KubeCon + CloudNativeCon North America 2024: Full Schedule

In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

11:15am MST

Advanced Model Serving Techniques with Ray on Kubernetes - Andrew Sy Kim, Google & Kai-Hsun Chen, Anyscale

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 2 | 255 EF

With the proliferation of Large Language Models, Ray, a distributed open-source framework for scaling AI/ML, has developed many advanced techniques for serving LLMs in a distributed environment. In this session, Andrew Sy Kim and Kai-Hsun Chen will provide an in-depth exploration of advanced model serving techniques using Ray, covering model composition, model multiplexing and fractional GPU scheduling. Additionally, they will discuss ongoing initiatives in Ray focused on GPU-native communication, which, when combined with Kubernetes DRA, offers a scalable approach to tensor parallelism, a technique used to fit large models across multiple GPUs. Finally, they will present a live demo, demonstrating how KubeRay enables the practical application of these techniques to real-world LLM deployments on Kubernetes. The demo will showcase Ray’s powerful capabilities to scale, compose and orchestrate popular open-source models across a diverse set of hardware accelerators and failure domains.

Speakers

Andrew Sy Kim

Software Engineer, Google

Andrew Sy Kim is a software engineer at Google working on Kubernetes and GKE.

Kai-Hsun Chen

Software Engineer, Anyscale

Kai-Hsun Chen is a software engineer on the Ray Core team at Anyscale and the primary maintainer of KubeRay. He is also an open-source enthusiast, as well as a committer and PMC member of Apache Submarine.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 2 | 255 EF

AI + ML

Content Experience Level Advanced

11:15am MST

Unlocking Cost Savings & New Possibilities: Your Guide to Prometheus Remote Write 2.0 - Callum Styan, Grafana Labs & Bartłomiej Płotka, Google

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | Grand Ballroom HJ

Prometheus Remote Write is the protocol used to send Prometheus metrics from Prometheus or any other metric source to compatible remote storage endpoints such as Thanos and Cortex. Remote Write is generally used for metric long term storage, centralization, and cloud services. It also enables users to run Prometheus in an agent mode, reducing local storage requirements. Welcome to Remote Write 2.0! In this talk, Bartek and Callum, Prometheus maintainers and RW2.0 spec. co-authors, will introduce you to the next iteration of the popular protocol which adds more functionality while cutting your egress costs up to 60%, and keeps the previous versions easy-to-implement stateless design! The audience will learn what's changed in the second version of Remote Write, what it unlocks, and how easy it is to update or adopt. Finally, the speakers will share the latest benchmarks and differences with the common alternatives.

Speakers

Bartłomiej Płotka

Senior Software Engineer, Google

Bartek Płotka is a Senior Software Engineer at Google. SWE by heart, with an SRE background, currently working on Cloud Observability. Previously Principal Software Engineer at Red Hat. Author of "Efficient Go" book with O'Reilly. As the co-founder of the CNCF Thanos project and... Read More →

Callum Styan

Senior Software Engineer, Grafana Labs

Callum is a software engineer from Vancouver, Prometheus Team Member/Maintainer, and currently works on Loki at Grafana Labs.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Advanced

12:10pm MST

Building Reliable Cross-Cloud Kubernetes Clusters on Spot Instances with Drafter and PVM - Felicitas Pojtinger, Loophole Labs

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 2 | 255 BC

Building Kubernetes clusters that span across multiple cloud providers prevents vendor lock-in and offers flexibility. Using spot instances can further cut costs by up to 90%, but they can terminate with only 30 seconds' notice. Traditionally, migrating VMs across cloud providers and CPUs to mitigate this has been challenging due to hardware constraints. PVM (Pagetable Virtual Machine) is an experimental kernel technology that changes this by enabling KVM without hardware assistance or emulation. Using the research paper, this session will explain how PVM works and how the open-source Drafter and Firecracker projects can use it to migrate VMs between cloud providers. The session includes a live demo of running Kubernetes components like the Kubelet, CRI, CSI and CNI inside VMs and migrating them in a heterogeneous EC2, GCP, and Azure environment. This allows evacuating a Kubernetes node and network without downtime if a spot instance is terminated or if another provider is cheaper.

Speakers

Felicitas Pojtinger

Software Developer, Loophole Labs

Felicitas Pojtinger is a software engineer working on all things cloud native. She has developed multiple popular OSS projects such as the WebRTC-based overlay networking tool weron, the Go network boot server bofied, the go-nbd library and more. Currently, she does research and development... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Advanced

2:30pm MST

Cilium, EBPF, WireGuard: Can We Tame the Network Encryption Performance Gap? - Daniel Borkmann & Anton Protopopov, Isovalent

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 155 EF

To increase data security for cloud and hybrid cloud deployments, many companies, governments, standards, and tenders require data in transit to be protected. However, network encryption comes at a cost - what is the performance impact and how can we reduce it? In this session, we explore how network encryption can be efficiently enforced with Cilium, eBPF, and WireGuard. We dive deep into Cilium’s integration of WireGuard and elaborate on both the management plane and Cilium’s eBPF datapath. We analyze and benchmark what performance cost one can expect and explore opportunities in the Linux kernel to reduce that price. This talk is for operators and security teams that need to encrypt network traffic, but also want to minimize its overhead. The audience will walk away understanding whether network encryption needs to come at a high toll and whether there are opportunities for optimizations.

Speakers

Daniel Borkmann

Software Engineer, Isovalent at Cisco

Daniel Borkmann co-created eBPF and is a kernel developer at Isovalent working on eBPF, the Linux kernel and Cilium. He is a long-term Linux kernel core contributor in the eBPF and networking subsystem for over a decade and co-maintains eBPF and XDP. In his spare time, he loves to... Read More →

Anton Protopopov

Software Engineer, Isovalent at Cisco

Anton is a software engineer at Isovalent, which is now part of Cisco.Anton is leading a team building new generation of Isovalent products and also participates in developing eBPF-based parts of Cilium stack and on eBPF support in the Linux Kernel.During his career, Anton played... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Advanced

2:30pm MST

Cloud Native Sustainability Speedrun: Tools from Infrastructure to Application Level - Saiyam Pathak, Loft Labs & Saloni Narang, Kubesimplify

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 255 BC

The cloud native sustainability landscape is rising rapidly with new tools that are solving new challenges. This session will provide a quick overview of the latest tools & initiatives within the landscape. The speaker will dive into different sections, from infrastructure to application, and cover tools within the landscape. They will explore key tools like Kepler for energy consumption monitoring, KubeGreen for scaling down deployments, Scaphandre for detailed power usage metrics, & Cloud Carbon Footprint for tracking and reducing carbon emissions. This talk will showcase the practical application of these tools, demonstrating how they can be integrated to create a comprehensive sustainability strategy. Attendees will learn landscape segmentation & how they can use it for their cloud native applications today in order to track & reduce their carbon emissions effectively. This talk will offer how these tools can be used together to make cloud native deployments more sustainable.

Speakers

Saiyam Pathak

Principal Developer Advocate, Loft Labs

Saiyam is working as Principal Developer Advocate at Loft Labs. He is the founder of Kubesimplify, focusing on simplifying cloud-native and Kubernetes technologies. Previously at Civo, Walmart Labs, Oracle, and HP, Saiyam has worked on many facets of Kubernetes, including machine... Read More →

Saloni Narang

Independent DevRel, Kubesimplify

Saloni is working as an independent DevRel, helping companies to form their DevRel strategies. Previously she worked at SAP Labs and has worked on different cloud tools including GCP,Oracle, & AWS. She loves to learn about new open-source tools in the CNCF landscape. She has been... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Advanced

2:30pm MST

Bridging Clouds: TikTok’s Blueprint for Unified OIDC Access on Multi-Cloud Kubernetes - Naveen Mogulla, TikTok

Wednesday November 13, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | 151

As businesses embrace increasingly complex multi-cloud environments, managing access across diverse Kubernetes setups becomes paramount. At TikTok, we faced the challenge of unifying OpenID Connect (OIDC) access for Kubernetes clusters across GKE, EKS, OKE and on-prem clusters each providing different levels of support and integration. This talk will detail our journey to develop a scalable, centralized OIDC framework using a reverse proxy approach, ensuring seamless authentication and authorization across different cloud providers. We will discuss our architectural strategy, highlighting how we leveraged Envoy for request handling and dynamic configuration with external authorization filters to accommodate diverse OIDC implementations. Discover how TikTok overcame identifying OIDC discrepancies among providers to implementing a unified solution that not only simplifies k8s access management but also reinforces security and compliance across our global, multi-cloud infrastructure.

Speakers

Naveen Mogulla

Tech Lead, TikTok

Naveen Mogulla is a Tech Lead at TikTok kubernetes edge platform team. He has worked in Infrastructure engineering for almost 13+ years. He is also the main contributor to the AWS IAM operator in the keiko project. He was part of the Intuit core team which created multiple open source... Read More →

Wednesday November 13, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced

3:25pm MST

Architecting a Data Platform with Open Source Tools - Priyanka J. Naik, Palo Alto Networks Inc

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Grand Ballroom GI

The presentation will focus on - * The architecture of the data streaming platform which we built in Palo Alto Networks using open source tools like Strimzi, Kafka, Kafka Connect, Confluent Community licensed tools like Schema Registry and KSqlDB on K8s for supporting corp risk intelligence, health and compliance. * Application of core software engineering principles in architecting open source data platforms and its benefits * Some drawbacks which were identified in the data platform solutions and how we overcame those.

Speakers

Priyanka J. Naik

Principal Software Engineer, Palo Alto Networks Inc

Priyanka J. Naik is at Palo Alto Networks Inc. where she works on secure networking software. In her career of 17 years, she has worked in Citrix Systems, Appfolio, with projects and work ranging on products like GoToMeeting, GoToTraining, GoToWebinar, and on data platforms. Interests... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Advanced

3:25pm MST

Deep Dive Into Generic Control Planes and Kcp - Stefan Schimanski, Upbound & Mangirdas Judeikis, Cast AI

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 255 BC

The Kubernetes code now allows native construction of generic control planes, without container types and in new form-factors other than your beloved clusters, be it customized apiserver binaries or embedded into other applications. This talk gives an in-depth explanation of what a generic controlplane is, how to construct it, how to extend it with custom types and how to control which native Kube APIs like secrets, configmaps, etc. or mechanisms like resource quota or RBAC are available. Specifically, we will cover 3 variants: 1. single-tenant generic control planes using upstream Kubernetes. 2. multi-tenant generic control planes using kcp to scale horizontally in one process. 3. multi-shard and multi-region generic control planes with focus of backing SaaS services.

Speakers

Stefan Schimanski

Senior Principal Software Engineer, Upbound

Stefan is a Senior Principal Engineer at Upbound working on control planes, Kubernetes, kcp, and as a tech-lead in Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code mentor with CNCF, loves to teach and help people to learn... Read More →

MJ / Mangirdas Judeikis

Staff Engineer, Cast AI

With 10+ years in engineering, tech has been my passion from the start. Graduating in computer networks, I thrive on Go, Kubernetes, and an OpenSource approach. As an SRE practitioner, it's all about owning what you touch. No cloud preference, just adaptability. My motto? "Learn daily... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 255 BC

Emerging + Advanced

Content Experience Level Advanced

4:30pm MST

Kubernetes at Scale: Practical Solutions for Enhanced CNI and Kubelet Performance - Henrique Santana, Amazon Web Services & Bruno Gabriel da Silva, Sysdig

Wednesday November 13, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | 155 BC

In this session, we'll explore challenges faced in maintaining optimal performance for Container Network Interface (CNI) and Kubelet components in Kubernetes clusters. Based on recurring real-world scenarios, we will dive into troubleshooting and mitigations of issues such as IP address allocation delays, registry pull queries per second (QPS), disk throttling. These pose significant impacts on the performance, scalability and stability of Kubernetes clusters. Our discussion will revolve around practical strategies aimed at mitigating such challenges, leveraging multiple block storage volumes, adjusting instance types, tuning registryPullQPS settings, and exploring the benefits of prefix mode for faster IP address allocation. Additionally, we'll examine the role of warm IP pools, and the implications of WARM_ENI_TARGET settings on CNI performance, providing attendees with a comprehensive understanding on how to optimize CNI and Kubelet performance effectively.

Speakers

Bruno Gabriel da Silva

Sr. Solutions Engineer, Sysdig

I have been working as a Solutions Engineer for several years, with my passion for cloud-native technologies igniting around 2018. That year, I transitioned from a traditional IT Windows Sysadmin role to fully embracing DevOps, focusing entirely on Open Source and Cloud. My first... Read More →

Henrique Santana

Sr. Cloud Support Engineer, Amazon Web Service

I'm Containers Specialist with over 15 years of experience in infrastructure operations. Skilled at automating workflows and solving problems through user-centered design and emerging technologies. Currently focusing on containers and container orchestration. Adept at optimizing resource... Read More →

Wednesday November 13, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

5:25pm MST

Misadventures in Large Scale Cluster Performance - Shane Corbett, AWS & Dima Ilchenko, Lacework

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 155 BC

Join us for our follow up to one of the highest rated talks of kubecon 2022 (73,000 pods a day, lessons from misadventures in multi-tenant). We are on a new misadventure, asking the question what if some of the most popular advice about Kubernetes was just...wrong? We spent over two years pouring through 800 page linux kernel performance books, tweaking obscure control plane settings, and developing detailed custom monitoring dashboards so you don’t have to! Join us as we take you through real world findings that took months of research to fully understand, and provide evidence that some of the things we were convinced were best practices, were the very things holding us back the most.

Speakers

Dima Ilchenko

SRE, Lacework

Dima is a staff SRE on a Compute Platform Team focused on troubleshooting, observability and scalability of large-scale Kubernetes platform at Lacework. Lacework's unique features create unique challenges that push Kubenetes to its limits, offering Dima unique perspective into often... Read More →

Shane Corbett

Senior Kubernetes Specialist, AWS

Shane Corbett is a Senior Containers Specialist at AWS focused on helping customers with the finer points of Kubernetes large scale design and performance. When not pushing Kubernetes to extremes you will find Shane pursuing his lifelong obsession of exploring the edge of the extreme... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

11:00am MST

From Silicon to Service: Ensuring Confidentiality in Serverless GPU Cloud Functions - Zvonko Kaiser, NVIDIA

Thursday November 14, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 151

With the widespread adoption of cloud computing, concerns about data privacy and infrastructure security are increasing. This session will focus on confidential cloud functions, including serverless environments and GPU-accelerated workloads, to ensure the security of your code and data within the cloud infrastructure. We will explore technologies such as hardware-based Trusted Execution Environments (TEEs) and confidential computing. In addition, we will cover hardware and software attestation to guarantee integrity from the silicon level upwards, complete stack attestation for end-to-end trust, and supply chain security to trace and verify all application components. Participants will learn practical steps to implement confidential serverless functions, utilizing GPUs for high-performance computing while ensuring data integrity and privacy. Join us to discover how to innovate securely, build your own secure cloud functions infrastructure, and enhance your cloud security posture.

Speakers

Zvonko Kaiser

Principal Systems Software Engineer, NVIDIA

Zvonko is a Principal Systems Engineer at NVIDIA, working on the Cloud Native Technologies team. Focusing right now on all things related to confidential computing, especially in the context of accelerators.

Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced

2:30pm MST

Running WebAssembly (Wasm) Workloads Side-by-Side with Container Workloads - Jiaxiao Zhou, Microsoft

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 255 EF

Sidecar containers are a powerful Kubernetes design pattern, running alongside the main application within the same pod to provide supporting features like observability, configuration and communication. However, sidecars can be resource-intensive, adding up to high CPU, memory and network bandwidth usage. WebAssembly (Wasm) offers a solution with its low resource usage and minimal memory footprint compared to Linux containers. Its quick start-up time enables scale-to-zero capability, making it a perfect fit for sidecar containers. The Containerd Runwasi project extends the sidecar pattern by enabling Kubernetes-native deployment and management of Wasm workloads.This talk will show how you can get started deploying Wasm sidecars to support your primary services with additional functionality. It will conclude with a demo of integrating these Wasm sidecars with your existing sidecar framework, whether that be Service Mesh or Dapr. Tune in to see Wasm sidecars on Kubernetes!

Speakers

Jiaxiao Zhou

Software Engineer, Microsoft

Jiaxiao (Joe) Zhou is a Software Engineer at Microsoft. He is on the Azure Container Upstream team and works on bringing WebAssembly to the cloud through projects like "runwasi", "SpiderLightning", and "containerd-wasm-shims". He is a Recognized Contributor to the Bytecode Alliance... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Advanced

2:30pm MST

Exceeded Your Validation Cost Budget? Now What? - Joel Speed, Red Hat

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

With the introduction of the common expression language (CEL) for writing complex validations, this is also brought in validation cost budgeting. It can be easy to violate this budget and difficult to work out how to reduce your validation cost. This talk with dive into the runtime cost budgeting and help to prevent those pesky errors! In this talk, we will cover the basics of CEL to set some groundwork before taking a look at some relatively simple CEL validations that cause the API server to reject your CRD definition. We will look at why the API server suggests that the runtime cost is over 100x the allowable cost budget, exploring how it came to that conclusion, and what you need to know when building your own APIs to be able to prevent that from happening. When you walk away from this talk, you should understand the various factors that contribute to your CEL runtime cost and be able to prevent errors in the future, improving CRD validation one field at a time!

Speakers

Joel Speed

Principal Software Engineer, Red Hat

Joel has been working with Kubernetes and building controllers since 2017. Joel cut his teeth with Kubernetes as an SRE, before eventually moving into full software development at Red Hat where he leads the Cluster Infrastructure team, responsible for both Cloud Controller Managers... Read More →

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Advanced

3:25pm MST

Orchestrating Quasi-Real Time Data Processing in the Computing Farm of the ATLAS Experiment at CERN - Giuseppe Avolio, CERN

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 155 BC

What has Kubernetes got to do with a High Energy Physics experiment collecting one million physics events per second at a data rate of 5 TB/s? That is what we would like to show you! The ATLAS experiment at CERN filters one million complex collision signatures per second provided by the Large Hadron Collider in quasi real-time, using a mixture of custom electronics and a large computing farm (the Event Filter – EF – farm) consisting of up to 5000 commodity servers. In this talk, we will tell you how we are going to exploit Kubernetes to orchestrate the ATLAS EF computing farm. In particular, we will focus on the strategy and optimizations we put in place in order to start more than 25000 PODs over more than 2500 worker nodes in about 50 seconds. We will also show the impact of the Kubernetes Scheduler and Controller Manager QPS values on POD start and stop throughputs and we will report about how custom scheduler profiles allow us to schedule PODs at an average rate of about 500 Hz.

Speakers

Giuseppe Avolio

Dr., CERN

Giuseppe Avolio is a physicist working at CERN, with almost 20 years of experience in the field of Data Acquisition (DAQ) systems for High Energy Physics experiments. He is member of the ATLAS collaboration, and he is currently responsible for coordinating the ATLAS DAQ system upgrade... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

4:30pm MST

WASM + KWOK Wizardry: Writing and Testing Scheduler Plugins at Scale - Dejan Pejchev & Jonathan Giannuzzi, G-Research

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 255 EF

In the world of Kubernetes, optimizing scheduler performance is key to maximizing cluster efficiency. This session dives into building custom Kubernetes scheduler plugins using WebAssembly and leveraging KWOK to test their performance. We'll begin by introducing the fundamentals of Kubernetes scheduling and the unique advantages of WebAssembly, such as fast startup times and secure sandboxing. We will show how the kube-scheduler-wasm-extension project can be used to create custom scheduling logic easily. Next, we'll explore KWOK (Kubernetes WithOut Kubelet), a tool that simulates Kubernetes clusters for testing and benchmarking purposes. Through hands-on examples, we'll demonstrate how to set up KWOK, create realistic test environments, and gather performance metrics to fine-tune your custom scheduler plugins.

Speakers

Jonathan Giannuzzi

Open Source Evangelist, G-Research

Dejan Zele Pejchev

Open Source Engineer, G-Research

Dejan is a seasoned Software Engineer with over 8 years of experience building and scaling distributed systems and an advocate of open source & Kubernetes-native solutions. Dejan is also a maintainer of Armada, the Kubernetes multi-cluster batch scheduling tool, Testkube, the Kubernetes-native... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Advanced

4:30pm MST

GÖDel Scheduler: A Unified Scheduler for Online and Offline Workloads - Bing Li, Yue Yin & Lintong Jiang, ByteDance

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Gödel Scheduler, developed by ByteDance, has been open-sourced as a unified system for managing online and offline workloads efficiently. Created to surpass the capabilities of Kubernetes' default scheduler, it enhances resource utilization, operational efficiency, and scheduling throughput. Key features include optimistic concurrency, a two-layer scheduling abstraction, and a robust dispatcher and binder system. Gödel Scheduler aims to improve cloud-native experiences and reduce operational burdens, catering to ByteDance’s extensive and diverse computing needs. Join us to explore how Gödel Scheduler can revolutionize your workload management strategy, ensuring efficient and reliable operations across your cloud-native infrastructure.

Speakers

Yue Yin

ByteDance

Lintong Jiang

ByteDance

Bing Li

Senior Software Engineer, ByteDance

Software Engineer at ByteDance CloudNative Infrastructure, building Gödel.

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Advanced

5:25pm MST

What if Kubernetes Was a Compiler Target? - David Morrison, Applied Computing Research Labs & Tim Goodwin, UC Santa Cruz

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 2 | 255 EF

Multi-tier programming is a classic concept from the programming languages community, which provides abstractions for building multiple layers of a distributed application at once. For example, there might be a “presentation” tier that displays a user interface, a “data” tier that interacts with a backing database, and a “business logic” tier that connects the two, all of which can be expressed succinctly as part of the same program and compiled into independently-deployable units. However, Kubernetes has pushed modern software development in the opposite direction: SOA applications are composed of hundreds of independent units of code, often written in different languages and development environments. In this talk we provide an overview of multi-tier programming and how it might apply to software development on Kubernetes. We also present a prototype “Kubernetes compiler” that can turn a monolithic codebase into a distributed application that runs on top of Kubernetes.

Speakers

David Morrison

Applied Computing Research Labs

Tim Goodwin

PhD Student, UC Santa Cruz

I am a 3rd year PhD student in the LSD lab at UC Santa Cruz. I am broadly interested in distributed systems and the abstractions we use to build them. I focus on cloud-native programming models and the challenges they present to developers, and my current research is focused on Kubernetes... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 2 | 255 EF

Emerging + Advanced

Content Experience Level Advanced

5:25pm MST

Pod Power: Liberating Kubernetes Users from Container Resource Micromanagement - Dixita Narang, Google & Peter Hunt, Red Hat

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 155 BC

In the dynamic world of Kubernetes, efficient resource management is crucial for optimizing performance and costs. Traditionally, managing resource requests and limits in Kubernetes has focused on individual containers within a pod. While this approach offers granular control, it can become cumbersome and error-prone, particularly for complex applications with multiple containers. Join us as we'll examine the challenges and scalability limitations posed by container resource micromanagement resource allocation. To address this issue, the pod-level feature specification is introduced. In this session, we'll delve into the transition towards pod-level resource specifications, providing an intuitive method for defining resource requests and limits at the pod level, in conjunction with the existing container-level settings. This innovative approach offers enhanced flexibility and optimized resource utilization for a variety of workloads, including those with init containers and sidecars.

Speakers

Peter Hunt

Senior Software Engineer, Red Hat

Peter Hunt is a Senior Software Engineer working at Red Hat. Passionate about free software, Peter focuses on maintaining CRI-O, attending SIG node, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, gardening, and dancing.

Dixita Narang

Software Engineer, Google

Dixita Narang is a Software Engineer at Google on the Kubernetes Node team. With a primary focus on resource management within Kubernetes, Dixita is deeply involved in the development and advancement of the Memory QoS feature, which is currently in the alpha stage. She is a new contributor... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 155 BC

Operations + Performance

Content Experience Level Advanced

11:00am MST

Powering Automatic Authorization in Envoy Through Live Traffic Inspection - Dom Del Nano, Pixie core maintainer

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | 151

The dynamic nature of today’s environments coupled with the importance of data privacy has made AuthN/Z crucial for safeguarding sensitive data. However, many large scale environments existed before these best practices and tooling were commonplace. Retrofitting systems requires a deep understanding of service to service access patterns and requires significant effort to achieve least privilege access. While service dependencies are often difficult to track, the rise of zero instrumentation Observability tools has eased access to this data, providing a potential baseline for AuthZ rules. Projects such as CNCF Pixie and Hubble expose language agnostic protocol traces providing full visibility of their environments. Pixie even supplies access to the span payloads making L7 analysis possible. In this talk, we present a case study of using Pixie to generate OPA policies for Envoy AuthZ using real traffic. This approach provides a starting point for scoping permissions on a L7 basis.

Speakers

Dom Del Nano

Dom Delnano, Pixie core maintainer

Dom is a Principal Software Engineer at New Relic working on the Pixie open source project, which provides observability to Kubernetes applications through eBPF based auto instrumentation. Prior to his full time work on Pixie, Dom was at Twitter scaling its internally developed time... Read More →

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced

4:00pm MST

SPIFFE Deployments in Non-Kubernetes Environments - Nadin El-Yabroudi & Eli Nesterov, SPIRL

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | 151

The SPIFFE ideology is that workloads running in all types of environments can be issued an identity. However, in practice most deployments have focused on workloads in Kubernetes and there are few examples of SPIFFE being used in non-cloud native environments. In this talk we’ll explore SPIFFE deployments on a Linux environment. What does attestation for these types of workloads look like? How can you provide an identity to a bash script that cannot open a socket connection to the Workload API? We’ll focus on describing some of the existing challenges to non-Kubernetes SPIFFE deployments and provide some ideas for how to solve them.

Speakers

Nadin El-Yabroudi

Software Engineer, SPIRL

Nadin is a founding engineer at SPIRL where she’s currently focused on building a new implementation of the SPIFFE specification. Before working on machine identity Nadin worked as a Security and Systems Engineer at Cloudflare where she worked on securing Cloudflare’s 200+ datacenters... Read More →

Eli Nesterov

CTO, SPIRL

Eli Nesterov is a co-founder at SPIRL. He spent years in security research and engineering, building and scaling security products at TikTok, Facebook, ShapeSecurity, and F5 Networks. He built the world's largest SPIFFE/SPIRE deployment with over 1M nodes. Eli shares his knowledge... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Advanced