KubeCon + CloudNativeCon North America 2024: Full Schedule

In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

5:35pm MST

⚡ Lightning Talk: CloudEvents as APIs - Evan Anderson, Stacklok

Tuesday November 12, 2024 5:35pm - 5:40pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Most of us are familiar with tools like gRPC and OpenAPI for modelling synchronous calls between different applications or microservices. Sometimes, the right way to extend an application is through an asynchronous notification, or an event. CloudEvents is a CNCF project to standardize the format of asynchronous notifications, to make it easier for different projects and applications to communicate. CloudEvents is an envelope to make it easy to exchange asynchronous messages; in this talk, I'll highlight three useful patterns to leverage CloudEvents to connect applications, using examples from Stacklok's own experience.

Speakers

Evan Anderson

Software Engineer, Stacklok

Co-founder and maintainer on Knative project. Member of sigstore-oncall. Previously worked on Google Compute Engine and Serverless (App Engine, Functions) and in SRE. Principal engineer at Stacklok. Ex-Google, ex-VMware. Author of Building Serverless Applications on Knative by O'Reilly... Read More →

Tuesday November 12, 2024 5:35pm - 5:40pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

⚡ Lightning Talks, SDLC (Software Development Lifecycle)

Content Experience Level Beginner

5:40pm MST

⚡ Lightning Talk: Effortless, Sidecar-Less Mutual TLS and Rich Authorization Policies up and Running in 5 Minutes - Lin Sun, solo.io

Tuesday November 12, 2024 5:40pm - 5:45pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

Do you need zero trust or mutual TLS (mTLS) among your application pods? You may be able to manage certificates within your applications, but how would you handle automatic periodic certificate rotation? The evolution of sidecar-less service mesh technology enables mTLS among application pods with just a simple namespace label. No sidecars or application pod restarts are required. This approach provides immediate benefits, including cryptographic identity for application pods, and ensures session-based data confidentiality and integrity in pod communications. In just 5 minutes, Lin will demonstrate live how developers and operators can effortlessly enforce mTLS and rich Layer 7 (L7) authorization policies without any sidecars!

Speakers

Lin Sun

CNCF TOC member and Head of Open-Source at solo.io, solo.io

Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →

Tuesday November 12, 2024 5:40pm - 5:45pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

⚡ Lightning Talks, Security

Content Experience Level Beginner

6:00pm MST

⚡ Lightning Talk: Kubernetes for Simulated Hardware in Radio Astronomy - Barbara Ojur, SARAO & Abednigo Matiba Lethole, South African Radio Astronomy Observatory(SARAO)

Tuesday November 12, 2024 6:00pm - 6:05pm MST

Hyatt Regency | Level 4 | Regency Ballroom BCD

We use Kubernetes to deploy simulated hardware devices for the Square Kilometer Array (SKA), the world's largest radio telescope. The SKA has an Integrated Testing Facility (ITF) that tests subsystems before field deployment. One of those systems is our main focus for this lightning talk called the Dish Local and Monitoring and Control (LMC) system, which manages mid-frequency operations. Key Lightning Talk Points: - Dish LMC Components: Control, Monitoring, Communication Interface. - Kubernetes Utilization: - k9s: Manages and monitors deployments. - Networking: Simulates communication pathways. - Logging: Captures and analyzes system logs. Goals: - Presentation Aim: Share experiences and inspire adoption of our strategies. - Audience Takeaway: Understand Kubernetes' role in managing complex simulations. - Ecosystem Impact: Improve best practices and drive innovation.

Speakers

Abednigo Matiba Lethole

MR, South African Radio Astronomy Observatory(SARAO)

Abednigo Matiba Lethole is a Junior Software Engineer with over 2 years of experience at the South African Radio Astronomy Observatory (SARAO). Specializing in software development and radio astronomy applications, Abednigo is dedicated to advancing technological solutions in the... Read More →

Barbara Ojur

Miss Barbara Ojur, SARAO

Barbara Apili Ojur is a software engineer from South Africa, Cape Town. She works for the South African Radio Astronomy Observatory and is seconded to the Square Kilometer Array Observatory which is an intergovernmental project, including countries such as Spain and Italy to mention... Read More →

Tuesday November 12, 2024 6:00pm - 6:05pm MST
Hyatt Regency | Level 4 | Regency Ballroom BCD

⚡ Lightning Talks, SDLC (Software Development Lifecycle)

Content Experience Level Beginner

11:15am MST

Behind Schedule: Pod Resource Configuration from Beginning to... Huh? - Joe Thompson, Platform9

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 2 | 251

Pod resource requests, limits and priority are some of the most fundamental concepts of Kubernetes clusters, and they're easy to understand: if nodes have the resources you need, you get scheduled, and if not, you don't... right? Joe will walk you through some of the surprising behaviors you may encounter with the seemingly basic rules that Kubernetes follows when scheduling and running pods -- and how those rules themselves may not be what you think! We'll dig into eviction and preemption (and why the difference matters) and why priority sometimes doesn't solve the problems you think it will. We'll finish with recent changes to pod resource management that are upending long-standing basics of pod scheduling, particularly the in-place pod resizing feature alpha-released in the last few versions of Kubernetes. You'll leave with a deeper understanding of the (not-so-) simple mechanics, as well as how to debug them when things get messy.

Speakers

Joe Thompson

Technical Product Marketing Manager, Platform9

Joe Thompson's IT career is near the end of its third decade. He's been part of the cloud-native community since 2014, starting with OpenStack and adding Kubernetes a few months after it debuted. He's spoken at KubeCon, Cloud Native Rejekts and many local meetups and enjoys showing... Read More →

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

11:15am MST

All Your Routes Are Ready, More or Less - Dave Protasowski, Broadcom

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | 155 EF

Gateway API is the official next gen Kubernetes API for Ingress, Load Balancing and Service Meshes. Many proxies implement the API and pass conformance with glowing colours! But what is it really like to use the API? What isn't covered by the conformance tests that end-users should know. In the talk we'll highlight our experience adopting the Gateway API in the Knative Serving project. We'll talk about the problems we encountered and how we addressed them. Come to the talk and we'll pit some implementations against each other and show some numbers!

Speakers

Dave Protasowski

Staff Engineer, VMware/Broadcom

Dave Protasowski is part of Knative Technical Committee and a Serving Working Group Lead. During the night he works at VMware/Broadcom. Prior he worked on Cloud Foundry things at Pivotal.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Beginner

11:15am MST

All-Your-GPUs-Are-Belong-to-Us: An Inside Look at NVIDIA's Self-Healing GeForce NOW Infrastructure - Ryan Hallisey & Piotr Prokop PL, NVIDIA

Wednesday November 13, 2024 11:15am - 11:50am MST

Salt Palace | Level 1 | Grand Ballroom BDF

GeForce Now is a game streaming platform used by 20+ million gamers worldwide. Kubernetes is at the core of its infrastructure powering game workloads and other containerized services and tools. The infrastructure includes many regional clusters with 10s of thousands of GPUs capable of supporting 100s of thousands concurrent gamers. To operate a large Kubernetes infrastructure efficiently, NVIDIA built a GPU maintenance API to enable automated lifecycle management of critical infrastructure components. When combined with a few operators, this API facilitates planning and coordination of crucial driver, GPU, and Kubernetes upgrades at an unprecedented scale, as well as empowering self-healing operators to detect and remediate failures to avoid outages. In this talk, we will share: - How K8s and KubeVirt powers Nvidia GeForce Now - Nvidia’s GPU Maintenance API solution - NVIDIA’s vision for doing automated GPU maintenance at scale in K8s

Speakers

Ryan Hallisey

Software Engineer, NVIDIA

Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.

Piotr Prokop

Senior Software Engineer, NVIDIA

Piotr is a Senior Software Engineer at NVIDIA. He works on running high performance workloads powered by Kubernetes for NVIDIA products.

Wednesday November 13, 2024 11:15am - 11:50am MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Beginner

11:15am MST

Tutorial: A Mad Scientist's Guide to Automating CNI with Generative AI - Doug Smith, Red Hat, Inc

Wednesday November 13, 2024 11:15am - 12:45pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Ready to make Kubernetes networking a little easier and a lot more fun? Join Doug for an experiment in configuring CNI (Container Networking Interface) using generative AI. Despite being advised by data scientists to avoid automating machine configurations with generative AI, Doug went into the mad scientist's lab (err, basement) and tested how often a workflow could generate CNI configurations that would establish network connectivity between pods – and the success rate might surprise you. In this session, you'll automate CNI configurations using a large language model (LLM) and gain experience with a nifty tech stack: Ollama for running a containerized LLM, Kubernetes, CNI, and some script wizardry to create your own auto-configurator. Best yet? No prior CNI or AI/ML knowledge needed, and you'll learn along the way! Just in case, have contingency plans ready should any Skynet or Space Odyssey 2001 scenarios arise during the tutorial.

Speakers

Doug Smith

Principal Engineer, Red Hat, Inc

Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →

Wednesday November 13, 2024 11:15am - 12:45pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Cloud Native Novice

Content Experience Level Beginner

12:10pm MST

When Life Gives You Containers, Make an Open Source RDS: A Kubernetes Love Story - Sergey Pronin, Percona

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | Grand Ballroom GI

This isn't your typical technical talk. We'll take you on a step-by-step adventure, starting from a humble single database in a container and adding components one by one, just like we did. You'll witness firsthand how we tackled real-world challenges, from storage and scaling to monitoring and UI design, to create an Open Source Cloud Native database platform. You'll walk away with a deep understanding of how Kubernetes can be used to orchestrate complex and stateful applications (like databases clusters). Join us and discover how you can break free from vendor lock-in, save costs, and build a database that's truly yours. This is your chance to learn from our triumphs and tribulations, and be inspired to create your own open source success story.

Speakers

sergey pronin

Product guy, Percona

Sergey is a passionate technology “driver”. After graduation worked in various fields: internet service provider, financial sector and M&A business. Main focal points were infrastructure and products around it. At Percona as a Group Product Manager drives forward Kubernetes and... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Beginner

12:10pm MST

Towards Zero Change Incidents: Intuit's Strategy for Implementing AI-Driven Progressive Delivery - Avik Basu & Saravanan Balasubramanian, Intuit

Wednesday November 13, 2024 12:10pm - 12:45pm MST

Salt Palace | Level 1 | Grand Ballroom HJ

At Intuit, rapid development is essential for swift feature updates and fixes. Yet, 33% of last year's incidents were due to new deployments, highlighting the need for a progressive delivery system with automated rollback capabilities. However, traditional static thresholds fall short for Intuit's ~2500 services, each with unique patterns across multiple key performance metrics. To tackle this, Intuit has implemented an ML-based progressive delivery system that utilizes Prometheus to monitor multivariate metrics, offering a comprehensive view of application health and performance during deployments. The talk will present a case study application, identify its critical metrics, and showcase how Intuit leverages Numaproj and its out-of-the-box ML models to generate anomaly scores during deployments using Argo Rollouts. This strategy enables Intuit to quickly identify and address issues using AIOps techniques, ensuring a smooth and dependable customer experience.

Speakers

Saravanan Balasubramanian

Staff Software Engineer, Intuit

Bala is the lead engineer and maintainer in Argo workflow project , Intuit- leading Argo workflow project for open source community and Intuit.

Avik Basu

Staff Machine Learning Engineer, Intuit

Avik is a data scientist and machine learning engineer with expertise across multiple ML domains such as computer vision, natural language understanding, reinforcement learning, and time series. Currently, he leads the machine learning initiatives for open-source AIOps at Intuit... Read More →

Wednesday November 13, 2024 12:10pm - 12:45pm MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Beginner

3:25pm MST

Create & Distribute a Plugin for Kubernetes (Kubectl) in Few Minutes? Easy! 🙂 - Aurélie Vache, OVHcloud & Gaëlle Acas, Doctolib

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 251

Kubectl is the most powerful tool that allow you to interact with the API Server of a Kubernetes cluster. We use it everyday to list the pods, deploy a service, scale a deployment to 5 replicas... but do you know that you can add custom features to the kubectl CLI? Indeed, Kubernetes is an extensibe world that allows you to extends most of its components (Network, Storage, Container runtime, webhooks … ) and even the kubectl CLI. In this talk, Gaëlle and Aurélie will show you how it can be easy to create a plugin in a few minutes. For that, they will create, in live, a plugin in Bash, to make our pods more user-friendly. But that's not all! The goal of this talk is also to share our awesome plugin with others and for that, Krew is “The place to be”. At the end of this talk you will have all the marbles in hand in order to be able to create & share your own plugin to the world or only to your internal teams. Ready? Create your own plugins!

Speakers

Gaëlle Acas

Site Reliability Engineer, Doctolib

Site Reliability Engineer at Doctolib & co-organiser of the CNCF Nantes meetup. As a cloud addict, I love playing with containers, surfing Dev&Ops skills and juggling the world of serverless. I also love to share and pass on my passion for code to our kids.

Aurélie Vache

Developer Advocate, OVHcloud

Aurélie is a CNCF Ambassador, a Docker Captain & Google Developer Expert. She created a new visual way to learn & understand Cloud technologies: "Understanding Kubernetes/Istio/Docker in a visual way" in sketchnotes, books and videos. She has been working as a Developer & Ops for... Read More →

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

3:25pm MST

Extending the Gateway API: The Power and Challenges of Policies - Kate Osborn, NGINX

Wednesday November 13, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | 155 EF

From the beginning, the Gateway API has been designed to be extensible. With over 25 implementations to date, it’s crucial that these implementations have a way to support implementation-specific features without resorting to annotations. Among the various ways to extend the Gateway API, the Policy Attachment mechanism stands out as the most potent and challenging. In this session, we will explain what Policy Attachment is and share the lessons we learned at NGINX when implementing our own Policies. You will learn about: - The difference between direct and inherited policies. - How policy inheritance and merging works. - Corner cases, such as conflicting policies and invalid target refs. - Techniques to verify if a policy has been successfully applied. - Strategies for troubleshooting policies. We will show you examples of Gateway API policies as well as policies from multiple Gateway API implementations.

Speakers

Kate Osborn

Software Engineer, NGINX

Maintainer of NGINX Gateway Fabric. Kubernetes enthusiast since 2018.

Wednesday November 13, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Beginner

5:25pm MST

Conquering Configuration Constraints: Real-World Patterns for Distributing Data at Scale in Kubernet - Daniel Hrabovcak, Google

Wednesday November 13, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | Grand Ballroom GI

Did you know that major Cloud providers cap the amount of volumes you could attach to a node? You may be tempted to use a ConfigMap or a Secret instead; however, did you know that Kubernetes caps the size of all resources to 1 MiB? What if you need arbitrarily large data? After all, reaching these limits may effectively render your application completely useless and for commonly used operators, constraints are exacerbated. In this talk, we cover all built-in storage mechanisms and their pitfalls. Not only can your data be large, but what about auto-scaled workloads which access the same data? We explore patterns that we at Google explored while working on our open source Prometheus operator, including: variable expansion, compression, sharding, projected volumes and dynamically mounting resources. We discuss how to shape the user configuration surface and how to make your data available at scale. Especially a must-see for anyone distributing configurations in their operator!

Speakers

Daniel Hrabovcak

SWE, Google

Daniel Hrabovcak is a software engineer at Google working within Cloud Monitoring to build Google Cloud’s Managed Service for Prometheus. Daniel’s love of coding has lasted a decade, touching on open-source game development and a previous career in full stack development, giving... Read More →

Wednesday November 13, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | Grand Ballroom GI

Data Processing + Storage

Content Experience Level Beginner

6:00pm MST

🪧 Poster Session: Revolutionizing Windows Container Startup Performance - Tina Wu & Shaheed Chagani, Microsoft

Wednesday November 13, 2024 6:00pm - 8:00pm MST

Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

Are you frustrated by Windows container delays and struggling to meet demand spikes? We are excited to introduce a suite of innovations that will revolutionize your Windows container startup and scaling experience. Conventional Windows container image download, import, and launch processes have long suffered from sluggishness and inefficiencies. By leveraging a new storage stack, CimFS & UnionFS, we anticipate a 30%+ improvement in container image import and launch times. Building on top of that, we are excited to announce Artifact Streaming for Windows Containers to drastically reduce image download time from minutes to seconds. This session will showcase an in-depth exploration of the architecture, implementation intricacies, and tangible benefits of the new storage stack. We will also guide you through compelling use cases and performance benchmarks that highlight the impact. Don't miss the opportunity to stay at the forefront of Windows container technology innovations.

Speakers

Shaheed Chagani

Principal Software Engineering Lead - Microsoft, Microsoft

Principal Software Engineering Lead for the File System Virtualization team.

Tina Wu

Senior Product Manager, Microsoft

Tina is a Senior Product Manager on the Windows Storage & File Systems team and works on technologies such as Artifact Streaming for faster image downloads for Windows Containers, CimFS & UnionFS for a modern container launch stack, and Storage Spaces for storage virtualization.

Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase

🪧 Poster Sessions, Operations + Performance

Content Experience Level Beginner

11:00am MST

Tutorial: Kubernetes Smart Scaling: Getting Started with Karpenter - Changsu Lee & Raj Saha, AWS; Wilson Darko & Charlie McBride, Microsoft; Praseeda Sathaye, Amazon

Thursday November 14, 2024 11:00am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Karpenter is an open-source node provisioner that simplifies infrastructure management for Kubernetes clusters. It automatically launches the right compute resources to handle application demands, allowing you to leverage the cloud's elastic capabilities with fast and simple provisioning. This hands-on workshop will guide you through setting up Karpenter in your Kubernetes clusters, how Karpenter automatically responds to changes in application load, scheduling and resource requirements, and placing new workloads onto available compute capacity. Additionally, you'll explore how Karpenter reduces cluster costs by removing under-utilized nodes, replacing expensive nodes with cheaper alternatives, and consolidating workloads onto efficient resources. Throughout the workshop, you'll gain hands-on experience with Karpenter's advanced capabilities, such as evaluating scheduling constraints, enabling continuous optimization through consolidation, and managing drift for day-2 operations.

Speakers

Wilson Darko

Microsoft

Praseeda Sathaye

Principal Specialist Solution Architect, Amazon (AWS)

Praseeda Sathaye is a Principal Specialist SA for App Modernization and Containers at Amazon Web Services based in Bay Area California. She has been focused on helping customers speed their cloud-native adoption journey by modernizing their platform infrastructure, internal architecture... Read More →

Chance Lee

Sr Container specialist Solutions Architect, AWS

Chance Lee is a Sr. Container Specialist Solutions Architect at AWS based in the Bay Area. He helps customers architect highly scalable and secure container workloads with AWS container services and various ecosystem solutions. Prior to joining AWS, Chance was an IBM Lab Services... Read More →

Raj Saha

Principal Solutions Architect, AWS

Raj is the Principal Specialist SA for Containers, and Serverless at AWS. Rajdeep has architected high profile Kubernetes applications serving millions of customers. He is a published instructor on Kubernetes, Serverless, DevOps, and System Design, has published blogs, and presented... Read More →

Charlie McBride

SDE 2, Microsoft

Summa Cum Laude graduates from the University of Washington. I've been emersed within cloud containerization first interning at AWS within Elastic Container Registry, before going to a full-time position at Azure Kubernetes Services. The cloud feels like a natural home, where I'm... Read More →

Thursday November 14, 2024 11:00am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Operations + Performance

Content Experience Level Beginner

11:55am MST

Scratching the Surface: Simulating K8s in MIT Scratch - Mitch Connors, Microsoft & Jude Connors, Independent

Thursday November 14, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 251

Why would anyone re-implement Kubernetes from scratch? And why use Scratch, the graphical programming language from MIT? The best way to understand a machine is to take it apart and put it back together again, but how can we apply this to Kubernetes, which isn’t so easy to take apart? In the code, one is quickly overwhelmed with the nuances of protobufs, channels, and goroutines. Examples can be equally perplexing: why, exactly, would I cuddle a kube? Come see K8s through the eyes of a 14-year-old, re-creating core k8s components in their simplest form with Scratch. Topics include Explain It Like I’m 14 (because one of us is), some surprising things we learned (even after years of working with k8s), and how to pass the torch to the next generation. New users will learn Kubernetes by breaking it down into simple controllers, and veteran contributors will be empowered to tackle the most difficult task of all: explaining your job to your children.

Speakers

Mitch Connors

Principal Software Engineer, Microsoft

Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →

Jude Connors

Professional 14 Year Old, Unemployed

Jude is a freshman in high school with a passion for puzzles, music, and games of every sort.

Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

2:30pm MST

Solving the Kubernetes Networking API Rubik's Cube - Doug Smith & Surya Seetharaman, Red Hat; Shane Utt, Kong; Lior Lieberman, Google

Thursday November 14, 2024 2:30pm - 3:05pm MST

Salt Palace | Level 2 | 251

AI/ML use cases are steering the Kubernetes wheel in exciting directions. If you’re interested in networking, it might be having a bigger impact on changes to core Kubernetes than you think. Are you hearing the acronyms DRA (Dynamic Resource Allocation) and KNI (Kubernetes Networking Interface) a LOT in the ecosystem lately and wondering how they are connected to AI/ML-Networking, Multi-Networking and CNI? We love the GPU allocation aspects of DRA - but did you know there are considerations for allocating hardware devices for networking too? You might be familiar with CNI - but have you come across the KNI effort to build a standardized set of Kubernetes Networking APIs? For those who are new to Kubernetes networking, trying to solve this networking Rubik’s cube can feel overwhelming. Join us for a fun and informative session where we'll simplify the landscape and help you fit the puzzle pieces together. Leave with confidence to navigate and contribute in this rapidly evolving space.

Speakers

Doug Smith

Principal Engineer, Red Hat, Inc

Surya Seetharaman

Principal Software Engineer, Red Hat Inc.

Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Principal Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems... Read More →

Shane Utt

Senior Principal Software Engineer, Red Hat

TODO

Lior Lieberman

Site Reliability Engineer, Google

Lior is site reliability engineer at Google working on Google Compute Engine. He is a leading maintainer of ingress2gateway, and an active contributor to Kubernetes SIG network focused on Gateway API.

Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

3:25pm MST

Unlocking the Future of GPU Scheduling in Kubernetes with Reinforcement Learning - Nikunj Goyal, Adobe Systems & Aditi Gupta, Disney Plus Hotstar

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 1 | Hall DE

Scaling up Multi GPU setup using Kubernetes for large scale ML projects has been a hot topic equally stressed upon among both the AI and cloud community. While Kubernetes is able to providing computing power by scheduling GPU nodes, certain issues like resource fragmentation and low utilization plague the performance and results in cost issues. Why Reinforcement Learning (RL) in particular one would ask. Unlike the other algorithms, RL shines in its unique ability to continuously adapt to changing environments and efficiently handle Complex and Multi-dimensional Objectives making it particularly suitable for the dynamic and heterogeneous nature of Kubernetes clusters. In this talk, we shall explore the current landscape of GPU scheduling and some state of the art RL algorithms proposed for scheduling. Their current impact on Kubernetes and the possible use of RLHF shall be dived deep into. We hope that audience gain more insights into these new ways of scheduling GPUs on Kubernetes.

Speakers

Aditi Gupta

Aditi Gupta, Software Developer at Disney + Hotstar, Disney Plus Hotstar

I'm Aditi Gupta, a Software Developer Engineer at Disney+ Hotstar. Graduated from Asia's largest tech college for women, Indira Gandhi Delhi Technical University,I've been deeply immersed in cloud-native technologies and AI/ML advancements. Skilled in containerisation, micro-service... Read More →

Nikunj Goyal

Developer at Adobe, AI and Machine Learning Specialist, Adobe Systems

Hi, I am Nikunj Goyal, working as a developer at Adobe and a Maths major from IIT Roorkee. I am working with AI and Machine Learning for some time mainly with Generative AI and graph based methods. I am a core part of Text-to-vector generation team at my org and previously worked... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Beginner

3:25pm MST

Tackling GPU Shortages and High Costs by Harnessing Hybrid Kubernetes Clusters - Xiaoman Dong & Alex Pucher, Parasail

Thursday November 14, 2024 3:25pm - 4:00pm MST

Salt Palace | Level 2 | 255 BC

In the era of supporting AI and large language models, acquiring GPU supplies from major cloud providers is challenging and expensive. Meanwhile, a significant supply of affordable GPU resources is emerging from various third-party providers. Hybrid Kubernetes clusters are the perfect solutions to integrate these GPUs into existing services built on large cloud providers. At our startup focusing on cloud infrastructure, we have created numerous hybrid Kubernetes clusters based on K3s and P2P VPN using the Wireguard protocol. With this setup, we have successfully integrated more than ten sources of GPUs from different geographical locations, achieving nearly unlimited on-demand GPU resources while reducing GPU costs by 2x-4x. In this talk, we will discuss the architecture, pros and cons, requirements, and limitations of pure hybrid Kubernetes clusters for GPUs. We will also share lessons learned during the building and management of such true hybrid Kubernetes clusters.

Speakers

Alexander Pucher

Parasail AI

Xiaoman Dong

Founding Engineer, Parasail

Xiaoman Dong has devoted his past 10+ years building cloud and data infrastructure, and hosted scalable distributed systems with multi region high availability. During his work in Parasail, Stripe and Uber, he has designed, built, and operated several large scale business critical... Read More →

Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 2 | 255 BC

Cloud Native Experience

Content Experience Level Beginner

4:30pm MST

Understanding Kubernetes Networking in 30 Minutes - Ricardo Katz, Broadcom & James Strong, Isovalent at Cisco

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 251

You are learning Kubernetes and started to face concepts like Pod CIDRs, Services, CNI, kube-proxy? Welcome! you have reached the amazing area of Kubernetes networking! We all have already been there and know how complex it may seem on the beginning, but in this talk, Ricardo and James will demystify the Kubernetes network concepts and model on a fun way, exploring how it is designed, why the is a "pause" container on every Pods, how the communication between Pods work, what are kube-proxy and CNI and their importance. In the end of this talk we expect you to get your learning path on Kubernetes Networking clear to better understand not only what are the concepts about, but also see on a live demo how every component correlates and makes the communications possible on a Kubernetes cluster .

Speakers

Ricardo Katz

Software Engineer, Broadcom

Software Engineer at VMware by Broadcom, Kubernetes contributor on spare time. Previously was the tech lead for the Brazilian Government Cloud and Platform infrastructure, being one of the persons responsible for implementing some of the first Kubernetes clusters in Brazil, clusters... Read More →

James Strong

Sr Customer Success Architect, Isovalent at Cisco

James has been working in the cloud for 7 years. He helped build a private cloud at GE Appliances and developed and supported REST API's in AWS on docker. Recently he has passed the CNCF's CKA exam and helps companies migrate their applications to Kubernetes.

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

4:30pm MST

Bring the Joy Back to Deployments! - Murriel McCabe, Google Cloud & Elizabeth Ponce, Airbnb

Thursday November 14, 2024 4:30pm - 5:05pm MST

Salt Palace | Level 2 | 250

Destination: deployment! Your feature is complete. Your application is ready. You want to share your hard work with the world. How do you pick the optimal deployment process? Where do you even start? In this talk, Murriel and Elizabeth will be your guides on a brief tour of several open source tools for deploying a workload into Kubernetes. Our journey will begin with manual hello world deployments and from there we will explore some of the most common modern tools for CI/CD, including a demo speedrun! Major destinations on this tour will include helm, kustomize, skaffold, ArgoCD, Tekton, Jenkins and JenkinsX. We will walk through the fundamentals of CI/CD, explore tradeoffs and discuss the process for implementing these tools in your software development lifecycle. By the end of this talk, you'll be equipped to begin navigating the CI/CD landscape and will leave with resources that will enable you to get started quickly and begin testing in your own environment.

Speakers

Murriel McCabe

Customer Engineer, Google Cloud

Murriel is a Customer Engineer with Google Cloud. She is currently excited about all things DevOps and platform engineering, developer productivity, and container platforms. She is a big advocate for STEM mentorship of girls/youth and exploring how technology can be used for social... Read More →

Elizabeth Ponce

Software Engineer, Airbnb

Elizabeth is a Software Engineer in Search Infrastructure at Airbnb and has a non traditional pathway from Customer Support Specialist to Software Engineering at Airbnb. As a Global Co-Chair for GemTech, Airbnb's Genders Marginalized in Tech employee resource group, Elizabeth actively... Read More →

Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 2 | 250

SDLC

Content Experience Level Beginner

5:25pm MST

Multi-Tier Security in WasmCloud: From Developer Constraints to Platform Extensibility - Brooks Townsend, Cosmonic

Thursday November 14, 2024 5:25pm - 6:00pm MST

Salt Palace | Level 1 | 151

In 2024, 96% of codebases contain open source, and 74% of these have high-risk vulnerabilities — a 54% increase from 2023. As open source adoption grows and the cloud native landscape evolves, robust security practices are critical. This session explores wasmCloud, a CNCF platform for distributed WebAssembly applications, focusing on achieving a secure-by-default environment. wasmCloud's multi-tier security model addresses the needs of both developers and platform engineers. Developers work in a deny-by-default mode, requiring explicit declaration of all application capabilities. Platform engineers grant these capabilities in a fine-grained manner and extend security through pluggable services. Grounded in real-world experience and practical demos, you’ll leave this talk with the knowledge to configure and extend security using pluggable services, enabling you to leverage WebAssembly to secure your cloud native applications.

Speakers

Brooks Townsend

Senior Software Engineer II, Cosmonic

Brooks is a Lead Software Engineer at Cosmonic, focusing on harnessing WebAssembly to alleviate the pains of modern software development. Brooks started his software development career with Critical Stack, a Kubernetes container orchestration platform that is now open source. He joined... Read More →

Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Beginner

11:00am MST

Shopify’s Open Source Approach to Network Monitoring with eBPF, Vector and ClickHouse - Sebastian Rabenhorst & Matt Franklin, Shopify

Friday November 15, 2024 11:00am - 11:35am MST

Salt Palace | Level 1 | Grand Ballroom HJ

At Shopify, we’ve successfully implemented a scalable, open-source network monitoring solution for the cloud. In this talk, we will demonstrate how we built a network monitoring solution leveraging eBPF, Vector, ClickHouse, and Grafana. This solution enables us to monitor over 30 million network flow, DNS and other networking-related events per second at the container level for thousands of services across hundreds of Kubernetes clusters in the Shopify Cloud. We will also share the lessons we learned regarding these technologies and provide insights on how you can implement your own purely open-source monitoring solution capable of handling millions of events per second.

Speakers

Matt Franklin

Shopify

Sebastian

Senior Production Engineer, Shopify

Sebastian is a Senior Production Engineer at Shopify mostly working on a Thanos-based monitoring solution as part of the observability team.

Friday November 15, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | Grand Ballroom HJ

Observability

Content Experience Level Beginner

11:00am MST

Tutorial: OpenTelemetry Hands-on - Automatic and Manual Instrumentation for Java and Python Apps - Matthias Haeussler, Novatec Consulting GmbH & Tiffany Jernigan, Independent

Friday November 15, 2024 11:00am - 12:30pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

In today's software landscape - in the cloud-native one in particular - observability has become a critical aspect of ensuring the performance, reliability, and security of applications. OpenTelemetry, a standard and OSS observability framework, provides a unified way to collect and export telemetry data from applications and services. This tutorial will guide participants through the process of using OpenTelemetry to instrument a simple application, collect metrics, traces, and logs, and send them to various backends for analysis. It covers the implementation and usage of OpenTelemetry into Python and Java-based applications. The exercises include: the instrumentation of a polyglot microservice application, auto vs. manual instrumentation, evaluating the collected traces, logs and metrics, configuring a collector, analysing the results in Jaeger and Prometheus. This tutorial is made for everyone seeking a pragmatic understanding of OpenTelemetry's immediate benefits.

Speakers

Matthias Haeussler

Chief Technologist, Novatec Consulting GmbH

Matthias Haeussler is Chief Technologist at Novatec Consulting, university lecturer for distributed systems, awarded ambassador of Cloud Foundry and the organizer of the Stuttgart Cloud Foundry Meetup. He advises clients on Cloud strategies and supports implementations and migrations... Read More →

Tiffany Jernigan

Developer Advocate, www.tiffanyfay.dev

Tiffany is a seasoned technologist and content creator in the Cloud Native space. She most recently was a senior developer advocate at VMware. She also formerly worked as a software developer and developer advocate at Amazon, Docker, and Intel. Prior to that, she graduated from Georgia... Read More →

Friday November 15, 2024 11:00am - 12:30pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Observability

Content Experience Level Beginner

11:55am MST

Introduction to Distributed ML Workloads with Ray on Kubernetes - Mofi Rahman & Abdel Sghiouar, Google

Friday November 15, 2024 11:55am - 12:30pm MST

Salt Palace | Level 2 | 255 EF

The rapidly evolving landscape of Machine Learning and Large Language Models demands efficient scalable ways to run distributed workloads to train, fine-tune and serve models. Ray is an Open Source framework that simplifies distributed machine learning, and Kubernetes streamlines deployment. In this introductory talk, we'll uncover how to combine Ray and Kubernetes for your ML projects. You will learn about: - Basic Ray concepts (actors, tasks) and their relevance to ML - Setting up a simple Ray cluster within Kubernetes - Running your first distributed ML training job

Speakers

Abdel Sghiouar

Developer Relations Engineer, Google

Abdel Sghiouar is a senior Cloud Developer Advocate @Google Cloud. A co-host of the Kubernetes Podcast by Google and a CNCF Ambassador. His focused areas are GKE/Kubernetes, Service Mesh and Serverless.

Mofi Rahman

Developer Relations Engineer, Google

Mofizur Rahman (@moficodes) is a Developer Advocate at Google. His favorite programming language these days is Go. He is a strong believer of the power of open source and importance of giving back to the community. He is a self proclaimed sticker collecting addict and has collected... Read More →

Friday November 15, 2024 11:55am - 12:30pm MST
Salt Palace | Level 2 | 255 EF

Cloud Native Novice

Content Experience Level Beginner

2:00pm MST

Seccomp and eBPF; What’s the Difference? Why Do I Need to Know? - Natalia Reka Ivanko & Duffie Cooley, Isovalent @ Cisco

Friday November 15, 2024 2:00pm - 2:35pm MST

Salt Palace | Level 1 | 151

Containers in Kubernetes share a common Linux kernel so how can we limit access where it isn’t required so we can follow the principle of least privilege? Join Natalia and Duffie as they each explore different approaches to harden your container security with Secure Computing (seccomp) and eBPF! The talk will begin with an overview and comparison between seccomp and eBPF and how they both can solve the same problem - limiting access to the Linux Kernel that all containers share. This will be a fun talk, showing each solution with a live demo. You will leave this talk with a better understanding of how to limit what system calls a process can make and restrict your containers’ behavior to only access the files, binaries and external DNS names they need and nothing more. Which is the right solution for your environment? Come and learn about two of the commonly used technologies in use today!

Speakers

Natalia Reka Ivanko

Sr. Product Manager, Isovalent, now part of Cisco

Security Product Lead and previous Security Engineer with a strong background in Container and Cloud Security. Passionate about building things that matter and working with Site Reliability and Software Engineers to apply Security Best Practices. Inclined towards modern and innovative... Read More →

Duffie Cooley

Field CTO, Isovalent @ Cisco

Duffie is Field CTO at Isovalent focused on helping enterprises find success with Cilium and modern security tooling. Duffie has been working with all things systems and networking for 20 years and remembers most of it. A student of perspective, Duffie is always interested in working... Read More →

Friday November 15, 2024 2:00pm - 2:35pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Beginner

2:55pm MST

Cloud-Native AI: Wasm in Portable, Secure AI/ML Workloads - Miley Fu, Second State

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 2 | 250

In this talk, we present Wasm as a pioneering solution for running AI/ML workloads in cloud-native environments. Our focus is on demonstrating how Wasm (on the server) facilitates the execution of AI models, such as Llama3, Grok by X, Mixtral etc, across diverse cloud and edge platforms without sacrificing performance. We will discuss the advantages of using Rust and WebAssembly in AI/ML workloads, highlighting aspects like portability, speed, and security. Real-world examples will illustrate the deployment of AI inference models using Wasm runtime in Kubernetes environments, showcasing seamless orchestration and execution across varied devices. This session is aimed at cloud-native practitioners and AI/ML enthusiasts eager to explore innovative approaches in AI deployment.

Speakers

Miley Fu

DevRel, WasmEdge

Miley is a Developer Advocate with a passion for empowering developers to build and contribute to open source. With over 5 years of experience working on WasmEdge runtime in CNCF sandbox as the founding member, she talked at KubeCon, KCD Shenzhen, CloudDay Italy, DevRelCon, Open Source... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Beginner

2:55pm MST

Enabling Fault Tolerance for GPU Accelerated AI Workloads in Kubernetes - Arpit Singh & Abhijit Paithankar, NVIDIA

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | Hall DE

In K8s based ML platforms, job failures from hardware errors such as GPU malfunctions, network disruptions, ECC errors, and OOM events pose significant challenges. These failures cause resource underutilization, wasted engineering time, and high operational costs, often requiring users to resubmit jobs. Current AI/ML frameworks lack adequate fault tolerance strategies, typically requiring manual intervention and causing delays before jobs can resume. This talk explores fault tolerance strategies including naive job restarts on failure, job restarts with hot spares, and job restarts by replacing faulty nodes. We discuss how to achieve fault propagation by leveraging node and pod conditions and address gaps in fault discovery and error propagation in the existing Kubernetes ecosystem. Our talk will also include ways to enhance components like the node-problem-detector and introduce new elements to close the gaps in fault detection , propagation reaction and remediation.

Speakers

Abhijit Paithankar

Tech Lead and Engineering Manager, NVIDIA

Abhijit Paithankar is the AI and HPC Systems Tech Lead and Engineering Manager at NVIDIA, focusing on advanced computing technologies. Previously, he co-founded Crave.IO and served as CTO, and held key roles at Nutanix and VMware, developing critical hypervisor and storage solutions... Read More →

Arpit Singh (SW-CLOUD) US

Senior Software Engineer, Nvidia

Arpit Singh specializes in AI infrastructure at Nvidia, enhancing deep learning applications. Besides being a Kubernetes contributor, Arpit has 10+ years of experience spanning Nvidia, Nutanix and Cisco. He holds multiple patents (2 granted, 4+ pending) and has dual master's degr... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | Hall DE

AI + ML

Content Experience Level Beginner

2:55pm MST

Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime - Enguerrand Allamel, Ledger

Friday November 15, 2024 2:55pm - 3:30pm MST

Salt Palace | Level 1 | 151

Navigating the complexities of supply chain security might seem intimidating, especially with evolving frameworks like SLSA (Supply-chain Levels for Software Artifacts). This talk introduces beginners to the foundational practices required to secure software from build to runtime using CNCF tools. We'll explore how GitHub Actions can automate build processes, integrate with Cosign for keyless artifact signing, and use Kyverno for runtime policy enforcement. Additionally, we'll discuss how tools like in-toto and Kubescape help manage and verify artifact integrity, providing a holistic view of SLSA compliance in the Kubernetes ecosystem. To enhance security further, we will also briefly discuss the potential integration of Hardware Security Modules (HSMs) into the supply chain. HSMs can offer an added layer of security for key management operations critical to signing processes, ensuring that cryptographic keys are managed securely and are resilient against attack.

Speakers

Enguerrand Allamel

Staff Cloud Security Engineer, Ledger

I am a Staff Cloud Security Engineer with a focus on securing scalable and reliable cloud systems. My expertise encompasses hybrid computing technologies and automation tools such as Terraform and Ansible, along with container orchestration via Kubernetes. I am committed to optimizing... Read More →

Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | 151

Security

Content Experience Level Beginner

4:00pm MST

Best Practices for Deploying LLM Inference, RAG and Fine Tuning Pipelines on K8s - Meenakshi Kaushik & Shiva Krishna Merla, NVIDIA

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 2 | 250

In this session, we'll cover best practices for deploying, scaling, and managing LLM inference pipelines on Kubernetes (K8s). We'll explore common patterns like inference, retrieval-augmented generation (RAG), and fine-tuning. Key challenges addressed include: [1]. Minimizing initial inference latency with model caching [2] Optimizing GPU usage with efficient scheduling, multi-GPU/node handling, and auto-quantization [3] Enhancing security and management with RBAC, monitoring, auto-scaling, and support for air-gapped clusters We'll also demonstrate building customizable pipelines for inference, RAG, and fine-tuning, and managing them post-deployment. Solutions include [1] a lightweight standalone tool built using operator pattern and [2] KServe, a robust open-source AI inference platform. This session will equip you to effectively manage LLM inference pipelines on K8s, improving performance, efficiency, and security

Speakers

Meenakshi Kaushik

Product Management, Nvidia

Meenakshi Kaushik leads product management for NIM Operator and KServe.. Meenakshi is interested in the AI and ML space and is excited to see how the technology can enhance human well-being and productivity.

Shiva Krishna Merla

Senior Software Engineer, NVIDIA

Shiva Krishna Merla is a senior software engineer on the NVIDIA Cloud Native team where he works on GPU cloud infrastructure, orchestration and monitoring. He is focused on enabling GPU-accelerated DL and AI workloads in container orchestration systems such as Kubernetes and OpenShift... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 2 | 250

AI + ML

Content Experience Level Beginner

4:00pm MST

Platform Engineering for Software Developers and Architects - Daniel Bryant, Syntasso

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 2 | 251

Building on my KubeCon EU 2022 talk, "From Kubernetes to PaaS to... err, what's next", I'll introduce the topic of platform engineering through the lens of a software developer and architect. My primary goal is for developers to understand "what good looks like" with a successful platform build and help them understand how a platform can influence the SDLC (for better or worse!) Key takeaways from the session: - Explore how platform architecture influences software architecture and vice versa - Learn why the principles of coupling and cohesion apply to platform components (and configuration) in the same way as they do with software components - Understand what to expect from an effective platform, including how applications are built, shipped, and run - Learn about key platform metrics grounded in developer experience frameworks such as DORA, SPACE, and DevEx

Speakers

Daniel Bryant

Platform Engineer & Head of Product Marketing, Syntasso

Daniel Bryant is the head of product marketing at Syntasso. His technical expertise focuses on ‘DevOps’ tooling, cloud/container platforms, and microservice implementations. Daniel is a long-time coder, platform engineer, and Java Champion. He also writes for InfoQ, O’Reilly... Read More →

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 2 | 251

Cloud Native Novice

Content Experience Level Beginner

4:00pm MST

Medical Research Computing Infrastructure on Hybrid Kubernetes - Jennings Zhang & Rudolph Pienaar, Boston Children's Hospital

Friday November 15, 2024 4:00pm - 4:35pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

Research computing is essential across biomedical research, especially in medical imaging and radiology where ML+AI are rapidly disrupting the field. But while the research frontier continues moving forward, the computing infrastructure of research and healthcare institutions tend to lag behind. At the Boston Children’s Hospital, we are closing the gap by developing the ChRIS Research Integration Service (ChRIS for short). ChRIS is an MIT-licensed platform for medical computation, enabling the use of research software in clinical practice, while maximizing the utility of our hybrid-cloud resources. This talk will be a discussion of the cloud-native software ecosystem from the perspective of a medical researcher of a teaching hospital. We will consider the advantages of adopting cloud-native software and Kubernetes for research and healthcare institutions, as well as the challenges in doing so.

Speakers

Rudolph Pienaar

Dr, Boston Children's Hospital

Dr Pienaar is the architect of ChRIS -- a general purpose and MLops platform that is uniquely suited to the needs of both biomedical researcher and clinical users. He leads the Advanced Computing Group at the Fetal Neonatal Neuroimaging Development Science Center at Boston Children's... Read More →

Jennings Zhang

Research Developer, Boston Children's Hospital

Jennings is a neuroscience researcher and software developer at the Boston Children's Hospital. His work and interests are split between biological questions, e.g. human brain development, and all-things software development, especially containers and Rust.

Friday November 15, 2024 4:00pm - 4:35pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Beginner

4:00pm MST

Tutorial: Stop Kubernetes' Revolving Door: A Hands-on Tutorial to Secure a Kubernetes Cluster - Savitha Raghunathan & Rey Lejano, Red Hat; Mahé Tardy, Isovalent at Cisco

Friday November 15, 2024 4:00pm - 5:30pm MST

Salt Palace | Level 1 | Grand Ballroom ACE

Out-of-the-box, upstream Kubernetes is not secure by default. This tutorial will walk through the official/upstream Kubernetes Security Checklist to set up a cluster securely. The tutorial starts with an introduction to the critical security considerations for Kubernetes environments. Participants will then embark on a guided journey through practical exercises designed to implement security best practices within Kubernetes clusters. Attendees will gain firsthand experience in aspects such as authentication, authorization, network policies, pod security, and more, providing participants with a comprehensive understanding of Kubernetes security principles and how to implement them. This will equip them with the knowledge and skills to effectively secure their clusters. Whether you're new to Kubernetes security or seeking to enhance your expertise, this tutorial offers valuable insights and hands-on experience to strengthen your Kubernetes clusters against potential threats.

Speakers

Savitha Raghunathan

Senior Software Engineer, Red Hat

Savitha Raghunathan is a Senior Software Engineer at Red Hat, working on Container Migration and Application Modernization. She leads K8s sig-security-docs sub-project aiming to create security awareness through docs. As a maintainer of the Konveyor project, she leads the community... Read More →

Mahé Tardy

Software Engineer, Isovalent at Cisco

Mahé is a security engineer at Isovalent and an active contributor to Kubernetes SIG Security. He was previously working as a security researcher and loves working with Linux, security, and Kubernetes!

Rey Lejano

Solutions Architect @ Red Hat, CNCF Ambassador, K8s SIG Docs co-chair, SIG Security subproject lead, K8s v1.23 release lead, DevOps Institute Ambassador, Red Hat

Rey Lejano is a Solutions Architect at Red Hat and is the co-chair of Kubernetes SIG Docs. He contributes to Kubernetes SIG Security, Release, & Contributor Experience. He is a member of seven Kubernetes Release Teams including serving as the 1.23 Release Lead and 1.25 Emeritus Adviser... Read More →

Friday November 15, 2024 4:00pm - 5:30pm MST
Salt Palace | Level 1 | Grand Ballroom ACE

Tutorials, Security

Content Experience Level Beginner

4:55pm MST

With Great Flexibility Comes Great Complexity: Inspect Your Gateway API Configuration - Mattia Lavacca, Kong & Gaurav Ghildiyal, Google

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | 155 EF

With its graduation, Gateway API has emerged as the new standard for managing L4 and L7 routing within Kubernetes, as it brings in a wider set of functionalities and flexibility never seen with the ingress API, and is implemented widely for both ingress and service mesh use cases. The trade-off of having such a powerful API is additional complexity, and navigating the intricacies of Gateway API involves listing multiple resources, cross-referencing and understanding the relationships between them, and ensuring explicit authorization for all cross-namespace references - a formidable challenge, nonetheless. In this talk, Gaurav and Mattia will walk you through how to use gwctl, a command-line tool designed specifically for Gateway API (which is part of the Gateway API project itself), that works seamlessly alongside Kubectl. Together, we will easily navigate resources, wrangle policies, and track down trouble in your Gateway API configuration.

Speakers

Mattia Lavacca

Software Enginner, Kong

Mattia is a Software Engineer at Kong, working on Kubernetes networking. He is a key contributor to SIG-Network projects, such as Gateway API, Ingress2Gateway, and Blixt, and the co-lead of Kong's Gateway API implementation. He is working on many Kong projects related to networking... Read More →

Gaurav Ghildiyal

Software Engineer, Google

Gaurav is a Software Engineer at Google specializing in Kubernetes Networking. He is actively involved in the open-source Gateway API project, recently focusing on shepherding the development of gwctl, a command-line tool for Gateway API. Gaurav also actively contributes to other... Read More →

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | 155 EF

Connectivity

Content Experience Level Beginner

4:55pm MST

Reducing Cloud Cost for Multi-Tenancy Kubernetes Platform - Simon Ting & Sravan Akinapally, American Airlines

Friday November 15, 2024 4:55pm - 5:30pm MST

Salt Palace | Level 1 | Grand Ballroom BDF

A self-service multi-tenancy Kubernetes platform offers many benefits to application teams. In less than 2 years, American Airlines Shared K8 Platform has grown to over 1000+ deployments. Now that we built a resilient and secure platform, we must make it cost-effective to ensure long-term viability. This has the added benefit of reducing the carbon footprint of our platform. In the 2nd year, our platform grew by over 300% but costs increased by 500% as we added security, observability, and other features. How do we start to control costs without violating our self-service model? What is the reasonable amount to spend on Observability? What is a reasonable utilization goal and how do we get there? What level of cost optimization can we achieve without compromising our self-service model and maintaining the resiliency of our platform? We set out to address all these questions and this is our journey. In 4 months, we decreased the total Cost Per Utilized Core (CPUC) by 40%.

Speakers

Simon Ting

Principal Product Manager, American Airlines

Simon Ting is the Principal Product Manager for Kubernetes as a Platform and Observability at American Airlines. Simon started his IT career as a developer and moved into configuration management and development platforms manager for over 2 decades. During that time he supported on-site... Read More →

Sravan Akinapally

Product Tech Lead, American Airlines

Product Tech Lead

Friday November 15, 2024 4:55pm - 5:30pm MST
Salt Palace | Level 1 | Grand Ballroom BDF

Platform Engineering

Content Experience Level Beginner