades at Google, this talk will provide valuable insights and actionable advice for anyone looking to create a sustainable and successful upgrade strategy. Whether you're a seasoned Kubernetes veteran or just getting started, this session will equip you with the knowledge and tools to navigate the complex landscape of Kubernetes upgrades.

Speakers

Jago Macleod

Engineering Director, Google

Jago Macleod is an Engineering Director at Google, where he leads much of the Kubernetes and Google Kubernetes Engine (GKE) team, which gives him the opportunity to work with some of Google Cloud’s largest customers. Prior to working at Google, Jago helped make the smart homes that... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Any

11:55am MST

Share the Ride: Robust Multi-Tenancy in Kubernetes at Uber - Sashank Appireddy & Apoorva Jindal, Uber

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 251

Multi-tenancy in Kubernetes involves the coexistence of multiple users or teams (tenants) on a single Kubernetes cluster while ensuring isolation, security, and performance. Our use cases at Uber span from scenarios with disruptive neighbors to those with large container sizes, specialized hardware, sticky placement preferences, and dynamic resource scaling demands, necessitating robust isolation measures. In this proposal, we present a comprehensive exploration of multi-tenancy in Kubernetes, covering strategies, the challenges we have faced and the effective solutions implemented to overcome them at Uber. Further, we will deep dive into the key aspects of building and managing multi-tenant Kubernetes clusters, by establishing strong tenant boundaries leveraging the ideas around node pools and tightly integrating with namespaces.

Speakers

Apoorva Jindal

Senior Staff Software Engineer, Uber Inc

Apoorva Jindal is working as Senior Staff Software Engineer at Uber. At Uber, he leads the Compute platform which powers all stateless and batch containerized workloads at Uber.

Sashank Reddy

Staff Software Engineer, Uber Technologies Inc

I am software engineer with over a decade of experience specializing in containerization and distributed systems. As a Staff Software Engineer in the container platform team at Uber Technologies Inc, I lead the design, development and deployment of scalable multi-tenant architecture... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 251

Platform Engineering

Content Experience Level Intermediate

11:55am MST

Rogue No More: Securing Kubernetes with Node-Specific Restrictions - Anish Ramasekar, Microsoft & James Munnelly, Apple

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 1 | 151

Did you know that a component running across multiple nodes, such as in a daemonset, intended to perform node-specific actions, can pose a significant security risk? If any node the component is running on goes rogue, it can lead to attacks on the cluster, or even worse, a complete takeover of it. What if we could restrict the component's ability to write resources only to those belonging to the node it is running on to prevent such escalation attacks? In this talk, Anish and James will introduce new Kubernetes security enhancements to bound service account tokens, which can be used with validating admission policies to enforce per-node restrictions on service accounts. This session will provide you with practical implementation guidelines and show you how these enhancements can mitigate risks and protect your infrastructure with robust node isolation.

Speakers

James Munnelly

Staff Field Engineer, Apple

James Munnelly is a Field Engineer at Apple, helping customers adopt and adapt Kubernetes, and driving adoption of OSS cloud native technologies. James is also the founder of the cert-manager project, a Kubernetes extension for managing x509 certificates. He's an active member of... Read More →

Anish Ramasekar

Principal Software Engineer, Microsoft

Anish Ramasekar is a software engineer at Microsoft. He is on the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects that are part of the Azure Kubernetes Service. Anish is a maintainer of the Secrets Store CSI Driver project.

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate

12:30pm MST

Project Pavilion Tour with Seema Saharan, CNCF Ambassador

Friday November 15, 2024 12:30pm - 12:50pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Friday November 15, 2024 12:30pm - 12:50pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Project Opportunties

12:30pm MST

Lunch 🍲

Friday November 15, 2024 12:30pm - 2:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Friday November 15, 2024 12:30pm - 2:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Breaks

2:00pm MST

Bloomberg’s Journey to Improve Resource Utilization in a Multi-Cluster Platform - Yao Weng & Leon Zhou, Bloomberg

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 2 | 250

Bloomberg provides an on-premises Data Science Platform (DSP) using cloud-native software to support internal AI model training. It runs on Kubernetes clusters spanning multiple data centers and featuring a diverse range of GPU types. However, managing such a large-scale and heterogeneous GPU environment poses many challenges, such as improving resource utilization, reducing operational costs, and scheduling workloads across different GPU types. In collaboration with the Karmada community, Bloomberg's DSP team has aimed to tackle these challenges by addressing multi-cluster batch job management problems. This talk will delve into the approaches the team has adopted, including: - Intelligently scheduling GPU workloads across multiple clusters - Using Karmada's resource interpreter to support Kubernetes Custom Resource Definitions (CRDs) on top of a multi-cluster architecture - Building a highly available Karmada control plane - Establishing a consistent training job submission interface

Speakers

Leon Zhou

Software Engineer, Bloomberg

Yao Weng

Senior Software Engineer, Bloomberg

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Intermediate

2:00pm MST

From Vectors to Pods: Integrating AI with Cloud Native - Rajas Kakodkar, Broadcom; Kevin Klues, NVIDIA; Joseph Sandoval, Adobe; Ricardo Rocha, CERN; Cathy Zhang, Intel

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | Hall DE

The rise of AI is challenging long-standing assumptions about running cloud native workloads. AI demands hardware accelerators, vast data, efficient scheduling and exceptional scalability. Although Kubernetes remains the de facto choice, feedback from end users and collaboration with researchers and academia are essential to drive innovation, address gaps and integrate AI in cloud native. This panel features end users, AI infra researchers and leads of the CNCF AI and Kubernetes device management working groups focussed on: - Expanding beyond LLMs to explore AI for cloud native workload management, memory usage and debugging - Challenges with scheduling and scaling of AI workloads from the end user perspective - OSS Projects and innovation in AI and cloud native in the CNCF landscape - Improving resource utilisation and performance of AI workloads The next decade of Kubernetes will be shaped by AI. We don’t yet know what this will look like, come join us to discover it together.

Speakers

Ricardo Rocha

Lead Platforms Infrastructure, CERN

Ricardo leads the Platform Infrastructure team at CERN with a strong focus on cloud native deployments and machine learning. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination and training... Read More →

Kevin Klues

Distinguished Engineer, NVIDIA

Kevin Klues is a distinguished engineer on the NVIDIA Cloud Native team. Kevin has been involved in the design and implementation of a number of Kubernetes technologies, including the Topology Manager, the Kubernetes stack for Multi-Instance GPUs, and Dynamic Resource Allocation (DRA... Read More →

Joseph Sandoval

Principal Product Manager, Adobe Inc.

Joseph Sandoval, a seasoned tech expert with 25 years in various roles running distributed systems, infrastructure platforms and thrives on empowering developers to scale their applications. An advocate for OpenSource software, he harnesses its transformative power to champion change... Read More →

Cathy Zhang

senior principal engineer, Intel

As a member of the CNCF TOC, Cathy has been sponsoring and guiding projects' applications for graduation/incubating, and reviewing/approving new sandbox projects. She has been a committee member for several KubeCon. Cathy is a currently Senior Principal Engineer at Intel, leading... Read More →

Rajas Kakodkar

Senior Member of Technical Staff | Tech Lead TAG Runtime CNCF, Broadcom

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Any

2:00pm MST

Can You Put a Price Tag on Open Source? - Mario Fahlandt, Kubermatic & Bob Killen, CNCF

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Earlier this year, the Harvard Business School released the paper titled “The Value of Open Source Software,” estimating the worldwide value of OSS at 8.8 trillion, and on average, it would cost companies at least 3.5x more to develop similar projects internally. Yet, many organizations and engineers struggle to understand or realize this kind of value from contributing to these projects. In this talk, Bob and Mario will discuss the many benefits individuals and companies can achieve by contributing to open source and guide you through the first steps to becoming a contributor. They will also cover how to develop a lightweight open source strategy and convince your organization that an open source first approach can yield great returns.

Speakers

Mario Fahlandt

Service Delivery Architect, Kubermatic

Mario is working as a Customer Delivery Architect @Kubermatic with the focus on planning and building concepts and architecture for Infrastructure in the cloud native world.He started the GDG Munich for Cloud and became a GDE in 2019. In the Kubernetes project he is involved in SIG-ContribEx... Read More →

Bob Killen

Senior Technical Program Manager, CNCF

Bob is a Program Manager at the Google Open Source Programs Office with a focus on Cloud Native computing. He serves the Kubernetes project as a Steering Committee member and chair of the Contributor Experience SIG. Bob comes from an academic background, spending 15 years at the University... Read More →

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Cloud Native Experience

Content Experience Level Any

2:00pm MST

Testing Kubernetes Without Kubernetes: A Networking Deep Dive - John Howard, Solo.io

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | 155 EF

There are few things more tedious than waiting for a long end-to-end test to run. Waiting for a new cluster to spin up, images to build and push - not to mention things like debugging or running on slow internet connections. Unfortunately, these complex setups are hard to avoid, especially if we are testing things deeply integrated into Kubernetes networking, such as CNIs, kube-proxy, services meshes, and more. It doesn't have to be this way! In this talk, I will give a deep dive on how we built out our testing strategy for our Kubernetes networking proxy to not really depend on Kubernetes (or docker, or root). In doing so, I will not only offer a glimpse behind the scenes of Istio development, but also give viewers a deeper understand of how the fundamentals of Kubernetes (Linux primitives like namespaces) work, and how they can be effectively used to improve tests in the Istio ecosystem and beyond.

Speakers

John Howard

John Howard, Solo.io

John Howard is a Senior Architect at Solo.io and Istio Technical Oversight Committee member.

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

2:00pm MST

Object Storage Is All You Need - Justin Cormack, Docker

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | Grand Ballroom GI

When Jeff Bezos commissioned Amazon S3 he called it "malloc for the web"; since then many people have considered cloud object storage to be a weird kind of non Posix filesystem, but also a great backing store for websites or storing lots of data. Recently more and more applications are being built with object storage as the entire persistence layer. This started with analytics databases such as Snowflake and Databricks, and the open source Delta Lake and Apache Iceberg projects. More recently the use is spreading to even more applications, from observability to streaming data and more. In this talk we look at why it is becoming so popular, the benefits, downsides and performance characteristics, and how and when to use it effectively.

Speakers

Justin Cormack

CTO, Docker

Justin is the CTO of Docker, recently a member of the CNCF TOC, and has been working in the container ecosystem and in supply chain security for many years.

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

2:00pm MST

Faster Containerized LLM Serving via Knowledge Sharing - Junchen Jiang, University of Chicago & Zhou Sun, Mooncake Labs

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 2 | 255 EF

Imagine once an LLM learns something from a document, the knowledge can be instantly shared with other LLMs. Unfortunately, today, LLMs must read the same document multiple times, causing a significant slowdown. This session will introduce a new KNOWLEDGE-SHARING system that enables LLMs to share their digested knowledge, in the form of KV caches, so only one LLM needs to process each document. The key challenge is how to store the KV caches cheaply and serve them quickly. Instead of keeping the KV caches of all reusable chunks in GPU/CPU memory, we show a DEMO that with careful implementation on Kubernetes, storing them on cheaper devices is not only economically superior but also delivers significant reductions in LLM serving delay, especially the time to the first token.

Speakers

Junchen Jiang

Professor, University of Chicago

Junchen Jiang is an Assistant Professor of Computer Science at the University of Chicago. He works at the intersections between networked systems and machine learning. He received his Ph.D. from CMU in 2017 and his bachelor’s degree from Tsinghua in 2011. He has received a Google... Read More →

Zhou Sun

CEO, Mooncake Labs

Mooncake Labs is working on the next generation of stateless data architecture, bringing database performance and functionality to structured and unstructured data in datalakes and raw datasets. Previous I lead the query team at SingleStore (cloud-native distributed HTAP database... Read More →

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Intermediate

2:00pm MST

Are Your Microservices Truly Scaling? A Framework for Unlocking the Stateful Backend - Sam Dillard, PingCAP

Friday November 15, 2024 2:00pm - 2:35pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

Kubernetes has forged the way to microservice applications. Most of the reasons we disaggregate applications lead back to how each component scales. The backend components of these scaling applications are a sticking point for R&D organizations and a major reason applications aren't as agile as they otherwise could be. When applications scale, data systems undergo a lot of change proportionally. For example, table and index scans travel further, index creation re-organizes more data, backups and restores get slower, data integrity loosens, changefeeds get thicker, and staff spreads thinner. The system that scales best is the one in which these dimensions are impacted the least.

Speakers

Sam Dillard

Principle Engineer, PingCAP

Friday November 15, 2024 2:00pm - 2:35pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, TiKV

2:00pm MST

Contributing to Kubernetes in Its Second Decade - SIG ContribEx Style! - Kaslin Fields, Google; Priyanka Saggu, SUSE; Madhav Jivrajani, UIUC; Nabarun Pal, Independent

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 3| 355 BC

The success and sustainability of the Kubernetes project hinges on its diverse contributor base. In this session, we will explore how the Kubernetes Special Interest Group Contributor Experience (SIG ContribEx) empowers contributors, optimizes workflows, & fosters sustained project growth. We will address the challenges of managing an expanding contributor base, the tradeoffs between attracting new contributors and growing existing ones, all while upholding high standards of code quality, stability, and the right balance between feature development, bug fixes & security enhancements. We will highlight the importance of clear communication channels, our mentorship programs, and knowledge sharing initiatives. We will also share valuable insights into the recent updates about Kubernetes community org membership, the advancements made in the automated assessment tool for membership statistics & more. So, join us in this session to gain insights about ContribEx's many diverse programs.

Speakers

Nabarun Pal

Staff Engineer at VMware, Kubernetes Steering Committee and Maintainer, Broadcom

Nabarun is a Staff Software Engineer at VMware by Broadcom, a maintainer of the Kubernetes project, an elected Kubernetes Steering Committee member and a chair of Kubernetes SIG Contributor Experience. He is a Release Manager for Kubernetes and has been the Kubernetes 1.21 Release... Read More →

Priyanka Saggu

Kubernetes GitHub Admin, SIG Contribex Technical Lead, 1.31 Emeritus Advisor, 1.29 Release Lead, SUSE

Priyanka Saggu is a Kubernetes Engineer at SUSE, and has made significant contributions to Kubernetes project via Release, ContribEx, Testing and CLI SIGs. She's the Emeritus Advisor for Kubernetes 1.31 release cycle, Release Lead for Kubernetes 1.29, Kubernetes GitHub Admin, and... Read More →

Madhav Jivrajani

Independent, UIUC

Madhav is currently working at VMware on upstream Kubernetes. He has been a part of the Kubernetes community for about a year and mainly helps out with SIG-{Contribex, Node, Architecture, API-Machinery}. He was also involved with the structured logging efforts in the Kubernetes project... Read More →

Kaslin Fields

OSS K8s & GKE Developer Advocate, Google

Kaslin Fields is a Developer Advocate at Google Cloud, a Container enthusiast and creator of tech comics. She uses her knowledge of DevOps technologies and methodologies to help others as they enter the Cloud Native world. By creating comics about DevOps tech, she hopes to make learning... Read More →

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Contributor Experience

2:00pm MST

Exploring KubeEdge: Architecture, Use Cases, and Project Graduation Updates - Yin Ding, Google & Hongbing Zhang, Daocloud

Friday November 15, 2024 2:00pm - 2:35pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

In this session, KubeEdge project maintainers will provide an overview of KubeEdge's architecture and its industry-specific use cases. The session will begin with a brief introduction to edge computing and its growing importance in IoT and distributed systems. The maintainers will then delve into the core components and architecture of KubeEdge, demonstrating how it extends Kubernetes' capabilities to manage edge computing workloads efficiently. They will share success stories and insights from organizations that have deployed KubeEdge in various edge environments, such as smart cities, industrial IoT, edge AI, robotics, and retail, highlighting the tangible benefits and transformational possibilities. Additionally, the session will introduce the certified KubeEdge conformance test, discuss advancements in technology and community governance within the KubeEdge project, and share the latest updates on the project's graduation status.

Speakers

Hongbing Zhang

Chief Operating Officer, Daocloud

Hongbing Zhang is Chief Operating Officer of DaoCloud. He is a veteran in open source areas, he founded IBM China Linux team in 2011 and organized team to make significant contributions in Linux Kernel/openstack/hadoop projects. Now he is focusing on cloud native domain and leading... Read More →

Yin Ding

Engineering Manager, google

Yin Ding, an Engineering Manager at Google, lead the Kubernetes Hardening team and brings over 15 years of expertise in large-scale and distributed computing. As a co-founder of the CNCF KubeEdge open-source project and the TSC Chair of LF Edge Akraino, Yin Ding has made significant... Read More →

Friday November 15, 2024 2:00pm - 2:35pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, KubeEdge

2:00pm MST

KubeVirt: Enhancements and the Road Ahead - Vladik Romanovsky & David Vossel, Red Hat

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 3 | 355 EF

It's been a big year for KubeVirt. Join us for a detailed update on major advancements introduced over the past year and our plans, including CNCF Graduation. We'll cover some of our recent features: "VM rollout strategy," which changes the update management for running virtual machines; "VM Volume migration," which provides a declarative API to move data between volumes; and we introduce the "Application Aware Quota" operator, a solution that addresses the limitations of Kubernetes' native resource quota system and provides an alternative implementation of resource counting. Looking forward, we will also discuss our desire to improve the control over migration convergence, support for (DRA) Dynamic Resource Allocation to optimize resources handling and allocation, and introduce SWAP support for virtual machines, enabling performance improvements and flexibility. This session is designed to provide valuable insights for current users and those who are new to KubeVirt.

Speakers

Vladik Romanovsky

Senior Principle Software Engineer, Red Hat

Developer and a maintainer of the KubeVirt Project. Interested in Kubernetes and Virtualization.

David Vossel

Senior Principal Software Engineer, Red Hat

David Vossel is a Senior Principal Software Engineer at Red Hat. He is currently the lead developer working on the Hosted Control Planes for OpenShift Virtualization platform and is a core contributor to the open source KubeVirt project.

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, KubeVirt

2:00pm MST

Vitess: Introduction, New Features and Running in Production - Deepthi Sigireddi, PlanetScale; Derek Perkins, Nozzle; Sudhi Vijayakumar, Backblaze

Friday November 15, 2024 2:00pm - 2:35pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Welcome to the Vitess maintainer track session! Today, you will learn what Vitess is, hear about its high level architecture and the feature set it offers. After that, you will hear real-world stories about Vitess adoption and production usage at Backblaze, Nozzle and PlanetScale. You will finally hear about what is new in recent Vitess releases and get a preview of planned features.

Speakers

Sudhi Vijayakumar

Backblaze

Derek Perkins

CEO, Nozzle

Derek is the Founder and CEO of Nozzle. He has been building database driven software since 1999, is a maintainer of Vitess.io, and has been a top BigQuery user for over a decade.

Deepthi Sigireddi

Software Engineer, PlanetScale

Friday November 15, 2024 2:00pm - 2:35pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Vitess

2:00pm MST

Supercharge Your Kubernetes Autoscaling with Custom Metrics - Vamshi Krishna Samudrala & Sravan Akinapally, American Airlines

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | 155 BC

Out-of-the-box, Kubernetes provides native horizontal scaling capabilities driven by conventional resource consumption signals like CPU and memory utilization. However, in the real world, numerous applications demand dynamic scaling orchestrated by custom business telemetry such as queue depths, throughput volumes, or other domain-specific indicators. This session will unravel the secrets of extending Kubernetes' Horizontal Pod Autoscaler (HPA) to leverage custom metrics as scaling triggers, unlocking unprecedented scaling autonomy. Attendees will witness live demos showcasing: Deploying a custom metrics provider to expose application-centric metrics to the Kubernetes control plane Configuring the HPA to consume these custom metrics for intelligent scaling decisions A sample application dynamically scaling based on a custom metric like queue length or requests per second Best practices for crafting bespoke scaling policies tailored to custom metrics.

Speakers

Vamshi krishna Samudrala

Enterprise Cloud Architect, American Airlines

Enterprise Architect with a distinguished career spanning 14 years in the fields of DevOps and Cloud Architecture. Focused on automation, configuration management and innovation with cutting-edge technologies.Worked extensively with leading cloud service providers, including Amazon... Read More →

Sravan Akinapally

Product Tech Lead, American Airlines

Product Tech Lead

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

2:00pm MST

Micro-Segmentation and Multi-Tenancy: The Brown M&Ms of Platform Engineering - Jim Bugwadia, Nirmata & Rachael Wonnacott, Fidelity International

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

A key requirement for internal developer platforms is that they serve multiple workloads. The reality of platform engineering is that while it seeks to lower the barrier to entry for teams to deliver applications, it must also balance cost and ensure appropriate levels of security. It’s therefore essential to consider how application components running on shared infrastructure are allowed to communicate with each other and weigh up the cost of each architecture. In industry, we have seen differing approaches to deploying Kubernetes to achieve these goals, from multiple single-tenant clusters through to shared clusters that deliver namespaces-as-a-service. Rachael and Jim will define the concepts of multi-tenancy and micro-segmentation for cloud native systems, explain why they are critical to success with platform engineering. They will also show real-world examples of how they can be implemented, and demonstrate full automation using best practices like GitOps and Policy as Code.

Speakers

Jim Bugwadia

Co-founder and CEO, Nirmata

Jim Bugwadia is a co-founder and the CEO of Nirmata, the Kubernetes policy and governance company. Jim is an active contributor in the cloud native community and currently serves as co-chair of the Kubernetes Policy and Multi-Tenancy Working Groups. Jim is also a co-creator and maintainer... Read More →

Rachael Wonnacott

Technical Product Owner, Kubernetes Platform, Fidelity International

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Intermediate

2:00pm MST

The Missing Talk About API Versioning & Evolution in Your Developer Platform - Stefan Schimanski, Upbound & Sergiusz Urbaniak, Independent

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 2 | 251

In the realm of developer platforms, individuals without extensive experience in the cloud-native ecosystem are now venturing into the creation of Kubernetes-based APIs. Tools like Crossplane are transforming every platform engineer into an API designer. Ten years in, the ecosystem still offers little guidance on Kubernetes versioning and API evolution in practice. A naive understanding is not helpful, and many have been burned by relying on intuition. This talk will provide deep, yet applicable knowledge, starting from the first principles of the invariants to maintain when changing APIs in Kubernetes. It will cover tools like schemas, conversion, validation, and admission, and present very concrete and directly applicable API Evolution Patterns. These patterns will help navigate the life cycle of CRD-based projects. This talk aims to educate on how to evolve APIs effectively and safely without inadvertently breaking users.

Speakers

Sergiusz Urbaniak

Team Lead - Kubernetes, https://mongodb.com

Sergiusz is a Kubernetes Team Lead at MongoDB. He is enthusiastic about modern infrastructure software while still enjoying minimalistic networking techniques like morse code. He worked on Mesos, container runtimes, Prometheus Operator, Thanos, upstream Kubernetes, Operators, and... Read More →

Stefan Schimanski

Senior Principal Software Engineer, Upbound

Stefan is a Senior Principal Engineer at Upbound working on control planes, Kubernetes, kcp, and as a tech-lead in Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code mentor with CNCF, loves to teach and help people to learn... Read More →

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 2 | 251

Platform Engineering

Content Experience Level Intermediate

2:00pm MST

Seccomp and eBPF; What’s the Difference? Why Do I Need to Know? - Natalia Reka Ivanko & Duffie Cooley, Isovalent @ Cisco

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | 151

Containers in Kubernetes share a common Linux kernel so how can we limit access where it isn’t required so we can follow the principle of least privilege? Join Natalia and Duffie as they each explore different approaches to harden your container security with Secure Computing (seccomp) and eBPF! The talk will begin with an overview and comparison between seccomp and eBPF and how they both can solve the same problem - limiting access to the Linux Kernel that all containers share. This will be a fun talk, showing each solution with a live demo. You will leave this talk with a better understanding of how to limit what system calls a process can make and restrict your containers’ behavior to only access the files, binaries and external DNS names they need and nothing more. Which is the right solution for your environment? Come and learn about two of the commonly used technologies in use today!

Speakers

Natalia Reka Ivanko

Sr. Product Manager, Isovalent, now part of Cisco

Security Product Lead and previous Security Engineer with a strong background in Container and Cloud Security. Passionate about building things that matter and working with Site Reliability and Software Engineers to apply Security Best Practices. Inclined towards modern and innovative... Read More →

Duffie Cooley

Field CTO, Isovalent @ Cisco

Duffie is Field CTO at Isovalent focused on helping enterprises find success with Cilium and modern security tooling. Duffie has been working with all things systems and networking for 20 years and remembers most of it. A student of perspective, Duffie is always interested in working... Read More →

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Beginner

2:00pm MST

The Policy Engines Showdown - Gabriel L. Manor, Permit.io; Andres Aguiar, Okta; Omri Gazitt, Aserto; Anders Eknert, Styra; Sarah Cecchetti, AWS

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 2 | 255 BC

OPA, Cedar, OpenFGA, Topaz, OPAL, OSO, should I continue? Policy engines, languages, and standards are everywhere, making the decision for a good decision engine increasingly difficult. In this panel, I'll host four talented engineers, each from a different policy engine's core team, for a friendly showdown. We will assist the audience in making the most important decision - choosing a suitable and fitting decision engine for their specific use case. We will also delve into the nuances of running multiple engines together and learn how to scale them properly.

Speakers

Sarah Cecchetti

Head of Product, Cedar, AWS

Sarah is the Head of Product for Cedar Policy Language, an open-source project designed to express permissions in an easy-to-read and fast-to-execute format. She co-founded a professional organization for identity practitioners called IDPro. She is a contributor to NIST 800-63-C Digital... Read More →

Anders Eknert

Develeper Relations Lead, Styra

Developer advocate at Styra with a long background in software development, security and identity systems in primarily distributed environments. When not in front of his computer he enjoys watching football, cooking and Belgian beers.

Gabriel Manor

Director of DevRel, Permit.io

Gabriel is a senior full-stack developer who blends his passion for technical leadership, security, authorization, and devtools into his current role as the Head of Growth and DevRel at Permit.io. Before joining Permit.io, Gabriel worked as a technical leader and principal engineer... Read More →

Omri Gazitt

Co-founder & CEO, Aserto

Omri is the co-founder/CEO of Aserto, an authorization startup, and his third entrepreneurial venture. He's spent the majority of his 30-year career working on developer and infrastructure technology, most recently as the CPO of Puppet. Previously he was the VP and GM of HP's Cloud... Read More →

Andres Aguiar

Product Manager, Okta

Andres has spent his 20+ year career building tools for developers, wearing different hats. He’s been working on the identity space for the last 6 years, and is currently the Product Manager for OpenFGA.

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 2 | 255 BC

Security

Content Experience Level Intermediate

2:00pm MST

Tutorial: Simplify and Optimize Your YAML with YAMLScriptb - Ingy döt Net, YAML LLC

Friday November 15, 2024 2:00pm - 3:30pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Nobody likes YAML (or anything for that matter) when its a giant and repetitive mess. Of course, there are already existing technologies like Helm and Kustomize that help provide make YAML nicer for Kubernetes. The new kid on the block is YAMLScript. Being a complete programming language (built over a vast and mature ecosystem) its capabilities are effectively limitless. That said, its primary focus is on refactoring and improving existing and new large YAML configurations. YAMLScript can help you make the most of YAML in any domain; even those that already make great use of Helm and Kustomize. Having been created by an original inventor and current lead maintainer of the YAML data language (Ingy döt Net) you can count on it meshing well with the YAML you already know. In this hands on interactive tutorial, Ingy will teach you how to make the most of YAML and YAMLScript.

Speakers

Ingy döt؜؜ Net

Ingy döt Net, YAML LLC

Ingy döt Net is one of the original inventors of the YAML data language, and its primary maintainer. He has continuously contributed to Open Source efforts since before it was called Open Source. His passion is creating software libraries that work in as many programming languages... Read More →

Friday November 15, 2024 2:00pm - 3:30pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, SDLC (Software Development Lifecycle)

Content Experience Level Intermediate

2:00pm MST

🚨 Contribfest: Hop Aboard and Contribute to Headlamp

Friday November 15, 2024 2:00pm - 3:30pm MST

Salt Palace | Level 3 | 355 A

Headlamp is a Kubernetes UI with a focus on usability, flexibility, and extensibility. It is an open source, CNCF Sandbox, project, and can be run as a desktop application, or as a web app. One of Headlamp’s main features is its plugin system, which allows users and vendors to extend its basic functionality and create their own customized Kubernetes user experience. In this Contribufest session, Headlamp’s maintainers will work with the participants to onboard them to Headlamp development. Participants will start by building the project and creating a small plugin. We also invite everyone interested to join us in brainstorming ideas for the project and its community.

Speakers

Joaquim Rocha

Principal Software Engineering Manager, Microsoft

Joaquim has been involved in a number of Free and Open Source Software projects for the past 15 years, from the Linux desktop and phones to the cloud. He is an Emeritus Member of the GNOME Foundation and has been a speaker in events such as KubeCon, GUADEC, and FOSDEM. Joaquim currently... Read More →

René Dudfield

Rene Dudfield, Microsoft

Hey hey! I'm René, and I make things. Using tech like Kubernetes, Go, Python, C, JavaScript/TypeScript, React. By day: I'm a mild mannered software developer working on open source K8s UIs for Microsoft. For fun: I ❤️ data audio reactive video synths, and make pygame. My passion... Read More →

Friday November 15, 2024 2:00pm - 3:30pm MST
Salt Palace | Level 3 | 355 A

🚨 Contribfest

2:00pm MST

🚨 Contribfest: Sidecar-Less Service Mesh: Let’s Work Together on Istio V2

Friday November 15, 2024 2:00pm - 3:30pm MST

Salt Palace | Level 3 | 355 D

Attendees will gain an overview of the sidecar-less service mesh architecture and learn how to contribute to the Istio project. We will explore the necessary tooling to build Istio from source, and run unit and end-to-end tests. After setting up the environment, we will contribute to the Istio project. Maintainers will provide a curated set of GitHub issues for the session, focusing on good-first-issues and Istio V2. We will review useful resources and ways to interact with the project and community, highlighting the benefits of sidecar-less Istio and guiding you through your first contribution.

Speakers

Lin Sun

CNCF TOC member and Head of Open-Source at solo.io, solo.io

Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →

Friday November 15, 2024 2:00pm - 3:30pm MST
Salt Palace | Level 3 | 355 D

🚨 Contribfest

2:55pm MST

Cloud-Native AI: Wasm in Portable, Secure AI/ML Workloads - Miley Fu, Second State

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 2 | 250

In this talk, we present Wasm as a pioneering solution for running AI/ML workloads in cloud-native environments. Our focus is on demonstrating how Wasm (on the server) facilitates the execution of AI models, such as Llama3, Grok by X, Mixtral etc, across diverse cloud and edge platforms without sacrificing performance. We will discuss the advantages of using Rust and WebAssembly in AI/ML workloads, highlighting aspects like portability, speed, and security. Real-world examples will illustrate the deployment of AI inference models using Wasm runtime in Kubernetes environments, showcasing seamless orchestration and execution across varied devices. This session is aimed at cloud-native practitioners and AI/ML enthusiasts eager to explore innovative approaches in AI deployment.

Speakers

Miley Fu

DevRel, WasmEdge

Miley is a Developer Advocate with a passion for empowering developers to build and contribute to open source. With over 5 years of experience working on WasmEdge runtime in CNCF sandbox as the founding member, she talked at KubeCon, KCD Shenzhen, CloudDay Italy, DevRelCon, Open Source... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Beginner

2:55pm MST

Enabling Fault Tolerance for GPU Accelerated AI Workloads in Kubernetes - Arpit Singh & Abhijit Paithankar, NVIDIA

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | Hall DE

In K8s based ML platforms, job failures from hardware errors such as GPU malfunctions, network disruptions, ECC errors, and OOM events pose significant challenges. These failures cause resource underutilization, wasted engineering time, and high operational costs, often requiring users to resubmit jobs. Current AI/ML frameworks lack adequate fault tolerance strategies, typically requiring manual intervention and causing delays before jobs can resume. This talk explores fault tolerance strategies including naive job restarts on failure, job restarts with hot spares, and job restarts by replacing faulty nodes. We discuss how to achieve fault propagation by leveraging node and pod conditions and address gaps in fault discovery and error propagation in the existing Kubernetes ecosystem. Our talk will also include ways to enhance components like the node-problem-detector and introduce new elements to close the gaps in fault detection , propagation reaction and remediation.

Speakers

Abhijit Paithankar

Tech Lead and Engineering Manager, NVIDIA

Abhijit Paithankar is the AI and HPC Systems Tech Lead and Engineering Manager at NVIDIA, focusing on advanced computing technologies. Previously, he co-founded Crave.IO and served as CTO, and held key roles at Nutanix and VMware, developing critical hypervisor and storage solutions... Read More →

Arpit Singh (SW-CLOUD) US

Senior Software Engineer, Nvidia

Arpit Singh specializes in AI infrastructure at Nvidia, enhancing deep learning applications. Besides being a Kubernetes contributor, Arpit has 10+ years of experience spanning Nvidia, Nutanix and Cisco. He holds multiple patents (2 granted, 4+ pending) and has dual master's degr... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Beginner

2:55pm MST

How GoTo Financial Automates Upgrading 60+ Istio Service Mesh Seamlessly! - Didi Yudha Perwira & Zufar Dhiyaulhaq, GoTo Financial

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 2 | 255 EF

Istio, one of the most popular service meshes, is widely used by many companies. Service meshes simplify observability, traffic management, security, and policy on Kubernetes. While they offer significant benefits, day-to-day operations like upgrades can be challenging. These upgrades require active monitoring during the process. GoTo Financial, for instance, took more than 45 days to upgrade 60+ clusters. This talk will share their journey of building an open-source, opinionated automation solution to simplify the Istio service mesh upgrade process. This solution has shortened upgrade time to 14 days, reduced active monitoring, and frees up valuable engineering resources and minimized downtime risks.

Speakers

Zufar Dhiyaulhaq

Engineering Manager, GoTo Financial

Zufar recently joins Gojek as Cloud Platform Engineer, He has been in the IT industry for 3 years, mostly working with Linux, Cloud, and Kubernetes. He also loves to contribute to open source projects like Istio and help to organize CNCF meetups in Indonesia.

Didi Yudha Perwira

Sr. Software Engineer, GoTo Financial

Didi has been working in GoTo Financial for 3 years and he has been working for Kubernetes and Istio since the day 1 he's working in GoTo Financial. Didi also have experience and passionate in software engineering field, usually he codes Golang, Javascript, Typescript and Python... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 2 | 255 EF

Connectivity

Content Experience Level Intermediate

2:55pm MST

Thousands of Gamers, One Kubernetes Network - Surya Seetharaman, Red Hat & Girish Moodalbail, NVIDIA Inc

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | 155 EF

Uninterrupted gameplay with minimal network latency, jitter, and maximum throughput is crucial for a great gamer experience. But how do we maintain consistent network quality in cloud gaming production environments at NVIDIA when 2K+ players (pods) share the same physical network for game storage and streaming? When a new player joins and a pod starts downloading large contextual game data, it is vital to shield other players on the same node from this 'noisy neighbor'. Kubernetes provides limited pod-level traffic shaping but we needed more than that. In this talk we will show how we achieved true Quality of Service and wire-speed networking on Kubernetes clusters using Differentiated Services Code Point (RFC7657) markings on pod traffic. Through a live demo that will involve a noisy pod and a victim pod, attendees will gain actionable insights and best practices around packet-parameter-tuned traffic shaping using simple Kubernetes Custom Resources to optimize network performance.

Speakers

Girish Moodalbail

Distinguished Engineer, NVIDIA Inc, NVIDIA Inc

Girish Moodalbail, a Distinguished Engineer at Nvidia Inc., builds Kubernetes-based GPU compute for gaming, AI training, and inferencing with low-latency, high-throughput, reliable, scalable, and secure networking using OSS (OVS, OVN, OVN-K8s CNI) and NVIDIA hardware. With over 22... Read More →

Surya Seetharaman

Principal Software Engineer, Red Hat Inc.

Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Principal Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

2:55pm MST

Object, Block, or File Storage? Choosing the Right Cloud Storage to Integrate Into Kubernetes - Mitch Becker & Tom McDonald, Amazon Web Services (AWS)

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | Grand Ballroom GI

This presentation helps simplify the container storage landscape to assist K8s users make educated cloud storage choices based on their workload requirements and data strategy. You already know K8s is a an open-source platform that orchestrates containerized applications. But what type of cloud storage should one deploy for stateless and stateful applications to ensure persistent data across various operational scenarios? Different storage types cater to specific use cases within K8s environments. Organizations often require persistent storage to run K8s for stateful use cases such as Large-Scale Application Deployment, High-Performance Computing (HPC), AI/ML, Microservices Management, CI/CD Pipelines, and Big Data Processing. Because Block, File, and Object Storage are used in varying ways for containerized workloads, this talk will explain use cases for each storage type and educate the attendees so their selection of storage supports their applications and overall data strategy.

Speakers

Tom McDonald

Sr. Storage Specialist SA, AWS

Tom McDonald is a Senior Workload Storage Specialist at AWS. Starting with an Atari 400 and re-programming tapes, Tom began a long interest in increasing performance on any storage service. With 20 years of experience in the Upstream Energy domain, file systems and High-Performance... Read More →

Mitch Becker

Sr. Storage Specialist, Amazon Web Services (AWS)

Accomplished cloud professional transforming and modernizing IT environments: Cloud Computing, Cloud Storage, HPC, AI, Containers, DevOps, & Cloud Adoption/Migration/Transformation. • CNCF Storage Technical Advisory Group Member • AWS --- Certified Cloud Practitioner, Industry... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Intermediate

2:55pm MST

OpenSearch: Navigating Innovation and Community Collaboration for 2025 and Beyond - Anandhi Bumstead & Anirudha Jadhav, Amazon Web Services

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 2 | 255 BC

The open source OpenSearch Project guides its development with a community-driven product roadmap that must anticipate the near- and long-term future of search, observability, and generative AI. As more OpenSearch users deploy the software suite for observability applications across a range of cloud infrastructures, the project roadmap must account for robust integrations with open telemetry frameworks and standards while maintaining stable, flexible operational capabilities. This session will present development priorities and strategic goals for the project’s technology stack and share insights into how the project continues to streamline its roadmap to foster community contributions.

Speakers

Anandhi Bumstead

Amazon

Anandhi Bumstead, director of engineering at OpenSearch within Amazon Web Services, brings nearly three decades of experience in distributed systems and open-source software. With a background in cloud computing, Anandhi made significant contributions during her tenure at Microsoft... Read More →

Anirudha Jadhav

Amazon

Anirudha Jadhav, an expert in distributed database systems, data analytics, and search technologies, currently leads development of insight engines and visualization platforms at Amazon Web Services (AWS) OpenSearch as Engineering Manager. His significant contributions to big data... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 2 | 255 BC

Data Processing + Storage

2:55pm MST

Building a More Resilient Future with Advanced Cloud Provider Testing - Michael McCune, Red Hat & Bridget Kromhout, Microsoft

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 3| 355 BC

When you put your trust in a new Kubernetes version, you know that the community behind the release ensures high levels of quality. The Kubernetes community achieves release-gating confidence with continuous testing and integration. With the recent migration of built-in cloud providers to external components , the community has made changes to the testing of infrastructure-specific behaviors and patterns. We have removed some tests and changed others, and now we plan to build a more robust testing framework that all cloud providers can utilize. Join us for a discussion of the future of cloud provider testing, with a look at the changes that have occurred during the external migration and the challenges that are ahead for building a cohesive infrastructure testing framework. You can expect to leave this session with a clear understanding of how cloud provider testing works, why it is important to test on as many cloud providers as possible, and where you can help shape the path forward.

Speakers

Michael McCune

Senior Principal Software Engineer, Red Hat

Michael McCune is a software developer creating open source infrastructure and applications for cloud platforms. He has a passion for problem solving and team building, and a lifelong love of music, food, and culture.

Bridget Kromhout

Principal Product Manager, Microsoft

Bridget Kromhout is a Principal Product Manager at Microsoft Azure, focusing on the open source cloud native ecosystem.

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Cloud Provider

2:55pm MST

CoreDNS Plugins: A Deep Dive - John Belamaric, Google & Yong Tang, Ivanti

Friday November 15, 2024 2:55pm - 3:30pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

As a flexible and extensible DNS server with a focus on service discovery, CoreDNS has been widely used in different cloud-native systems. The extensibility of CoreDNS mostly comes from its plugin-based architecture that allows easy addition of new features. In this session, we will take a deep dive and discuss the rich plugin ecosystems of CoreDNS. We will learn the integrations of CoreDNS with cloud-vendors and how this fits hybrid-cloud strategy of different companies. We will also walk through a simple yet complete golang implementation of a CoreDNS plugin for demo purposes. At the end are the project update and road map for CoreDNS community.

Speakers

John Belamaric

Senior Staff Software Engineer, Google

Yong Tang

Senior Director of Engineering, Ivanti

Yong Tang is Senior Director of Engineering at Ivanti. He is a core maintainer of CoreDNS and contributes to many container, cloud-native, and machine learning projects for the open source community. In addition to CoreDNS, he is a maintainer of Docker/Moby. He is also a maintainer... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, CoreDNS

2:55pm MST

Nothing but NATS - Going Beyond Cloud Native - Byron Ruth & Kevin Hoffman, Synadia

Friday November 15, 2024 2:55pm - 3:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

These days building so-called cloud-native apps involves assembling a custom stack of tools 10x bigger than the app we're building. Additionally, applications increasingly need to expand out to the edge and cloud-native stacks simply don't work in those environments. Fortunately with NATS, we don't need a stack. In this session you'll see how we can leverage compute, storage, and connectivity to build cloud-to-edge native apps more powerful than ever, with less code, effort, and frustration.

Speakers

Byron

Byron Ruth, Synadia

Byron is the VP of Product and Engineering at Synadia, the company behind the NATS.io project. Prior to joining Synadia, he spent 14 years building software and systems in support of pediatric biomedical research. Outside of work, Byron enjoys running, cooking, yard work, and spending... Read More →

Kevin Hoffman

Engineering Director, Cloud Platform, Synadia

Kevin is addicted to building and designing distributed systems. He has been using NATS for years and is now building out platforms that run on it.

Friday November 15, 2024 2:55pm - 3:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, NATS

2:55pm MST

Strimzi: Data Streaming on Kubernetes with Apache Kafka - Jakub Scholz, Red Hat & Lixin Yao, Apple

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 3 | 355 EF

Strimzi is a CNCF incubating project focusing on running Apache Kafka on Kubernetes. Apache Kafka is a leading date-streaming platform used for building real-time data pipelines. It provides support for high-throughput/low-latency messaging, as well as sophisticated data ingress, egress, and processing capabilities. However, running it on Kubernetes can be complex and tedious. Strimzi makes it simple by providing a set of operators and other tools to make data streaming as simple and Kubernetes-native as possible. This talk will briefly introduce Strimzi, explaining how it works and what it offers. And then it will focus on the current and planned features and their release plans. It will cover the exciting features being worked on - such as ZooKeeper removal, tiered storage, auto-rebalancing, or new certificate management - and deep dive into the most important ones.

Speakers

Jakub Scholz

Senior Principal Software Engineer, Red Hat

Jakub works at Red Hat as Senior Principal Software Engineer. He has long-term experience with messaging and currently focuses mainly on Apache Kafka and its integration with Kubernetes. He is one of the maintainers of the Strimzi project which provides tooling for running Apache... Read More →

Lixin Yao

Staff Software Engineer, Apple

Lixin is a staff software engineer currently working at Apple. His main focus is around data ingestion pipeline and large scale Kafka cluster management. Prior to Apple he worked at Google Cloud on large scale API gateway infrastructure. In his free time, he plays recreational tennis... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Strimzi

2:55pm MST

What’s Going on in the Containerd Neighborhood? - Phil Estes, AWS; Samuel Karp, Google; Akihiro Suda, NTT; Michael Brown, IBM; Kirtana Ashok, Microsoft

Friday November 15, 2024 2:55pm - 3:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

Our recent maintainer sessions have covered the soon-to-launch containerd v2.0. During this session led by maintainers we will give a brief update on 2.0, but will spend more time looking at the ecosystem around us. Why does containerd exist? What value does it bring to the overall cloud native world? How are other projects using it to build and extend containerd in useful ways? We’ll spend some time on containerd’s largest subproject, nerdctl, which also has an upcoming 2.0 release, and additionally catch the community up on activity in our Rust subproject ecosystem, the runwasi containerd shim, and lazy loading snapshotters. Since this is KubeCon, we’ll also provide an update on CRI changes and KEP-driven additions around NRI, DRA, and checkpoint/restore. Attendees will leave with a broad view of the larger containerd ecosystem of projects as well as key information on how to get involved if you are interested to help and contribute in any way to the “containerd neighborhood!”

Speakers

Michael Brown

Software Engineer/Architect, IBM

OSS Engineer; @containerd maintainer; working @oci, @cncf, @pytorch, and @kubernetes projects

Kirtana Ashok

Microsoft

Samuel Karp

Staff Software Engineer, Google

Akihiro Suda

Software Engineer, NTT

Akihiro Suda is a software engineer at NTT Corporation. He has been a maintainer of Moby (dockerd), BuildKit, containerd, runc, etc. He is also a founder of nerdctl and Lima (CNCF project).

Phil Estes

Principal Engineer, Containers, AWS

Phil is a Principal Engineer for Amazon Web Services (AWS), focused on core container technologies that power AWS container offerings like Fargate, EKS, and ECS. Phil is an active contributor and maintainer for the CNCF containerd runtime project, and participates in the Open Container... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Containerd

2:55pm MST

The Key Value of Etcd Over Custom Resources: Scalability - Jef Spaleta, Isovalent at Cisco

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | 155 BC

Cilium defaults to using Kubernetes Custom Resources to hold Cilium specific internal state, however when the cluster is large enough, the Kubernetes API becomes a bottleneck on performance. To scale a cluster to hundreds of nodes, Cilium can be configured to use a dedicated external etcd instance. This talk will discuss the details of what the external etcd looks like from an operator perspective, and explore why Cilium uses an external etcd for enhanced scalability. It will cover how to manage a cluster by bypassing the Kubernetes API and interacting only with the cluster's etcd key-value store - and also why it might be a bad idea. Get a taste of what's possible by bypassing the Kubernetes API and interacting with the etcd API directly, and learn why Cilium has an option to use a dedicated etcd deployment, not shared by the Kubernetes API, for holding Cilium state and the scalability benefits it can bring to your cluster.

Speakers

Jef Spaleta

Technical Community Advocate, Isovalent at Cisco

Jef Spaleta has more than a decade of experience in the technology industry; as software engineer, open source contributor, IoT hardware developer, operations, and most recently as a community advocate at Isovalent.

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Any

2:55pm MST

Modernization of Intuit Payroll Enterprise Using Event Driven Architecture - Hema Maarimuthu & Vigith Maurice, Intuit

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Intuit's Quickbooks Online Payroll Enterprise, a critical application serving over 2 million customers, processes over a million transactions and $34 billion in payroll taxes. We're modernizing with a heavy investment in event-driven architecture for effective handling of financial data. This major transition extends beyond just the payroll platform; it involves decomposing complex systems across Intuit products using event-driven architecture and a focus on availability, scalability, and security is crucial. To address challenges like autoscaling for high throughput, low latency, better operational excellence, and development productivity, we have built our modernized platform on Numaflow, an open-source, Kubernetes native, language-agnostic platform. In our presentation, we will share our journey of modernizing our stack using event-driven serverless architecture on Numaflow and highlight the advantages it has brought to our developers and technology infrastructure.

Speakers

Vigith Maurice

Principal Engineer, Intuit

Vigith is a co-creator of Numaproj and Principal Software Engineer for the Intuit Core Platform team in Mountain View, California. One of Vigith's current day-to-day focus areas is the various challenges in building scalable data and AIOps solutions for both batch and high-throughput... Read More →

Hema Maarimuthu

Principal Engineer, Intuit

Hema is a Principal Software Engineer for Intuit's Online Payroll Infrastructure team in Mountain View, California. Hema’s current work involves leading cross-functional teams, strategizing, and driving operational excellence initiatives. Her major accomplishments include successfully... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Any

2:55pm MST

This Platform Goes to 11: Boost Developer Productivity with Lessons from Salesforce - Joe Kutner, Salesforce

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 2 | 251

Internal platforms play an essential role in boosting the productivity of developers who use cloud native technologies. That’s why Salesforce, a global leader in the cloud for more than two decades, evolved its existing collection of managed services and capabilities into a cohesive platform that delights developers. In this talk, you’ll learn how Salesforce's platform removes friction, unifies interfaces, and meets developers where they are with industry standard tooling. As you design and build your own platforms, you’ll be able to use the same principles that guided Salesforce to accelerate day-1 onboarding of new apps, increase the speed of the developer inner-loop and testing cycles, and reduce the time it takes to deliver new code to production. Our lessons learned will help you avoid missteps. Finally, you’ll learn how to measure developer satisfaction, performance, activity, collaboration, and efficiency to ensure that your platform delivers the most value for your developers.

Speakers

Joe Kutner

Software Architect, Salesforce

Joe is co-founder of the Cloud Native Buildpacks project, which aims to make containerization more secure and more developer friendly. He started the project in 2018 while working as DX Architect at Salesforce Heroku, and today is the DX Architect for Salesforce’s Hyperforce platform... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 2 | 251

Platform Engineering

Content Experience Level Intermediate

2:55pm MST

Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime - Enguerrand Allamel, Ledger

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | 151

Navigating the complexities of supply chain security might seem intimidating, especially with evolving frameworks like SLSA (Supply-chain Levels for Software Artifacts). This talk introduces beginners to the foundational practices required to secure software from build to runtime using CNCF tools. We'll explore how GitHub Actions can automate build processes, integrate with Cosign for keyless artifact signing, and use Kyverno for runtime policy enforcement. Additionally, we'll discuss how tools like in-toto and Kubescape help manage and verify artifact integrity, providing a holistic view of SLSA compliance in the Kubernetes ecosystem. To enhance security further, we will also briefly discuss the potential integration of Hardware Security Modules (HSMs) into the supply chain. HSMs can offer an added layer of security for key management operations critical to signing processes, ensuring that cryptographic keys are managed securely and are resilient against attack.

Speakers

Enguerrand Allamel

Staff Cloud Security Engineer, Ledger

I am a Staff Cloud Security Engineer with a focus on securing scalable and reliable cloud systems. My expertise encompasses hybrid computing technologies and automation tools such as Terraform and Ansible, along with container orchestration via Kubernetes. I am committed to optimizing... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Beginner

4:00pm MST

Best Practices for Deploying LLM Inference, RAG and Fine Tuning Pipelines on K8s - Meenakshi Kaushik & Shiva Krishna Merla, NVIDIA

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 2 | 250

In this session, we'll cover best practices for deploying, scaling, and managing LLM inference pipelines on Kubernetes (K8s). We'll explore common patterns like inference, retrieval-augmented generation (RAG), and fine-tuning. Key challenges addressed include: [1]. Minimizing initial inference latency with model caching [2] Optimizing GPU usage with efficient scheduling, multi-GPU/node handling, and auto-quantization [3] Enhancing security and management with RBAC, monitoring, auto-scaling, and support for air-gapped clusters We'll also demonstrate building customizable pipelines for inference, RAG, and fine-tuning, and managing them post-deployment. Solutions include [1] a lightweight standalone tool built using operator pattern and [2] KServe, a robust open-source AI inference platform. This session will equip you to effectively manage LLM inference pipelines on K8s, improving performance, efficiency, and security

Speakers

Meenakshi Kaushik

Product Management, Nvidia

Meenakshi Kaushik leads product management for NIM Operator and KServe.. Meenakshi is interested in the AI and ML space and is excited to see how the technology can enhance human well-being and productivity.

Shiva Krishna Merla

Senior Software Engineer, NVIDIA

Shiva Krishna Merla is a senior software engineer on the NVIDIA Cloud Native team where he works on GPU cloud infrastructure, orchestration and monitoring. He is focused on enabling GPU-accelerated DL and AI workloads in container orchestration systems such as Kubernetes and OpenShift... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Beginner

4:00pm MST

Divide and Conquer: Master GPU Partitioning and Visualize Savings with OpenCost - Kaysie Yu & Ally Ford, Microsoft

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | Hall DE

Kubernetes is the ideal platform for running AI and ML workloads, such as LLMs. GPU nodes are often used for their parallel processing capabilities and higher performance benefits; however, they are known to be costly. Many factors impact the cost of running AI/ML workloads such as GPU utilization, GPU VM size, idle time, etc. These costs are often ignored and considered inherent in running GPU workloads. But if running workloads at scale and left unoptimized, costs will quickly spin out of control. In this talk, we leverage NVIDIA DCGM exporter with Prometheus for GPU metrics monitoring alongside OpenCost to measure the Kubernetes spend of our GPU workloads. We will provide an overview of OpenCost, highlighting its role in bridging the gap between the developer and platform teams through visibility and accountability of spend. We will demonstrate how to use the NVIDIA GPU Operator and how techniques such as partitioning can lead to significant cost savings.

Speakers

Ally Ford

Product Manager, Microsoft

Ally is a Product Manager on the Azure Kubernetes Service (AKS) team at Microsoft Azure. She spends her days collaborating with customers to design features that improve the end to end operator experience for both Linux and Windows users. Formerly she was a UX designer and project... Read More →

Kaysie

Product Manager, Microsoft

Kaysie Yu is a Product Manager on the Azure Kubernetes Service team at Microsoft. She works on cost management and optimization and is passionate about the convergence of FinOps and GreenOps, advocating for best practices that help organizations achieve cost efficiency while contributing... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

4:00pm MST

Gamifying Cloud Native: How to Design and Build an Educational Game for Your Project - Calum Murray, University of Toronto, Faculty of Applied Science and Engineering & Zainab Husain, OCAD University

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

Have you ever struggled to explain what a Cloud Native project does? One of the challenges many cloud native projects face is that the abstractions they provide are not intuitive for new users. Since cloud technologies are often built on top of each other and use domain specific language, this problem compounds. Luckily, educational games can be made to help communicate these abstract concepts in a fun and engaging format! In this talk, we will explore how you can build an educational game for your project through the example of a game that the Knative community has built to teach Knative Eventing. We will walk through the steps other open source projects can follow to design their own educational game, including brainstorming strategies for deciding on key concepts and which metaphors/symbols to use to represent these concepts. These information design strategies can also be applied to create more understandable educational cloud native content in general!

Speakers

Zainab Husain

Knative UX Design Lead, OCAD University

Zainab Husain is a UX Design Researcher working at OCAD University. She completed her Masters in Engineering at the University of Toronto, focusing on Human Computer Interactions. Zainab is passionate about tools that improve collaboration between Engineers and Designers and is also... Read More →

Calum Murray

Engineering Science Student, University of Toronto, Faculty of Applied Science and Engineering

I'm a software engineer, and I love building cool things in open source. I like to seek out the most interesting and challenging problems which I think will have a large impact, and build creative solutions to them. I also like to share my passion for open source with others, and... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Cloud Native Experience

Content Experience Level Any

4:00pm MST

Platform Engineering for Software Developers and Architects - Daniel Bryant, Syntasso

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 2 | 251

Building on my KubeCon EU 2022 talk, "From Kubernetes to PaaS to... err, what's next", I'll introduce the topic of platform engineering through the lens of a software developer and architect. My primary goal is for developers to understand "what good looks like" with a successful platform build and help them understand how a platform can influence the SDLC (for better or worse!) Key takeaways from the session: - Explore how platform architecture influences software architecture and vice versa - Learn why the principles of coupling and cohesion apply to platform components (and configuration) in the same way as they do with software components - Understand what to expect from an effective platform, including how applications are built, shipped, and run - Learn about key platform metrics grounded in developer experience frameworks such as DORA, SPACE, and DevEx

Speakers

Daniel Bryant

Platform Engineer & Head of Product Marketing, Syntasso

Daniel Bryant is the head of product marketing at Syntasso. His technical expertise focuses on ‘DevOps’ tooling, cloud/container platforms, and microservice implementations. Daniel is a long-time coder, platform engineer, and Java Champion. He also writes for InfoQ, O’Reilly... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

4:00pm MST

Topology Aware Routing: Understanding the Tradeoffs - Rob Scott, Google

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | 155 EF

In Kubernetes 1.31, a new TrafficDistribution field on Services graduated to beta. This is effectively our third attempt at solving Topology Aware Routing in Kubernetes. This talk will tell the story of how we got here and what we learned along the way, outlining what exactly has made this problem so surprisingly complex. With that context, we’ll dive into exactly how Traffic Distribution works today, and when you should configure it. You’ll learn about how it’s implemented today, and how better implementations may be written in the future. We'll walk through some examples to show how it can work well, and when it may not. Finally, we’ll cover how this concept will interact with autoscaling, load balancers, Ingresses, Gateways, and Multi-Cluster Services. You should leave this talk with a clear understanding of how Topology Aware Routing works in Kubernetes, when to use it, and a broad awareness of the work that’s still in progress in this space.

Speakers

Rob Scott

Software Engineer, Google

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Intermediate

4:00pm MST

Privacy in the Age of Big Compute - Sal Kimmich, Confidential Computing Consortium, Linux Foundation

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | Grand Ballroom GI

In the age of big compute, the definition of privacy has transformed as re-identification from anonymized datasets has become easier. This session explores the challenges and solutions in navigating privacy concerns in high-dimensional data environments. Attendees will learn about the risks of re-identification, the importance of unicity in data sets, and how Privacy Enhancing Technologies (PETs) and Confidential Computing can mitigate these risks. Discover how these advancements can help protect sensitive data, ensure compliance, and foster a more secure data ecosystem in cloud-native environments.

Speakers

Sal Kimmich

Technical Community Architect, Confidential Computing Consortium, Linux Foundation

Sal is an advocate for open source, passionate about helping engineers, ethical hackers, and digital enthusiasts navigate modern software development. With over a decade of experience building cloud-native machine learning pipelines in healthcare and tech for good sectors, Sal now... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Any

4:00pm MST

Meet the CNCF Code of Conduct Committee - Bill Mulligan & Carla Gaggini, Isovalent at Cisco; Josh Berkus, Red Hat; Jeremy Rickard, Microsoft; Tim Pepper, CISA

Friday November 15, 2024 4:00pm - 4:35pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

You've seen those Code of Conduct signs all over the conference. What happens when you report an incident? How is it handled? Who evaluates it? Can I remain anonymous? And why does it take so long? Come meet the CNCF's first elected Code of Conduct Committee, who will have answers to these questions and more. They'll go over the values and goals of the CoCC, the process for investigating and evaluating incident reports, as well as what the CoCC has jurisdiction over (and what it doesn't). They'll share how they work with CNCF projects and project-level committees to support and educate them, as well as with the Events Team to achieve resolutions. Bring your own questions about CoC enforcement and how the committee works to the session, and the CoCC will answer as many of them as they can.

Speakers

Tim Pepper

Senior Technical Advisor, Open Source Software Security, CISA

Tim Pepper is a Senior Technical Advisor on Open Source Software Security in the US Government's Cybersecurity and Infrastructure Security Agency (CISA). Tim has over 25 years in open source, working as an open source developer advocate and contributor to Kubernetes (emeritus Steering... Read More →

Josh Berkus

Kubernetes CM, Red Hat

Josh Berkus is the Kubernetes Community Manager, working in Red Hat's Open Source Program Office. He's currently involved with Kubernetes, Etcd, Elekto, Podman, and uBlue, but has spent more than 20 years contributing to many projects, including Linux, OpenOffice, PostgreSQL, and... Read More →

Bill Mulligan

Community Pollinator, Isovalent at Cisco

Bill Mulligan is a cloud native pollinator and community builder. He has given talks, written articles, and appeared on podcasts on a wide range of topics around cloud native. While at CNCF he restarted the Kubernetes Community Day program. He is currently at Isovalent growing the... Read More →

Jeremy Rickard

Principal Software Engineer, Microsoft

Carla Gaggini

Head of Global Community Events, Isovalent at Cisco

Carla has been managing events and communities since 2011. She started with experimental music festivals and eventually ended up in Tech, where she fell in love with its ecosystem. During her career she has produced and run many conferences (yes, also the virtual ones!), meetups... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Code of Conduct

4:00pm MST

Pushing Authorization Further: CEL, Selectors and Maybe RBAC++ - Mo Khan & Rita Zhang, Microsoft; Jordan Liggitt, Google

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 3| 355 BC

Significant changes have been made to authorization in recent versions of Kubernetes. For example, common expression language (CEL) in validating admission policy (VAP) can access the authorizer to perform runtime checks during admission. Authorization has also been made aware of label and field selectors, which are available as extra info to be used by webhooks and CEL expressions in VAP. Looking forward, Kubernetes RBAC could be enhanced to take advantage of this new info. RBAC++ is a proof of concept design to combine CEL with RBAC to allow for conditional bindings at runtime. Thinking about even more experimental changes: what if authorization (and RBAC++) could directly assert conditions at admission time?

Speakers

Rita Zhang

Principal software engineer, Kubernetes SIG Auth co-chair, Security Response Committee, Microsoft

Mo Khan

Software Engineer, Microsoft

Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair, technical lead and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor... Read More →

Jordan Liggitt

Software Engineer, Google

Jordan Liggitt is a software engineer at Google, and helps lead Kubernetes authentication, authorization, and API server efforts.

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, Auth

4:00pm MST

The Node Tetris Rabbit Hole: Why Your Binpacking Might Be Underperforming - Hannah Taub, Adobe Inc.

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | 155 BC

Have you ever looked at your Kubernetes cluster and thought “I have a perfectly good autoscaler! Why are all my nodes at less than 50% capacity?” When a team moves to the scale of hundreds of clusters with thousands of nodes, efficient binpacking changes from a side task to a financial necessity. From inefficient client apps to long-buried cluster configs, follow the Adobe Ethos team as they track down leads on what’s causing cluster underutilization and how to fix it. You will also learn some tips for designing your clusters to avoid these issues in the first place.

Speakers

Hannah Taub

Ms., Adobe Inc.

As a senior software engineer, Hannah has been working with Adobe’s Cloud Cost Efficiency team for the past several years. After graduating from the University of Edinburgh, she went from writing content APIs at Viacom (now Paramount) to building out Adobe’s Ethos Kubernetes CI/CD... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

4:00pm MST

Medical Research Computing Infrastructure on Hybrid Kubernetes - Jennings Zhang & Rudolph Pienaar, Boston Children's Hospital

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Research computing is essential across biomedical research, especially in medical imaging and radiology where ML+AI are rapidly disrupting the field. But while the research frontier continues moving forward, the computing infrastructure of research and healthcare institutions tend to lag behind. At the Boston Children’s Hospital, we are closing the gap by developing the ChRIS Research Integration Service (ChRIS for short). ChRIS is an MIT-licensed platform for medical computation, enabling the use of research software in clinical practice, while maximizing the utility of our hybrid-cloud resources. This talk will be a discussion of the cloud-native software ecosystem from the perspective of a medical researcher of a teaching hospital. We will consider the advantages of adopting cloud-native software and Kubernetes for research and healthcare institutions, as well as the challenges in doing so.

Speakers

Rudolph Pienaar

Dr, Boston Children's Hospital

Dr Pienaar is the architect of ChRIS -- a general purpose and MLops platform that is uniquely suited to the needs of both biomedical researcher and clinical users. He leads the Advanced Computing Group at the Fetal Neonatal Neuroimaging Development Science Center at Boston Children's... Read More →

Jennings Zhang

Research Developer, Boston Children's Hospital

Jennings is a neuroscience researcher and software developer at the Boston Children's Hospital. His work and interests are split between biological questions, e.g. human brain development, and all-things software development, especially containers and Rust.

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Beginner

4:00pm MST

Migratory Patterns: Making Architectural Transitions with Confidence and Grace - Pete Hodgson, PartnerSlate

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 2 | 255 EF

Big technical migrations - like switching databases - can feel like you're swapping out the engine of a bus while continuing to drive down the freeway (with all your users screaming in the back). However, there are ways to make these transitions safe, incremental, low-stress. In this talk we'll walk through a real-world case study of switching a production system from one database to another with no downtime, and no tears, using techniques like Expand/Contract, Dark Launch and Parallel Run. We'll also see hands-on examples of using CNCF open standards like Open Feature and Open Telemetry to manage this migration.

Speakers

Pete Hodgson

CTO, PartnerSlate

Pete Hodgson is an independent software delivery consultant. He helps engineering teams to level up and tackle their thorniest challenges, with a focus on agile engineering practices, architectural evolution, and lean process management. Prior to going independent he spent several... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 2 | 255 EF

SDLC

Content Experience Level Intermediate

4:00pm MST

SPIFFE Deployments in Non-Kubernetes Environments - Nadin El-Yabroudi & Eli Nesterov, SPIRL

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | 151

The SPIFFE ideology is that workloads running in all types of environments can be issued an identity. However, in practice most deployments have focused on workloads in Kubernetes and there are few examples of SPIFFE being used in non-cloud native environments. In this talk we’ll explore SPIFFE deployments on a Linux environment. What does attestation for these types of workloads look like? How can you provide an identity to a bash script that cannot open a socket connection to the Workload API? We’ll focus on describing some of the existing challenges to non-Kubernetes SPIFFE deployments and provide some ideas for how to solve them.

Speakers

Nadin El-Yabroudi

Software Engineer, SPIRL

Nadin is a founding engineer at SPIRL where she’s currently focused on building a new implementation of the SPIFFE specification. Before working on machine identity Nadin worked as a Security and Systems Engineer at Cloudflare where she worked on securing Cloudflare’s 200+ datacenters... Read More →

Eli Nesterov

CTO, SPIRL

Eli Nesterov is a co-founder at SPIRL. He spent years in security research and engineering, building and scaling security products at TikTok, Facebook, ShapeSecurity, and F5 Networks. He built the world's largest SPIFFE/SPIRE deployment with over 1M nodes. Eli shares his knowledge... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced

4:00pm MST

Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka, Google

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 2 | 255 BC

Technology organizations often struggle over who should manage the security of their Kubernetes environment. This task usually falls to platform or cloud engineering teams, but they often feel abandoned by their security counterparts, uncertain of which requirements will deliver real security value. While published benchmarks and security guides for Kubernetes are helpful, not all recommendations work for every use-case. They may require Kubernetes alpha or beta features which could cause issues with platform stability. Our desire to prioritize “perfect” security over having a functional platform that addresses relevant risks can leave us with nothing, frustrating everyone. Kubernetes is meant to increase application delivery velocity, but when overly strict compliance prevents a team from moving forward, they will subvert security requirements. Let’s stop obsessing over the red in our security and compliance dashboards and focus on what adds real value by reducing risk.

Speakers

Michele Chubirka

Cloud Security Advocate, Google

Michele Chubirka is a recovering Unix and network engineer currently working as a cloud security advocate for Google. She has been an architect, podcaster and freelance writer for various B2B publications such as Network Computing, Dark Reading and TechTarget. She likes long walks... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 2 | 255 BC

Security

Content Experience Level Intermediate

4:00pm MST

Tutorial: Stop Kubernetes' Revolving Door: A Hands-on Tutorial to Secure a Kubernetes Cluster - Savitha Raghunathan & Rey Lejano, Red Hat; Mahé Tardy, Isovalent at Cisco

Friday November 15, 2024 4:00pm - 5:30pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Out-of-the-box, upstream Kubernetes is not secure by default. This tutorial will walk through the official/upstream Kubernetes Security Checklist to set up a cluster securely. The tutorial starts with an introduction to the critical security considerations for Kubernetes environments. Participants will then embark on a guided journey through practical exercises designed to implement security best practices within Kubernetes clusters. Attendees will gain firsthand experience in aspects such as authentication, authorization, network policies, pod security, and more, providing participants with a comprehensive understanding of Kubernetes security principles and how to implement them. This will equip them with the knowledge and skills to effectively secure their clusters. Whether you're new to Kubernetes security or seeking to enhance your expertise, this tutorial offers valuable insights and hands-on experience to strengthen your Kubernetes clusters against potential threats.

Speakers

Savitha Raghunathan

Senior Software Engineer, Red Hat

Savitha Raghunathan is a Senior Software Engineer at Red Hat, working on Container Migration and Application Modernization. She leads K8s sig-security-docs sub-project aiming to create security awareness through docs. As a maintainer of the Konveyor project, she leads the community... Read More →

Mahé Tardy

Software Engineer, Isovalent at Cisco

Mahé is a security engineer at Isovalent and an active contributor to Kubernetes SIG Security. He was previously working as a security researcher and loves working with Linux, security, and Kubernetes!

Rey Lejano

Solutions Architect @ Red Hat, CNCF Ambassador, K8s SIG Docs co-chair, SIG Security subproject lead, K8s v1.23 release lead, DevOps Institute Ambassador, Red Hat

Rey Lejano is a Solutions Architect at Red Hat and is the co-chair of Kubernetes SIG Docs. He contributes to Kubernetes SIG Security, Release, & Contributor Experience. He is a member of seven Kubernetes Release Teams including serving as the 1.23 Release Lead and 1.25 Emeritus Adviser... Read More →

Friday November 15, 2024 4:00pm - 5:30pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Security

Content Experience Level Beginner

4:00pm MST

🚨 Contribfest: K8gb Contribfest: Enhancing K8gb Project with Arbitrary Network Resource Integration

Friday November 15, 2024 4:00pm - 5:30pm MST

Salt Palace | Level 3 | 355 D

The k8gb project is entering a new era of extensibility with the ability to integrate with arbitrary network resources. Recently, we decoupled our strong dependency on standard Ingress, opening new pathways for various integrations such as Gateways and non-HTTP Services. In this iteration of Contribfest, participants will execute the flow of integrating a new resource type to be globally load-balanced.

Speakers

Yury Tsarev

Principal Solutions Architect, Upbound

Yury is an experienced software engineer who strongly focuses on open-source, software quality and distributed systems. As the creator of k8gb (https://www.k8gb.io) and active contributor to the Crossplane ecosystem, he frequently speaks at conferences covering topics such as Control... Read More →

Andre Aguas

Senior Systems Engineer, Open Systems AG

Andre is a Systems Engineer at Open Systems' Cloud Platform team. For the past 3 years he was an integral part of the Observability team where he established Thanos and Loki as the two fundamental components of the company's observability stack. Throughout this journey, he has also... Read More →

Friday November 15, 2024 4:00pm - 5:30pm MST
Salt Palace | Level 3 | 355 D

🚨 Contribfest

4:00pm MST

🚨 Contribfest: OpenTelemetry Contribfest

Friday November 15, 2024 4:00pm - 5:30pm MST

Salt Palace | Level 3 | 355 A

Join the OpenTelemetry maintainers to make the project better for everyone. You can choose between several opportunities to contribute, and you can count on maintainers from different project areas to help you on your first steps: documentation, Collector, Java, JS, Ruby, Python, .NET, and more.

Speakers

Jamie Danielson

Senior Software Engineer, Honeycomb

Jamie is a Senior Software Engineer at Honeycomb where she works on instrumentation libraries. She is an active contributor to multiple OpenTelemetry projects, and is an approver for OpenTelemetry JavaScript. When she’s not working she’s playing dek hockey.

Juraci Paixão Kröhling

Software Engineer, Grafana Labs

Juraci Paixão Kröhling is a software engineer at Grafana Labs, a maintainer of the OpenTelemetry project, a member of the project's governing board and CNCF Ambassador. He has presented about distributed tracing, OpenTelemetry, and other related topics at conferences like KubeCon... Read More →

Trask Stalnaker

Software Engineer, Microsoft

OpenTelemetry Governance Committee, OpenTelemetry Java Instrumentation Maintainer, Glowroot Author, Java @ Microsoft

Pablo Baeyens

Senior Software Engineer, Datadog

Pablo Baeyens is a Senior Software Engineer working at Datadog. He lives in Granada, Spain and since late 2020 he has been involved in the OpenTelemetry project, where he maintains the OpenTelemetry Collector and works in OpenTelemetry Semantic Conventions.

Piotr Kiełkowicz

OpenTelemetry .NET Maintainer, Spluk

Piotr Kiełkowicz is a software developer currently employed at Splunk. He actively contributes to the development of OpenTelemetry and maintains OpenTemetetry .NET. You can explore his work on GitHub: https://github.com/Kielek

Friday November 15, 2024 4:00pm - 5:30pm MST
Salt Palace | Level 3 | 355 A

🚨 Contribfest

4:55pm MST

Best of Both Worlds: Integrating Slurm with Kubernetes in a Kubernetes Native Way - Eduardo Arango Gutierrez, NVIDIA & Angel Beltre, Sandia National Laboratories

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 2 | 250

It's not always clear which container orchestration system is best suited for a given use case. Slurm, for example, is often preferred over Kubernetes when running large-scale distributed workloads. As a result, organizations areoften faced a hard choice: do they deploy Slurm or Kubernetes to service the rising demands of their AI/ML workloads. In this talk, we introduce K-Foundry, an open-source custom controller for KCP that translates Kubernetes jobs to Slurm jobs and exposes Slurm nodes and cluster info as Kubernetes Custom Resource Definitions (CRDs). This integration combines Slurm’s robust job scheduling with Kubernetes' dynamic orchestration and API-driven ecosystem, easing the administration of both clusters through a common API. This session will end with a live demo, where attendees will see how this integration bridges the gap between cloud and HPC, facilitating resource management and optimizing performance for large-scale AI and LLM tasks.

Speakers

Eduardo Arango Gutierez DE

Senior systems software engineer, NVIDIA

Angel Beltre

Senior Member of Technical Staff, Sandia National Laboratories

Angel Beltre serves as a senior member of the technical staff within the Scalable System Software department at Sandia National Laboratories. He is a contributor to the CSSE Computing-as-a-Service (CaaS) initiative, aimed at streamlining the deployment of modeling and simulation tools... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Intermediate

4:55pm MST

Distributed Multi-Node Model Inference Using the LeaderWorkerSet API - Abdullah Gharaibeh & Rupeng Liu, Google

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | Hall DE

Large Language Models have shown remarkable capabilities in various tasks, from text generation to code writing. However, the inference process for these models presents significant challenges. LLMs are computationally intensive, often requiring specialized hardware like TPUs or GPUs to achieve reasonable response times. In some cases their substantial size can strain the resources of a single machine. Specifically, models such as Gemini, Claude, and GPT4 are too large to fit on any single GPU or TPU device, let alone on any single multi-accelerator machine, necessitating what we refer to as multi-node server deployment where a single model server “backend” runs as a distributed process on multiple nodes to harness enough accelerator memory to fit and run the model. This talk presents LeaderWorkerSet, a new k8s API that enables multi-node model inference. We demonstrate its capabilities by orchestrating state of the art model servers such as vLLM and JetStream on both GPUs and TPUs.

Speakers

Abdullah Gharaibeh

Staff Software Engineer, Google

Abdullah is a staff software engineer at Google and sig-scheduling and working group batch co-chair. He works on Kubernetes and Google Kubernetes Engine, focusing on scheduling and batch workloads.

Rupeng Liu

Software engineer, Google

Rupeng Liu, a software engineer from the Google's Kubernetes inference team

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Intermediate

4:55pm MST

With Great Flexibility Comes Great Complexity: Inspect Your Gateway API Configuration - Mattia Lavacca, Kong & Gaurav Ghildiyal, Google

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | 155 EF

With its graduation, Gateway API has emerged as the new standard for managing L4 and L7 routing within Kubernetes, as it brings in a wider set of functionalities and flexibility never seen with the ingress API, and is implemented widely for both ingress and service mesh use cases. The trade-off of having such a powerful API is additional complexity, and navigating the intricacies of Gateway API involves listing multiple resources, cross-referencing and understanding the relationships between them, and ensuring explicit authorization for all cross-namespace references - a formidable challenge, nonetheless. In this talk, Gaurav and Mattia will walk you through how to use gwctl, a command-line tool designed specifically for Gateway API (which is part of the Gateway API project itself), that works seamlessly alongside Kubectl. Together, we will easily navigate resources, wrangle policies, and track down trouble in your Gateway API configuration.

Speakers

Mattia Lavacca

Software Enginner, Kong

Mattia is a Software Engineer at Kong, working on Kubernetes networking. He is a key contributor to SIG-Network projects, such as Gateway API, Ingress2Gateway, and Blixt, and the co-lead of Kong's Gateway API implementation. He is working on many Kong projects related to networking... Read More →

Gaurav Ghildiyal

Software Engineer, Google

Gaurav is a Software Engineer at Google specializing in Kubernetes Networking. He is actively involved in the open-source Gateway API project, recently focusing on shepherding the development of gwctl, a command-line tool for Gateway API. Gaurav also actively contributes to other... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Beginner

4:55pm MST

Goodbye Etcd! Running Kubernetes on Distributed PostgreSQL - Denis Magda, Yugabyte

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | Grand Ballroom GI

Kubernetes once favored Etcd as a database for all cluster data. Back then, relational databases lacked the availability and scalability characteristics required by Kubernetes. However, as Etcd encountered challenges with various Kubernetes workloads, relational databases continued to evolve. This session is a practical guide for deploying fault-tolerant and scalable Kubernetes clusters on distributed PostgreSQL. We’ll begin with Kine, which integrates into the Kubernetes architecture, enabling relational databases for cluster metadata management. Then, we’ll use Kine to deploy Kubernetes on a single-server PostgreSQL instance. After that, we’ll migrate to a multi-node PostgreSQL instance, allowing Kubernetes to tolerate zone and region outages and scale to thousands of nodes on demand.

Speakers

Denis Magda

Head of DevRel, Yugabyte

Denis started his software engineering career at Sun Microsystems and Oracle, where he built JVM/JDK and led one of the Java development groups. After learning Java from the inside, he joined the world of distributed systems and databases, where he has remained ever since. His experience... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Any

4:55pm MST

Navigating the Future: Exploring the Latest in Kubernetes Dashboard Development - Marcin Maciaszczyk & Sebastian Florek, Plural

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 3| 355 BC

Join us for an insightful presentation on the latest updates from the Kubernetes SIG-UI, focusing on the evolution of the Kubernetes Dashboard project. Dive into a comprehensive overview of key changes, enhancements, and advancements, including a detailed exploration of the project's new architecture. Gain valuable insights into how these developments shape the future of Kubernetes management and user experience. Whether you're a seasoned Kubernetes user or new to the ecosystem, this presentation promises to provide valuable perspectives on the cutting-edge developments in Kubernetes Dashboard.

Speakers

Sebastian Florek

Fullstack engineer, Plural

Fullstack Engineer at Plural. Working on the Kubernetes Dashboard project since the beginning. One of the key contributors and a SIG-UI co-leader.

Marcin Maciaszczyk

Fullstack Engineer, Plural

Marcin is a Fullstack Engineer at Plural. He is working on the Kubernetes Dashboard project since the beginning where he became one of the key contributors and a SIG-UI co-leader.

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 3| 355 BC

Maintainer Track, UI

4:55pm MST

Rook: Intro and Deep Dive with Ceph Storage - Travis Nielsen, Annette Clewett, Blaine Gardner & Subham Rai, IBM

Friday November 15, 2024 4:55pm - 5:30pm MST

Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

Speakers

Travis Nielsen

Rook Lead Maintainer, IBM

Travis Nielsen is a Senior Technical Staff Member for IBM where he is a maintainer on Rook and member of the ODF and Ceph engineering team. Prior to IBM and Red Hat, Travis worked in storage at Quantum and Symform, a P2P storage startup, and was an engineering lead for the Windows... Read More →

Annette Clewett

Software Architect, IBM

Storage Architect with broad knowledge across a spectrum of technologies – network, storage, virtual, and platform. Have successfully delivered countless studies that improved end-user experience and created a more efficient and available infrastructure. Current projects include... Read More →

Blaine Gardner

Rook Maintainer, IBM

Blaine is a Senior Advisory Software Engineer at IBM Storage on the Ceph OpenShift/Fusion Data Foundation (ODF) team. He is a maintainer of the CNCF-graduated Rook project making sure Ceph and Kubernetes live together in harmony. Their current focus topics are the Container Object... Read More →

Subham Rai

Software Engineer, IBM

I'm Subham Rai from India. I have more than 3 years of experience in software or more specifically in the storage industry working mainly in rook-ceph. I hold a B.tech degree and I'm also RHCSA certified. I have spoken at FOSDEM 2022, Cephalocon 2023(Amsterdam). I'm in the top 4... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE

Maintainer Track, Rook

4:55pm MST

Running a Highly Available Identity and Access Management with Keycloak - Ryan Emerson & Kameswararao Akella, Red Hat

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 3 | 355 EF

A single sign on solution for your customers and employees should be designed for high availability without a single point of failure. Keycloak is no exception to this. A clustered Keycloak deployment in a single site provides sufficient availability for many. An increasing number of organizations need to utilize multiple sites for improved resiliency or to meet legal requirements. Keycloak overhauled its capabilities and now provides deployment blueprints to the community. This talk presents how we approached the problem, and the challenges we faced. Expect to dive into concepts like load shedding, cache stampedes, and automated failover. See tools like Gatling, Helm, OpenTelemetry, Kubernetes Operators and cloud infrastructure in action. We will also provide an outlook for the next steps in our journey. These insights will help you to improve your Keycloak deployments as well as design and test your own applications so they can withstand high load and site failures.

Speakers

Kamesh Akella

Principal Software Quality Engineer, Red Hat

Hailing from the coastal state of India, Andhra Pradesh, I share a profound interest in everything open-source and computers from my childhood, which led me to my current position at Red Hat and contributing back to the wonderful open-source community.

Ryan Emerson

Principal Software Engineer, Red Hat

Ryan Emerson is a Principal Software Engineer at Red Hat. He is a member of the Infinispan and Keycloak open-source product teams, where he leads the development of the Infinispan Kubernetes Operator, in addition to contributing to the development of the Infinispan core/server. During... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 3 | 355 EF

Maintainer Track, Keycloak

4:55pm MST

Ten Years of gRPC: Looking Back and Looking Forward - Kevin Nilson, Google & Israel Shapiro, Broadcom

Friday November 15, 2024 4:55pm - 5:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Over the past ten years, gRPC has become indispensable to a breathtaking array of engineering organizations. Join the maintainers look back at how gRPC got to where it is today, the way the software has grown, and the community along with it. Then, see what's in store for the future of gRPC in the decades to come.

Speakers

Israel Shapiro

Cloud Native solutions architect, Broadcom

Israel works at Broadcom’s Enterprise Security Group as a Software Architect for the next generation Cloud Native Datapath of the Web Security Service.

Kevin Nilson

Engineering Manager, Google

Kevin works at Google as a Software Engineer Manager on the gRPC team. At Google Kevin has worked on projects such as Chromecast, Google Home, Stadia and now gRPC. Kevin is a Java Champion and four time JavaOne Rock Star. Kevin has spoken at conferences such as Google I/O, JavaOne... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

Maintainer Track, gRPC

4:55pm MST

WG Batch Updates: What’s New and What Is Next - Marcin Wielgus, Google & Kevin Hannon, Red Hat

Friday November 15, 2024 4:55pm - 5:30pm MST

Hyatt Regency | Level 4 | Regency Ballroom A

I will present improvements that the WG Batch has promoted in Kubernetes, and the opportunities under discussion to better support batch workloads such as HPC, AI/ML, data-analytics, etc. I will discuss enhancements and improvements to the Job and JobSet APIs as well as new release and roadmap for Kueue, a Kubernetes subproject that offers job queueing and scheduling, to build a multitenant, multicluster batch system. The WG Batch was created in 2022 to serve the demand from the ecosystem to better support batch applications in Kubernetes. The WG is composed of SIGs’ experts and developers from various communities, with the objective to set roadmaps and collaborate in designs and implementations.

Speakers

Kevin Hannon

Kubernetes Developer, Red Hat

Marcin Wielgus

Staff Software Engineer, Google

Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the company in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kubernetes before the 1.0 release and currently... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Hyatt Regency | Level 4 | Regency Ballroom A

Maintainer Track, Batch

4:55pm MST

Service Profiling Based Management and Scheduling in K8s - Jia Deng, Cong Xu & Mingmeng Luo, Bytedance

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | 155 BC

We present an open-source solution for the efficient management of resources and scheduling strategies in K8s. Our solution constructs workload-specific resource profiles based on their historical utilization patterns. This approach ensures that workloads receive adequate resources while optimizing overall resource utilization. To accomplish this objective, we employ a custom resource Service Profiling Description (SPD), facilitating a direct correlation between workloads and their resource usages, such as deployments and stateful sets etc. Resource utilization metrics, including CPU, disk I/O, and network I/O, are meticulously collected and aggregated. These usage indicators play a pivotal role in informing the scheduler's decisions regarding workloads allocation. This solution has been deployed within large-scale K8s clusters, addressing diverse workload demands, ranging from those requiring dedicated NUMA nodes to those capable of resource sharing among themselves.

Speakers

Mingmeng Luo

Software Engineer, Bytedance

Mingmeng Luo is a software engineer in the Infrastructure Department at ByteDance, where he specializes in the design and development of precision resource management technologies for large-scale Kubernetes clusters. His work focuses on optimizing resource allocation and efficiency... Read More →

Cong Xu

Senior Software Engineer, Bytedance

Cong Xu is a Tech Lead and Senior Software Engineer at ByteDance, where he focuses on building and optimizing the container-based cloud platform that hosts internal products such as Douyin and TikTok. From 2016 to 2022, he served as a Staff Research Member at IBM Research, contributing... Read More →

Jia Deng

Software Engineer, Bytedance

The speaker currently works for bytedance K8s orchestration team. Before that, the speaker worked for amazon EKSA and VMware Tanzu Mission Control.

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Intermediate

4:55pm MST

Reducing Cloud Cost for Multi-Tenancy Kubernetes Platform - Simon Ting & Sravan Akinapally, American Airlines

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

A self-service multi-tenancy Kubernetes platform offers many benefits to application teams. In less than 2 years, American Airlines Shared K8 Platform has grown to over 1000+ deployments. Now that we built a resilient and secure platform, we must make it cost-effective to ensure long-term viability. This has the added benefit of reducing the carbon footprint of our platform. In the 2nd year, our platform grew by over 300% but costs increased by 500% as we added security, observability, and other features. How do we start to control costs without violating our self-service model? What is the reasonable amount to spend on Observability? What is a reasonable utilization goal and how do we get there? What level of cost optimization can we achieve without compromising our self-service model and maintaining the resiliency of our platform? We set out to address all these questions and this is our journey. In 4 months, we decreased the total Cost Per Utilized Core (CPUC) by 40%.

Speakers

Simon Ting

Principal Product Manager, American Airlines

Simon Ting is the Principal Product Manager for Kubernetes as a Platform and Observability at American Airlines. Simon started his IT career as a developer and moved into configuration management and development platforms manager for over 2 decades. During that time he supported on-site... Read More →

Sravan Akinapally

Product Tech Lead, American Airlines

Product Tech Lead

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Beginner

4:55pm MST

Zero Downtime Upgrades at Scale: How Okta Manages Hundreds of Clusters Daily - Jérémy Albuixech & Kahou Lei, Okta

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 2 | 251

How do you upgrade your K8s clusters? Perhaps a rolling update of nodes, with services moving around? Can you guarantee a zero-downtime upgrade? Will this method scale and support the velocity of production environments? Likely not. But fear not - you are not alone! At Okta, we maintain hundreds of clusters, each hosting >130 services, with node counts ranging from 20-400 and we are updating them daily. How do we do it? Without an out-of-the-box solutions we had to build our own and we want to share what we learned with all of you! In this talk Kahou and Jeremy will go over the challenges and successes, highlighting how their deployment method provides the foundational blocks to build extra features while reducing the blast radius when something goes wrong - thanks to quick rollbacks and a canary rollouts. In this session attendees will learn how we leverage open source technologies to tackle three main problems: how to scale, how to secure and how to upgrade clusters with no downtime.

Speakers

Jérémy Albuixech

Staff Software Engineer, Okta

Jeremy is a Staff Software Engineer at Okta. Starting as a full stack programmer with a good foundation in Javascript, he then gravitated towards a DevOps role and later became a member of the SRE team at Cisco, picking up an IaC, observability and Kubernetes skillset. With the Okta... Read More →

Kahou Lei

Principal Software Engineer, Okta

Kahou Lei is a Principal Software Engineer with a strong background in Cloud infrastructure and Kubernetes. With 20 years of industry experience, he has held significant positions at renowned companies such as Okta and Cisco. Kahou leads critical software engineering initiatives... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 2 | 251

Platform Engineering

Content Experience Level Intermediate

4:55pm MST

SPIFFE the Easy Way: Universal X509 and JWT Identities Using Cert-Manager - Tim Ramlot & Ashley Davis, Venafi

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | 151

SPIFFE is incredible. Each workload is assigned its own universal identity, simplifying the security and management of communications in distributed systems. While SPIRE (the reference SPIFFE implementation) is exceptionally powerful, it is also quite complex. Deploying SPIRE on Kubernetes requires StatefulSets, which can be challenging and frustrating. Many cloud vendors are starting to offer turnkey SPIFFE solutions, but that comes with risk of vendor lock-in. In this talk, we will demonstrate how to use the Cloud Native cert-manager solution to implement SPIFFE (x509 and JWT) with low operational overhead for all Kubernetes workloads. The session includes all you need to know to issue X.509 SVIDs, use them and validate them. Additionally, we will introduce an experimental solution to convert x509 SVIDs into JWT SVIDs. The demo will highlight how to authenticate to third-party APIs (such as AWS, GCP, Azure, and others) using these JWT SVIDs.

Speakers

Ashley Davis

Staff Software Engineer, Venafi

Tim Ramlot

Senior Software Engineer - cert-manager maintainer, Venafi

Tim started working at Venafi as a software engineer after his graduation as computer science engineer at Ghent University. He learned about cert-manager and Venafi through a Google Summer of Code internship. His mission at Venafi is to advance his problem solving skills, whilst contributing... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Intermediate